Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/U1RYzEbHmiXutqW8M0GkGkDLUKA.roa
File:                     U1RYzEbHmiXutqW8M0GkGkDLUKA.roa (raw, json)
Hash identifier:          8576dkRYk3dW0Y6uWzvcN1Y2+IXW0jM0HiarzKgHeX0=
Subject key identifier:   53:54:58:CC:46:C7:9A:25:EE:B6:A5:BC:33:41:A4:1A:40:CB:50:A0
Certificate issuer:       /CN=0d8d3ced32e360fcd46c163556de28aa2824b19b
Certificate serial:       0197D9815A6D414D96BA0BEB807100E71F34
Authority key identifier: 0D:8D:3C:ED:32:E3:60:FC:D4:6C:16:35:56:DE:28:AA:28:24:B1:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DY087TLjYPzUbBY1Vt4oqigksZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/U1RYzEbHmiXutqW8M0GkGkDLUKA.roa
Signing time:             Sat 05 Jul 2025 07:33:42 +0000
ROA not before:           Sat 05 Jul 2025 07:33:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209179
IP address blocks:        2a03:bb80::/48 maxlen: 48
                          2a03:bb80:1::/48 maxlen: 48
                          2a03:bb80:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/DY087TLjYPzUbBY1Vt4oqigksZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/DY087TLjYPzUbBY1Vt4oqigksZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DY087TLjYPzUbBY1Vt4oqigksZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d9:81:5a:6d:41:4d:96:ba:0b:eb:80:71:00:e7:1f:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d8d3ced32e360fcd46c163556de28aa2824b19b
        Validity
            Not Before: Jul  5 07:33:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=535458cc46c79a25eeb6a5bc3341a41a40cb50a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:af:ab:5e:d5:4d:f3:6b:ca:14:80:7a:ee:1b:
                    dc:bd:fb:fd:e2:26:99:69:1e:07:4c:d9:bd:d1:89:
                    05:2e:0a:38:ba:78:a2:b7:78:07:62:6e:79:4f:c1:
                    c4:a1:58:94:95:34:bf:69:c9:b9:d5:d7:1b:82:c5:
                    fe:91:ef:6c:8a:0b:6c:9e:43:40:ab:8c:19:e2:ee:
                    1b:73:ab:c4:30:4d:d8:7f:91:b9:a9:80:09:6d:d3:
                    f3:d5:1d:ab:ba:81:49:4c:5e:f5:06:f8:8a:79:ab:
                    51:13:c9:e2:e9:12:fa:0e:c0:89:1c:52:32:8f:55:
                    9a:9f:2f:95:a2:63:a3:35:6d:a0:10:55:11:aa:b9:
                    55:63:ff:6d:8f:c9:cd:21:bd:f7:06:3b:26:62:c4:
                    1f:13:00:46:44:9b:fa:f2:34:09:ba:84:ab:94:2b:
                    24:a4:02:0b:bb:76:a4:2a:7b:17:e9:63:74:16:05:
                    8a:ee:4b:40:f4:7b:0a:63:c1:03:ac:36:f9:40:e7:
                    b8:7a:7d:cf:80:65:48:a4:a7:db:4d:3a:bf:26:3a:
                    b5:63:45:b8:2d:8e:3c:6e:be:14:10:80:af:73:3e:
                    30:61:a4:7b:da:c0:56:6c:29:c0:91:17:0e:49:11:
                    7d:4e:7d:eb:2e:60:9a:f5:90:87:72:06:a5:13:2d:
                    dd:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:54:58:CC:46:C7:9A:25:EE:B6:A5:BC:33:41:A4:1A:40:CB:50:A0
            X509v3 Authority Key Identifier:
