Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/kFVkpx97TB72EKQ4ruzAfgCkmLQ.roa
File:                     kFVkpx97TB72EKQ4ruzAfgCkmLQ.roa (raw, json)
Hash identifier:          1FA9Vl6Gc5MRJ5uyClcUL5q5Uvzb9XvC2S9BIvyjxzc=
Subject key identifier:   90:55:64:A7:1F:7B:4C:1E:F6:10:A4:38:AE:EC:C0:7E:00:A4:98:B4
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01958B12A5A7272FDFC3C85B79BDA3D04A82
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/kFVkpx97TB72EKQ4ruzAfgCkmLQ.roa
Signing time:             Wed 12 Mar 2025 15:56:49 +0000
ROA not before:           Wed 12 Mar 2025 15:56:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34665
IP address blocks:        2a0e:4bc3::/32 maxlen: 32
                          2a0e:ffc3::/32 maxlen: 32
                          2a0f:4344::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8b:12:a5:a7:27:2f:df:c3:c8:5b:79:bd:a3:d0:4a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Mar 12 15:56:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=905564a71f7b4c1ef610a438aeecc07e00a498b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1a:1a:df:1d:d2:10:07:38:d9:af:3a:82:ab:
                    32:24:b5:82:eb:39:0a:4b:2a:e5:2b:f4:83:c2:32:
                    95:3a:34:58:c6:d7:a0:db:23:59:0d:c8:65:71:ff:
                    9c:82:2d:d1:f9:26:42:74:de:4e:08:27:aa:49:48:
                    72:3c:93:38:14:92:40:aa:ba:2e:d6:be:05:22:27:
                    07:8e:c2:7c:cd:74:ab:09:70:09:ee:9b:c2:f3:09:
                    95:ba:39:7b:54:e7:53:2c:b6:50:11:f3:4e:69:e5:
                    77:ba:bf:38:8b:8e:92:8e:5d:d1:ad:d9:3e:10:4c:
                    4e:8b:fc:d9:84:c6:8e:fc:6a:bb:54:1c:4a:89:e6:
                    2c:5d:d2:79:28:3d:a3:b6:6a:49:82:94:72:f2:43:
                    90:42:21:ba:8f:48:59:3c:8e:23:4a:1e:38:a0:ba:
                    95:cd:24:eb:66:ec:2c:78:f7:b7:a2:03:97:88:21:
                    7c:6a:42:21:24:ef:70:13:1e:91:2e:a5:7d:5a:84:
                    a1:92:8d:23:fe:42:35:71:f9:31:58:51:88:68:ee:
                    5b:e9:59:25:10:39:79:f1:c5:e4:23:56:64:a1:b0:
                    83:dc:d7:79:6d:61:68:b9:6b:44:85:eb:1c:37:12:
                    ee:3e:fc:0a:39:bf:b9:2f:a0:2a:78:58:42:b4:8c:
                    e1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:55:64:A7:1F:7B:4C:1E:F6:10:A4:38:AE:EC:C0:7E:00:A4:98:B4
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/kFVkpx97TB72EKQ4ruzAfgCkmLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4bc3::/32
                  2a0e:ffc3::/32
                  2a0f:4344::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:43:06:98:31:0a:7f:74:4f:d7:5e:26:70:c9:90:af:63:3b:
         4b:90:02:c2:40:a9:cd:d4:4e:50:3a:e9:8b:14:fe:6e:ab:98:
         6a:a3:d7:28:6b:c1:b8:4e:05:df:40:43:54:b4:73:7d:a7:aa:
         52:ac:ae:bd:be:f0:4d:56:15:8d:94:05:d6:5f:8a:0e:35:3c:
         05:9f:9f:d6:16:61:26:24:0a:6d:34:c6:56:38:40:33:fe:af:
         24:83:fe:a3:63:55:9a:b5:87:bc:27:24:71:09:e0:96:8b:11:
         89:1c:8e:1e:80:90:ea:cb:14:d6:d2:5b:68:0b:bd:10:96:d1:
         31:dd:3f:1c:43:71:9f:6d:91:0c:62:ea:1d:2a:35:c8:45:3f:
         37:44:e8:1b:6f:15:ae:14:e4:16:54:5b:d0:f8:39:d2:92:96:
         2b:1d:5e:65:93:a7:39:e3:9d:92:bf:ce:25:41:54:90:9a:f8:
         b0:f1:93:d6:99:f9:34:ed:b8:f7:a4:f6:b4:e4:93:bb:80:65:
         2a:5b:ce:8c:9c:f6:69:10:48:b2:78:70:6a:7c:aa:4f:9b:8b:
         d2:f5:65:b7:fb:8c:82:58:6e:82:ca:2f:dc:33:17:d7:48:bd:
         3e:b3:29:a7:25:c1:71:d8:20:0a:2c:2a:e6:81:f5:29:f1:1c:
         58:30:a9:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZWLEqWnJy/fw8hbeb2j0EqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjUwMzEyMTU1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDU1NjRhNzFmN2I0YzFlZjYxMGE0MzhhZWVjYzA3ZTAwYTQ5OGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRoa3x3SEAc42a86gqsyJLWC6zkK
SyrlK/SDwjKVOjRYxteg2yNZDchlcf+cgi3R+SZCdN5OCCeqSUhyPJM4FJJAqrou
1r4FIicHjsJ8zXSrCXAJ7pvC8wmVujl7VOdTLLZQEfNOaeV3ur84i46Sjl3Rrdk+
EExOi/zZhMaO/Gq7VBxKieYsXdJ5KD2jtmpJgpRy8kOQQiG6j0hZPI4jSh44oLqV
zSTrZuwsePe3ogOXiCF8akIhJO9wEx6RLqV9WoShko0j/kI1cfkxWFGIaO5b6Vkl
EDl58cXkI1ZkobCD3Nd5bWFouWtEhescNxLuPvwKOb+5L6AqeFhCtIzhlwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJBVZKcfe0we9hCkOK7swH4ApJi0MB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEva0ZWa3B4OTdUQjcyRUtRNHJ1ekFmZ0NrbUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg5LwwMF
ACoO/8MDBQAqD0NEMA0GCSqGSIb3DQEBCwUAA4IBAQA3QwaYMQp/dE/XXiZwyZCv
YztLkALCQKnN1E5QOumLFP5uq5hqo9coa8G4TgXfQENUtHN9p6pSrK69vvBNVhWN
lAXWX4oONTwFn5/WFmEmJAptNMZWOEAz/q8kg/6jY1WatYe8JyRxCeCWixGJHI4e
gJDqyxTW0ltoC70QltEx3T8cQ3GfbZEMYuodKjXIRT83ROgbbxWuFOQWVFvQ+DnS
kpYrHV5lk6c5452Sv84lQVSQmviw8ZPWmfk07bj3pPa05JO7gGUqW86MnPZpEEiy
eHBqfKpPm4vS9WW3+4yCWG6Cyi/cMxfXSL0+symnJcFx2CAKLCrmgfUp8RxYMKlA
-----END CERTIFICATE-----