Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/FafnGioXQ9wljFkhuJJdCKFjkww.roa
File:                     FafnGioXQ9wljFkhuJJdCKFjkww.roa (raw, json)
Hash identifier:          eKLUYDySvMyLsJDItXiTd2pY6vCov8KOTfhRVaTgfs8=
Subject key identifier:   15:A7:E7:1A:2A:17:43:DC:25:8C:59:21:B8:92:5D:08:A1:63:93:0C
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       01982DE78A6B54FEA852B6BCC9EAFE59BA46
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/FafnGioXQ9wljFkhuJJdCKFjkww.roa
Signing time:             Mon 21 Jul 2025 16:53:25 +0000
ROA not before:           Mon 21 Jul 2025 16:53:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a11:b785::/32 maxlen: 32
                          2a12:4c06::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 01:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:e7:8a:6b:54:fe:a8:52:b6:bc:c9:ea:fe:59:ba:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Jul 21 16:53:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15a7e71a2a1743dc258c5921b8925d08a163930c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f2:48:ab:59:ad:b5:11:59:80:3a:5e:ba:6a:
                    1a:52:b5:78:5d:57:8b:ab:67:f1:c7:17:40:0b:73:
                    54:af:1a:34:90:11:37:6d:b2:89:43:f5:0b:10:f7:
                    89:22:64:b7:57:fd:1f:e7:a1:2e:63:ba:86:ed:2a:
                    d0:c3:38:34:f5:26:51:8a:57:11:98:35:45:19:33:
                    0e:85:a1:40:44:9c:1c:90:50:19:2f:03:17:93:2f:
                    d3:5c:f4:e5:a2:83:ec:45:df:e3:62:7e:4a:9d:45:
                    33:8c:46:f9:5d:02:b4:3c:f9:71:92:bc:3f:de:17:
                    ec:3a:32:f2:ab:70:ae:8d:69:90:31:8a:b4:74:f0:
                    51:33:1f:57:38:dd:e8:a9:96:03:83:5f:46:61:79:
                    3d:02:5f:2a:5d:8f:0b:0c:e5:97:34:e1:44:01:ad:
                    3a:a3:b1:2c:ef:80:f6:dd:74:98:ee:97:dc:cb:e0:
                    69:01:1d:8e:15:2f:05:07:eb:c8:23:9d:70:45:bd:
                    5c:97:93:18:d6:60:b6:fb:27:5b:9a:e9:ea:be:2b:
                    29:1d:89:86:3e:22:57:5c:bc:60:3e:75:86:6a:62:
                    89:37:c8:2d:ef:fa:a5:a5:5b:74:bb:23:cb:93:ab:
                    c3:99:c5:0b:3a:8f:92:a5:fb:0f:79:f8:05:98:ee:
                    e0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A7:E7:1A:2A:17:43:DC:25:8C:59:21:B8:92:5D:08:A1:63:93:0C
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/FafnGioXQ9wljFkhuJJdCKFjkww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:b785::/32
                  2a12:4c06::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:5b:09:12:57:10:ce:ce:d7:82:82:61:a7:14:bd:68:42:8c:
         a0:ad:33:32:a9:6a:9e:38:e9:4e:ce:c8:1e:26:bf:61:5f:12:
         25:d1:0e:7f:fc:f1:ab:e0:4a:ef:95:63:68:57:d7:21:dd:b3:
         be:be:45:69:28:4e:00:ac:31:82:17:83:e2:7a:4d:62:15:36:
         5e:13:d9:ce:c4:fd:7e:55:2d:74:89:23:c6:53:23:bb:e9:a5:
         a1:96:de:87:4b:f1:1c:91:fe:5c:57:d5:85:67:2c:9d:f1:4c:
         70:56:97:f2:6a:96:d9:3a:44:5d:e3:ee:3c:24:9b:17:87:ba:
         8e:6a:33:2b:66:6c:fd:c4:30:90:5c:28:47:16:41:f0:37:bc:
         85:f6:61:e8:8a:85:0a:26:85:cf:60:e5:2c:01:11:c2:6f:09:
         38:9b:03:7b:d3:e5:4a:e7:e1:f0:8a:15:a9:25:8f:c9:d1:f5:
         02:d7:b3:3d:99:6f:95:e2:37:d5:e1:fe:33:91:4c:31:0d:06:
         71:d2:f9:7a:c5:39:c9:60:4b:c2:54:53:f0:db:aa:29:6d:40:
         d8:82:fb:5a:ad:fb:54:4e:6b:6c:39:5b:e4:4c:da:29:14:f8:
         14:3b:b6:7a:f9:d8:e1:11:4d:53:3f:e9:0e:87:0a:72:3d:4e:
         ae:ed:26:cb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZgt54prVP6oUra8yer+WbpGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNzIxMTY1MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWE3ZTcxYTJhMTc0M2RjMjU4YzU5MjFiODkyNWQwOGExNjM5MzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/JIq1mttRFZgDpeumoaUrV4XVeL
q2fxxxdAC3NUrxo0kBE3bbKJQ/ULEPeJImS3V/0f56EuY7qG7SrQwzg09SZRilcR
mDVFGTMOhaFARJwckFAZLwMXky/TXPTlooPsRd/jYn5KnUUzjEb5XQK0PPlxkrw/
3hfsOjLyq3CujWmQMYq0dPBRMx9XON3oqZYDg19GYXk9Al8qXY8LDOWXNOFEAa06
o7Es74D23XSY7pfcy+BpAR2OFS8FB+vII51wRb1cl5MY1mC2+ydbmunqvispHYmG
PiJXXLxgPnWGamKJN8gt7/qlpVt0uyPLk6vDmcULOo+SpfsPefgFmO7gSwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBWn5xoqF0PcJYxZIbiSXQihY5MMMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvRmFmbkdpb1hROXdsakZraHVKSmRDS0Zqa3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhG3hQMF
ACoSTAYwDQYJKoZIhvcNAQELBQADggEBACVbCRJXEM7O14KCYacUvWhCjKCtMzKp
ap446U7OyB4mv2FfEiXRDn/88avgSu+VY2hX1yHds76+RWkoTgCsMYIXg+J6TWIV
Nl4T2c7E/X5VLXSJI8ZTI7vppaGW3odL8RyR/lxX1YVnLJ3xTHBWl/Jqltk6RF3j
7jwkmxeHuo5qMytmbP3EMJBcKEcWQfA3vIX2YeiKhQomhc9g5SwBEcJvCTibA3vT
5Urn4fCKFaklj8nR9QLXsz2Zb5XiN9Xh/jORTDENBnHS+XrFOclgS8JUU/Dbqilt
QNiC+1qt+1ROa2w5W+RM2ikU+BQ7tnr52OERTVM/6Q6HCnI9Tq7tJss=
-----END CERTIFICATE-----