Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/HpOi7c_S_v8OgGfAcW8YhSlJRVk.roa
File:                     HpOi7c_S_v8OgGfAcW8YhSlJRVk.roa (raw, json)
Hash identifier:          CM7jTteVy3XFQV9Gw/Amlvv4uEMdN4ootFhXdwUocaA=
Subject key identifier:   1E:93:A2:ED:CF:D2:FE:FF:0E:80:67:C0:71:6F:18:85:29:49:45:59
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       0197E57077AA07D7440CCD4FC6743C175923
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/HpOi7c_S_v8OgGfAcW8YhSlJRVk.roa
Signing time:             Mon 07 Jul 2025 15:10:42 +0000
ROA not before:           Mon 07 Jul 2025 15:10:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204916
IP address blocks:        2a11:1640::/29 maxlen: 29
                          2a11:3340::/29 maxlen: 29
                          2a11:65c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 13:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e5:70:77:aa:07:d7:44:0c:cd:4f:c6:74:3c:17:59:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Jul  7 15:10:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e93a2edcfd2feff0e8067c0716f188529494559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:82:a1:03:87:d9:03:1e:01:3a:de:32:0a:f9:
                    61:88:2a:a3:bb:f0:ba:a2:50:af:98:fe:cf:78:ec:
                    71:27:3e:0e:f0:8e:93:64:0d:8b:6b:3d:38:e7:e1:
                    b8:3e:be:92:6a:cf:ff:23:ac:6b:4b:54:11:85:12:
                    95:19:ea:10:05:cd:c2:73:15:a3:5f:98:b5:d6:ff:
                    36:fc:d4:2b:98:58:10:6f:fc:e0:4c:d5:81:62:16:
                    fe:11:d3:af:ca:06:f7:88:cc:dd:c2:ba:5d:5b:0b:
                    53:4a:05:1b:30:9a:f7:fd:07:e4:e4:e9:a4:c0:f9:
                    ce:fe:3c:de:63:53:6b:c5:cb:e7:e0:94:27:65:e2:
                    6a:21:5c:e6:18:72:e4:8a:17:c1:b1:3e:ab:82:10:
                    2b:5c:88:8d:05:ed:cd:6f:99:48:14:57:a5:84:13:
                    81:0d:4e:f7:bc:1a:7f:c0:ab:d6:41:88:f5:2f:35:
                    5c:67:81:ec:6d:dc:98:e9:b9:32:4a:92:18:fe:68:
                    b2:4f:cf:13:78:1e:62:cf:01:25:e9:b8:23:0c:c5:
                    6e:81:a3:21:88:ad:a4:54:e8:93:1d:64:be:1d:2b:
                    c8:17:34:ce:93:c2:66:2f:aa:47:3b:7b:96:eb:c6:
                    2f:6b:d9:02:99:f6:38:ca:ab:33:77:e1:04:97:76:
                    88:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:93:A2:ED:CF:D2:FE:FF:0E:80:67:C0:71:6F:18:85:29:49:45:59
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/HpOi7c_S_v8OgGfAcW8YhSlJRVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1640::/29
                  2a11:3340::/29
                  2a11:65c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:aa:9f:09:4a:e0:8d:95:8d:71:a5:4a:62:6c:76:1a:2f:a0:
         72:11:2f:53:25:2f:48:72:95:d5:25:80:70:d9:e0:86:e5:d4:
         84:8b:78:fe:69:06:21:a5:56:0e:ef:5e:82:27:ac:85:5a:45:
         60:95:21:b0:1a:26:4a:07:e3:95:47:de:32:9b:b9:d1:27:54:
         fc:13:51:f7:71:a8:68:34:d1:fb:08:ea:1e:15:b4:20:6d:78:
         64:21:2a:e2:58:78:9d:1b:d8:3c:24:5d:5e:be:ec:68:bb:16:
         4c:46:b7:7c:7a:09:c8:83:48:22:af:52:13:fe:f4:28:99:7a:
         26:57:3a:0a:44:9e:6d:47:f7:b7:46:52:ab:24:53:84:60:91:
         70:a4:52:ee:5c:48:9d:eb:de:7e:97:bf:3c:fd:75:f2:2e:fa:
         12:f2:ac:0c:e2:6a:44:6f:5e:ba:4b:1b:b1:a9:26:dd:58:1c:
         7e:75:fc:42:da:34:8e:40:88:fd:2d:38:4d:e1:7e:0a:17:fc:
         ec:dd:3b:95:4f:e0:86:83:a5:92:d9:72:f7:a1:0e:ea:a3:f5:
         7d:10:43:6b:36:4b:78:0a:3b:f3:2b:74:76:0c:41:cd:ca:74:
         0c:46:b2:af:91:2a:cd:91:36:cf:43:18:df:f4:75:69:4d:f2:
         51:b9:d0:a5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZflcHeqB9dEDM1PxnQ8F1kjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNzA3MTUxMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTkzYTJlZGNmZDJmZWZmMGU4MDY3YzA3MTZmMTg4NTI5NDk0NTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIKhA4fZAx4BOt4yCvlhiCqju/C6
olCvmP7PeOxxJz4O8I6TZA2Laz045+G4Pr6Sas//I6xrS1QRhRKVGeoQBc3CcxWj
X5i11v82/NQrmFgQb/zgTNWBYhb+EdOvygb3iMzdwrpdWwtTSgUbMJr3/Qfk5Omk
wPnO/jzeY1Nrxcvn4JQnZeJqIVzmGHLkihfBsT6rghArXIiNBe3Nb5lIFFelhBOB
DU73vBp/wKvWQYj1LzVcZ4HsbdyY6bkySpIY/miyT88TeB5izwEl6bgjDMVugaMh
iK2kVOiTHWS+HSvIFzTOk8JmL6pHO3uW68Yva9kCmfY4yqszd+EEl3aIWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB6Tou3P0v7/DoBnwHFvGIUpSUVZMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvSHBPaTdjX1NfdjhPZ0dmQWNXOFloU2xKUlZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhEWQAMF
AyoRM0ADBQMqEWXAMA0GCSqGSIb3DQEBCwUAA4IBAQBsqp8JSuCNlY1xpUpibHYa
L6ByES9TJS9IcpXVJYBw2eCG5dSEi3j+aQYhpVYO716CJ6yFWkVglSGwGiZKB+OV
R94ym7nRJ1T8E1H3cahoNNH7COoeFbQgbXhkISriWHidG9g8JF1evuxouxZMRrd8
egnIg0gir1IT/vQomXomVzoKRJ5tR/e3RlKrJFOEYJFwpFLuXEid695+l788/XXy
LvoS8qwM4mpEb166SxuxqSbdWBx+dfxC2jSOQIj9LThN4X4KF/zs3TuVT+CGg6WS
2XL3oQ7qo/V9EENrNkt4CjvzK3R2DEHNynQMRrKvkSrNkTbPQxjf9HVpTfJRudCl
-----END CERTIFICATE-----