Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/rYyq3Q7PDVta3OkGbh_Yn-1vetI.roa
File:                     rYyq3Q7PDVta3OkGbh_Yn-1vetI.roa (raw, json)
Hash identifier:          /hQXYhPHacv6Dm6bhyBoBz8UGk0yrWTnmBDLjgQ6kZQ=
Subject key identifier:   AD:8C:AA:DD:0E:CF:0D:5B:5A:DC:E9:06:6E:1F:D8:9F:ED:6F:7A:D2
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       019A01A244F91BACA9FA3A0974444DEFF437
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/rYyq3Q7PDVta3OkGbh_Yn-1vetI.roa
Signing time:             Mon 20 Oct 2025 12:40:03 +0000
ROA not before:           Mon 20 Oct 2025 12:40:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205828
IP address blocks:        2a11:3444::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:a2:44:f9:1b:ac:a9:fa:3a:09:74:44:4d:ef:f4:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Oct 20 12:40:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad8caadd0ecf0d5b5adce9066e1fd89fed6f7ad2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:34:2b:13:dc:33:2c:db:b5:ba:43:3d:39:0c:
                    82:0e:8a:9e:e1:af:57:8e:cb:f7:5c:2a:fe:40:96:
                    77:53:d5:e3:67:3a:36:88:58:78:2a:f6:b2:fc:b0:
                    bd:a7:1c:41:6f:22:f6:c2:2f:3f:6e:21:1f:54:df:
                    da:5d:db:81:d1:63:4e:9f:d0:18:14:1f:38:0f:53:
                    26:76:99:ea:ed:88:fb:e0:12:48:80:14:9c:8c:9f:
                    c4:a2:c7:c7:9f:0d:83:21:8c:c3:3e:cf:c0:0e:ca:
                    98:c1:fb:12:50:66:f1:28:0c:df:bb:b6:95:5f:80:
                    c1:3d:a1:91:ea:52:ec:89:25:2f:41:f6:ef:b1:b3:
                    9b:6b:ed:19:53:a8:f9:95:18:75:da:c6:bd:4f:e4:
                    ab:21:cd:79:22:2a:95:f8:3d:79:e8:59:50:4e:d7:
                    d0:47:f6:00:b0:8e:55:8a:44:e7:85:c6:36:45:cb:
                    3f:f2:13:b1:8a:58:5c:4f:b2:c2:be:94:ba:f9:a3:
                    65:0c:bf:f2:49:34:25:79:a0:9d:0c:5f:db:24:be:
                    f1:e3:77:5f:ae:ec:ed:5b:a3:56:71:59:59:39:f3:
                    e8:d5:b6:59:8e:2e:10:14:54:39:93:09:1b:0e:8a:
                    d5:b6:f0:b9:43:f7:9d:25:e3:64:09:2a:f2:6f:32:
                    9b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:8C:AA:DD:0E:CF:0D:5B:5A:DC:E9:06:6E:1F:D8:9F:ED:6F:7A:D2
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/rYyq3Q7PDVta3OkGbh_Yn-1vetI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:3444::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:af:31:d8:1f:f8:f5:83:c9:cd:1f:51:dd:31:33:ce:19:5a:
         da:76:15:df:13:67:c8:17:cc:cb:ec:5e:74:2c:6d:24:a6:80:
         16:ce:88:6a:22:82:d5:b1:89:de:c4:4a:bd:85:1f:a3:41:fd:
         bd:1b:d3:f2:18:5a:8a:bc:2e:5c:07:ea:93:45:72:f2:62:85:
         c7:2c:c6:48:a9:24:de:be:fd:9e:e2:6d:f9:ea:7d:7a:1d:7e:
         9d:9c:5e:a6:95:95:b9:59:53:db:72:ef:f0:fb:e1:06:e1:55:
         03:22:e0:05:86:48:93:8f:8c:a9:9f:60:5a:cf:a5:ce:54:fd:
         32:db:52:78:36:4b:4a:dd:3d:b8:4b:a0:1d:3a:e3:c8:13:ae:
         1f:82:00:99:d4:c2:43:f5:56:8c:7c:dc:cf:ae:4b:df:5f:f0:
         b2:18:35:32:30:e9:dd:72:25:0d:f4:9a:38:eb:d1:34:66:b5:
         b4:3b:1e:f7:70:a1:e5:98:1a:26:4c:9f:fc:a0:11:2a:79:40:
         1a:1d:11:e4:c8:30:d9:39:77:9d:b5:23:a5:5f:11:55:b1:65:
         17:0d:ea:ae:c5:e1:ce:cc:06:dd:7f:72:b6:c8:f2:dd:28:4f:
         fc:f2:51:95:6d:58:24:3a:21:c3:95:bc:5a:33:ed:71:c0:dc:
         4c:11:1e:b9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZoBokT5G6yp+joJdERN7/Q3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUxMDIwMTI0MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDhjYWFkZDBlY2YwZDViNWFkY2U5MDY2ZTFmZDg5ZmVkNmY3YWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDQrE9wzLNu1ukM9OQyCDoqe4a9X
jsv3XCr+QJZ3U9XjZzo2iFh4Kvay/LC9pxxBbyL2wi8/biEfVN/aXduB0WNOn9AY
FB84D1Mmdpnq7Yj74BJIgBScjJ/EosfHnw2DIYzDPs/ADsqYwfsSUGbxKAzfu7aV
X4DBPaGR6lLsiSUvQfbvsbOba+0ZU6j5lRh12sa9T+SrIc15IiqV+D156FlQTtfQ
R/YAsI5VikTnhcY2Rcs/8hOxilhcT7LCvpS6+aNlDL/ySTQleaCdDF/bJL7x43df
ruztW6NWcVlZOfPo1bZZji4QFFQ5kwkbDorVtvC5Q/edJeNkCSrybzKbDwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK2Mqt0Ozw1bWtzpBm4f2J/tb3rSMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvcll5cTNRN1BEVnRhM09rR2JoX1luLTF2ZXRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhE0RDAN
BgkqhkiG9w0BAQsFAAOCAQEAc68x2B/49YPJzR9R3TEzzhla2nYV3xNnyBfMy+xe
dCxtJKaAFs6IaiKC1bGJ3sRKvYUfo0H9vRvT8hhairwuXAfqk0Vy8mKFxyzGSKkk
3r79nuJt+ep9eh1+nZxeppWVuVlT23Lv8PvhBuFVAyLgBYZIk4+MqZ9gWs+lzlT9
MttSeDZLSt09uEugHTrjyBOuH4IAmdTCQ/VWjHzcz65L31/wshg1MjDp3XIlDfSa
OOvRNGa1tDse93Ch5ZgaJkyf/KARKnlAGh0R5Mgw2Tl3nbUjpV8RVbFlFw3qrsXh
zswG3X9ytsjy3ShP/PJRlW1YJDohw5W8WjPtccDcTBEeuQ==
-----END CERTIFICATE-----