Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/5Ats3_r6pHvgCiCxWAWyOr42I34.roa
File:                     5Ats3_r6pHvgCiCxWAWyOr42I34.roa (raw, json)
Hash identifier:          k1T1aTJmbdjGV/u4lIyEDeXKqw+Xa2AMaqX+CtRqz18=
Subject key identifier:   E4:0B:6C:DF:FA:FA:A4:7B:E0:0A:20:B1:58:05:B2:3A:BE:36:23:7E
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0198080E4201A816B93761FC7582E0E6D68C
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/5Ats3_r6pHvgCiCxWAWyOr42I34.roa
Signing time:             Mon 14 Jul 2025 08:30:08 +0000
ROA not before:           Mon 14 Jul 2025 08:30:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26042
IP address blocks:        2a0f:7803:f611::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:0e:42:01:a8:16:b9:37:61:fc:75:82:e0:e6:d6:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jul 14 08:30:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e40b6cdffafaa47be00a20b15805b23abe36237e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:94:99:cb:a5:c1:2b:d9:eb:00:83:b5:7f:1f:
                    ef:ed:82:c0:cf:a4:b3:d8:ef:27:34:71:75:f0:57:
                    c7:17:09:0a:12:22:e9:18:89:cc:1c:7b:73:18:1b:
                    f3:db:f7:3c:cf:4a:bd:6b:0b:e6:45:03:08:d7:b0:
                    08:9a:8a:34:e9:22:43:38:08:ad:71:f3:15:8c:50:
                    11:d0:04:c2:9d:0a:f3:c5:01:14:56:2c:16:ac:12:
                    10:8a:97:73:2e:3c:c4:b9:a5:17:11:1d:d3:12:8b:
                    c9:39:8d:80:7c:b8:b7:26:33:93:f9:4c:e7:78:08:
                    de:aa:25:19:01:79:a7:81:df:e5:c8:52:50:75:c2:
                    c9:17:81:71:ea:a5:22:52:4b:c1:ba:f7:69:e3:fa:
                    47:e8:5b:62:ad:da:2d:c1:4b:fe:90:27:1b:6d:ac:
                    48:9c:ff:f0:9e:4f:da:dd:5e:ff:e0:0b:20:71:9f:
                    6f:29:3e:97:4d:24:b5:47:82:8e:75:8d:f1:c8:c4:
                    62:93:e5:38:8f:56:32:59:f3:5c:85:01:80:cd:7b:
                    58:47:cf:b5:20:0e:dd:aa:ed:74:fc:74:44:d3:1a:
                    5d:66:c2:e9:47:ff:31:42:bb:5c:e2:6d:6c:b5:ec:
                    b3:05:bb:7e:31:84:c7:ec:2b:d3:16:5f:52:52:f3:
                    9e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:0B:6C:DF:FA:FA:A4:7B:E0:0A:20:B1:58:05:B2:3A:BE:36:23:7E
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/5Ats3_r6pHvgCiCxWAWyOr42I34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:f611::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:0b:7a:5e:a7:d3:6c:2b:5f:44:a4:30:86:c2:ee:26:1d:94:
         89:3a:54:f5:f9:1b:e0:1f:b3:8f:5a:81:39:e8:38:96:e0:ff:
         12:a5:3c:5f:56:cb:d8:a3:39:44:60:8d:cd:4e:fc:77:b2:37:
         bc:fa:2b:83:73:7f:bf:0c:68:ce:4f:84:c7:bb:d7:0e:72:b0:
         b2:56:d9:31:dc:02:ba:d9:04:30:bb:e8:b2:ac:8d:b2:05:6c:
         0b:d5:63:9b:ea:f2:28:17:4e:2a:b3:ac:ed:53:0f:e5:8a:b4:
         b0:30:d1:fd:78:48:e1:a8:9a:fe:cd:b7:61:71:a2:3d:aa:cb:
         74:76:a4:82:7a:5e:34:70:4b:66:09:10:6c:1f:71:5b:0f:60:
         a3:81:e3:d8:8d:5b:ea:97:01:cc:38:56:99:fe:0e:60:f9:8e:
         79:49:32:0f:4f:1d:37:73:8c:03:6a:7b:90:35:1b:42:fd:94:
         76:25:0f:5b:bf:11:c6:5e:9e:88:6e:51:8f:27:10:3f:bc:b4:
         bd:b5:cb:98:e3:91:f1:8a:eb:26:32:6b:98:c9:ff:c1:e9:f3:
         03:5e:2a:4b:08:57:59:ab:14:c1:5c:ab:08:38:21:c3:8a:ab:
         97:66:24:4a:ad:db:c6:9d:9c:1e:81:66:f6:11:ac:58:7d:1e:
         88:6e:e9:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgIDkIBqBa5N2H8dYLg5taMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwNzE0MDgzMDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDBiNmNkZmZhZmFhNDdiZTAwYTIwYjE1ODA1YjIzYWJlMzYyMzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZSZy6XBK9nrAIO1fx/v7YLAz6Sz
2O8nNHF18FfHFwkKEiLpGInMHHtzGBvz2/c8z0q9awvmRQMI17AImoo06SJDOAit
cfMVjFAR0ATCnQrzxQEUViwWrBIQipdzLjzEuaUXER3TEovJOY2AfLi3JjOT+Uzn
eAjeqiUZAXmngd/lyFJQdcLJF4Fx6qUiUkvBuvdp4/pH6FtirdotwUv+kCcbbaxI
nP/wnk/a3V7/4AsgcZ9vKT6XTSS1R4KOdY3xyMRik+U4j1YyWfNchQGAzXtYR8+1
IA7dqu10/HRE0xpdZsLpR/8xQrtc4m1steyzBbt+MYTH7CvTFl9SUvOeYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOQLbN/6+qR74AogsVgFsjq+NiN+MB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvNUF0czNfcjZwSHZnQ2lDeFdBV3lPcjQySTM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg94A/YR
MA0GCSqGSIb3DQEBCwUAA4IBAQAEC3pep9NsK19EpDCGwu4mHZSJOlT1+RvgH7OP
WoE56DiW4P8SpTxfVsvYozlEYI3NTvx3sje8+iuDc3+/DGjOT4THu9cOcrCyVtkx
3AK62QQwu+iyrI2yBWwL1WOb6vIoF04qs6ztUw/lirSwMNH9eEjhqJr+zbdhcaI9
qst0dqSCel40cEtmCRBsH3FbD2CjgePYjVvqlwHMOFaZ/g5g+Y55STIPTx03c4wD
anuQNRtC/ZR2JQ9bvxHGXp6IblGPJxA/vLS9tcuY45HxiusmMmuYyf/B6fMDXipL
CFdZqxTBXKsIOCHDiquXZiRKrdvGnZwegWb2EaxYfR6Ibukq
-----END CERTIFICATE-----