Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/82871e-52a0-40df-ae3d-76fa515b4b6e/1/YZaUjQlCbflfEUbT2gpPLo1ny_U.roa
File:                     YZaUjQlCbflfEUbT2gpPLo1ny_U.roa (raw, json)
Hash identifier:          +SwgIn7dK0HQ0r746yPpM+Y8qQkIQQdi0ZZhu/E+a8Q=
Subject key identifier:   61:96:94:8D:09:42:6D:F9:5F:11:46:D3:DA:0A:4F:2E:8D:67:CB:F5
Certificate issuer:       /CN=d94468f3cc3f386f26e6281b7fa8b0c3bb236a06
Certificate serial:       019806A00B61221D865B0F50A5123F05C2BB
Authority key identifier: D9:44:68:F3:CC:3F:38:6F:26:E6:28:1B:7F:A8:B0:C3:BB:23:6A:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2URo88w_OG8m5igbf6iww7sjagY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/82871e-52a0-40df-ae3d-76fa515b4b6e/1/YZaUjQlCbflfEUbT2gpPLo1ny_U.roa
Signing time:             Mon 14 Jul 2025 01:50:08 +0000
ROA not before:           Mon 14 Jul 2025 01:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        2a04:a3c7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/82871e-52a0-40df-ae3d-76fa515b4b6e/1/2URo88w_OG8m5igbf6iww7sjagY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/82871e-52a0-40df-ae3d-76fa515b4b6e/1/2URo88w_OG8m5igbf6iww7sjagY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2URo88w_OG8m5igbf6iww7sjagY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 04:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:06:a0:0b:61:22:1d:86:5b:0f:50:a5:12:3f:05:c2:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d94468f3cc3f386f26e6281b7fa8b0c3bb236a06
        Validity
            Not Before: Jul 14 01:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6196948d09426df95f1146d3da0a4f2e8d67cbf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a9:78:42:58:07:c8:3a:11:5d:31:6a:6e:20:
                    b6:57:ba:c8:fa:f7:e0:49:53:b2:4c:db:76:1d:fc:
                    11:e5:9d:1e:cb:ba:6d:57:5a:c7:eb:e9:81:44:d5:
                    58:75:28:93:7f:4b:ea:65:20:aa:26:43:7e:f1:ff:
                    39:0a:a6:89:ea:76:86:1d:b3:cf:8d:c6:87:18:5f:
                    46:69:28:55:f2:17:af:46:95:7f:59:33:c8:98:fd:
                    c1:e0:65:17:9c:ed:74:0b:03:08:d6:72:9d:dd:e6:
                    11:bd:d2:22:d8:f6:84:d5:ab:53:1a:75:b4:23:19:
                    e3:b7:4d:4b:ab:b4:51:08:2b:39:a4:7a:e7:05:2d:
                    30:d0:ee:5a:61:1d:5a:f3:6f:56:b7:0a:72:98:0e:
                    f2:1e:6e:2c:27:75:94:d7:f8:50:dd:f2:02:f8:a0:
                    02:85:c1:b4:dc:75:f5:fa:d1:f8:3f:22:80:40:f2:
                    3d:55:08:70:24:fe:e7:07:d6:08:4b:73:88:e3:9f:
                    f0:f4:7a:2a:cd:3f:13:49:b3:99:eb:a5:7b:34:27:
                    96:12:6e:0c:7f:b5:2e:f0:bc:14:7e:a8:f9:8d:83:
                    92:ec:91:79:3a:85:80:2e:20:d0:9a:5c:24:be:3d:
                    1c:45:68:30:4a:dd:21:a9:b3:d5:f6:04:97:a3:7d:
                    1e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:96:94:8D:09:42:6D:F9:5F:11:46:D3:DA:0A:4F:2E:8D:67:CB:F5
            X509v3 Authority Key Identifier:
