Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a71e45-80ee-4887-83b1-498b9d4f757e/1/ovh4JK4_mutpHw8DXKARJ3mLIw8.roa
File:                     ovh4JK4_mutpHw8DXKARJ3mLIw8.roa (raw, json)
Hash identifier:          ury01WLPPQeenF3FjQFrwtA6zumz0Gk0JVx72uoV110=
Subject key identifier:   A2:F8:78:24:AE:3F:9A:EB:69:1F:0F:03:5C:A0:11:27:79:8B:23:0F
Certificate issuer:       /CN=8d23bd12310a91233160f011786a611030f0fa5f
Certificate serial:       019A3151E9767C31643361FF53646A31743E
Authority key identifier: 8D:23:BD:12:31:0A:91:23:31:60:F0:11:78:6A:61:10:30:F0:FA:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSO9EjEKkSMxYPAReGphEDDw-l8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a71e45-80ee-4887-83b1-498b9d4f757e/1/ovh4JK4_mutpHw8DXKARJ3mLIw8.roa
Signing time:             Wed 29 Oct 2025 18:54:02 +0000
ROA not before:           Wed 29 Oct 2025 18:54:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208173
IP address blocks:        2a0f:5740:1::/48 maxlen: 48
                          2a0f:5740:2::/48 maxlen: 48
                          2a0f:5740:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a71e45-80ee-4887-83b1-498b9d4f757e/1/jSO9EjEKkSMxYPAReGphEDDw-l8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a71e45-80ee-4887-83b1-498b9d4f757e/1/jSO9EjEKkSMxYPAReGphEDDw-l8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSO9EjEKkSMxYPAReGphEDDw-l8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:31:51:e9:76:7c:31:64:33:61:ff:53:64:6a:31:74:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d23bd12310a91233160f011786a611030f0fa5f
        Validity
            Not Before: Oct 29 18:54:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2f87824ae3f9aeb691f0f035ca01127798b230f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d4:bf:1a:10:29:0d:c9:c7:f6:c6:61:a2:8f:
                    13:0a:01:79:ef:9d:b8:3b:5f:f0:c4:46:d3:5d:76:
                    bf:b5:ec:15:87:e6:d2:65:0b:e9:92:74:07:d4:92:
                    09:fe:83:b0:88:ae:a9:4d:2f:1a:ce:cf:44:46:da:
                    2b:e1:52:43:20:99:21:ef:93:94:b8:e6:e7:b5:38:
                    b2:4b:d9:f0:75:f3:1b:6f:26:bf:5b:0e:d7:62:1e:
                    fd:67:ce:eb:a4:83:f7:25:a5:2e:39:40:67:d4:31:
                    0f:3a:9a:58:05:cd:ce:50:7f:90:fe:b4:87:54:6f:
                    41:2e:57:c6:a8:40:87:bd:5a:d6:91:83:a0:76:18:
                    92:ec:b1:02:0b:cf:29:a0:79:b9:90:90:31:fe:d6:
                    d7:12:58:ad:8e:f4:aa:fc:01:d3:1d:8b:bd:db:6d:
                    06:e2:9f:b6:97:26:b9:85:69:80:45:7e:99:f0:db:
                    19:32:d1:fd:06:20:c1:05:fd:37:34:3a:e1:f7:42:
                    ab:45:84:45:34:45:0d:ce:af:55:5e:27:05:bd:a0:
                    70:a4:08:61:86:c6:a6:ea:e3:85:69:0a:d8:52:e4:
                    da:70:40:5b:a1:90:e7:9e:8a:29:35:a8:3a:cf:e4:
                    b7:ed:69:95:c1:06:17:1b:ef:86:a0:a2:94:bf:15:
                    f4:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:F8:78:24:AE:3F:9A:EB:69:1F:0F:03:5C:A0:11:27:79:8B:23:0F
            X509v3 Authority Key Identifier:
