Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/oFnZYCTikPflIcIHe-PL2Ew4hm4.roa
File:                     oFnZYCTikPflIcIHe-PL2Ew4hm4.roa (raw, json)
Hash identifier:          Iyz5JMA+sOjhyfy0w23oGb3PyRbvxZlmEjr27xFO9GY=
Subject key identifier:   A0:59:D9:60:24:E2:90:F7:E5:21:C2:07:7B:E3:CB:D8:4C:38:86:6E
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       01991BB3AC6EEDB4988E7BC8119424EFEAB8
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/oFnZYCTikPflIcIHe-PL2Ew4hm4.roa
Signing time:             Fri 05 Sep 2025 21:06:23 +0000
ROA not before:           Fri 05 Sep 2025 21:06:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206174
IP address blocks:        2a11:1f05::/32 maxlen: 32
                          2a11:6300::/32 maxlen: 32
                          2a11:9382::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1b:b3:ac:6e:ed:b4:98:8e:7b:c8:11:94:24:ef:ea:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Sep  5 21:06:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a059d96024e290f7e521c2077be3cbd84c38866e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:93:ac:56:e5:9b:3a:37:89:f2:ef:5e:cf:75:
                    53:b1:c8:2d:89:ef:e2:99:93:4b:3e:41:66:d3:6e:
                    5c:72:82:d9:77:8e:e1:18:84:be:4e:49:81:48:d7:
                    60:18:a3:3f:6b:e1:d5:63:da:52:7c:a5:ab:15:c1:
                    01:00:d9:7c:74:c0:b7:4b:2a:aa:8b:8e:06:bc:1c:
                    d8:ea:5c:d6:bc:e1:eb:1d:0f:c0:2a:33:45:bd:5d:
                    c3:14:98:0b:99:3b:e1:c8:1e:86:04:7d:ce:19:de:
                    2d:a2:63:4a:33:2a:b9:81:6c:8b:a1:ab:70:7f:21:
                    0e:91:ed:79:8c:79:e6:aa:e7:aa:03:52:2b:dc:7d:
                    bb:86:c0:e3:71:2d:f6:77:c5:55:0f:03:d5:35:f1:
                    32:bf:b8:ba:10:5d:a8:44:ba:d4:ed:04:09:ca:eb:
                    fd:ec:27:e8:b6:c7:21:79:fe:b7:d3:6c:8c:d8:d7:
                    68:4c:90:5f:8e:c6:b2:52:64:c4:5f:cb:91:e6:b2:
                    f1:95:1a:98:86:72:10:56:1c:b6:ea:9c:5c:9b:e4:
                    9c:40:18:f3:79:47:4d:92:8d:b4:aa:df:6f:c3:a6:
                    05:a1:7e:65:f7:f2:1c:0a:72:ef:ff:bf:9d:79:db:
                    1e:65:06:50:f0:ce:a9:76:d8:42:dd:17:29:61:52:
                    5a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:59:D9:60:24:E2:90:F7:E5:21:C2:07:7B:E3:CB:D8:4C:38:86:6E
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/oFnZYCTikPflIcIHe-PL2Ew4hm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1f05::/32
                  2a11:6300::/32
                  2a11:9382::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:a4:18:b2:2b:98:be:63:f4:32:20:22:7b:9e:dd:fd:2c:2d:
         6c:51:0c:e9:b5:10:a8:ee:1e:44:b3:d5:ab:df:dc:24:bc:eb:
         62:61:69:28:ba:1b:78:b7:f2:5c:15:09:86:2c:a1:b4:2d:07:
         86:fd:f1:e6:11:b8:09:44:a0:fb:6e:2c:14:b4:60:9d:30:8c:
         9e:a1:45:5d:c3:3c:49:91:1a:27:a7:d2:ea:3d:12:74:cc:70:
         0b:80:09:9d:ea:67:ea:0c:01:b6:db:3e:b7:c3:1f:2f:97:42:
         03:dc:f8:2d:f1:de:1e:1e:ff:63:a5:93:9a:a0:77:2d:0b:5c:
         e8:5a:89:09:8f:4f:99:40:c8:fd:74:1d:47:24:b1:6a:4a:72:
         74:4d:8a:1c:f6:11:30:f7:3d:fc:46:ff:d6:64:3b:1a:59:8b:
         96:8f:83:32:ad:18:dc:85:66:11:41:8e:1d:a8:9d:fa:eb:fd:
         bc:7d:3b:2c:e6:9c:f0:c6:5c:2a:70:d2:10:b8:29:48:71:50:
         71:67:b1:be:e1:82:5e:83:a4:1c:3c:e7:17:5c:7f:be:de:ca:
         6e:3d:18:08:b8:d0:70:10:d8:9a:a8:96:0b:bc:29:11:1c:2f:
         5e:73:7a:e9:ea:1e:7c:49:e8:cd:03:f2:19:cc:43:63:45:4d:
         bf:f2:35:99
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkbs6xu7bSYjnvIEZQk7+q4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwOTA1MjEwNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDU5ZDk2MDI0ZTI5MGY3ZTUyMWMyMDc3YmUzY2JkODRjMzg4NjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5OsVuWbOjeJ8u9ez3VTscgtie/i
mZNLPkFm025ccoLZd47hGIS+TkmBSNdgGKM/a+HVY9pSfKWrFcEBANl8dMC3Syqq
i44GvBzY6lzWvOHrHQ/AKjNFvV3DFJgLmTvhyB6GBH3OGd4tomNKMyq5gWyLoatw
fyEOke15jHnmqueqA1Ir3H27hsDjcS32d8VVDwPVNfEyv7i6EF2oRLrU7QQJyuv9
7Cfotschef6302yM2NdoTJBfjsayUmTEX8uR5rLxlRqYhnIQVhy26pxcm+ScQBjz
eUdNko20qt9vw6YFoX5l9/IcCnLv/7+dedseZQZQ8M6pdthC3RcpYVJapQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKBZ2WAk4pD35SHCB3vjy9hMOIZuMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvb0ZuWllDVGlrUGZsSWNJSGUtUEwyRXc0aG00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKhEfBQMF
ACoRYwADBQAqEZOCMA0GCSqGSIb3DQEBCwUAA4IBAQArpBiyK5i+Y/QyICJ7nt39
LC1sUQzptRCo7h5Es9Wr39wkvOtiYWkouht4t/JcFQmGLKG0LQeG/fHmEbgJRKD7
biwUtGCdMIyeoUVdwzxJkRonp9LqPRJ0zHALgAmd6mfqDAG22z63wx8vl0ID3Pgt
8d4eHv9jpZOaoHctC1zoWokJj0+ZQMj9dB1HJLFqSnJ0TYoc9hEw9z38Rv/WZDsa
WYuWj4MyrRjchWYRQY4dqJ366/28fTss5pzwxlwqcNIQuClIcVBxZ7G+4YJeg6Qc
POcXXH++3spuPRgIuNBwENiaqJYLvCkRHC9ec3rp6h58SejNA/IZzENjRU2/8jWZ
-----END CERTIFICATE-----