                keyid:D9:44:68:F3:CC:3F:38:6F:26:E6:28:1B:7F:A8:B0:C3:BB:23:6A:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2URo88w_OG8m5igbf6iww7sjagY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/82871e-52a0-40df-ae3d-76fa515b4b6e/1/YZaUjQlCbflfEUbT2gpPLo1ny_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/82871e-52a0-40df-ae3d-76fa515b4b6e/1/2URo88w_OG8m5igbf6iww7sjagY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:a3c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:a9:6a:82:07:36:0b:b9:8e:1b:da:ff:c6:ed:59:2f:2c:72:
         ba:e7:f6:d3:b8:51:9d:24:ec:b7:e4:c6:fc:d5:f9:a2:26:47:
         d6:d6:c2:63:82:a5:97:81:3b:d2:5b:fb:8b:3c:6e:6b:6b:bf:
         8c:86:7d:66:9d:37:0e:a1:b3:8a:fc:77:fd:c0:a1:c5:ab:91:
         69:8a:74:aa:7a:25:89:92:a4:e7:71:a9:f0:4b:5f:41:27:ce:
         da:b8:8c:d4:32:8d:17:66:87:f2:6d:d1:a3:de:79:d1:3c:e4:
         66:58:6d:4e:4b:84:a2:1f:03:29:e9:75:c8:64:70:6f:20:1f:
         48:bc:3f:1a:33:f2:89:46:b2:07:3d:a2:39:3e:bf:5f:22:9b:
         34:c8:d5:2f:1a:98:83:08:7e:7d:a5:50:34:48:92:bf:24:1f:
         10:1d:de:a9:e7:53:3f:03:49:9b:58:71:28:3e:61:fe:68:aa:
         96:32:80:52:2b:49:c0:b6:2a:c4:2b:9e:6c:d1:b3:cd:0f:e1:
         9b:a8:47:1f:1d:3e:4e:cf:d9:35:14:07:8d:27:25:ed:8e:58:
         ca:a8:df:99:ad:70:4b:54:4b:1c:56:58:fb:bb:ff:b7:08:b1:
         8a:47:04:cd:46:b6:2e:85:07:9a:41:4f:b7:95:86:22:fe:ea:
         8a:6f:88:9f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgGoAthIh2GWw9QpRI/BcK7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NDQ2OGYzY2MzZjM4NmYyNmU2MjgxYjdmYThiMGMzYmIy
MzZhMDYwHhcNMjUwNzE0MDE1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTk2OTQ4ZDA5NDI2ZGY5NWYxMTQ2ZDNkYTBhNGYyZThkNjdjYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAval4QlgHyDoRXTFqbiC2V7rI+vfg
SVOyTNt2HfwR5Z0ey7ptV1rH6+mBRNVYdSiTf0vqZSCqJkN+8f85CqaJ6naGHbPP
jcaHGF9GaShV8hevRpV/WTPImP3B4GUXnO10CwMI1nKd3eYRvdIi2PaE1atTGnW0
Ixnjt01Lq7RRCCs5pHrnBS0w0O5aYR1a829WtwpymA7yHm4sJ3WU1/hQ3fIC+KAC
hcG03HX1+tH4PyKAQPI9VQhwJP7nB9YIS3OI45/w9HoqzT8TSbOZ66V7NCeWEm4M
f7Uu8LwUfqj5jYOS7JF5OoWALiDQmlwkvj0cRWgwSt0hqbPV9gSXo30eDQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGGWlI0JQm35XxFG09oKTy6NZ8v1MB8GA1UdIwQY
MBaAFNlEaPPMPzhvJuYoG3+osMO7I2oGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlVSbzg4d19PRzhtNWlnYmY2aXd3N3NqYWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi84Mjg3MWUtNTJhMC00MGRmLWFlM2Qt
NzZmYTUxNWI0YjZlLzEvWVphVWpRbENiZmxmRVViVDJncFBMbzFueV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi84Mjg3MWUtNTJhMC00MGRmLWFlM2QtNzZmYTUxNWI0YjZl
LzEvMlVSbzg4d19PRzhtNWlnYmY2aXd3N3NqYWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgSjxzAN
BgkqhkiG9w0BAQsFAAOCAQEAFalqggc2C7mOG9r/xu1ZLyxyuuf207hRnSTst+TG
/NX5oiZH1tbCY4Kll4E70lv7izxua2u/jIZ9Zp03DqGzivx3/cChxauRaYp0qnol
iZKk53Gp8EtfQSfO2riM1DKNF2aH8m3Ro9550TzkZlhtTkuEoh8DKel1yGRwbyAf
SLw/GjPyiUayBz2iOT6/XyKbNMjVLxqYgwh+faVQNEiSvyQfEB3eqedTPwNJm1hx
KD5h/miqljKAUitJwLYqxCuebNGzzQ/hm6hHHx0+Ts/ZNRQHjScl7Y5Yyqjfma1w
S1RLHFZY+7v/twixikcEzUa2LoUHmkFPt5WGIv7qim+Inw==
-----END CERTIFICATE-----