                keyid:0D:8D:3C:ED:32:E3:60:FC:D4:6C:16:35:56:DE:28:AA:28:24:B1:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DY087TLjYPzUbBY1Vt4oqigksZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/U1RYzEbHmiXutqW8M0GkGkDLUKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/DY087TLjYPzUbBY1Vt4oqigksZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:bb80::-2a03:bb80:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         15:0f:ec:da:0f:90:b4:1e:f8:b8:8e:70:4f:36:83:3a:31:68:
         e4:c9:5f:2c:50:6c:35:45:db:6e:bb:81:f8:6f:a6:d5:64:dd:
         1f:cc:81:81:2e:eb:47:9f:a2:cb:a5:fa:3b:c2:c1:49:f1:2e:
         75:c4:6c:95:d5:a7:47:22:bb:06:fa:94:1b:59:98:9b:d3:a2:
         2d:e2:2c:ec:b0:ac:dd:32:25:0f:42:cb:03:b0:a2:1a:2e:4d:
         81:a7:65:84:43:21:b3:69:a4:ba:08:48:fd:54:84:08:b9:e9:
         08:71:a9:9a:91:96:46:5b:88:77:60:0a:d4:98:cc:ee:ee:ce:
         3a:0a:3c:57:38:0f:1b:1d:de:79:e3:a3:f9:d8:11:59:7c:6d:
         e6:9b:dd:99:28:84:68:27:7d:3b:8e:8b:f2:3e:1d:11:85:6a:
         fd:3d:e6:1a:5f:bc:0a:7c:1e:7d:fe:67:3a:b5:b9:9d:6b:ea:
         dd:ca:0c:de:8f:e2:9b:b4:a9:17:82:82:13:46:0d:12:18:e9:
         76:ad:03:b5:d7:43:c1:bf:b2:ab:d0:33:dc:e3:7a:b2:39:44:
         af:10:80:f5:30:dd:ec:98:45:f2:67:3d:95:05:b9:0e:31:d0:
         a0:8b:26:e2:b9:70:1a:8a:cd:98:89:52:80:da:38:af:ac:1f:
         57:b9:85:7c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfZgVptQU2WugvrgHEA5x80MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkOGQzY2VkMzJlMzYwZmNkNDZjMTYzNTU2ZGUyOGFhMjgy
NGIxOWIwHhcNMjUwNzA1MDczMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzU0NThjYzQ2Yzc5YTI1ZWViNmE1YmMzMzQxYTQxYTQwY2I1MGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4a+rXtVN82vKFIB67hvcvfv94iaZ
aR4HTNm90YkFLgo4uniit3gHYm55T8HEoViUlTS/acm51dcbgsX+ke9sigtsnkNA
q4wZ4u4bc6vEME3Yf5G5qYAJbdPz1R2ruoFJTF71BviKeatRE8ni6RL6DsCJHFIy
j1Wany+VomOjNW2gEFURqrlVY/9tj8nNIb33BjsmYsQfEwBGRJv68jQJuoSrlCsk
pAILu3akKnsX6WN0FgWK7ktA9HsKY8EDrDb5QOe4en3PgGVIpKfbTTq/Jjq1Y0W4
LY48br4UEICvcz4wYaR72sBWbCnAkRcOSRF9Tn3rLmCa9ZCHcgalEy3d3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFNUWMxGx5ol7ralvDNBpBpAy1CgMB8GA1UdIwQY
MBaAFA2NPO0y42D81GwWNVbeKKooJLGbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFkwODdUTGpZUHpVYkJZMVZ0NG9xaWdrc1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9jYjZmN2UtZTNiOC00ZDBjLTgyOTMt
YTQ5N2I4Y2JmMTc3LzEvVTFSWXpFYkhtaVh1dHFXOE0wR2tHa0RMVUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9jYjZmN2UtZTNiOC00ZDBjLTgyOTMtYTQ5N2I4Y2JmMTc3
LzEvRFkwODdUTGpZUHpVYkJZMVZ0NG9xaWdrc1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASMBADBQcqA7uA
AwcAKgO7gAACMA0GCSqGSIb3DQEBCwUAA4IBAQAVD+zaD5C0Hvi4jnBPNoM6MWjk
yV8sUGw1Rdtuu4H4b6bVZN0fzIGBLutHn6LLpfo7wsFJ8S51xGyV1adHIrsG+pQb
WZib06It4izssKzdMiUPQssDsKIaLk2Bp2WEQyGzaaS6CEj9VIQIuekIcamakZZG
W4h3YArUmMzu7s46CjxXOA8bHd5546P52BFZfG3mm92ZKIRoJ307jovyPh0RhWr9
PeYaX7wKfB59/mc6tbmda+rdygzej+KbtKkXgoITRg0SGOl2rQO110PBv7Kr0DPc
43qyOUSvEID1MN3smEXyZz2VBbkOMdCgiybiuXAais2YiVKA2jivrB9XuYV8
-----END CERTIFICATE-----