Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/DVUSZ4Wn0WYyKumEhUgsl46ROFc.roa
File:                     DVUSZ4Wn0WYyKumEhUgsl46ROFc.roa (raw, json)
Hash identifier:          XFlMm/wUVW8+vc0BV0GxtZswisL8d+xkAL7tq7JpJlQ=
Subject key identifier:   0D:55:12:67:85:A7:D1:66:32:2A:E9:84:85:48:2C:97:8E:91:38:57
Certificate issuer:       /CN=3adbb475a4304c845343fd94fee9a6b88008e38b
Certificate serial:       0198E52FFED842B3D283BA591A69999D6909
Authority key identifier: 3A:DB:B4:75:A4:30:4C:84:53:43:FD:94:FE:E9:A6:B8:80:08:E3:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otu0daQwTIRTQ_2U_ummuIAI44s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/DVUSZ4Wn0WYyKumEhUgsl46ROFc.roa
Signing time:             Tue 26 Aug 2025 07:03:04 +0000
ROA not before:           Tue 26 Aug 2025 07:03:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210833
IP address blocks:        2001:67c:828::/48 maxlen: 48
                          2a05:d4c0::/32 maxlen: 48
                          2a05:d4c0:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/Otu0daQwTIRTQ_2U_ummuIAI44s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/Otu0daQwTIRTQ_2U_ummuIAI44s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otu0daQwTIRTQ_2U_ummuIAI44s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e5:2f:fe:d8:42:b3:d2:83:ba:59:1a:69:99:9d:69:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3adbb475a4304c845343fd94fee9a6b88008e38b
        Validity
            Not Before: Aug 26 07:03:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d55126785a7d166322ae98485482c978e913857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:04:b4:14:d8:bb:9c:57:d1:f8:80:df:a9:5d:
                    2b:4f:8f:2e:ec:fe:f3:ee:d7:10:af:9f:03:59:b7:
                    45:34:81:f0:63:46:7f:06:53:f2:53:cc:ef:a0:e4:
                    3d:35:53:3e:cc:6e:96:eb:f0:aa:9d:de:82:b2:5a:
                    30:c0:a8:41:fd:a1:8c:b8:d6:c1:80:fd:45:55:e4:
                    39:47:cb:db:6c:cd:11:86:a2:15:4b:9b:7c:75:e6:
                    60:4c:86:64:77:dc:a3:c2:82:48:ed:8b:75:e4:d7:
                    db:4e:71:0a:20:04:03:13:7b:52:ea:1a:fa:b5:cd:
                    5f:95:72:54:f1:a8:f6:8d:f9:74:19:db:e5:d4:e2:
                    7e:0d:a4:6a:3a:a0:31:8d:b5:e5:b2:46:32:7c:ac:
                    67:e1:e8:24:1e:8b:05:12:f8:25:83:22:54:bf:9a:
                    0e:72:93:96:ef:ca:be:4e:b1:cc:fb:7f:fe:1d:9e:
                    b2:c1:3f:97:c6:01:f8:c2:8f:0d:57:94:af:7f:9c:
                    f5:5d:40:2a:50:ad:06:83:d0:32:3d:5a:2d:56:07:
                    5b:e6:09:38:d9:a1:43:e8:09:f0:ae:a7:d5:66:50:
                    46:fb:75:49:44:57:3d:0a:e8:6e:0b:76:65:db:d5:
                    9a:59:f9:5e:94:91:6d:ac:24:4f:e8:19:fa:6b:d6:
                    bf:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:55:12:67:85:A7:D1:66:32:2A:E9:84:85:48:2C:97:8E:91:38:57
            X509v3 Authority Key Identifier:
                keyid:3A:DB:B4:75:A4:30:4C:84:53:43:FD:94:FE:E9:A6:B8:80:08:E3:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otu0daQwTIRTQ_2U_ummuIAI44s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/DVUSZ4Wn0WYyKumEhUgsl46ROFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/Otu0daQwTIRTQ_2U_ummuIAI44s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:828::/48
                  2a05:d4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:d8:d6:21:9e:16:30:d8:30:a0:22:9a:4f:c7:56:a1:19:a6:
         de:7a:95:23:59:a2:3f:f1:07:f7:61:7f:8a:93:c2:7d:74:a4:
         c0:09:66:c6:ea:96:f1:8c:b1:ff:f2:fd:ea:d2:f4:2a:53:86:
         37:c1:2d:ce:a4:12:35:61:2d:36:9f:c8:c4:e3:5b:b8:e8:1b:
         a5:e1:40:ea:7e:da:e9:ed:50:39:2f:4d:ea:48:24:9b:eb:f3:
         04:16:51:92:e4:51:a0:f7:0f:9e:f7:dd:9d:db:ce:b6:4a:cf:
         ad:bf:5d:47:4a:db:c3:6a:d5:1c:d3:fe:66:55:0b:2e:fa:c5:
         66:a8:96:d3:a3:9e:99:8b:bc:75:1b:80:cd:3b:cc:35:13:5a:
         4e:82:d3:03:af:79:a1:7b:58:96:64:ef:50:6f:46:66:91:44:
         02:62:6a:ab:11:62:b7:02:11:89:7e:b2:8e:b9:c5:56:a1:91:
         f0:63:31:93:e8:3e:6b:05:91:36:a5:66:49:03:51:15:4c:27:
         2d:13:88:19:fe:79:4c:0e:a7:14:b0:91:d6:a1:70:1b:57:66:
         a3:90:3a:6f:ff:cf:6a:91:7c:e1:c3:c8:a5:19:38:bf:97:52:
         48:13:71:b7:78:5d:40:16:15:51:76:50:54:65:01:57:39:66:
         1c:2f:7c:d1
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZjlL/7YQrPSg7pZGmmZnWkJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZGJiNDc1YTQzMDRjODQ1MzQzZmQ5NGZlZTlhNmI4ODAw
OGUzOGIwHhcNMjUwODI2MDcwMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDU1MTI2Nzg1YTdkMTY2MzIyYWU5ODQ4NTQ4MmM5NzhlOTEzODU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugS0FNi7nFfR+IDfqV0rT48u7P7z
7tcQr58DWbdFNIHwY0Z/BlPyU8zvoOQ9NVM+zG6W6/Cqnd6CslowwKhB/aGMuNbB
gP1FVeQ5R8vbbM0RhqIVS5t8deZgTIZkd9yjwoJI7Yt15NfbTnEKIAQDE3tS6hr6
tc1flXJU8aj2jfl0Gdvl1OJ+DaRqOqAxjbXlskYyfKxn4egkHosFEvglgyJUv5oO
cpOW78q+TrHM+3/+HZ6ywT+XxgH4wo8NV5Svf5z1XUAqUK0Gg9AyPVotVgdb5gk4
2aFD6AnwrqfVZlBG+3VJRFc9CuhuC3Zl29WaWflelJFtrCRP6Bn6a9a/9wIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFA1VEmeFp9FmMirphIVILJeOkThXMB8GA1UdIwQY
MBaAFDrbtHWkMEyEU0P9lP7ppriACOOLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3R1MGRhUXdUSVJUUV8yVV91bW11SUFJNDRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yMjY5MjctZDY1Ni00YjkxLWE5OTAt
MGNlMDQ5NmE5OTdiLzEvRFZVU1o0V24wV1l5S3VtRWhVZ3NsNDZST0ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yMjY5MjctZDY1Ni00YjkxLWE5OTAtMGNlMDQ5NmE5OTdi
LzEvT3R1MGRhUXdUSVJUUV8yVV91bW11SUFJNDRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAIAEGfAgo
AwUAKgXUwDANBgkqhkiG9w0BAQsFAAOCAQEAVtjWIZ4WMNgwoCKaT8dWoRmm3nqV
I1miP/EH92F/ipPCfXSkwAlmxuqW8Yyx//L96tL0KlOGN8EtzqQSNWEtNp/IxONb
uOgbpeFA6n7a6e1QOS9N6kgkm+vzBBZRkuRRoPcPnvfdndvOtkrPrb9dR0rbw2rV
HNP+ZlULLvrFZqiW06OemYu8dRuAzTvMNRNaToLTA695oXtYlmTvUG9GZpFEAmJq
qxFitwIRiX6yjrnFVqGR8GMxk+g+awWRNqVmSQNRFUwnLROIGf55TA6nFLCR1qFw
G1dmo5A6b//PapF84cPIpRk4v5dSSBNxt3hdQBYVUXZQVGUBVzlmHC980Q==
-----END CERTIFICATE-----