Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7ba232-8929-410d-bddd-e4b6a9df9a34/1/38Ols_fwuqUro_09-_uv-_Ul2jA.roa
File:                     38Ols_fwuqUro_09-_uv-_Ul2jA.roa (raw, json)
Hash identifier:          QymLTZTAomDxu/BGko1S2mbZfpR+LRurtzVVTfHo8uA=
Subject key identifier:   DF:C3:A5:B3:F7:F0:BA:A5:2B:A3:FD:3D:FB:FB:AF:FB:F5:25:DA:30
Certificate issuer:       /CN=9d52b83b12fa8a07132cc80833a103e09d8bd04f
Certificate serial:       0196C3D66857E52675C1A9598D1907E056EA
Authority key identifier: 9D:52:B8:3B:12:FA:8A:07:13:2C:C8:08:33:A1:03:E0:9D:8B:D0:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nVK4OxL6igcTLMgIM6ED4J2L0E8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7ba232-8929-410d-bddd-e4b6a9df9a34/1/38Ols_fwuqUro_09-_uv-_Ul2jA.roa
Signing time:             Mon 12 May 2025 09:32:10 +0000
ROA not before:           Mon 12 May 2025 09:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25400
IP address blocks:        2001:67c:c2c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7ba232-8929-410d-bddd-e4b6a9df9a34/1/nVK4OxL6igcTLMgIM6ED4J2L0E8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7ba232-8929-410d-bddd-e4b6a9df9a34/1/nVK4OxL6igcTLMgIM6ED4J2L0E8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nVK4OxL6igcTLMgIM6ED4J2L0E8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 17:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:d6:68:57:e5:26:75:c1:a9:59:8d:19:07:e0:56:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d52b83b12fa8a07132cc80833a103e09d8bd04f
        Validity
            Not Before: May 12 09:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfc3a5b3f7f0baa52ba3fd3dfbfbaffbf525da30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ba:3d:39:38:9a:8d:3c:aa:45:38:e3:10:2c:
                    fd:50:ed:49:3b:61:42:cf:36:8a:3d:1f:9d:a2:8d:
                    59:5f:8b:c2:33:33:55:ae:85:bb:f6:40:67:20:63:
                    48:19:c8:37:08:61:a0:97:6b:0d:ba:d8:82:18:a2:
                    70:6d:a1:3c:73:eb:79:0c:31:a0:92:ce:ad:94:11:
                    d1:b8:33:26:c6:61:73:82:c4:4b:14:b0:2c:5c:3d:
                    68:2f:62:c1:cb:80:57:e1:46:e1:09:f0:26:ff:09:
                    09:13:4d:76:6e:90:18:66:d3:7d:17:c8:a8:db:83:
                    1e:bf:9b:e4:5e:0b:20:ba:f8:68:1a:cf:9e:23:e1:
                    24:18:9e:32:41:81:9b:1a:dc:ff:b2:36:87:f8:a8:
                    35:34:30:d8:69:77:45:ef:21:db:cf:5c:9a:eb:6a:
                    4d:25:a7:31:1b:2e:31:05:f5:c6:2c:5f:49:b7:f5:
                    19:5a:3b:b4:78:0f:57:ac:49:c1:b9:fc:82:62:2c:
                    8a:cf:58:dd:ee:64:84:f2:b4:71:b8:02:f9:d1:c4:
                    a1:fd:da:66:45:33:e8:16:3f:f0:7e:04:f6:0b:de:
                    86:79:e5:b0:b1:85:00:92:74:0c:ae:0e:7f:da:af:
                    23:75:48:7a:e0:87:8c:b1:8e:38:5a:c5:80:5e:6a:
                    98:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:C3:A5:B3:F7:F0:BA:A5:2B:A3:FD:3D:FB:FB:AF:FB:F5:25:DA:30
            X509v3 Authority Key Identifier:
