Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/V3x4-1WXGWfdIqvzomsHhdbzXSs.roa
File:                     V3x4-1WXGWfdIqvzomsHhdbzXSs.roa (raw, json)
Hash identifier:          zh2EOf1/AdU8UOAuoYHykO5WxiDzPCEaB7bgSCkL3Ec=
Subject key identifier:   57:7C:78:FB:55:97:19:67:DD:22:AB:F3:A2:6B:07:85:D6:F3:5D:2B
Certificate issuer:       /CN=4cf80802c6579a4d4a10608dcf92e9ace9905b16
Certificate serial:       01983BC94E176B556FF02242879E4B3A73A3
Authority key identifier: 4C:F8:08:02:C6:57:9A:4D:4A:10:60:8D:CF:92:E9:AC:E9:90:5B:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/V3x4-1WXGWfdIqvzomsHhdbzXSs.roa
Signing time:             Thu 24 Jul 2025 09:35:05 +0000
ROA not before:           Thu 24 Jul 2025 09:35:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203038
IP address blocks:        2a0d:bbc0:1::/48 maxlen: 48
                          2a0d:bbc0:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3b:c9:4e:17:6b:55:6f:f0:22:42:87:9e:4b:3a:73:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf80802c6579a4d4a10608dcf92e9ace9905b16
        Validity
            Not Before: Jul 24 09:35:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=577c78fb55971967dd22abf3a26b0785d6f35d2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2f:5f:b6:54:14:0a:43:f0:f8:9d:bb:b5:bb:
                    33:fb:35:81:84:11:03:a1:c6:89:ea:a1:88:66:09:
                    4d:ca:7b:04:68:a7:0e:02:8f:c4:87:96:bf:95:0f:
                    86:17:46:88:c0:58:d4:88:04:de:e8:20:01:67:82:
                    64:97:81:00:34:6b:72:c1:7d:f3:09:27:59:b7:47:
                    7b:cc:f4:e4:58:5f:98:3a:04:8c:47:e3:96:e9:a4:
                    24:0d:1c:99:63:6e:5d:dd:9b:39:a6:0f:17:6b:7b:
                    5a:2e:18:45:b5:a1:62:c3:e0:7f:fd:59:99:cd:e9:
                    48:d6:dd:df:65:79:f2:3b:5f:b3:46:01:81:5c:42:
                    43:4a:31:25:15:1a:0a:8b:4e:01:4f:9d:cc:85:f6:
                    ab:22:7d:ab:b7:42:93:71:c1:ba:37:9d:fc:4d:6d:
                    93:15:b2:ec:99:7e:1f:62:fa:15:0d:61:08:d4:b8:
                    13:d7:a0:62:2c:28:7a:3d:ce:8f:23:dc:ff:b1:5b:
                    91:60:53:dd:3c:cd:d3:28:34:2b:c3:fa:52:cc:b2:
                    bc:95:3e:1f:6a:e3:da:ca:70:23:fe:48:c8:10:47:
                    87:c2:27:7a:34:90:c1:90:23:6b:44:c1:a4:5d:39:
                    6b:0a:d9:27:01:a0:5d:e0:e3:d4:2e:40:b6:fc:f7:
                    e8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:7C:78:FB:55:97:19:67:DD:22:AB:F3:A2:6B:07:85:D6:F3:5D:2B
            X509v3 Authority Key Identifier:
