Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/xL3pi7pkLyxeSg0rbIwetJgnskA.roa
File:                     xL3pi7pkLyxeSg0rbIwetJgnskA.roa (raw, json)
Hash identifier:          dBgwV8dVI663apullW9EvTmxdRkfrCHUnq0BrVMI0TE=
Subject key identifier:   C4:BD:E9:8B:BA:64:2F:2C:5E:4A:0D:2B:6C:8C:1E:B4:98:27:B2:40
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0198A208883B0672510BE3120973FFAE232A
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/xL3pi7pkLyxeSg0rbIwetJgnskA.roa
Signing time:             Wed 13 Aug 2025 06:05:24 +0000
ROA not before:           Wed 13 Aug 2025 06:05:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        2a04:30c0::/32 maxlen: 32
                          2a06:25c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 01:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:08:88:3b:06:72:51:0b:e3:12:09:73:ff:ae:23:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Aug 13 06:05:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4bde98bba642f2c5e4a0d2b6c8c1eb49827b240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:32:dc:7f:d1:33:9e:4b:40:54:34:4c:a5:71:
                    71:41:82:c6:e9:89:77:d4:17:93:39:fd:86:20:d4:
                    a9:d3:0c:47:a3:0f:91:b3:f4:69:a0:80:17:45:d9:
                    bd:28:47:e9:26:2a:33:52:92:b2:c4:9f:0c:f6:bc:
                    7b:26:09:58:76:67:da:02:35:1c:2d:04:78:a3:c1:
                    6e:3f:79:23:88:ed:f1:e9:1c:bd:0c:73:b8:fa:7d:
                    43:ae:24:d6:ba:ee:1f:0e:56:0b:27:2d:66:1f:c9:
                    ce:48:40:b9:3b:05:9e:25:da:75:7d:7a:d1:35:54:
                    01:5d:ae:7f:c7:05:f2:9b:b4:cc:17:ff:7c:29:d3:
                    9b:f0:b8:4e:01:25:67:f8:a7:98:de:a6:91:82:3a:
                    43:0b:94:22:fb:09:39:3f:09:fa:17:30:69:56:11:
                    fc:dd:96:e2:bf:68:ad:75:1d:d4:af:dc:20:0d:f0:
                    0f:e7:02:4d:e9:4c:07:03:b2:ef:79:e6:ef:f8:45:
                    05:57:5f:fe:36:50:cc:bb:94:6b:de:15:a8:9d:92:
                    94:9c:59:a5:a8:57:14:fa:07:ec:a1:ac:2c:91:b6:
                    19:ac:e2:ef:9e:f4:61:71:c0:9d:d1:30:a8:dc:0a:
                    6f:bc:b9:38:9a:bb:ae:af:66:c1:2e:fd:2d:d7:60:
                    6e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:BD:E9:8B:BA:64:2F:2C:5E:4A:0D:2B:6C:8C:1E:B4:98:27:B2:40
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/xL3pi7pkLyxeSg0rbIwetJgnskA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:30c0::/32
                  2a06:25c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         cd:0d:59:f0:02:a9:4b:8e:01:8b:76:db:3c:26:35:97:d1:0c:
         5a:cc:d1:5a:87:d8:1d:f8:78:94:9a:0b:14:70:89:b0:90:d4:
         28:9f:0f:0f:f7:c6:26:fa:de:b2:c0:22:c2:1f:1e:ce:00:b4:
         92:aa:36:a0:ef:aa:00:c1:77:49:f4:2b:fb:d6:7d:bd:14:44:
         df:a2:2e:b2:c3:ff:ab:e9:b9:14:4d:19:13:ac:83:dd:43:de:
         80:b1:a3:0f:fb:54:20:58:ef:22:61:43:0e:19:51:d0:ff:e0:
         c2:59:9f:e6:c0:ea:1e:88:24:02:59:53:3b:76:fd:b2:a0:78:
         e7:56:47:09:c7:d5:04:78:a8:91:64:fd:df:c5:eb:34:cf:60:
         2d:4b:84:28:79:b5:87:f0:70:8e:f7:74:85:2a:6e:4d:12:ce:
         5e:8f:a3:f4:55:8a:86:b4:94:35:69:0a:8a:09:54:01:82:7f:
         b4:35:cb:e0:02:9d:40:16:17:eb:f1:12:06:23:33:f7:7e:76:
         8c:0f:20:8c:2f:3d:0c:64:ab:17:7a:2f:95:e8:7b:1c:1f:db:
         e0:76:ef:2c:72:af:29:66:c6:e4:77:6b:9e:77:94:db:51:0f:
         0f:5e:e3:f0:eb:cd:60:90:50:2c:c7:0f:47:83:0a:83:43:b1:
         a7:cb:25:77
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZiiCIg7BnJRC+MSCXP/riMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwODEzMDYwNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGJkZTk4YmJhNjQyZjJjNWU0YTBkMmI2YzhjMWViNDk4MjdiMjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TLcf9EznktAVDRMpXFxQYLG6Yl3
1BeTOf2GINSp0wxHow+Rs/RpoIAXRdm9KEfpJiozUpKyxJ8M9rx7JglYdmfaAjUc
LQR4o8FuP3kjiO3x6Ry9DHO4+n1DriTWuu4fDlYLJy1mH8nOSEC5OwWeJdp1fXrR
NVQBXa5/xwXym7TMF/98KdOb8LhOASVn+KeY3qaRgjpDC5Qi+wk5Pwn6FzBpVhH8
3Zbiv2itdR3Ur9wgDfAP5wJN6UwHA7Lveebv+EUFV1/+NlDMu5Rr3hWonZKUnFml
qFcU+gfsoawskbYZrOLvnvRhccCd0TCo3ApvvLk4mruur2bBLv0t12BuMQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMS96Yu6ZC8sXkoNK2yMHrSYJ7JAMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEveEwzcGk3cGtMeXhlU2cwcmJJd2V0Smduc2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgQwwAMF
ACoGJcAwDQYJKoZIhvcNAQELBQADggEBAM0NWfACqUuOAYt22zwmNZfRDFrM0VqH
2B34eJSaCxRwibCQ1CifDw/3xib63rLAIsIfHs4AtJKqNqDvqgDBd0n0K/vWfb0U
RN+iLrLD/6vpuRRNGROsg91D3oCxow/7VCBY7yJhQw4ZUdD/4MJZn+bA6h6IJAJZ
Uzt2/bKgeOdWRwnH1QR4qJFk/d/F6zTPYC1LhCh5tYfwcI73dIUqbk0Szl6Po/RV
ioa0lDVpCooJVAGCf7Q1y+ACnUAWF+vxEgYjM/d+dowPIIwvPQxkqxd6L5Xoexwf
2+B27yxyrylmxuR3a553lNtRDw9e4/DrzWCQUCzHD0eDCoNDsafLJXc=
-----END CERTIFICATE-----