Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/wQVaDnnR9QQC9SuFUJsuZa8SYZg.roa
File:                     wQVaDnnR9QQC9SuFUJsuZa8SYZg.roa (raw, json)
Hash identifier:          DJr1BSRkHrHoP4oC+cnwTNzR6mmDxEZho+RWiC3hczM=
Subject key identifier:   C1:05:5A:0E:79:D1:F5:04:02:F5:2B:85:50:9B:2E:65:AF:12:61:98
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       01982C387600892D18D22EFCFD74DA7B5431
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/wQVaDnnR9QQC9SuFUJsuZa8SYZg.roa
Signing time:             Mon 21 Jul 2025 09:02:34 +0000
ROA not before:           Mon 21 Jul 2025 09:02:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216405
IP address blocks:        2a03:5840:12d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 22:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:38:76:00:89:2d:18:d2:2e:fc:fd:74:da:7b:54:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jul 21 09:02:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1055a0e79d1f50402f52b85509b2e65af126198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4d:8a:65:74:21:19:1d:48:fa:c4:27:71:88:
                    97:d9:f5:a8:88:79:f0:63:96:4c:cf:22:67:6e:ff:
                    36:bc:23:9a:24:37:f3:eb:e6:38:ca:f3:02:03:e3:
                    65:e6:54:35:66:42:28:1c:a0:c3:d3:8b:35:f4:16:
                    72:c7:ee:d3:bb:3b:9e:df:e4:4b:9a:26:70:2a:a6:
                    ac:fa:1f:0d:cc:f7:06:1e:6e:d1:89:c8:7c:ae:a1:
                    13:42:90:86:3e:0c:ff:d6:06:d1:d4:36:b8:d3:8f:
                    2b:3a:f2:c2:be:7b:39:76:8a:60:47:bf:e4:a2:f8:
                    d5:7c:7b:b2:3b:b7:dc:d7:44:7d:ce:09:0e:99:de:
                    44:e5:bd:b6:90:57:aa:fe:30:78:c9:30:5b:45:39:
                    66:cd:17:ea:01:fb:95:7f:17:e2:c9:d9:0f:5e:49:
                    ed:30:d9:bf:27:b1:2a:9a:20:9c:0c:50:67:db:9e:
                    47:91:e7:20:c4:62:e4:ce:cf:d4:a7:d1:aa:91:a5:
                    ed:1e:9e:7c:fc:1e:9b:8d:38:74:86:54:68:8d:cd:
                    cb:a4:57:7b:c4:bd:d9:71:ed:0f:c1:88:d6:5d:c2:
                    86:5b:c8:f3:12:19:5c:2c:35:b3:21:55:eb:00:08:
                    5b:f9:f9:29:64:a2:9b:ae:f2:23:01:56:89:26:54:
                    ca:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:05:5A:0E:79:D1:F5:04:02:F5:2B:85:50:9B:2E:65:AF:12:61:98
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/wQVaDnnR9QQC9SuFUJsuZa8SYZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:12d::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:70:46:cf:b1:77:45:18:20:07:63:98:ac:ba:34:dc:d9:df:
         9f:ce:94:f3:77:04:86:d3:75:76:c6:91:32:4f:ab:c2:97:82:
         be:95:36:6d:09:3f:74:1c:40:7c:b1:c1:8c:52:8f:29:bb:74:
         b5:96:e4:4b:2c:2c:df:cc:ea:85:83:fb:76:cc:1e:6a:65:6a:
         6c:f1:42:a1:99:aa:f5:55:dd:58:e8:66:cb:d5:ff:f6:50:d2:
         47:c3:bc:5c:fd:72:68:e4:70:96:3b:57:22:64:d4:79:29:28:
         a6:b5:a2:44:ba:3d:f7:87:d1:44:b8:a1:5e:27:e4:78:c0:7f:
         30:5b:05:13:67:56:32:61:2f:11:6d:49:89:0e:ac:b4:cb:57:
         b4:0e:81:2b:c4:9b:a1:df:f9:3d:c8:9e:6d:e1:65:78:95:84:
         cb:8c:d1:f1:70:e3:7b:21:60:d1:7a:11:bc:07:be:c0:db:86:
         8f:20:c5:be:43:fb:a6:71:a7:09:c1:95:fd:7c:2b:f1:73:49:
         fe:c1:a2:59:d2:64:99:2e:e5:9d:44:44:65:5c:49:03:f9:a8:
         a7:03:bd:95:9b:4b:d6:73:93:c7:fc:9f:98:b8:d0:c7:34:9d:
         4e:6d:d1:87:79:da:da:bd:19:f9:64:c9:c6:c8:cd:34:80:d2:
         9c:5e:f3:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgsOHYAiS0Y0i78/XTae1QxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwNzIxMDkwMjM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTA1NWEwZTc5ZDFmNTA0MDJmNTJiODU1MDliMmU2NWFmMTI2MTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE2KZXQhGR1I+sQncYiX2fWoiHnw
Y5ZMzyJnbv82vCOaJDfz6+Y4yvMCA+Nl5lQ1ZkIoHKDD04s19BZyx+7Tuzue3+RL
miZwKqas+h8NzPcGHm7Rich8rqETQpCGPgz/1gbR1Da4048rOvLCvns5dopgR7/k
ovjVfHuyO7fc10R9zgkOmd5E5b22kFeq/jB4yTBbRTlmzRfqAfuVfxfiydkPXknt
MNm/J7EqmiCcDFBn255HkecgxGLkzs/Up9GqkaXtHp58/B6bjTh0hlRojc3LpFd7
xL3Zce0PwYjWXcKGW8jzEhlcLDWzIVXrAAhb+fkpZKKbrvIjAVaJJlTKewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMEFWg550fUEAvUrhVCbLmWvEmGYMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvd1FWYURublI5UVFDOVN1RlVKc3VaYThTWVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEt
MA0GCSqGSIb3DQEBCwUAA4IBAQBbcEbPsXdFGCAHY5isujTc2d+fzpTzdwSG03V2
xpEyT6vCl4K+lTZtCT90HEB8scGMUo8pu3S1luRLLCzfzOqFg/t2zB5qZWps8UKh
mar1Vd1Y6GbL1f/2UNJHw7xc/XJo5HCWO1ciZNR5KSimtaJEuj33h9FEuKFeJ+R4
wH8wWwUTZ1YyYS8RbUmJDqy0y1e0DoErxJuh3/k9yJ5t4WV4lYTLjNHxcON7IWDR
ehG8B77A24aPIMW+Q/umcacJwZX9fCvxc0n+waJZ0mSZLuWdRERlXEkD+ainA72V
m0vWc5PH/J+YuNDHNJ1ObdGHedravRn5ZMnGyM00gNKcXvOv
-----END CERTIFICATE-----