                keyid:9D:52:B8:3B:12:FA:8A:07:13:2C:C8:08:33:A1:03:E0:9D:8B:D0:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nVK4OxL6igcTLMgIM6ED4J2L0E8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7ba232-8929-410d-bddd-e4b6a9df9a34/1/38Ols_fwuqUro_09-_uv-_Ul2jA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7ba232-8929-410d-bddd-e4b6a9df9a34/1/nVK4OxL6igcTLMgIM6ED4J2L0E8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:09:82:e2:f5:6d:2f:4c:0a:ad:6d:ed:50:41:2d:34:28:ad:
         a4:15:eb:68:23:b9:1e:46:f5:b9:0e:64:d6:28:cc:5b:0c:e6:
         50:44:89:ce:84:63:0a:9f:b0:54:da:ad:83:98:b8:25:a9:a4:
         02:7a:35:ce:9f:67:98:18:c8:50:65:40:ec:28:f0:2f:ba:42:
         ba:c7:c1:4c:d6:29:94:d8:f8:67:bc:21:13:e4:4e:a8:d6:2d:
         d6:4f:04:a8:f0:02:e6:f4:12:66:95:63:bb:71:38:4b:c2:21:
         c2:21:ed:f1:29:af:ee:3b:d6:fe:ca:a2:17:a8:d5:64:2a:15:
         e3:68:4a:a0:8a:78:21:7b:17:74:99:4b:c4:47:9a:60:56:c7:
         5d:96:52:e9:5c:0d:ae:93:9d:f1:b0:a4:66:49:cc:c1:63:37:
         15:48:6b:ba:5b:3b:ca:9e:3c:3f:77:9a:45:2e:d7:4b:c8:0a:
         af:e4:df:1a:bf:d6:3c:07:a5:64:b4:a1:c9:59:0f:7a:63:5f:
         c0:df:8c:84:b5:5b:d2:a3:71:c3:45:f7:21:4f:56:19:9e:84:
         a0:22:46:ff:c1:f0:ce:1c:49:25:a7:30:5b:4a:18:a7:ef:a1:
         ac:3c:ce:a2:76:ad:e7:dd:2d:6e:24:cd:de:7d:9d:bd:f8:09:
         ac:45:e6:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbD1mhX5SZ1walZjRkH4FbqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNTJiODNiMTJmYThhMDcxMzJjYzgwODMzYTEwM2UwOWQ4
YmQwNGYwHhcNMjUwNTEyMDkzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmMzYTViM2Y3ZjBiYWE1MmJhM2ZkM2RmYmZiYWZmYmY1MjVkYTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbo9OTiajTyqRTjjECz9UO1JO2FC
zzaKPR+doo1ZX4vCMzNVroW79kBnIGNIGcg3CGGgl2sNutiCGKJwbaE8c+t5DDGg
ks6tlBHRuDMmxmFzgsRLFLAsXD1oL2LBy4BX4UbhCfAm/wkJE012bpAYZtN9F8io
24Mev5vkXgsguvhoGs+eI+EkGJ4yQYGbGtz/sjaH+Kg1NDDYaXdF7yHbz1ya62pN
JacxGy4xBfXGLF9Jt/UZWju0eA9XrEnBufyCYiyKz1jd7mSE8rRxuAL50cSh/dpm
RTPoFj/wfgT2C96GeeWwsYUAknQMrg5/2q8jdUh64IeMsY44WsWAXmqYFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN/DpbP38LqlK6P9Pfv7r/v1JdowMB8GA1UdIwQY
MBaAFJ1SuDsS+ooHEyzICDOhA+Cdi9BPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblZLNE94TDZpZ2NUTE1nSU02RUQ0SjJMMEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YmEyMzItODkyOS00MTBkLWJkZGQt
ZTRiNmE5ZGY5YTM0LzEvMzhPbHNfZnd1cVVyb18wOS1fdXYtX1VsMmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YmEyMzItODkyOS00MTBkLWJkZGQtZTRiNmE5ZGY5YTM0
LzEvblZLNE94TDZpZ2NUTE1nSU02RUQ0SjJMMEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAws
MA0GCSqGSIb3DQEBCwUAA4IBAQAcCYLi9W0vTAqtbe1QQS00KK2kFetoI7keRvW5
DmTWKMxbDOZQRInOhGMKn7BU2q2DmLglqaQCejXOn2eYGMhQZUDsKPAvukK6x8FM
1imU2PhnvCET5E6o1i3WTwSo8ALm9BJmlWO7cThLwiHCIe3xKa/uO9b+yqIXqNVk
KhXjaEqginghexd0mUvER5pgVsddllLpXA2uk53xsKRmSczBYzcVSGu6WzvKnjw/
d5pFLtdLyAqv5N8av9Y8B6VktKHJWQ96Y1/A34yEtVvSo3HDRfchT1YZnoSgIkb/
wfDOHEklpzBbShin76GsPM6idq3n3S1uJM3efZ29+AmsRebO
-----END CERTIFICATE-----