Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/4l2IuTNstzGjNpiJFAwrychEOYw.roa
File:                     4l2IuTNstzGjNpiJFAwrychEOYw.roa (raw, json)
Hash identifier:          m0X4eBCPHrx7Zmyz1UFRgVdtWA6FSM4O8cwU3fWGGhY=
Subject key identifier:   E2:5D:88:B9:33:6C:B7:31:A3:36:98:89:14:0C:2B:C9:C8:44:39:8C
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0198F0C57BCE0E36E7774843CAC1E313A919
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/4l2IuTNstzGjNpiJFAwrychEOYw.roa
Signing time:             Thu 28 Aug 2025 13:02:10 +0000
ROA not before:           Thu 28 Aug 2025 13:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50340
IP address blocks:        2a11:4341::/32 maxlen: 32
                          2a11:7887::/32 maxlen: 32
                          2a12:2cc7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 10:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f0:c5:7b:ce:0e:36:e7:77:48:43:ca:c1:e3:13:a9:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Aug 28 13:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e25d88b9336cb731a3369889140c2bc9c844398c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2c:c2:95:c4:a5:51:95:4d:f6:36:c8:ae:64:
                    8c:4d:d5:a0:25:ad:69:1e:6b:0c:83:d6:81:77:10:
                    c1:6a:4a:26:82:63:a5:1d:ef:a4:cf:4a:cf:eb:79:
                    eb:3c:db:f2:b6:65:4b:72:3a:93:97:0d:6b:da:37:
                    c0:09:d2:00:a8:64:26:1d:98:64:f8:7f:f4:d2:38:
                    5a:39:ce:59:b6:5c:37:71:80:b9:b1:45:60:bd:83:
                    c9:e1:27:3d:f2:5a:65:66:36:1b:bf:cc:ef:ff:bd:
                    ab:93:fb:29:e3:e4:ae:75:85:0b:b1:3c:62:48:7f:
                    77:2d:d7:fe:39:52:6e:02:62:31:34:64:b5:c4:4f:
                    1e:ff:97:58:1a:99:8b:61:5e:9b:d3:3d:e2:00:52:
                    46:8f:09:c0:f6:92:89:91:ce:00:91:14:68:79:d0:
                    d2:98:42:72:85:90:2a:74:6c:52:2b:60:5f:09:a7:
                    eb:ab:01:2b:4b:eb:e5:09:e5:53:13:a4:62:d7:13:
                    a7:e8:ec:87:d0:bf:02:b2:b1:20:50:12:8c:d3:8f:
                    fe:20:7a:56:2d:8f:cd:d2:55:27:dd:50:bb:f7:65:
                    5a:ba:d0:1e:11:94:96:d9:8e:23:00:c9:e1:46:00:
                    2f:cd:df:66:69:10:cc:fa:e1:93:fc:39:71:96:e4:
                    03:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:5D:88:B9:33:6C:B7:31:A3:36:98:89:14:0C:2B:C9:C8:44:39:8C
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/4l2IuTNstzGjNpiJFAwrychEOYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4341::/32
                  2a11:7887::/32
                  2a12:2cc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:95:b7:72:32:2f:b8:5c:4f:3f:a1:23:9e:49:1c:54:b0:3d:
         e5:ac:1b:b8:dc:f5:ea:f0:c9:53:65:ca:ed:3d:a5:5a:b7:10:
         41:c1:82:3e:3c:d8:6c:4d:dc:90:59:d0:8c:7f:e2:c9:eb:f2:
         c8:0f:db:4c:aa:df:7d:8f:4b:a2:27:cb:9a:1c:72:4d:0f:75:
         b6:6b:4e:6f:c7:29:72:7b:e1:06:fc:7f:e0:7a:c7:d1:5b:7d:
         67:d5:d3:4a:aa:c8:89:1e:15:7c:c7:59:18:7f:f1:f3:5d:96:
         df:41:94:5f:6b:97:8b:2b:2a:eb:ca:96:ed:ae:62:c6:43:1a:
         39:cf:90:ce:f5:f2:e2:52:1a:9f:e4:02:6b:ec:ba:37:d9:6c:
         31:f5:ed:e6:95:78:a7:52:db:7a:2a:92:14:67:3d:07:9f:0b:
         eb:66:19:63:aa:dd:f8:7c:cf:ac:68:e2:73:d2:ed:e9:59:67:
         c6:55:0d:7a:88:b8:d5:71:9f:b6:d0:e5:5e:b5:87:4f:61:85:
         04:1a:e2:e1:81:8c:09:12:57:b1:48:c2:17:ea:9f:f8:dd:7d:
         e8:8b:6d:86:45:25:13:fe:eb:5c:07:55:13:b5:cc:f3:7c:15:
         2e:f8:a4:f8:29:97:95:48:f3:68:bc:00:3a:27:40:8b:30:e1:
         64:e0:f3:d9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZjwxXvODjbnd0hDysHjE6kZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwODI4MTMwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjVkODhiOTMzNmNiNzMxYTMzNjk4ODkxNDBjMmJjOWM4NDQzOThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCzClcSlUZVN9jbIrmSMTdWgJa1p
HmsMg9aBdxDBakomgmOlHe+kz0rP63nrPNvytmVLcjqTlw1r2jfACdIAqGQmHZhk
+H/00jhaOc5Ztlw3cYC5sUVgvYPJ4Sc98lplZjYbv8zv/72rk/sp4+SudYULsTxi
SH93Ldf+OVJuAmIxNGS1xE8e/5dYGpmLYV6b0z3iAFJGjwnA9pKJkc4AkRRoedDS
mEJyhZAqdGxSK2BfCafrqwErS+vlCeVTE6Ri1xOn6OyH0L8CsrEgUBKM04/+IHpW
LY/N0lUn3VC792VautAeEZSW2Y4jAMnhRgAvzd9maRDM+uGT/DlxluQDGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOJdiLkzbLcxozaYiRQMK8nIRDmMMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvNGwySXVUTnN0ekdqTnBpSkZBd3J5Y2hFT1l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKhFDQQMF
ACoReIcDBQAqEizHMA0GCSqGSIb3DQEBCwUAA4IBAQAZlbdyMi+4XE8/oSOeSRxU
sD3lrBu43PXq8MlTZcrtPaVatxBBwYI+PNhsTdyQWdCMf+LJ6/LID9tMqt99j0ui
J8uaHHJND3W2a05vxylye+EG/H/gesfRW31n1dNKqsiJHhV8x1kYf/HzXZbfQZRf
a5eLKyrrypbtrmLGQxo5z5DO9fLiUhqf5AJr7Lo32Wwx9e3mlXinUtt6KpIUZz0H
nwvrZhljqt34fM+saOJz0u3pWWfGVQ16iLjVcZ+20OVetYdPYYUEGuLhgYwJElex
SMIX6p/43X3oi22GRSUT/utcB1UTtczzfBUu+KT4KZeVSPNovAA6J0CLMOFk4PPZ
-----END CERTIFICATE-----