Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/k4zCkZuAbyEUTqJ0Dz2oixFMLgw.roa
File:                     k4zCkZuAbyEUTqJ0Dz2oixFMLgw.roa (raw, json)
Hash identifier:          w8aTyWqBuFpSrhNlbqga10GlyVc2ms+WbR/xAskPFak=
Subject key identifier:   93:8C:C2:91:9B:80:6F:21:14:4E:A2:74:0F:3D:A8:8B:11:4C:2E:0C
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0197D5B69D4171AC6E63A96BDC3DF4554ADD
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/k4zCkZuAbyEUTqJ0Dz2oixFMLgw.roa
Signing time:             Fri 04 Jul 2025 13:53:24 +0000
ROA not before:           Fri 04 Jul 2025 13:53:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205125
IP address blocks:        2a03:e2c0::/32 maxlen: 32
                          2a0d:8340::/32 maxlen: 32
                          2a0d:8343::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d5:b6:9d:41:71:ac:6e:63:a9:6b:dc:3d:f4:55:4a:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul  4 13:53:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=938cc2919b806f21144ea2740f3da88b114c2e0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:d9:03:ba:c4:36:47:b9:db:27:79:c1:48:cc:
                    8c:a3:88:d9:ac:f5:c1:32:67:69:2a:45:8f:90:75:
                    8d:a9:e2:9b:b3:01:2e:56:d4:5a:d5:39:5a:11:42:
                    57:ea:60:2a:dd:e6:22:32:b5:ce:9f:7f:f3:97:b1:
                    7b:45:e8:78:83:96:1b:32:87:d7:90:c0:e9:87:6f:
                    ef:bb:70:9c:55:7b:10:96:44:58:9f:37:99:06:a1:
                    fe:6c:2c:03:78:98:34:8a:17:2d:c3:8c:fd:0f:ed:
                    48:ed:2f:5f:c4:f3:92:06:c1:61:6a:73:99:18:39:
                    45:7e:79:68:f2:94:e7:c6:21:e7:f4:d5:50:81:51:
                    95:81:b5:bc:da:38:86:37:89:0d:5a:00:5e:c0:40:
                    02:e4:9e:b6:f2:98:40:59:54:d8:b4:a6:db:08:a8:
                    4a:78:9f:cb:ed:73:ee:ea:c1:c3:2a:d5:a0:ca:31:
                    9d:7c:fb:da:1b:c4:c1:38:05:0b:2a:a4:d8:f2:d1:
                    83:c2:6e:07:1c:35:ec:e8:14:97:2a:3b:8d:74:24:
                    e0:ef:8f:77:93:67:30:d3:93:1f:a0:e3:e2:06:b0:
                    49:04:32:42:ac:41:39:ab:46:7d:44:db:d3:91:e7:
                    15:a2:b4:39:9d:e4:84:ea:19:b8:c8:80:bd:71:06:
                    df:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8C:C2:91:9B:80:6F:21:14:4E:A2:74:0F:3D:A8:8B:11:4C:2E:0C
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/k4zCkZuAbyEUTqJ0Dz2oixFMLgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:e2c0::/32
                  2a0d:8340::/32
                  2a0d:8343::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:97:08:0c:c0:fc:26:aa:1f:2c:60:a2:a1:e0:98:f1:ae:77:
         79:e5:6f:06:18:57:03:c5:b1:9a:ef:d9:4c:0f:25:6e:8f:09:
         f8:aa:00:65:e8:08:39:80:23:a9:80:f6:4e:7d:69:79:59:74:
         53:93:b3:d4:fb:06:c6:18:9a:48:62:93:3f:0f:f8:ec:af:2c:
         8a:3d:12:8a:65:8f:33:5b:4f:95:9c:cb:c1:16:9d:94:30:89:
         4a:01:0d:d9:f9:0d:24:bd:3f:cb:48:1d:c1:ab:73:0b:3c:db:
         19:2f:38:21:7c:e6:d6:d3:3f:06:21:62:64:77:d9:b9:2e:c9:
         1f:58:3b:ca:44:91:1a:33:f9:d8:61:41:74:94:cc:03:42:3a:
         6c:d5:66:05:69:2e:a1:49:dd:29:02:29:c9:c2:5e:7f:1c:a4:
         ff:fa:3f:dd:b9:f1:85:bd:37:17:7d:66:7b:2d:67:e4:42:2e:
         13:77:38:b1:11:27:af:d8:3a:33:7f:1c:a5:22:da:e2:34:cb:
         eb:ee:06:28:c5:0a:29:1b:be:53:d4:ca:26:4e:d3:53:f2:22:
         25:ee:2c:71:d7:27:95:72:16:b4:42:6a:49:9c:d3:2e:89:b7:
         79:b2:46:a3:7c:cd:62:ab:ca:41:9a:1f:71:97:9a:2f:04:54:
         95:74:66:70
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfVtp1BcaxuY6lr3D30VUrdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNzA0MTM1MzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzhjYzI5MTliODA2ZjIxMTQ0ZWEyNzQwZjNkYTg4YjExNGMyZTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9dkDusQ2R7nbJ3nBSMyMo4jZrPXB
MmdpKkWPkHWNqeKbswEuVtRa1TlaEUJX6mAq3eYiMrXOn3/zl7F7Reh4g5YbMofX
kMDph2/vu3CcVXsQlkRYnzeZBqH+bCwDeJg0ihctw4z9D+1I7S9fxPOSBsFhanOZ
GDlFfnlo8pTnxiHn9NVQgVGVgbW82jiGN4kNWgBewEAC5J628phAWVTYtKbbCKhK
eJ/L7XPu6sHDKtWgyjGdfPvaG8TBOAULKqTY8tGDwm4HHDXs6BSXKjuNdCTg7493
k2cw05MfoOPiBrBJBDJCrEE5q0Z9RNvTkecVorQ5neSE6hm4yIC9cQbfIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJOMwpGbgG8hFE6idA89qIsRTC4MMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvazR6Q2tadUFieUVVVHFKMER6Mm9peEZNTGd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgPiwAMF
ACoNg0ADBQAqDYNDMA0GCSqGSIb3DQEBCwUAA4IBAQCwlwgMwPwmqh8sYKKh4Jjx
rnd55W8GGFcDxbGa79lMDyVujwn4qgBl6Ag5gCOpgPZOfWl5WXRTk7PU+wbGGJpI
YpM/D/jsryyKPRKKZY8zW0+VnMvBFp2UMIlKAQ3Z+Q0kvT/LSB3Bq3MLPNsZLzgh
fObW0z8GIWJkd9m5LskfWDvKRJEaM/nYYUF0lMwDQjps1WYFaS6hSd0pAinJwl5/
HKT/+j/dufGFvTcXfWZ7LWfkQi4TdzixESev2DozfxylItriNMvr7gYoxQopG75T
1MomTtNT8iIl7ixx1yeVcha0QmpJnNMuibd5skajfM1iq8pBmh9xl5ovBFSVdGZw
-----END CERTIFICATE-----