Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/1-O5PDCUIluNLwvL9ckZlTCiic5k.roa
File:                     1-O5PDCUIluNLwvL9ckZlTCiic5k.roa (raw, json)
Hash identifier:          qhMDH/EIRf4uY8j8ZGgtmM3x6fh4+mOzTAkLJHzFbx0=
Subject key identifier:   F8:EE:4F:0C:25:08:96:E3:4B:C2:F2:FD:72:46:65:4C:28:A2:73:99
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0197EED24B54ABD9CA37A62C72BA25BA9F8F
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/1-O5PDCUIluNLwvL9ckZlTCiic5k.roa
Signing time:             Wed 09 Jul 2025 10:54:08 +0000
ROA not before:           Wed 09 Jul 2025 10:54:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208360
IP address blocks:        2a0c:2847::/32 maxlen: 32
                          2a0e:67c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 17:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:d2:4b:54:ab:d9:ca:37:a6:2c:72:ba:25:ba:9f:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jul  9 10:54:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8ee4f0c250896e34bc2f2fd7246654c28a27399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:04:d5:24:e1:5e:2a:84:29:30:5e:33:0d:52:
                    45:40:05:3b:53:6c:e1:b5:8b:bc:67:23:8f:1a:a4:
                    35:9e:6a:fe:6a:50:86:ab:11:83:a3:f7:14:aa:16:
                    e8:95:1d:b7:b8:13:d4:11:17:91:df:dd:26:f8:79:
                    54:2e:33:7a:7e:6a:ba:0e:00:5e:f2:7a:c6:7d:15:
                    fd:fa:fb:13:5a:6a:c6:3d:9c:f7:3c:a7:c5:97:31:
                    71:e5:98:82:0b:27:1b:6c:c0:9d:3c:b1:0a:5b:f9:
                    47:41:6a:6c:ef:75:7f:a2:a9:06:99:9f:d4:de:1a:
                    b3:e7:36:0a:db:ab:a9:c1:27:b1:8e:56:3e:72:f8:
                    47:65:fc:60:a2:56:7d:1b:1f:7e:d4:f4:ab:49:32:
                    72:53:c4:f6:61:3b:07:05:60:08:9e:64:6b:f9:bf:
                    d4:97:6d:79:4f:9d:ad:d7:d7:53:22:08:c8:f2:4e:
                    5b:8e:4e:58:84:37:b2:75:76:62:f1:cb:1e:d8:3c:
                    9d:5b:6b:87:62:26:da:5f:84:ad:e7:5d:73:da:4a:
                    11:dc:96:1b:af:e8:34:58:25:8f:04:a3:6e:db:e9:
                    99:f1:43:cc:65:40:3b:ff:85:49:13:d4:f3:47:ea:
                    52:3d:04:94:8f:94:70:af:1d:3a:61:91:2b:24:d7:
                    70:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:EE:4F:0C:25:08:96:E3:4B:C2:F2:FD:72:46:65:4C:28:A2:73:99
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/1-O5PDCUIluNLwvL9ckZlTCiic5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:2847::/32
                  2a0e:67c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:60:af:88:e5:01:f9:55:b2:b6:a1:d9:38:65:33:97:b9:bc:
         b5:1c:ff:ca:11:ca:b1:d3:6d:00:d4:e1:33:55:4e:4e:b9:8e:
         71:fb:1f:35:d5:63:e9:9b:61:3b:27:5c:4c:54:0f:d8:68:fa:
         11:e1:0d:14:b1:90:a4:d2:79:64:ee:ef:53:5c:60:18:ad:1d:
         6a:a0:e5:98:65:3c:29:19:dd:d7:bc:76:71:40:1f:05:b0:03:
         2d:d3:2f:e4:1c:87:26:2d:d0:36:f1:c3:f2:32:da:ef:5a:79:
         0e:8b:04:bd:32:a9:43:a2:95:d9:88:73:f0:93:5e:6c:80:f4:
         3f:71:f3:09:80:06:20:4b:a5:d2:af:98:27:94:96:08:d9:9f:
         e9:18:38:d3:ce:ce:67:35:53:4c:ec:fb:25:76:4c:b3:fc:25:
         d9:5e:d4:1f:9a:98:73:ed:7a:82:ce:93:6b:7a:1a:01:b8:64:
         f4:e5:52:8d:e6:fa:60:27:78:13:e9:f8:23:4a:6b:79:14:ed:
         72:88:5b:23:c1:c7:c5:27:d0:33:ee:78:6c:d6:ac:59:d1:5e:
         9a:85:a3:6b:67:7e:a5:bf:80:2f:72:92:12:d9:55:c5:e3:4a:
         01:59:b1:d3:08:1b:e5:7b:82:19:05:e0:d8:f1:e6:03:23:d0:
         6a:6c:d1:55
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZfu0ktUq9nKN6Yscrolup+PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNzA5MTA1NDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGVlNGYwYzI1MDg5NmUzNGJjMmYyZmQ3MjQ2NjU0YzI4YTI3Mzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQTVJOFeKoQpMF4zDVJFQAU7U2zh
tYu8ZyOPGqQ1nmr+alCGqxGDo/cUqhbolR23uBPUEReR390m+HlULjN6fmq6DgBe
8nrGfRX9+vsTWmrGPZz3PKfFlzFx5ZiCCycbbMCdPLEKW/lHQWps73V/oqkGmZ/U
3hqz5zYK26upwSexjlY+cvhHZfxgolZ9Gx9+1PSrSTJyU8T2YTsHBWAInmRr+b/U
l215T52t19dTIgjI8k5bjk5YhDeydXZi8cse2DydW2uHYibaX4St511z2koR3JYb
r+g0WCWPBKNu2+mZ8UPMZUA7/4VJE9TzR+pSPQSUj5Rwrx06YZErJNdwVwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPjuTwwlCJbjS8Ly/XJGZUwoonOZMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvMS1PNVBEQ1VJbHVOTHd2TDlja1psVENpaWM1ay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjMvODk3NDQ5LWU5Y2YtNGE3OS04OWNmLTQxYmIyMWFjMjgw
MS8xL3c0S0F4VEFMZElpS3gtdEwtbVFYMmFMbnNMNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQYMBYwFAQCAAIwDgMFACoMKEcD
BQAqDmfFMA0GCSqGSIb3DQEBCwUAA4IBAQCbYK+I5QH5VbK2odk4ZTOXuby1HP/K
Ecqx020A1OEzVU5OuY5x+x811WPpm2E7J1xMVA/YaPoR4Q0UsZCk0nlk7u9TXGAY
rR1qoOWYZTwpGd3XvHZxQB8FsAMt0y/kHIcmLdA28cPyMtrvWnkOiwS9MqlDopXZ
iHPwk15sgPQ/cfMJgAYgS6XSr5gnlJYI2Z/pGDjTzs5nNVNM7Psldkyz/CXZXtQf
mphz7XqCzpNrehoBuGT05VKN5vpgJ3gT6fgjSmt5FO1yiFsjwcfFJ9Az7nhs1qxZ
0V6ahaNrZ36lv4AvcpIS2VXF40oBWbHTCBvle4IZBeDY8eYDI9BqbNFV
-----END CERTIFICATE-----