Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/olXJKv02gXSAhCj3GdhKvRPwgaI.roa
File:                     olXJKv02gXSAhCj3GdhKvRPwgaI.roa (raw, json)
Hash identifier:          o0HZUzdronBjfenBut5ty3AGThH899mlrlTuVzlAeN8=
Subject key identifier:   A2:55:C9:2A:FD:36:81:74:80:84:28:F7:19:D8:4A:BD:13:F0:81:A2
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       01991BB497928C8F3C9F5F22134B061D1B97
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/olXJKv02gXSAhCj3GdhKvRPwgaI.roa
Signing time:             Fri 05 Sep 2025 21:07:24 +0000
ROA not before:           Fri 05 Sep 2025 21:07:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205866
IP address blocks:        2a11:9380::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1b:b4:97:92:8c:8f:3c:9f:5f:22:13:4b:06:1d:1b:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Sep  5 21:07:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a255c92afd368174808428f719d84abd13f081a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d4:77:0d:35:47:1e:b2:bc:4b:e1:f1:3c:8e:
                    eb:5e:1c:a1:5e:b0:79:ce:44:49:cd:31:ee:5b:f7:
                    02:51:40:61:ff:56:e4:7b:a7:93:64:95:27:88:64:
                    08:f3:a2:26:72:70:87:8f:37:40:1b:44:d0:fb:f9:
                    5d:44:37:f3:90:e0:04:00:98:bb:43:05:35:77:7a:
                    8b:ea:12:e8:c6:be:ed:ec:d0:1e:4b:cb:1f:54:6a:
                    f1:78:19:5f:16:cf:48:d6:00:71:5d:63:09:79:37:
                    20:b6:98:e4:6a:c3:61:26:b7:47:9b:7f:98:c2:75:
                    11:0c:7c:27:7c:da:2b:45:54:77:01:8d:04:fd:47:
                    c7:18:44:0c:16:c3:96:e8:57:02:81:9b:fe:72:3b:
                    d3:ed:33:7f:15:3a:64:2b:ff:6d:5a:53:2f:be:18:
                    76:44:b0:89:d3:3c:a9:bd:3f:2b:5b:3d:7e:b5:6a:
                    cf:1a:56:99:86:e2:89:26:fd:1c:b8:2d:d4:bf:27:
                    e7:29:2e:34:52:f1:8c:6f:23:9b:f3:86:d1:2d:bf:
                    d7:4c:5a:f5:5b:c4:44:86:10:f2:c0:06:49:af:3e:
                    2e:84:9b:52:bb:62:f6:12:a7:1b:9d:a7:7b:8b:ef:
                    b7:95:88:92:aa:55:b3:b1:22:a0:92:ac:87:aa:ef:
                    d3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:55:C9:2A:FD:36:81:74:80:84:28:F7:19:D8:4A:BD:13:F0:81:A2
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/olXJKv02gXSAhCj3GdhKvRPwgaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:9380::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:3e:6d:e9:a2:7c:66:18:04:a1:2e:78:8f:5d:f9:1d:4d:8a:
         2e:34:51:32:e7:68:eb:1d:05:82:27:50:09:8c:c8:f3:da:36:
         bd:33:ea:6e:74:77:b1:13:23:52:b1:4b:ef:b2:7d:f3:d4:eb:
         d5:d0:64:d9:5f:c1:e0:2c:20:8f:48:41:18:fe:bb:5c:44:d9:
         de:e1:51:a5:94:b0:c5:98:ed:2f:22:e4:63:aa:75:66:d9:f1:
         d7:87:ce:11:bd:0e:6b:05:5d:25:81:fc:4d:bb:88:2e:7d:d7:
         d0:29:60:65:ee:d3:98:c3:d0:d9:eb:cb:71:35:2e:3c:6d:1e:
         49:51:73:dd:76:f5:e3:99:26:c2:31:99:7f:28:ba:fa:25:45:
         dd:c9:97:45:06:cc:e2:67:6c:47:92:d2:00:65:8e:62:55:f7:
         c8:a7:7c:13:f5:dc:a2:87:c5:98:5b:17:e3:01:dd:58:6d:40:
         94:f2:98:9f:f1:31:77:80:01:25:57:b7:82:30:11:36:8f:74:
         5c:a4:4a:60:43:9d:0e:a5:98:c9:c4:a3:fc:4e:a4:29:a9:81:
         e0:0b:89:3b:59:2a:db:33:f6:8d:2c:28:48:c7:f3:1d:f1:4a:
         94:0a:14:bf:e6:c9:0a:44:1a:85:7b:1f:54:ec:bd:ce:91:35:
         e5:c0:f1:56
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkbtJeSjI88n18iE0sGHRuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwOTA1MjEwNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjU1YzkyYWZkMzY4MTc0ODA4NDI4ZjcxOWQ4NGFiZDEzZjA4MWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntR3DTVHHrK8S+HxPI7rXhyhXrB5
zkRJzTHuW/cCUUBh/1bke6eTZJUniGQI86ImcnCHjzdAG0TQ+/ldRDfzkOAEAJi7
QwU1d3qL6hLoxr7t7NAeS8sfVGrxeBlfFs9I1gBxXWMJeTcgtpjkasNhJrdHm3+Y
wnURDHwnfNorRVR3AY0E/UfHGEQMFsOW6FcCgZv+cjvT7TN/FTpkK/9tWlMvvhh2
RLCJ0zypvT8rWz1+tWrPGlaZhuKJJv0cuC3UvyfnKS40UvGMbyOb84bRLb/XTFr1
W8REhhDywAZJrz4uhJtSu2L2Eqcbnad7i++3lYiSqlWzsSKgkqyHqu/TPwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKJVySr9NoF0gIQo9xnYSr0T8IGiMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvb2xYSkt2MDJnWFNBaENqM0dkaEt2UlB3Z2FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhGTgDAN
BgkqhkiG9w0BAQsFAAOCAQEAez5t6aJ8ZhgEoS54j135HU2KLjRRMudo6x0FgidQ
CYzI89o2vTPqbnR3sRMjUrFL77J989Tr1dBk2V/B4Cwgj0hBGP67XETZ3uFRpZSw
xZjtLyLkY6p1Ztnx14fOEb0OawVdJYH8TbuILn3X0ClgZe7TmMPQ2evLcTUuPG0e
SVFz3Xb145kmwjGZfyi6+iVF3cmXRQbM4mdsR5LSAGWOYlX3yKd8E/XcoofFmFsX
4wHdWG1AlPKYn/Exd4ABJVe3gjARNo90XKRKYEOdDqWYycSj/E6kKamB4AuJO1kq
2zP2jSwoSMfzHfFKlAoUv+bJCkQahXsfVOy9zpE15cDxVg==
-----END CERTIFICATE-----