Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/g2bNvRyDv5nXw5MRzgQU-ah7ZvM.roa
File:                     g2bNvRyDv5nXw5MRzgQU-ah7ZvM.roa (raw, json)
Hash identifier:          ytzJkHIVOHGw4KCRxUMray8kvbgI5ESGjHCPUWlrW/w=
Subject key identifier:   83:66:CD:BD:1C:83:BF:99:D7:C3:93:11:CE:04:14:F9:A8:7B:66:F3
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       01991BB4974FFD78A0E88D6CD0BFBA1B295F
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/g2bNvRyDv5nXw5MRzgQU-ah7ZvM.roa
Signing time:             Fri 05 Sep 2025 21:07:24 +0000
ROA not before:           Fri 05 Sep 2025 21:07:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205828
IP address blocks:        2a11:1481::/32 maxlen: 32
                          2a11:6306::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1b:b4:97:4f:fd:78:a0:e8:8d:6c:d0:bf:ba:1b:29:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Sep  5 21:07:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8366cdbd1c83bf99d7c39311ce0414f9a87b66f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:63:15:1b:cd:fb:00:49:de:49:e5:96:71:60:
                    ed:4d:da:97:25:70:5e:2d:66:98:c4:64:74:87:28:
                    2a:e2:f7:77:02:3a:d1:86:56:f6:d9:80:ed:ee:24:
                    4e:d9:55:7d:9c:69:a8:6a:2d:be:f9:77:a6:15:a3:
                    22:97:7d:75:a0:88:7e:68:bf:20:bc:14:8f:12:dd:
                    72:25:be:41:08:c7:88:23:c3:e2:84:6f:69:1f:59:
                    c5:a8:01:3e:55:3a:d8:4c:59:0a:1c:25:68:25:89:
                    f7:8c:56:73:91:98:4b:4e:02:cf:10:f7:5f:f7:06:
                    fd:08:52:f4:62:9e:7a:6d:c9:a3:4a:1d:8e:7c:9d:
                    08:8b:5f:1f:24:ec:0c:9e:26:de:2a:9b:af:da:92:
                    80:b4:5f:62:70:db:5f:49:db:32:86:a3:5a:cb:cf:
                    67:8e:54:64:4f:76:4c:b9:f2:16:fd:2e:9a:b7:5f:
                    0b:b7:d6:23:86:9b:33:34:be:d5:d9:97:61:7e:98:
                    da:79:a7:5f:34:70:47:87:fe:f8:a9:0c:d5:52:65:
                    84:57:85:36:4e:98:67:db:23:9a:63:b5:8a:d7:d0:
                    71:9f:92:b1:43:9e:58:ce:7d:1b:fd:b7:00:b0:d7:
                    b6:bb:61:a8:20:6f:38:6a:65:a8:ff:f9:a1:4e:0c:
                    23:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:66:CD:BD:1C:83:BF:99:D7:C3:93:11:CE:04:14:F9:A8:7B:66:F3
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/g2bNvRyDv5nXw5MRzgQU-ah7ZvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1481::/32
                  2a11:6306::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:f0:bc:35:8b:f2:08:9e:8b:d4:4f:81:5d:b6:9c:ef:f7:5e:
         c6:16:b8:14:27:a9:c2:5e:c2:f6:3b:ff:0d:80:b7:6f:e0:2e:
         f0:9d:8f:2a:57:f2:97:f5:ff:48:f3:35:b6:ac:e4:cd:37:50:
         14:74:4c:80:4b:e1:8b:77:71:09:42:62:3f:23:2b:0e:eb:fb:
         fd:ff:fa:8b:7e:b6:8d:99:d0:00:8d:6d:2d:af:96:63:62:df:
         9d:1f:10:33:c7:df:94:b0:93:48:ff:fe:6a:b5:08:86:83:79:
         0c:f6:5c:68:12:92:90:ce:fc:ad:1a:ee:57:7c:f5:c3:0e:f0:
         06:c0:9c:09:eb:bd:bd:de:46:e1:3d:80:97:dd:77:e5:af:d8:
         2c:11:ea:06:a1:ec:18:53:69:93:cb:db:86:d6:28:2c:3c:13:
         21:66:e0:b9:b8:8b:11:40:b0:2a:09:b9:f5:7d:22:d2:ba:ea:
         24:8f:95:30:5e:01:cd:76:91:8a:76:20:99:6a:63:99:e0:39:
         29:16:4c:71:bb:cf:bd:0f:9e:75:f3:ed:ad:60:f1:15:f5:66:
         a6:d9:8e:e3:2b:98:a9:e7:7e:5d:51:e0:0a:80:9e:7a:ea:96:
         dd:aa:a8:81:26:6b:ed:62:d4:0c:cb:9d:05:0c:2f:17:7d:cc:
         92:ce:5e:7f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZkbtJdP/Xig6I1s0L+6GylfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwOTA1MjEwNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzY2Y2RiZDFjODNiZjk5ZDdjMzkzMTFjZTA0MTRmOWE4N2I2NmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2MVG837AEneSeWWcWDtTdqXJXBe
LWaYxGR0hygq4vd3AjrRhlb22YDt7iRO2VV9nGmoai2++XemFaMil311oIh+aL8g
vBSPEt1yJb5BCMeII8PihG9pH1nFqAE+VTrYTFkKHCVoJYn3jFZzkZhLTgLPEPdf
9wb9CFL0Yp56bcmjSh2OfJ0Ii18fJOwMnibeKpuv2pKAtF9icNtfSdsyhqNay89n
jlRkT3ZMufIW/S6at18Lt9YjhpszNL7V2ZdhfpjaeadfNHBHh/74qQzVUmWEV4U2
Tphn2yOaY7WK19Bxn5KxQ55Yzn0b/bcAsNe2u2GoIG84amWo//mhTgwj8QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFINmzb0cg7+Z18OTEc4EFPmoe2bzMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvZzJiTnZSeUR2NW5YdzVNUnpnUVUtYWg3WnZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhEUgQMF
ACoRYwYwDQYJKoZIhvcNAQELBQADggEBAEjwvDWL8giei9RPgV22nO/3XsYWuBQn
qcJewvY7/w2At2/gLvCdjypX8pf1/0jzNbas5M03UBR0TIBL4Yt3cQlCYj8jKw7r
+/3/+ot+to2Z0ACNbS2vlmNi350fEDPH35Swk0j//mq1CIaDeQz2XGgSkpDO/K0a
7ld89cMO8AbAnAnrvb3eRuE9gJfdd+Wv2CwR6gah7BhTaZPL24bWKCw8EyFm4Lm4
ixFAsCoJufV9ItK66iSPlTBeAc12kYp2IJlqY5ngOSkWTHG7z70PnnXz7a1g8RX1
ZqbZjuMrmKnnfl1R4AqAnnrqlt2qqIEma+1i1AzLnQUMLxd9zJLOXn8=
-----END CERTIFICATE-----