Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/zuXJbp-JYFxMmWj9XdcLQHi0yrw.roa
File:                     zuXJbp-JYFxMmWj9XdcLQHi0yrw.roa (raw, json)
Hash identifier:          VOtwpuK0Kr6KYNr5b4+43BpYw2A+Nr3pOgi0+7HxvDw=
Subject key identifier:   CE:E5:C9:6E:9F:89:60:5C:4C:99:68:FD:5D:D7:0B:40:78:B4:CA:BC
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0197FA03E585DE808E24397E63F4BB684942
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/zuXJbp-JYFxMmWj9XdcLQHi0yrw.roa
Signing time:             Fri 11 Jul 2025 15:04:08 +0000
ROA not before:           Fri 11 Jul 2025 15:04:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50340
IP address blocks:        2a11:7887::/32 maxlen: 32
                          2a12:2cc7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 17:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fa:03:e5:85:de:80:8e:24:39:7e:63:f4:bb:68:49:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jul 11 15:04:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cee5c96e9f89605c4c9968fd5dd70b4078b4cabc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:76:9e:d3:d4:21:ac:bb:8e:d9:81:ad:64:9b:
                    f7:c2:c6:35:e6:a0:e6:bc:7d:2f:05:65:a1:58:06:
                    e4:82:a4:7d:84:07:19:b5:b9:b3:b6:9e:1f:24:3e:
                    2f:ea:00:fa:3c:33:c7:3f:5c:a6:6d:85:18:4b:f0:
                    a6:92:a8:6e:6a:c7:be:c1:10:c0:98:03:d4:d9:8b:
                    23:d7:a4:08:0f:77:e4:0d:27:c8:43:6b:0b:0e:fc:
                    ff:97:ac:e8:10:08:60:4d:75:89:fe:d6:46:f7:4c:
                    f6:fb:06:91:7e:59:11:1f:68:7f:73:c4:74:6c:bf:
                    37:87:0b:ee:c5:4d:a5:d2:af:04:2c:ae:ff:52:8e:
                    67:ea:69:61:33:2c:c4:b0:14:2b:ea:a8:9c:14:8c:
                    4c:e1:ca:76:2b:8e:a3:52:3f:76:1f:97:c7:e8:2a:
                    55:84:17:63:24:87:0b:b0:c1:7e:0b:87:8e:e7:1b:
                    a6:cf:42:32:18:e5:ca:80:1a:d0:23:03:8e:63:36:
                    ae:9d:ed:0f:70:7c:bd:a3:ad:f9:9a:fa:41:9d:c9:
                    6a:31:f2:b3:8b:20:e5:c2:ce:7f:43:47:a6:06:69:
                    2b:e1:8c:c3:05:a1:ab:23:45:01:1d:5d:23:a6:3b:
                    54:d6:df:65:87:75:ca:a9:d5:34:11:74:bc:28:10:
                    3a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:E5:C9:6E:9F:89:60:5C:4C:99:68:FD:5D:D7:0B:40:78:B4:CA:BC
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/zuXJbp-JYFxMmWj9XdcLQHi0yrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7887::/32
                  2a12:2cc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:4b:65:91:96:fd:4e:7d:09:39:75:ea:4f:4a:42:32:ac:ed:
         00:f5:b9:c8:9c:01:6f:20:a2:3f:02:b1:44:ea:c7:b5:7c:82:
         9f:f8:a4:18:ac:0f:95:db:61:97:97:30:8e:70:d0:58:d4:c9:
         ca:14:82:4a:dc:50:83:2f:4f:15:6f:98:c2:91:5d:8c:9d:ff:
         65:98:a8:b6:98:bc:de:8b:c1:ea:61:69:58:9d:b9:ee:2e:88:
         6c:3e:7a:6c:7d:3f:56:0c:cb:e0:80:fb:a7:22:27:6b:ec:ce:
         c3:07:f8:53:c3:ac:65:15:29:99:23:e9:89:82:0c:19:76:95:
         32:32:f3:96:3f:f2:d5:e9:35:fb:bc:5c:7c:61:e9:64:0c:28:
         cf:f4:c8:78:19:85:6f:dc:6d:a5:8b:fa:25:05:4b:49:35:d8:
         1b:94:02:57:cb:e4:50:ef:c6:a3:0f:ef:b4:13:31:b8:76:b4:
         0b:70:e4:03:40:b0:ab:2d:dc:a7:a6:d3:27:77:c1:29:fc:89:
         97:c3:ad:71:20:ed:e2:2c:da:66:ce:42:24:2d:e9:d3:1c:85:
         90:54:ee:3d:83:21:fb:21:ac:82:4f:5e:72:f9:47:b1:5e:1a:
         dc:da:f2:c9:d3:46:20:6a:13:12:3c:74:6f:85:47:b3:bc:ed:
         d3:51:79:26
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZf6A+WF3oCOJDl+Y/S7aElCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNzExMTUwNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWU1Yzk2ZTlmODk2MDVjNGM5OTY4ZmQ1ZGQ3MGI0MDc4YjRjYWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknae09QhrLuO2YGtZJv3wsY15qDm
vH0vBWWhWAbkgqR9hAcZtbmztp4fJD4v6gD6PDPHP1ymbYUYS/Cmkqhuase+wRDA
mAPU2Ysj16QID3fkDSfIQ2sLDvz/l6zoEAhgTXWJ/tZG90z2+waRflkRH2h/c8R0
bL83hwvuxU2l0q8ELK7/Uo5n6mlhMyzEsBQr6qicFIxM4cp2K46jUj92H5fH6CpV
hBdjJIcLsMF+C4eO5xumz0IyGOXKgBrQIwOOYzaune0PcHy9o635mvpBnclqMfKz
iyDlws5/Q0emBmkr4YzDBaGrI0UBHV0jpjtU1t9lh3XKqdU0EXS8KBA6fQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM7lyW6fiWBcTJlo/V3XC0B4tMq8MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvenVYSmJwLUpZRnhNbVdqOVhkY0xRSGkweXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhF4hwMF
ACoSLMcwDQYJKoZIhvcNAQELBQADggEBACFLZZGW/U59CTl16k9KQjKs7QD1ucic
AW8goj8CsUTqx7V8gp/4pBisD5XbYZeXMI5w0FjUycoUgkrcUIMvTxVvmMKRXYyd
/2WYqLaYvN6LwephaVidue4uiGw+emx9P1YMy+CA+6ciJ2vszsMH+FPDrGUVKZkj
6YmCDBl2lTIy85Y/8tXpNfu8XHxh6WQMKM/0yHgZhW/cbaWL+iUFS0k12BuUAlfL
5FDvxqMP77QTMbh2tAtw5ANAsKst3Kem0yd3wSn8iZfDrXEg7eIs2mbOQiQt6dMc
hZBU7j2DIfshrIJPXnL5R7FeGtza8snTRiBqExI8dG+FR7O87dNReSY=
-----END CERTIFICATE-----