Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/YyaG3S0poVAnzLCPDdFpzugK_PQ.roa
File:                     YyaG3S0poVAnzLCPDdFpzugK_PQ.roa (raw, json)
Hash identifier:          24Gl7AEyeVcP6AdBrJexExnxFpJwqifZ9iimIKjJBOQ=
Subject key identifier:   63:26:86:DD:2D:29:A1:50:27:CC:B0:8F:0D:D1:69:CE:E8:0A:FC:F4
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       0198085ED3C6F5E5DA83968C892A76E5E280
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/YyaG3S0poVAnzLCPDdFpzugK_PQ.roa
Signing time:             Mon 14 Jul 2025 09:58:09 +0000
ROA not before:           Mon 14 Jul 2025 09:58:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198154
IP address blocks:        2a05:9080::/48 maxlen: 48
                          2a05:9080:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:5e:d3:c6:f5:e5:da:83:96:8c:89:2a:76:e5:e2:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jul 14 09:58:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=632686dd2d29a15027ccb08f0dd169cee80afcf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:26:1a:6b:80:df:a7:58:dc:f3:ef:27:49:6f:
                    ea:97:48:cc:12:76:b7:70:d9:03:2e:5b:1d:8b:8a:
                    70:86:83:6e:95:3c:21:dd:fc:ff:09:d4:f1:fc:8a:
                    fc:b3:90:93:df:46:b3:46:cc:8a:3f:f1:68:b2:fb:
                    83:eb:b5:f3:1b:d3:c6:9e:f5:d1:29:7b:44:47:db:
                    2f:a1:ff:46:ac:3a:11:29:f4:ea:69:48:68:d3:30:
                    6a:c1:8d:62:b1:e4:b7:cb:e7:8f:51:df:1d:38:77:
                    c5:fa:0b:b4:8d:01:f3:c1:a7:60:3a:32:1f:2a:c0:
                    20:96:bf:6b:75:f1:11:65:b0:93:5c:2b:6b:b7:8b:
                    35:4f:2f:68:30:df:19:d3:7c:45:30:c0:69:ea:69:
                    ff:9a:ef:b0:a3:46:56:ab:c7:02:6e:0b:a5:3c:b7:
                    d8:10:d9:6b:ac:17:45:10:35:81:51:c8:ec:a6:db:
                    8e:42:71:24:6d:e2:50:e9:f8:d8:20:c2:35:d3:b3:
                    aa:ff:51:fa:81:be:41:da:f0:ac:71:30:3e:32:7c:
                    53:dc:ee:75:98:e4:2d:9a:c4:95:27:5d:47:ab:af:
                    d5:6b:36:02:f6:fc:b6:43:9c:be:45:38:71:9f:45:
                    5b:d3:14:a6:6e:c9:95:de:f9:d1:58:11:92:3f:e8:
                    c3:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:26:86:DD:2D:29:A1:50:27:CC:B0:8F:0D:D1:69:CE:E8:0A:FC:F4
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/YyaG3S0poVAnzLCPDdFpzugK_PQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080::/48
                  2a05:9080:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:92:e6:7b:99:ba:f6:bb:c2:32:ce:f2:45:21:5a:40:49:2e:
         7a:49:f3:e8:fd:cc:61:17:9a:10:55:f7:58:e8:e7:74:14:99:
         f2:f8:12:9c:1e:d1:67:b9:14:7c:c9:45:c0:64:e1:a4:4b:6c:
         2c:21:4e:b8:df:45:f6:8d:03:7f:e3:9e:b2:e8:af:c2:4e:98:
         fe:73:ff:b6:99:4c:db:31:77:83:18:b0:42:14:d6:26:ad:ee:
         10:b8:7a:ff:ba:62:40:db:a7:91:d8:e8:1b:c4:0c:f8:99:4c:
         64:73:04:ef:90:e6:8b:af:a3:6d:a2:2a:ca:44:da:81:fa:2d:
         3c:b6:80:6b:13:ec:b0:2a:fd:f4:6f:93:38:a1:90:1c:23:66:
         28:93:32:a3:e1:74:94:3a:5c:75:a8:aa:a7:34:7c:d7:60:d4:
         9f:c5:8b:75:e4:9f:a7:8a:95:78:d5:15:39:dc:07:09:bf:7f:
         c7:c7:94:56:07:aa:ef:10:52:72:87:64:db:f1:6d:48:57:6f:
         2b:74:7b:35:75:2c:00:fb:f4:85:94:ff:1e:c3:b5:15:ea:5c:
         ce:86:fd:0e:1f:0f:e7:00:f6:e2:d9:59:4c:23:41:4a:47:00:
         f2:fd:d5:88:6b:d4:59:8f:a0:e0:ed:42:3e:57:93:f5:54:ec:
         b7:06:4d:df
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgIXtPG9eXag5aMiSp25eKAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwNzE0MDk1ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzI2ODZkZDJkMjlhMTUwMjdjY2IwOGYwZGQxNjljZWU4MGFmY2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriYaa4Dfp1jc8+8nSW/ql0jMEna3
cNkDLlsdi4pwhoNulTwh3fz/CdTx/Ir8s5CT30azRsyKP/FosvuD67XzG9PGnvXR
KXtER9svof9GrDoRKfTqaUho0zBqwY1iseS3y+ePUd8dOHfF+gu0jQHzwadgOjIf
KsAglr9rdfERZbCTXCtrt4s1Ty9oMN8Z03xFMMBp6mn/mu+wo0ZWq8cCbgulPLfY
ENlrrBdFEDWBUcjsptuOQnEkbeJQ6fjYIMI107Oq/1H6gb5B2vCscTA+MnxT3O51
mOQtmsSVJ11Hq6/VazYC9vy2Q5y+RThxn0Vb0xSmbsmV3vnRWBGSP+jDBQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGMmht0tKaFQJ8ywjw3Rac7oCvz0MB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvWXlhRzNTMHBvVkFuekxDUERkRnB6dWdLX1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgWQgAAA
AwcAKgWQgAAEMA0GCSqGSIb3DQEBCwUAA4IBAQCtkuZ7mbr2u8IyzvJFIVpASS56
SfPo/cxhF5oQVfdY6Od0FJny+BKcHtFnuRR8yUXAZOGkS2wsIU6430X2jQN/456y
6K/CTpj+c/+2mUzbMXeDGLBCFNYmre4QuHr/umJA26eR2OgbxAz4mUxkcwTvkOaL
r6NtoirKRNqB+i08toBrE+ywKv30b5M4oZAcI2YokzKj4XSUOlx1qKqnNHzXYNSf
xYt15J+nipV41RU53AcJv3/Hx5RWB6rvEFJyh2Tb8W1IV28rdHs1dSwA+/SFlP8e
w7UV6lzOhv0OHw/nAPbi2VlMI0FKRwDy/dWIa9RZj6Dg7UI+V5P1VOy3Bk3f
-----END CERTIFICATE-----