Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/A-3QSKkhqx2wSKK9h7jwxDvXpEU.roa
File:                     A-3QSKkhqx2wSKK9h7jwxDvXpEU.roa (raw, json)
Hash identifier:          bEZKx8OfCy9DdUeiR0Ng0a43PN8ON/FEasymg/18ipw=
Subject key identifier:   03:ED:D0:48:A9:21:AB:1D:B0:48:A2:BD:87:B8:F0:C4:3B:D7:A4:45
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0197E5FFB04C1405B52470904C4CE89A55F2
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/A-3QSKkhqx2wSKK9h7jwxDvXpEU.roa
Signing time:             Mon 07 Jul 2025 17:47:08 +0000
ROA not before:           Mon 07 Jul 2025 17:47:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206873
IP address blocks:        2a11:15c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 03:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e5:ff:b0:4c:14:05:b5:24:70:90:4c:4c:e8:9a:55:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jul  7 17:47:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03edd048a921ab1db048a2bd87b8f0c43bd7a445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:11:e5:74:90:05:34:2b:90:bb:ee:7f:48:ce:
                    49:c1:c9:fe:dd:51:30:f1:a7:08:15:e4:33:3f:96:
                    b3:36:47:44:41:6f:6d:7b:d9:0e:74:97:7a:34:3f:
                    af:94:b6:37:bf:79:bc:6e:ea:68:04:03:24:c7:37:
                    04:b8:74:94:ba:2e:23:c9:af:1e:52:93:83:07:98:
                    b0:06:29:09:02:33:72:2b:44:0a:67:43:73:87:83:
                    a9:d7:b0:08:bd:c1:46:ec:16:bb:5d:cc:8b:97:99:
                    bb:fc:91:94:fc:0b:d2:c9:72:64:88:f8:89:86:27:
                    ec:18:08:fe:29:df:4a:01:3a:3d:59:d0:81:4b:24:
                    14:bf:d0:6a:2d:a4:0a:39:b3:e7:0e:72:ff:8b:9c:
                    1e:dd:1f:f1:d8:ed:be:df:ca:22:46:a7:52:eb:49:
                    1e:38:b9:d1:3e:1a:fa:4b:b4:d1:91:d4:e3:c6:8e:
                    95:74:44:90:70:0d:43:3a:4a:60:4c:13:d7:68:9f:
                    b9:67:de:61:6f:0d:84:ee:38:a8:25:fc:50:eb:2a:
                    81:e8:60:3b:45:73:a5:61:3e:78:18:83:ed:e4:b2:
                    01:5e:1b:f6:98:01:f6:0f:59:f6:b1:96:96:f3:f8:
                    17:32:1d:94:12:08:a2:f4:c3:22:f3:a7:b0:de:18:
                    86:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:ED:D0:48:A9:21:AB:1D:B0:48:A2:BD:87:B8:F0:C4:3B:D7:A4:45
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/A-3QSKkhqx2wSKK9h7jwxDvXpEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:15c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         d0:8f:26:67:b7:9f:43:a2:38:a0:95:71:4b:8c:bb:f2:09:02:
         88:27:b5:f7:f9:a7:de:98:52:4b:cd:35:20:08:b3:42:ab:2b:
         f6:fa:e6:56:33:2f:23:f7:b4:00:f2:92:96:4b:2a:f0:c9:19:
         1f:2f:57:b4:e5:5c:6d:56:d5:35:cc:c9:3b:90:f6:98:9c:ff:
         e5:60:07:c6:32:5d:c0:4b:74:c9:08:ad:0a:41:0c:44:00:ab:
         cb:1c:0c:85:f4:7e:d7:8d:c3:07:0d:e3:8b:a2:4c:d1:ce:be:
         7c:c7:ca:51:5f:0a:cc:e2:2f:b4:30:2f:30:76:e2:23:ca:f1:
         5f:85:70:ac:64:6e:39:a7:fe:77:7a:53:f1:ac:e5:43:35:f0:
         30:c2:ef:10:8b:ab:63:db:53:dd:92:83:ec:cf:2f:1d:95:d1:
         37:39:54:bb:14:4d:17:40:03:6e:ff:76:88:80:26:1c:d3:5c:
         22:a9:06:02:61:d8:b3:9c:4d:ae:03:a3:bc:27:92:df:f9:9b:
         60:75:03:25:a8:13:74:45:ef:a9:00:25:f9:71:6b:bd:19:99:
         cf:45:4c:2b:81:78:ae:76:4a:8b:cb:a8:d8:a4:34:4c:ef:56:
         2c:2c:07:dc:95:a6:bf:51:49:a6:ea:c4:f1:c0:95:98:bc:01:
         8b:24:c6:38
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfl/7BMFAW1JHCQTEzomlXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNzA3MTc0NzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2VkZDA0OGE5MjFhYjFkYjA0OGEyYmQ4N2I4ZjBjNDNiZDdhNDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5RHldJAFNCuQu+5/SM5Jwcn+3VEw
8acIFeQzP5azNkdEQW9te9kOdJd6ND+vlLY3v3m8bupoBAMkxzcEuHSUui4jya8e
UpODB5iwBikJAjNyK0QKZ0Nzh4Op17AIvcFG7Ba7XcyLl5m7/JGU/AvSyXJkiPiJ
hifsGAj+Kd9KATo9WdCBSyQUv9BqLaQKObPnDnL/i5we3R/x2O2+38oiRqdS60ke
OLnRPhr6S7TRkdTjxo6VdESQcA1DOkpgTBPXaJ+5Z95hbw2E7jioJfxQ6yqB6GA7
RXOlYT54GIPt5LIBXhv2mAH2D1n2sZaW8/gXMh2UEgii9MMi86ew3hiG3QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAPt0EipIasdsEiivYe48MQ716RFMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvQS0zUVNLa2hxeDJ3U0tLOWg3and4RHZYcEVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEVxTAN
BgkqhkiG9w0BAQsFAAOCAQEA0I8mZ7efQ6I4oJVxS4y78gkCiCe19/mn3phSS801
IAizQqsr9vrmVjMvI/e0APKSlksq8MkZHy9XtOVcbVbVNczJO5D2mJz/5WAHxjJd
wEt0yQitCkEMRACryxwMhfR+143DBw3ji6JM0c6+fMfKUV8KzOIvtDAvMHbiI8rx
X4VwrGRuOaf+d3pT8azlQzXwMMLvEIurY9tT3ZKD7M8vHZXRNzlUuxRNF0ADbv92
iIAmHNNcIqkGAmHYs5xNrgOjvCeS3/mbYHUDJagTdEXvqQAl+XFrvRmZz0VMK4F4
rnZKi8uo2KQ0TO9WLCwH3JWmv1FJpurE8cCVmLwBiyTGOA==
-----END CERTIFICATE-----