Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/IpV-26RSBCyAkVzi7Inj30YgLcM.roa
File:                     IpV-26RSBCyAkVzi7Inj30YgLcM.roa (raw, json)
Hash identifier:          ivn8CGpeMH35yLdwrBkCj0ryi6QOV70S64s8vxb45yQ=
Subject key identifier:   22:95:7E:DB:A4:52:04:2C:80:91:5C:E2:EC:89:E3:DF:46:20:2D:C3
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       019837C26B5D6616A733A00B83F3D897CDCD
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/IpV-26RSBCyAkVzi7Inj30YgLcM.roa
Signing time:             Wed 23 Jul 2025 14:49:05 +0000
ROA not before:           Wed 23 Jul 2025 14:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206306
IP address blocks:        2a12:3bc6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:37:c2:6b:5d:66:16:a7:33:a0:0b:83:f3:d8:97:cd:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jul 23 14:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22957edba452042c80915ce2ec89e3df46202dc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f8:3d:56:fa:17:b7:1a:b6:99:ce:0d:72:52:
                    51:8c:ba:36:4a:08:e1:2a:89:0f:2d:98:b1:57:3b:
                    3b:32:ad:28:db:62:49:3f:bc:90:f2:92:5a:48:6b:
                    f5:76:7f:64:52:8e:94:f9:36:50:ad:5c:2f:56:b4:
                    55:f3:d0:94:de:6c:c6:73:2d:d2:05:ac:46:3c:da:
                    26:3f:9b:34:2b:d5:ad:92:6a:c7:be:cc:4e:8f:b6:
                    95:1a:87:f7:3e:1f:52:da:10:7a:62:8c:c9:13:bb:
                    3b:2d:e6:b2:39:58:0b:d4:39:0e:12:4c:19:28:f6:
                    04:9e:c1:13:02:20:5f:a0:28:cb:68:7d:a1:c2:f5:
                    c4:17:cd:e9:43:c0:50:a9:31:17:28:e6:43:e1:0e:
                    92:4a:0b:02:bb:ad:f5:5a:24:b1:68:94:7d:af:69:
                    43:9b:2b:2b:b2:dd:a5:8f:d8:8b:5c:55:dd:fe:19:
                    4f:8e:d4:85:13:36:f7:b4:96:f3:b0:7b:9d:1f:f3:
                    ab:42:e4:63:5a:20:3b:9d:d5:18:df:40:9a:65:1c:
                    30:7d:40:a2:73:f9:ac:95:ee:a8:f7:ae:82:97:bc:
                    be:c9:81:7c:14:97:0b:1c:60:05:0a:d6:3a:24:a9:
                    77:51:e1:5d:63:89:6e:41:32:ec:4e:5c:ee:eb:8d:
                    dd:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:95:7E:DB:A4:52:04:2C:80:91:5C:E2:EC:89:E3:DF:46:20:2D:C3
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/IpV-26RSBCyAkVzi7Inj30YgLcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3bc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         c6:9a:f9:81:01:0c:a5:29:56:53:23:71:5e:85:7d:af:d5:5d:
         c8:29:03:ed:2f:ba:08:4f:87:ed:66:32:80:06:f6:66:e5:9f:
         88:50:a6:bf:bd:fe:18:9f:1a:3f:e5:36:fa:d8:05:7c:ef:fc:
         98:7a:05:e2:65:ee:f3:28:ea:4e:08:02:b5:63:71:f5:eb:4b:
         b4:0e:41:ed:e1:ab:fa:8b:29:a3:ba:24:8a:95:ae:ff:4d:2b:
         b9:3e:19:c9:cd:70:20:67:9b:b2:6f:ae:49:b2:c6:8c:86:41:
         42:5c:7a:8e:5b:ec:e0:be:0c:d3:a5:f8:1c:99:b3:1e:29:3f:
         ec:b7:76:df:45:c4:d4:03:db:33:1d:01:b7:b7:20:a4:82:bc:
         f0:69:cd:50:f4:71:43:72:9c:dd:e1:4c:6e:cd:fa:ff:d0:d7:
         01:bf:32:ea:d5:06:9d:77:cc:1e:9f:1e:47:61:1a:c9:08:1e:
         e1:db:fe:1c:e8:a5:6d:6f:d3:c4:8c:8f:69:0f:67:29:23:fb:
         f3:ab:e3:cc:89:21:59:05:96:6d:90:71:f0:d0:2f:0c:f2:67:
         25:6a:31:b8:3d:36:ab:e2:75:ab:3b:f4:70:73:2f:9b:49:d2:
         7d:a5:1c:04:a5:54:19:19:48:95:e4:bf:79:bc:75:01:49:4c:
         4b:06:42:02
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZg3wmtdZhanM6ALg/PYl83NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNzIzMTQ0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjk1N2VkYmE0NTIwNDJjODA5MTVjZTJlYzg5ZTNkZjQ2MjAyZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/g9VvoXtxq2mc4NclJRjLo2Sgjh
KokPLZixVzs7Mq0o22JJP7yQ8pJaSGv1dn9kUo6U+TZQrVwvVrRV89CU3mzGcy3S
BaxGPNomP5s0K9WtkmrHvsxOj7aVGof3Ph9S2hB6YozJE7s7LeayOVgL1DkOEkwZ
KPYEnsETAiBfoCjLaH2hwvXEF83pQ8BQqTEXKOZD4Q6SSgsCu631WiSxaJR9r2lD
mysrst2lj9iLXFXd/hlPjtSFEzb3tJbzsHudH/OrQuRjWiA7ndUY30CaZRwwfUCi
c/msle6o966Cl7y+yYF8FJcLHGAFCtY6JKl3UeFdY4luQTLsTlzu643dUQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCKVftukUgQsgJFc4uyJ499GIC3DMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvSXBWLTI2UlNCQ3lBa1Z6aTdJbmozMFlnTGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhI7xjAN
BgkqhkiG9w0BAQsFAAOCAQEAxpr5gQEMpSlWUyNxXoV9r9VdyCkD7S+6CE+H7WYy
gAb2ZuWfiFCmv73+GJ8aP+U2+tgFfO/8mHoF4mXu8yjqTggCtWNx9etLtA5B7eGr
+ospo7okipWu/00ruT4Zyc1wIGebsm+uSbLGjIZBQlx6jlvs4L4M06X4HJmzHik/
7Ld230XE1APbMx0Bt7cgpIK88GnNUPRxQ3Kc3eFMbs36/9DXAb8y6tUGnXfMHp8e
R2EayQge4dv+HOilbW/TxIyPaQ9nKSP786vjzIkhWQWWbZBx8NAvDPJnJWoxuD02
q+J1qzv0cHMvm0nSfaUcBKVUGRlIleS/ebx1AUlMSwZCAg==
-----END CERTIFICATE-----