Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/wRW73YaN89I1OhNiB9o-T--RC6k.roa
File:                     wRW73YaN89I1OhNiB9o-T--RC6k.roa (raw, json)
Hash identifier:          E7WmeVd/PaEhKC33G07Q1a48ZMz7gCleCpIHTU2rBE0=
Subject key identifier:   C1:15:BB:DD:86:8D:F3:D2:35:3A:13:62:07:DA:3E:4F:EF:91:0B:A9
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       01991BB4980CF4CD5624A99A802AA78F3A81
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/wRW73YaN89I1OhNiB9o-T--RC6k.roa
Signing time:             Fri 05 Sep 2025 21:07:24 +0000
ROA not before:           Fri 05 Sep 2025 21:07:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215330
IP address blocks:        2a11:1486::/32 maxlen: 32
                          2a11:1f07::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1b:b4:98:0c:f4:cd:56:24:a9:9a:80:2a:a7:8f:3a:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Sep  5 21:07:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c115bbdd868df3d2353a136207da3e4fef910ba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a7:02:ed:6a:e6:f0:89:fb:49:f1:a4:b4:7d:
                    52:d3:08:ca:ac:89:b8:ce:ba:ce:88:58:d8:c9:09:
                    df:f4:f5:a3:a3:f1:2a:c0:6d:2d:c6:b2:f7:61:2d:
                    91:76:96:36:1b:0b:8c:44:4d:08:86:23:8a:e1:9a:
                    cb:85:5f:12:2d:2d:55:b7:96:a7:52:c0:30:a2:f9:
                    12:54:d2:31:c1:2a:5e:51:f7:a6:af:19:93:2d:6e:
                    b3:84:8e:4b:d6:5b:4f:3c:6d:c1:a2:ed:6c:8f:b3:
                    12:af:1c:98:6d:7b:f9:ee:e6:34:36:44:22:dd:ac:
                    61:d1:c0:47:ee:e9:dc:06:c0:d4:bf:eb:77:74:a4:
                    16:29:ed:ae:8c:59:40:d0:40:c7:1f:a6:70:12:c8:
                    c6:ce:3e:9b:f0:10:a9:63:ba:df:a9:72:29:6d:2d:
                    e3:1a:49:68:34:ca:9f:27:b1:ce:2c:87:73:2f:75:
                    2c:67:9d:a2:db:49:30:74:95:26:b6:da:4d:0f:84:
                    2c:ea:1f:5f:8e:5c:9c:1e:7c:13:53:9c:92:40:f8:
                    d5:b5:cc:11:c4:68:e7:39:42:c9:57:8b:04:07:34:
                    e8:b2:96:8e:ce:d5:b7:48:93:71:fa:91:0c:29:48:
                    66:06:ee:96:3f:5c:32:b2:5d:2e:f7:50:0b:e8:c4:
                    73:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:15:BB:DD:86:8D:F3:D2:35:3A:13:62:07:DA:3E:4F:EF:91:0B:A9
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/wRW73YaN89I1OhNiB9o-T--RC6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1486::/32
                  2a11:1f07::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:61:15:fe:fa:81:41:82:c1:ca:3a:db:25:24:69:cb:1e:1d:
         23:59:74:fa:4a:f1:74:cd:f0:02:16:42:3d:bc:f9:e6:ed:39:
         7a:79:da:f6:46:bb:3e:37:ed:18:6c:21:9d:3b:ac:dc:72:42:
         a2:72:f3:4f:f3:98:06:41:21:a5:31:e1:64:4f:f9:64:b4:39:
         8b:b8:e6:a8:0d:ff:2b:4d:6c:4e:3e:e0:28:b2:d0:71:81:fa:
         a1:5d:07:fa:2e:cd:93:3b:d2:4a:54:da:e1:0d:92:40:fe:d1:
         5d:3d:4e:4e:4a:6a:5e:eb:a0:f0:a6:e9:0d:57:69:cd:e3:7f:
         1b:9c:d7:d6:c0:9c:e3:94:c0:ed:7a:0b:b4:6c:ba:91:d2:be:
         30:fe:cd:34:81:5d:7e:9b:ab:db:4f:2a:b0:12:ef:4e:74:eb:
         4e:12:bb:68:93:ad:24:87:df:22:77:01:c4:a4:ed:3d:7b:df:
         88:57:8a:66:e5:06:24:d4:5a:1b:2a:86:95:92:87:98:9a:dc:
         80:35:e0:58:5f:63:72:be:cb:51:07:1f:a7:4c:e8:b7:85:68:
         02:78:4b:82:55:55:c9:95:be:13:bb:12:34:eb:55:39:6c:f0:
         bb:56:5a:07:92:36:33:f9:a1:29:0d:53:b2:9a:a6:e7:49:c9:
         9c:98:bc:0e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZkbtJgM9M1WJKmagCqnjzqBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwOTA1MjEwNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTE1YmJkZDg2OGRmM2QyMzUzYTEzNjIwN2RhM2U0ZmVmOTEwYmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6cC7Wrm8In7SfGktH1S0wjKrIm4
zrrOiFjYyQnf9PWjo/EqwG0txrL3YS2RdpY2GwuMRE0IhiOK4ZrLhV8SLS1Vt5an
UsAwovkSVNIxwSpeUfemrxmTLW6zhI5L1ltPPG3Bou1sj7MSrxyYbXv57uY0NkQi
3axh0cBH7uncBsDUv+t3dKQWKe2ujFlA0EDHH6ZwEsjGzj6b8BCpY7rfqXIpbS3j
GkloNMqfJ7HOLIdzL3UsZ52i20kwdJUmttpND4Qs6h9fjlycHnwTU5ySQPjVtcwR
xGjnOULJV4sEBzTospaOztW3SJNx+pEMKUhmBu6WP1wysl0u91AL6MRzswIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMEVu92GjfPSNToTYgfaPk/vkQupMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvd1JXNzNZYU44OUkxT2hOaUI5by1ULS1SQzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhEUhgMF
ACoRHwcwDQYJKoZIhvcNAQELBQADggEBAHZhFf76gUGCwco62yUkacseHSNZdPpK
8XTN8AIWQj28+ebtOXp52vZGuz437RhsIZ07rNxyQqJy80/zmAZBIaUx4WRP+WS0
OYu45qgN/ytNbE4+4Ciy0HGB+qFdB/ouzZM70kpU2uENkkD+0V09Tk5Kal7roPCm
6Q1Xac3jfxuc19bAnOOUwO16C7RsupHSvjD+zTSBXX6bq9tPKrAS7050604Su2iT
rSSH3yJ3AcSk7T1734hXimblBiTUWhsqhpWSh5ia3IA14FhfY3K+y1EHH6dM6LeF
aAJ4S4JVVcmVvhO7EjTrVTls8LtWWgeSNjP5oSkNU7KapudJyZyYvA4=
-----END CERTIFICATE-----