                keyid:8D:23:BD:12:31:0A:91:23:31:60:F0:11:78:6A:61:10:30:F0:FA:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSO9EjEKkSMxYPAReGphEDDw-l8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a71e45-80ee-4887-83b1-498b9d4f757e/1/ovh4JK4_mutpHw8DXKARJ3mLIw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a71e45-80ee-4887-83b1-498b9d4f757e/1/jSO9EjEKkSMxYPAReGphEDDw-l8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5740:1::-2a0f:5740:3:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         47:88:b2:c3:0e:20:0b:5f:63:11:37:26:a4:77:e3:89:33:97:
         56:83:68:47:b3:37:02:1a:8f:16:ef:72:17:2f:a0:5f:c3:ce:
         ae:d9:48:65:c2:6c:82:3b:0e:3a:e8:2a:17:79:38:47:9c:48:
         00:eb:c8:3e:76:a4:a8:6a:f8:ab:26:74:42:6a:45:e2:5c:14:
         c9:67:b3:0e:f3:75:8a:90:ab:e4:03:4e:3a:e7:3d:fd:c8:cc:
         56:d2:ad:67:7d:ae:a1:1f:c1:06:8d:b4:9b:39:46:26:48:1a:
         9a:76:cb:98:2d:08:33:22:2e:e5:08:37:f8:3b:b4:ea:cd:4c:
         36:81:e0:3b:38:28:53:92:71:15:83:4e:f7:db:71:eb:d2:f1:
         e4:b6:db:a1:f6:10:88:f9:69:4c:89:e9:d4:25:c4:37:21:7b:
         40:01:29:fc:2b:af:bf:67:f5:5e:87:14:22:57:3c:18:1a:15:
         77:28:2d:60:79:d0:b2:60:ca:63:ab:52:94:17:3a:be:ed:1b:
         9a:88:d0:ea:63:58:3b:48:e2:de:40:7b:1b:96:16:f0:fe:25:
         61:4e:ee:c3:2e:19:86:20:c3:3b:82:6c:0f:3e:b6:22:fc:eb:
         49:13:47:86:07:a2:d6:f3:50:1d:e9:c6:49:d0:35:12:22:03:
         5b:92:0e:05
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZoxUel2fDFkM2H/U2RqMXQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjNiZDEyMzEwYTkxMjMzMTYwZjAxMTc4NmE2MTEwMzBm
MGZhNWYwHhcNMjUxMDI5MTg1NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmY4NzgyNGFlM2Y5YWViNjkxZjBmMDM1Y2EwMTEyNzc5OGIyMzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNS/GhApDcnH9sZhoo8TCgF57524
O1/wxEbTXXa/tewVh+bSZQvpknQH1JIJ/oOwiK6pTS8azs9ERtor4VJDIJkh75OU
uObntTiyS9nwdfMbbya/Ww7XYh79Z87rpIP3JaUuOUBn1DEPOppYBc3OUH+Q/rSH
VG9BLlfGqECHvVrWkYOgdhiS7LECC88poHm5kJAx/tbXElitjvSq/AHTHYu9220G
4p+2lya5hWmARX6Z8NsZMtH9BiDBBf03NDrh90KrRYRFNEUNzq9VXicFvaBwpAhh
hsam6uOFaQrYUuTacEBboZDnnoopNag6z+S37WmVwQYXG++GoKKUvxX0twIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKL4eCSuP5rraR8PA1ygESd5iyMPMB8GA1UdIwQY
MBaAFI0jvRIxCpEjMWDwEXhqYRAw8PpfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNPOUVqRUtrU014WVBBUmVHcGhFRER3LWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hNzFlNDUtODBlZS00ODg3LTgzYjEt
NDk4YjlkNGY3NTdlLzEvb3ZoNEpLNF9tdXRwSHc4RFhLQVJKM21MSXc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hNzFlNDUtODBlZS00ODg3LTgzYjEtNDk4YjlkNGY3NTdl
LzEvalNPOUVqRUtrU014WVBBUmVHcGhFRER3LWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqD1dA
AAEDBwIqD1dAAAAwDQYJKoZIhvcNAQELBQADggEBAEeIssMOIAtfYxE3JqR344kz
l1aDaEezNwIajxbvchcvoF/Dzq7ZSGXCbII7DjroKhd5OEecSADryD52pKhq+Ksm
dEJqReJcFMlnsw7zdYqQq+QDTjrnPf3IzFbSrWd9rqEfwQaNtJs5RiZIGpp2y5gt
CDMiLuUIN/g7tOrNTDaB4Ds4KFOScRWDTvfbcevS8eS226H2EIj5aUyJ6dQlxDch
e0ABKfwrr79n9V6HFCJXPBgaFXcoLWB50LJgymOrUpQXOr7tG5qI0OpjWDtI4t5A
exuWFvD+JWFO7sMuGYYgwzuCbA8+tiL860kTR4YHotbzUB3pxknQNRIiA1uSDgU=
-----END CERTIFICATE-----