                keyid:4C:F8:08:02:C6:57:9A:4D:4A:10:60:8D:CF:92:E9:AC:E9:90:5B:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/V3x4-1WXGWfdIqvzomsHhdbzXSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:bbc0:1::-2a0d:bbc0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         52:ad:e6:bd:d0:fa:6f:d9:4e:82:b5:11:76:d9:76:59:61:d1:
         9a:57:0d:eb:f1:0f:d9:50:eb:83:ff:a9:d4:b8:c6:46:fe:f9:
         1a:d9:d3:53:97:22:81:b8:b6:6b:d5:a8:84:35:cb:b0:40:a5:
         43:65:12:0f:a0:f5:5c:8a:81:99:ff:81:6f:a0:b5:27:d9:05:
         02:12:0c:1e:4b:83:e7:31:08:63:07:69:ad:22:b0:8e:d6:b1:
         ad:b1:2a:86:91:9b:ff:ff:1b:ed:5e:3e:21:ca:24:68:64:4d:
         4c:3b:d1:2d:8e:1f:65:6d:a8:db:34:5a:4a:7b:50:9c:c3:9f:
         a7:d9:bb:3b:a1:64:46:7b:2d:54:3f:fb:53:67:f8:de:dc:65:
         13:a9:ab:22:be:a0:7e:1c:af:67:03:8b:b0:56:5f:23:07:a2:
         80:b4:03:2d:d5:24:dd:ac:e8:cf:94:3e:0a:29:25:da:ac:60:
         7e:81:0e:16:05:ad:2f:24:fc:4e:0d:52:e7:6b:fe:7c:c8:80:
         61:17:d2:e0:3b:35:9b:a5:0d:75:ed:00:32:d0:63:c3:1f:87:
         27:82:03:92:d8:8b:be:3d:0c:1b:3a:cb:59:ae:19:d6:d4:ae:
         46:72:46:c2:d3:59:28:7e:95:fb:8e:17:84:c9:18:9f:ac:e9:
         3f:cc:2c:92
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZg7yU4Xa1Vv8CJCh55LOnOjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjgwODAyYzY1NzlhNGQ0YTEwNjA4ZGNmOTJlOWFjZTk5
MDViMTYwHhcNMjUwNzI0MDkzNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzdjNzhmYjU1OTcxOTY3ZGQyMmFiZjNhMjZiMDc4NWQ2ZjM1ZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAry9ftlQUCkPw+J27tbsz+zWBhBED
ocaJ6qGIZglNynsEaKcOAo/Eh5a/lQ+GF0aIwFjUiATe6CABZ4Jkl4EANGtywX3z
CSdZt0d7zPTkWF+YOgSMR+OW6aQkDRyZY25d3Zs5pg8Xa3taLhhFtaFiw+B//VmZ
zelI1t3fZXnyO1+zRgGBXEJDSjElFRoKi04BT53MhfarIn2rt0KTccG6N538TW2T
FbLsmX4fYvoVDWEI1LgT16BiLCh6Pc6PI9z/sVuRYFPdPM3TKDQrw/pSzLK8lT4f
auPaynAj/kjIEEeHwid6NJDBkCNrRMGkXTlrCtknAaBd4OPULkC2/PfovwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFd8ePtVlxln3SKr86JrB4XW810rMB8GA1UdIwQY
MBaAFEz4CALGV5pNShBgjc+S6azpkFsWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBnSUFzWlhtazFLRUdDTno1THByT21RV3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8zOThiYmItMTg0Zi00ODUxLWIyYTAt
OTFmNDlkOGQxMTVkLzEvVjN4NC0xV1hHV2ZkSXF2em9tc0hoZGJ6WFNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8zOThiYmItMTg0Zi00ODUxLWIyYTAtOTFmNDlkOGQxMTVk
LzEvVFBnSUFzWlhtazFLRUdDTno1THByT21RV3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqDbvA
AAEDBwAqDbvAAAIwDQYJKoZIhvcNAQELBQADggEBAFKt5r3Q+m/ZToK1EXbZdllh
0ZpXDevxD9lQ64P/qdS4xkb++RrZ01OXIoG4tmvVqIQ1y7BApUNlEg+g9VyKgZn/
gW+gtSfZBQISDB5Lg+cxCGMHaa0isI7Wsa2xKoaRm///G+1ePiHKJGhkTUw70S2O
H2VtqNs0Wkp7UJzDn6fZuzuhZEZ7LVQ/+1Nn+N7cZROpqyK+oH4cr2cDi7BWXyMH
ooC0Ay3VJN2s6M+UPgopJdqsYH6BDhYFrS8k/E4NUudr/nzIgGEX0uA7NZulDXXt
ADLQY8MfhyeCA5LYi749DBs6y1muGdbUrkZyRsLTWSh+lfuOF4TJGJ+s6T/MLJI=
-----END CERTIFICATE-----