Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/DiVaKwGBpTwiJK2wdma2FCUI1dY.roa
File:                     DiVaKwGBpTwiJK2wdma2FCUI1dY.roa (raw, json)
Hash identifier:          AVK0qBECk7mzq61yod8pgLi4kKN20motkma1l/rW18M=
Subject key identifier:   0E:25:5A:2B:01:81:A5:3C:22:24:AD:B0:76:66:B6:14:25:08:D5:D6
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       0198EB34D2D6E79C4C39E638CFF30F9AEB43
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/DiVaKwGBpTwiJK2wdma2FCUI1dY.roa
Signing time:             Wed 27 Aug 2025 11:06:04 +0000
ROA not before:           Wed 27 Aug 2025 11:06:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44812
IP address blocks:        2a0b:d900::/29 maxlen: 29
                          2a0c:f643::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:eb:34:d2:d6:e7:9c:4c:39:e6:38:cf:f3:0f:9a:eb:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Aug 27 11:06:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e255a2b0181a53c2224adb07666b6142508d5d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9e:6a:b4:f5:eb:b8:d6:b8:28:89:5f:a1:c8:
                    f1:f3:7a:77:7f:a4:e6:a2:e8:3f:48:85:f6:a6:6a:
                    41:db:a4:1c:8c:f7:8b:2e:3e:87:14:a3:3e:b2:66:
                    09:a6:0a:6c:2d:86:ad:b2:0f:96:cb:5f:03:46:ac:
                    fd:09:c0:51:25:c8:5a:99:da:de:bd:b6:df:fb:61:
                    60:4b:89:65:16:29:35:00:95:62:10:61:31:35:92:
                    d1:17:37:4a:13:77:8b:70:6f:56:c5:bb:d1:4c:73:
                    64:ef:b3:cd:38:37:03:c3:39:a8:c5:e7:47:ba:8a:
                    62:2c:73:85:94:0a:7f:4f:65:2c:92:d9:5a:1f:06:
                    75:f0:51:5e:c5:67:cf:27:d2:9f:d4:51:0b:fa:0c:
                    ac:8a:1a:90:0d:13:88:61:82:de:d5:cd:fe:6b:71:
                    b3:09:a0:c1:ec:47:90:94:35:35:57:48:0d:72:81:
                    01:d5:37:0b:9b:6e:3f:c6:eb:7b:3e:02:e3:40:e3:
                    75:7c:f2:71:a3:58:8f:5a:1a:3d:b7:88:2f:5b:cf:
                    80:b8:5e:e3:20:f7:6c:c0:d0:0a:d9:1d:5b:16:c5:
                    d1:42:77:b7:f2:c1:c5:9b:dd:a5:1d:5b:37:25:cc:
                    d6:14:09:31:d8:75:c6:4a:5a:f6:5c:9d:d2:28:44:
                    4b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:25:5A:2B:01:81:A5:3C:22:24:AD:B0:76:66:B6:14:25:08:D5:D6
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/DiVaKwGBpTwiJK2wdma2FCUI1dY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:d900::/29
                  2a0c:f643::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:80:09:87:24:86:af:80:02:33:25:16:64:06:d5:62:3f:9e:
         a9:21:ab:29:a8:16:83:ed:c8:89:c4:1b:4c:c3:bc:2b:10:ff:
         ab:4e:7c:2c:00:23:24:a9:20:6e:88:5b:e5:95:6a:cd:b3:6f:
         e6:d1:16:2b:22:2c:93:97:b1:ae:5e:d3:b6:4f:42:07:e6:0b:
         98:04:01:7b:d0:19:ab:92:19:1a:f2:ce:c6:9f:fa:ca:f5:87:
         80:49:9c:b4:6e:26:9e:69:6d:26:2e:1c:2e:f8:86:54:7b:b6:
         77:de:20:4f:dc:c4:20:40:95:56:39:5e:ba:c3:00:56:07:ce:
         33:25:19:8f:ed:e7:8b:79:c2:54:38:cd:fb:7a:91:e0:61:a1:
         1e:02:ce:17:01:4d:44:dc:f5:62:5a:31:cd:2a:ee:8c:25:96:
         da:d7:de:db:1a:e5:28:18:3f:0c:25:48:32:af:d6:ee:a2:80:
         bc:e9:a1:ca:36:1a:85:1c:76:65:4f:3c:4b:29:f6:86:b7:32:
         70:e8:8f:ec:4d:24:bc:9e:4a:8d:45:b6:19:06:9a:a1:f4:24:
         b6:1e:8f:61:35:ad:eb:73:c4:ac:6f:56:18:42:be:9f:1f:79:
         e5:d3:ae:ed:25:70:78:ca:da:40:16:2f:3c:d1:ad:db:01:1d:
         f5:12:bf:4c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZjrNNLW55xMOeY4z/MPmutDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwODI3MTEwNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTI1NWEyYjAxODFhNTNjMjIyNGFkYjA3NjY2YjYxNDI1MDhkNWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJ5qtPXruNa4KIlfocjx83p3f6Tm
oug/SIX2pmpB26QcjPeLLj6HFKM+smYJpgpsLYatsg+Wy18DRqz9CcBRJchamdre
vbbf+2FgS4llFik1AJViEGExNZLRFzdKE3eLcG9WxbvRTHNk77PNODcDwzmoxedH
uopiLHOFlAp/T2UsktlaHwZ18FFexWfPJ9Kf1FEL+gysihqQDROIYYLe1c3+a3Gz
CaDB7EeQlDU1V0gNcoEB1TcLm24/xut7PgLjQON1fPJxo1iPWho9t4gvW8+AuF7j
IPdswNAK2R1bFsXRQne38sHFm92lHVs3JczWFAkx2HXGSlr2XJ3SKERLCQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFA4lWisBgaU8IiStsHZmthQlCNXWMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvRGlWYUt3R0JwVHdpSksyd2RtYTJGQ1VJMWRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgvZAAMF
ACoM9kMwDQYJKoZIhvcNAQELBQADggEBACWACYckhq+AAjMlFmQG1WI/nqkhqymo
FoPtyInEG0zDvCsQ/6tOfCwAIySpIG6IW+WVas2zb+bRFisiLJOXsa5e07ZPQgfm
C5gEAXvQGauSGRryzsaf+sr1h4BJnLRuJp5pbSYuHC74hlR7tnfeIE/cxCBAlVY5
XrrDAFYHzjMlGY/t54t5wlQ4zft6keBhoR4CzhcBTUTc9WJaMc0q7owlltrX3tsa
5SgYPwwlSDKv1u6igLzpoco2GoUcdmVPPEsp9oa3MnDoj+xNJLyeSo1FthkGmqH0
JLYej2E1retzxKxvVhhCvp8feeXTru0lcHjK2kAWLzzRrdsBHfUSv0w=
-----END CERTIFICATE-----