Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/EtvYYt1SsPhVbUBlb-gyRW3BpiI.roa
File:                     EtvYYt1SsPhVbUBlb-gyRW3BpiI.roa (raw, json)
Hash identifier:          mKLlkYLYAV8TtsT89IDg/2Tbl2phQohLCpJVPEdEhrA=
Subject key identifier:   12:DB:D8:62:DD:52:B0:F8:55:6D:40:65:6F:E8:32:45:6D:C1:A6:22
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       0198291CBCB813C48BCCBF604A85FA2220BC
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/EtvYYt1SsPhVbUBlb-gyRW3BpiI.roa
Signing time:             Sun 20 Jul 2025 18:33:25 +0000
ROA not before:           Sun 20 Jul 2025 18:33:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210705
IP address blocks:        2a05:9080:3::/48 maxlen: 48
                          2a05:9080:11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:29:1c:bc:b8:13:c4:8b:cc:bf:60:4a:85:fa:22:20:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jul 20 18:33:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12dbd862dd52b0f8556d40656fe832456dc1a622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9f:9e:ea:0d:95:20:c4:41:d2:69:ff:85:77:
                    00:ac:2b:8d:3d:80:13:16:10:b4:95:35:7d:6f:77:
                    f0:b1:5d:fd:a0:76:12:95:73:21:cf:7e:fd:a8:65:
                    6f:01:ba:40:dd:59:38:1a:4f:59:4d:de:eb:c9:15:
                    89:44:46:64:c3:13:ff:43:d9:d7:9e:20:2a:c4:ba:
                    1e:d9:b9:5a:2b:48:54:af:e3:52:2e:e4:00:91:f2:
                    f8:e5:2a:13:4c:06:57:a2:8b:3e:80:bd:3f:e7:4d:
                    a4:92:00:c5:25:68:a8:fa:81:75:d9:6d:f8:5f:d8:
                    ab:02:72:2f:66:b2:31:25:4e:e9:92:81:0a:f1:b6:
                    be:00:d3:b8:03:31:92:46:5e:2d:e9:56:ba:45:81:
                    c8:c3:0c:99:cc:96:00:34:05:84:23:fb:3b:2c:f5:
                    7d:28:a0:c2:7f:ed:9a:38:e6:3d:10:34:c5:e2:d0:
                    57:09:14:6c:cc:46:bb:98:3a:85:3b:f8:8a:ac:56:
                    cb:22:9f:16:95:08:b7:42:ad:72:ec:4b:d8:15:a9:
                    f6:5c:ac:7d:c5:f3:57:ac:5c:05:ba:7d:89:7f:d9:
                    f1:48:bd:4d:13:dd:7c:8c:d5:bd:d9:07:6d:26:7b:
                    69:50:4e:4d:fe:cb:2f:d6:fe:64:4e:88:11:dd:c8:
                    e2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DB:D8:62:DD:52:B0:F8:55:6D:40:65:6F:E8:32:45:6D:C1:A6:22
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/EtvYYt1SsPhVbUBlb-gyRW3BpiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:3::/48
                  2a05:9080:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:c3:0d:d2:05:b6:47:47:1b:76:cb:b7:c9:d0:44:81:db:ad:
         08:60:ee:d7:cd:58:b7:74:8f:e5:ca:d5:49:b6:40:67:db:ec:
         e4:20:6a:f4:f3:8e:c5:2c:5f:46:6a:0d:67:0e:1c:d9:d8:78:
         1e:90:38:c9:93:87:e7:a3:56:94:15:a1:ec:de:43:4e:15:ae:
         7a:05:c9:50:01:3e:53:a7:d8:18:d8:ed:17:7f:6f:86:47:59:
         2a:db:2f:15:74:54:6b:3f:52:11:d5:dc:64:53:3a:c1:04:09:
         cf:b7:b0:3b:63:c2:0e:57:4c:c1:9a:c8:8e:6a:40:0a:4e:a7:
         ff:7c:7d:8d:02:d3:50:df:af:88:10:fc:16:e1:68:5d:78:2a:
         58:70:67:1c:ae:4e:4d:1e:64:bc:63:2d:ff:0e:7f:f7:9a:04:
         b1:e0:cb:83:c2:bf:11:2c:e5:ab:5b:02:e9:28:07:65:97:ee:
         28:91:8d:4d:00:f5:eb:27:12:af:71:3c:00:20:19:7c:fe:81:
         94:d8:84:a3:f7:0d:39:03:76:62:e8:37:a3:77:6a:26:b9:3a:
         ee:cd:d7:7e:d4:15:53:fd:5d:2b:31:d1:50:12:70:9d:83:24:
         98:48:5d:4b:9f:73:1f:32:a6:d6:ca:de:94:8e:05:0d:f4:20:
         66:9e:52:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgpHLy4E8SLzL9gSoX6IiC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwNzIwMTgzMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmRiZDg2MmRkNTJiMGY4NTU2ZDQwNjU2ZmU4MzI0NTZkYzFhNjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp+e6g2VIMRB0mn/hXcArCuNPYAT
FhC0lTV9b3fwsV39oHYSlXMhz379qGVvAbpA3Vk4Gk9ZTd7ryRWJREZkwxP/Q9nX
niAqxLoe2blaK0hUr+NSLuQAkfL45SoTTAZXoos+gL0/502kkgDFJWio+oF12W34
X9irAnIvZrIxJU7pkoEK8ba+ANO4AzGSRl4t6Va6RYHIwwyZzJYANAWEI/s7LPV9
KKDCf+2aOOY9EDTF4tBXCRRszEa7mDqFO/iKrFbLIp8WlQi3Qq1y7EvYFan2XKx9
xfNXrFwFun2Jf9nxSL1NE918jNW92QdtJntpUE5N/ssv1v5kTogR3cjiRQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBLb2GLdUrD4VW1AZW/oMkVtwaYiMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvRXR2WVl0MVNzUGhWYlVCbGItZ3lSVzNCcGlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgWQgAAD
AwcAKgWQgAARMA0GCSqGSIb3DQEBCwUAA4IBAQC5ww3SBbZHRxt2y7fJ0ESB260I
YO7XzVi3dI/lytVJtkBn2+zkIGr0847FLF9Gag1nDhzZ2HgekDjJk4fno1aUFaHs
3kNOFa56BclQAT5Tp9gY2O0Xf2+GR1kq2y8VdFRrP1IR1dxkUzrBBAnPt7A7Y8IO
V0zBmsiOakAKTqf/fH2NAtNQ36+IEPwW4WhdeCpYcGccrk5NHmS8Yy3/Dn/3mgSx
4MuDwr8RLOWrWwLpKAdll+4okY1NAPXrJxKvcTwAIBl8/oGU2ISj9w05A3Zi6Dej
d2omuTruzdd+1BVT/V0rMdFQEnCdgySYSF1Ln3MfMqbWyt6UjgUN9CBmnlLQ
-----END CERTIFICATE-----