Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/AIPmsA3KY0SIme_E0uH9H22Yvh8.roa
File:                     AIPmsA3KY0SIme_E0uH9H22Yvh8.roa (raw, json)
Hash identifier:          UQXWCMYFsSOk9yjPCJcz6NSZIdO7pkmDRs+qLVLuHRs=
Subject key identifier:   00:83:E6:B0:0D:CA:63:44:88:99:EF:C4:D2:E1:FD:1F:6D:98:BE:1F
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       01990A4CFEF03E58DAE8621B5E7AFF6E742F
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/AIPmsA3KY0SIme_E0uH9H22Yvh8.roa
Signing time:             Tue 02 Sep 2025 12:00:42 +0000
ROA not before:           Tue 02 Sep 2025 12:00:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35704
IP address blocks:        2a02:11ff:400::/46 maxlen: 46
                          2a02:11ff:404::/46 maxlen: 46
                          2a02:11ff:408::/46 maxlen: 46
                          2a02:11ff:40c::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 15:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:4c:fe:f0:3e:58:da:e8:62:1b:5e:7a:ff:6e:74:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Sep  2 12:00:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0083e6b00dca63448899efc4d2e1fd1f6d98be1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:fa:c5:fa:51:bf:96:93:55:14:5e:4e:50:0e:
                    63:6f:d9:c1:75:69:2d:88:98:74:a6:03:71:f9:d6:
                    b2:84:90:9e:3e:2a:3d:b8:40:f7:ee:03:32:09:63:
                    5c:6d:d6:68:eb:ba:ad:93:20:12:bc:f3:20:e4:3c:
                    74:45:c2:59:e5:24:34:c5:ba:e4:e6:5a:fc:2f:2f:
                    25:0a:7d:0e:87:30:d1:f2:3e:a7:3a:ca:41:9d:7a:
                    d0:70:51:1f:a4:e7:ac:22:2f:0b:f4:8c:f4:3a:ef:
                    b9:d1:86:a3:a5:6b:b2:a2:1b:63:b2:7b:e1:8a:27:
                    17:8b:c0:14:03:39:10:4f:69:cf:d5:ac:bd:93:1e:
                    ae:1a:0b:26:20:bb:c8:9c:61:55:6f:67:3b:63:41:
                    32:8a:25:67:b1:96:42:77:7b:84:c0:be:51:75:e4:
                    4e:ef:06:ba:9a:37:bd:9e:a7:0f:ce:b3:ee:43:76:
                    b0:70:8d:72:d8:3a:4a:0b:e3:d2:00:59:15:33:b9:
                    6b:7c:24:91:c3:df:08:46:c6:c9:dc:62:61:d7:1b:
                    e6:07:ee:33:ec:47:bb:f2:bb:35:9b:99:3f:d5:d1:
                    56:36:d2:f5:71:1a:de:54:f8:41:72:49:e4:7e:95:
                    89:b8:6a:21:62:d2:cb:15:4d:a9:ab:46:90:be:cd:
                    55:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:83:E6:B0:0D:CA:63:44:88:99:EF:C4:D2:E1:FD:1F:6D:98:BE:1F
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/AIPmsA3KY0SIme_E0uH9H22Yvh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:11ff:400::/44

    Signature Algorithm: sha256WithRSAEncryption
         89:64:aa:07:f5:99:d5:ec:fa:8e:9b:cb:ec:42:82:ca:90:26:
         c8:2d:13:89:fa:8c:18:bf:aa:ec:67:96:ae:cc:ef:fb:1f:32:
         5c:5b:95:ea:8a:08:e4:ba:53:de:bc:51:d7:4c:c9:fb:0f:24:
         52:4e:cc:d1:10:c8:d8:7f:6e:e4:f2:8f:f9:a1:bf:fa:cd:39:
         bb:98:6e:8a:7a:de:23:1a:14:04:a9:4b:0a:4d:56:e7:97:54:
         36:f9:13:b1:f6:07:82:59:06:d9:1f:20:54:53:17:86:22:6f:
         89:a4:f4:7b:ef:d5:bf:92:b0:5d:c6:0e:92:10:af:e0:23:2f:
         d7:5d:98:b8:bb:52:1c:2e:76:40:51:ee:e1:ab:bb:bc:56:60:
         b8:0a:de:ff:a7:08:c8:da:2b:3e:82:97:82:d8:be:45:13:44:
         e7:d5:20:2c:51:b9:3b:19:aa:60:68:94:f2:87:23:92:52:8b:
         2b:e8:bd:f2:3c:aa:39:97:08:a5:c7:c4:ee:77:05:07:8d:9e:
         a2:38:2e:79:9b:57:9e:e7:72:97:55:6a:ab:ab:c1:e5:2a:71:
         04:5d:3c:8d:22:67:14:ae:1a:0d:b2:e1:87:a3:8d:7e:e1:86:
         74:f4:c6:7b:90:1f:74:b8:31:c7:be:fc:e3:51:52:cc:ce:77:
         49:8d:cc:45
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkKTP7wPlja6GIbXnr/bnQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjUwOTAyMTIwMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDgzZTZiMDBkY2E2MzQ0ODg5OWVmYzRkMmUxZmQxZjZkOThiZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvrF+lG/lpNVFF5OUA5jb9nBdWkt
iJh0pgNx+dayhJCePio9uED37gMyCWNcbdZo67qtkyASvPMg5Dx0RcJZ5SQ0xbrk
5lr8Ly8lCn0OhzDR8j6nOspBnXrQcFEfpOesIi8L9Iz0Ou+50YajpWuyohtjsnvh
iicXi8AUAzkQT2nP1ay9kx6uGgsmILvInGFVb2c7Y0EyiiVnsZZCd3uEwL5RdeRO
7wa6mje9nqcPzrPuQ3awcI1y2DpKC+PSAFkVM7lrfCSRw98IRsbJ3GJh1xvmB+4z
7Ee78rs1m5k/1dFWNtL1cRreVPhBcknkfpWJuGohYtLLFU2pq0aQvs1VBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFACD5rANymNEiJnvxNLh/R9tmL4fMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvQUlQbXNBM0tZMFNJbWVfRTB1SDlIMjJZdmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgIR/wQA
MA0GCSqGSIb3DQEBCwUAA4IBAQCJZKoH9ZnV7PqOm8vsQoLKkCbILROJ+owYv6rs
Z5auzO/7HzJcW5XqigjkulPevFHXTMn7DyRSTszREMjYf27k8o/5ob/6zTm7mG6K
et4jGhQEqUsKTVbnl1Q2+ROx9geCWQbZHyBUUxeGIm+JpPR779W/krBdxg6SEK/g
Iy/XXZi4u1IcLnZAUe7hq7u8VmC4Ct7/pwjI2is+gpeC2L5FE0Tn1SAsUbk7Gapg
aJTyhyOSUosr6L3yPKo5lwilx8TudwUHjZ6iOC55m1ee53KXVWqrq8HlKnEEXTyN
ImcUrhoNsuGHo41+4YZ09MZ7kB90uDHHvvzjUVLMzndJjcxF
-----END CERTIFICATE-----