Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/imopXw9WLvPf9_-AYmBC2juD_w0.roa
File:                     imopXw9WLvPf9_-AYmBC2juD_w0.roa (raw, json)
Hash identifier:          J3kUsy1tWUmacwkH5xkW3clkl1zzFU+4BkmSdaQn+d8=
Subject key identifier:   8A:6A:29:5F:0F:56:2E:F3:DF:F7:FF:80:62:60:42:DA:3B:83:FF:0D
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01973C23F177FECE17D921A3E6E9EC39075B
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/imopXw9WLvPf9_-AYmBC2juD_w0.roa
Signing time:             Wed 04 Jun 2025 18:11:17 +0000
ROA not before:           Wed 04 Jun 2025 18:11:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:4bc6::/32 maxlen: 32
                          2a0e:ccc3::/32 maxlen: 32
                          2a0f:4340::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3c:23:f1:77:fe:ce:17:d9:21:a3:e6:e9:ec:39:07:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jun  4 18:11:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a6a295f0f562ef3dff7ff80626042da3b83ff0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7f:ce:e6:44:6d:ae:fa:c1:a8:60:2b:f6:64:
                    ac:dc:7a:95:0d:c1:70:29:4e:82:86:db:cf:8f:d9:
                    15:0c:9b:a6:b6:00:72:51:4e:76:9a:4f:5a:30:94:
                    a4:56:91:c7:f7:2f:bb:0e:63:88:a3:27:bd:fe:7b:
                    bb:1c:88:05:a4:79:d6:be:1e:b6:47:a2:f9:7c:2f:
                    21:58:21:03:16:f5:d6:eb:64:10:40:ce:15:f2:31:
                    2b:c1:1d:0a:c8:a0:cc:a6:6c:3c:52:95:8c:35:3f:
                    ca:7a:92:85:6f:e7:a8:64:72:9c:31:17:f0:ea:db:
                    dd:bd:05:4d:9c:39:62:1b:2e:de:0d:a7:04:8b:8e:
                    97:67:66:f8:a3:19:3c:9e:ff:58:d2:3a:6c:60:ad:
                    5f:5f:da:c6:ab:e6:5a:70:d3:6a:59:37:8e:75:af:
                    80:55:5f:0c:7c:2e:cf:be:da:ae:16:b5:6f:c4:f8:
                    b2:41:64:4b:96:ca:88:24:b7:f1:13:28:6b:7d:64:
                    1a:2c:e9:61:c2:84:a0:ca:c0:2e:7b:65:e7:06:85:
                    43:96:df:74:18:b4:25:b6:59:47:36:6b:0f:0a:cd:
                    a5:a5:d3:da:eb:82:62:f8:0a:e7:eb:83:c9:6e:51:
                    cf:6f:21:7f:b2:39:2f:07:5f:23:0a:00:d6:f6:24:
                    f3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:6A:29:5F:0F:56:2E:F3:DF:F7:FF:80:62:60:42:DA:3B:83:FF:0D
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/imopXw9WLvPf9_-AYmBC2juD_w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4bc6::/32
                  2a0e:ccc3::/32
                  2a0f:4340::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:38:49:3a:db:54:f2:eb:f4:f7:95:7f:fd:39:cd:53:6f:43:
         18:a4:16:c2:81:99:19:c4:16:9c:d9:1c:12:e7:c9:98:59:5c:
         b2:26:80:85:43:ed:d7:1b:e8:5d:3b:89:e3:47:de:6e:32:db:
         cf:b8:d8:70:50:56:f3:d8:ec:da:1e:54:49:e0:da:5d:6f:ed:
         ca:e9:cd:fa:c1:6f:bb:a8:fc:16:72:4f:95:28:51:d3:2e:b8:
         9e:6e:42:75:9e:b1:a5:43:9c:d0:fc:f0:8b:e6:0e:68:69:b0:
         34:72:70:72:c3:05:39:54:0d:28:02:d8:71:a6:44:64:81:e0:
         83:b6:0a:4a:a2:07:8a:60:0a:d9:16:89:f4:8c:b5:db:0b:ff:
         af:9d:a3:2b:ef:de:1d:02:55:db:16:d8:1b:d4:4a:34:bc:98:
         d5:01:74:b5:3e:03:d6:37:61:da:93:19:ac:fc:3e:8a:fe:8d:
         00:1e:7a:1e:9c:64:6c:3f:3c:ca:08:44:f5:50:bb:5e:df:11:
         c3:1f:00:2d:69:c3:ea:80:42:5e:76:a1:79:76:26:6d:7c:11:
         25:a6:a2:81:e8:03:6e:cd:b0:f4:cc:cd:31:ad:94:19:87:1d:
         98:17:5d:c3:da:13:48:b6:6f:26:cd:07:54:68:c1:ed:84:ee:
         80:75:5f:90
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZc8I/F3/s4X2SGj5unsOQdbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjUwNjA0MTgxMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTZhMjk1ZjBmNTYyZWYzZGZmN2ZmODA2MjYwNDJkYTNiODNmZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArH/O5kRtrvrBqGAr9mSs3HqVDcFw
KU6ChtvPj9kVDJumtgByUU52mk9aMJSkVpHH9y+7DmOIoye9/nu7HIgFpHnWvh62
R6L5fC8hWCEDFvXW62QQQM4V8jErwR0KyKDMpmw8UpWMNT/KepKFb+eoZHKcMRfw
6tvdvQVNnDliGy7eDacEi46XZ2b4oxk8nv9Y0jpsYK1fX9rGq+ZacNNqWTeOda+A
VV8MfC7PvtquFrVvxPiyQWRLlsqIJLfxEyhrfWQaLOlhwoSgysAue2XnBoVDlt90
GLQltllHNmsPCs2lpdPa64Ji+Arn64PJblHPbyF/sjkvB18jCgDW9iTzmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIpqKV8PVi7z3/f/gGJgQto7g/8NMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvaW1vcFh3OVdMdlBmOV8tQVltQkMyanVEX3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg5LxgMF
ACoOzMMDBQAqD0NAMA0GCSqGSIb3DQEBCwUAA4IBAQBiOEk621Ty6/T3lX/9Oc1T
b0MYpBbCgZkZxBac2RwS58mYWVyyJoCFQ+3XG+hdO4njR95uMtvPuNhwUFbz2Oza
HlRJ4Npdb+3K6c36wW+7qPwWck+VKFHTLriebkJ1nrGlQ5zQ/PCL5g5oabA0cnBy
wwU5VA0oAthxpkRkgeCDtgpKogeKYArZFon0jLXbC/+vnaMr794dAlXbFtgb1Eo0
vJjVAXS1PgPWN2Hakxms/D6K/o0AHnoenGRsPzzKCET1ULte3xHDHwAtacPqgEJe
dqF5diZtfBElpqKB6ANuzbD0zM0xrZQZhx2YF13D2hNItm8mzQdUaMHthO6AdV+Q
-----END CERTIFICATE-----