Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/qR99udIFfEpRtEFNZHXYjFB6UHw.roa
File:                     qR99udIFfEpRtEFNZHXYjFB6UHw.roa (raw, json)
Hash identifier:          Wi7Ba0nUM3WL8aGgOKBbibcsF2DVCoY9kqoqiK4+XEg=
Subject key identifier:   A9:1F:7D:B9:D2:05:7C:4A:51:B4:41:4D:64:75:D8:8C:50:7A:50:7C
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0197F533A9629A8725C4A430DC6E5E7EDA23
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/qR99udIFfEpRtEFNZHXYjFB6UHw.roa
Signing time:             Thu 10 Jul 2025 16:38:13 +0000
ROA not before:           Thu 10 Jul 2025 16:38:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211009
IP address blocks:        2a0c:2840::/32 maxlen: 32
                          2a12:2cc1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f5:33:a9:62:9a:87:25:c4:a4:30:dc:6e:5e:7e:da:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jul 10 16:38:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a91f7db9d2057c4a51b4414d6475d88c507a507c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:a1:10:5e:22:bc:a5:48:69:5a:ee:54:87:56:
                    99:a6:c2:42:1d:15:82:ff:f5:17:cb:94:fb:52:c7:
                    dd:c4:e8:cf:b9:3f:c4:d7:5f:46:b8:52:3d:17:14:
                    2f:9b:fc:85:a7:e5:f7:ac:2e:dc:83:77:19:b1:75:
                    a0:a5:27:a5:0c:7a:5b:8f:27:30:93:60:e6:be:9a:
                    e7:dc:f3:a2:56:6c:fd:8a:e8:1e:8c:dc:9c:bc:f9:
                    00:84:b4:5b:5e:bf:96:88:f1:8a:e8:71:e7:9d:9b:
                    e3:8a:86:c6:ec:f0:08:1a:95:aa:76:fb:ad:68:ee:
                    05:e5:bd:36:43:4c:14:1c:1d:11:3c:0a:dc:18:09:
                    5f:32:ad:37:bf:bf:fa:68:20:f8:d3:bd:76:79:c6:
                    d7:96:67:3c:25:06:53:f2:58:41:09:0e:5d:32:44:
                    2a:36:cb:12:11:be:8e:5d:32:9a:ed:cd:28:52:2c:
                    7b:e0:7d:05:87:42:dc:2c:08:87:8c:b0:2b:7f:11:
                    3c:66:0f:da:b5:1d:0d:d3:a7:89:89:36:5e:f4:38:
                    2a:fa:22:33:a7:e5:3a:c8:3c:5a:3a:93:b3:04:1f:
                    97:83:54:dc:88:b6:00:fa:85:e2:7f:fe:36:37:69:
                    de:7d:9a:3d:8d:3d:9c:49:20:4f:97:cd:b7:53:c4:
                    25:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:1F:7D:B9:D2:05:7C:4A:51:B4:41:4D:64:75:D8:8C:50:7A:50:7C
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/qR99udIFfEpRtEFNZHXYjFB6UHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:2840::/32
                  2a12:2cc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:e3:b7:61:b5:d7:a4:1e:b8:59:d4:95:30:61:a2:13:68:32:
         34:3a:c3:59:80:97:70:d5:5f:85:97:2f:89:ca:0a:7f:fb:49:
         44:d9:61:70:51:b5:a2:ec:e9:bf:65:9b:83:af:79:a2:08:f1:
         b5:e4:99:a2:4e:bf:85:56:5c:89:76:40:da:17:e8:3e:21:ec:
         6c:2d:7f:8c:9f:61:00:c7:50:02:de:ad:3f:9c:cc:20:8e:b6:
         1b:67:af:f6:0d:d2:1f:3e:2a:49:34:b0:a6:b3:be:ce:93:8b:
         07:48:70:e4:e6:68:d3:60:5d:f2:b4:b7:d5:3c:ce:6a:02:5d:
         26:83:f2:24:a2:22:d7:41:93:e1:08:9f:fd:e5:26:62:45:05:
         bf:7b:24:47:b8:57:bd:73:0e:7d:ca:a7:36:0d:e0:b2:33:a9:
         f6:04:e3:46:24:72:24:54:aa:e4:b0:5f:ea:5b:da:4e:e3:e9:
         1c:82:7f:09:ee:1d:83:e4:b0:31:c6:16:4e:80:4f:31:7f:5c:
         08:61:dc:e4:ed:82:bc:8c:3e:fe:df:2e:d2:3c:29:a6:98:52:
         5f:9f:f5:0e:96:cd:d9:83:37:10:a5:c2:d8:99:e3:aa:34:0c:
         7c:ad:72:74:7f:10:54:59:c2:73:f2:3a:8c:9e:2a:b8:c4:f3:
         ac:79:0e:0a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZf1M6limoclxKQw3G5eftojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNzEwMTYzODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTFmN2RiOWQyMDU3YzRhNTFiNDQxNGQ2NDc1ZDg4YzUwN2E1MDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5qEQXiK8pUhpWu5Uh1aZpsJCHRWC
//UXy5T7UsfdxOjPuT/E119GuFI9FxQvm/yFp+X3rC7cg3cZsXWgpSelDHpbjycw
k2Dmvprn3POiVmz9iugejNycvPkAhLRbXr+WiPGK6HHnnZvjiobG7PAIGpWqdvut
aO4F5b02Q0wUHB0RPArcGAlfMq03v7/6aCD40712ecbXlmc8JQZT8lhBCQ5dMkQq
NssSEb6OXTKa7c0oUix74H0Fh0LcLAiHjLArfxE8Zg/atR0N06eJiTZe9Dgq+iIz
p+U6yDxaOpOzBB+Xg1TciLYA+oXif/42N2nefZo9jT2cSSBPl823U8QlwwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKkffbnSBXxKUbRBTWR12IxQelB8MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvcVI5OXVkSUZmRXBSdEVGTlpIWFlqRkI2VUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgwoQAMF
ACoSLMEwDQYJKoZIhvcNAQELBQADggEBAHDjt2G116QeuFnUlTBhohNoMjQ6w1mA
l3DVX4WXL4nKCn/7SUTZYXBRtaLs6b9lm4OveaII8bXkmaJOv4VWXIl2QNoX6D4h
7Gwtf4yfYQDHUALerT+czCCOthtnr/YN0h8+Kkk0sKazvs6TiwdIcOTmaNNgXfK0
t9U8zmoCXSaD8iSiItdBk+EIn/3lJmJFBb97JEe4V71zDn3KpzYN4LIzqfYE40Yk
ciRUquSwX+pb2k7j6RyCfwnuHYPksDHGFk6ATzF/XAhh3OTtgryMPv7fLtI8KaaY
Ul+f9Q6WzdmDNxClwtiZ46o0DHytcnR/EFRZwnPyOoyeKrjE86x5Dgo=
-----END CERTIFICATE-----