Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/OOJEMS5u2eb8DxkKrEosPXMw0Og.roa
File:                     OOJEMS5u2eb8DxkKrEosPXMw0Og.roa (raw, json)
Hash identifier:          woCuxd2WLpz7AXDSWi//5Tr0gOU4v6FPC4jcOIMMjJ0=
Subject key identifier:   38:E2:44:31:2E:6E:D9:E6:FC:0F:19:0A:AC:4A:2C:3D:73:30:D0:E8
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0199062B78F4AF816B627DDB906AFF7DDC30
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/OOJEMS5u2eb8DxkKrEosPXMw0Og.roa
Signing time:             Mon 01 Sep 2025 16:45:36 +0000
ROA not before:           Mon 01 Sep 2025 16:45:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205828
IP address blocks:        2a09:7e00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 10:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:06:2b:78:f4:af:81:6b:62:7d:db:90:6a:ff:7d:dc:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Sep  1 16:45:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38e244312e6ed9e6fc0f190aac4a2c3d7330d0e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:94:10:1e:74:ae:64:61:b3:c4:96:17:69:be:
                    38:eb:c3:f1:2d:59:89:47:a0:bb:f3:4a:ba:4d:89:
                    b2:92:0c:5f:ac:b7:1f:fd:7c:06:47:95:1c:db:1f:
                    33:4f:46:99:1b:4d:bf:43:90:73:a3:56:10:d5:e3:
                    cb:38:b5:d9:fa:59:47:2f:ed:54:3c:f9:d7:78:14:
                    f6:15:e4:15:cb:a0:aa:85:ec:7b:a6:cb:0b:1d:be:
                    f6:b9:0c:46:32:01:38:bf:26:19:d9:05:4a:04:c7:
                    e9:e7:06:54:b4:f5:9c:16:e5:fc:f7:6d:07:75:36:
                    cc:31:96:bf:61:e4:14:25:98:00:69:a0:a0:d3:40:
                    9f:c2:08:d3:ff:d5:b6:fd:4b:49:48:a6:03:bb:82:
                    e6:e2:19:a1:95:8b:35:27:47:8e:32:d3:b1:8e:f6:
                    33:76:83:48:64:6d:f1:ab:63:67:a8:2f:67:89:90:
                    30:05:10:2d:0e:02:89:24:83:1b:6e:03:4b:ad:7d:
                    ef:80:0e:da:e1:1b:dd:6e:40:4d:d7:d2:27:0d:40:
                    31:1e:42:5b:45:19:61:b1:76:d5:50:77:97:e5:c7:
                    ee:93:a4:ef:6f:19:f4:51:4f:66:d5:7c:92:22:bf:
                    7f:1e:f8:ad:32:b4:d5:55:29:f3:55:41:cc:55:b1:
                    6e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:E2:44:31:2E:6E:D9:E6:FC:0F:19:0A:AC:4A:2C:3D:73:30:D0:E8
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/OOJEMS5u2eb8DxkKrEosPXMw0Og.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:c2:43:28:b1:91:f8:2b:d2:0f:c2:a6:80:ba:41:e6:bf:b7:
         c6:d4:92:a6:81:de:be:aa:f5:8f:f3:4e:51:19:1c:b6:d6:63:
         b5:fc:eb:b7:74:1c:3e:14:83:2c:d2:36:e1:91:3f:e9:73:2c:
         87:54:60:3e:52:dc:9d:e1:32:1b:35:65:36:cb:b6:98:dd:c3:
         ed:68:f7:d3:ee:9d:98:be:57:05:c6:35:7e:52:02:3b:a3:1e:
         ce:53:11:6d:d2:32:f6:3b:05:09:50:8f:50:42:c7:b6:2c:77:
         01:ef:4f:08:3c:4e:1c:c7:5a:7f:cf:16:5b:f1:d5:73:ec:a4:
         29:00:fe:22:15:76:06:64:8d:ff:9b:c0:50:67:01:de:f9:53:
         81:6f:09:63:68:46:45:ad:9b:74:1c:0e:f6:41:61:d8:15:15:
         59:a2:f2:77:f1:7a:90:84:07:3c:7d:e6:f2:1f:e5:0c:f5:32:
         6f:c2:2f:5f:03:fd:cd:c6:b6:94:2b:e0:2c:7c:22:4e:ac:5b:
         9c:de:46:9f:71:93:87:5e:fd:fe:09:c4:67:3a:c1:ed:5e:ec:
         48:ba:08:2d:9e:7c:ac:6a:50:1b:4b:a3:ab:7d:95:ac:80:3b:
         5a:bf:70:33:2e:19:6e:74:ff:f7:0d:5e:c4:17:cb:9f:d2:de:
         df:5d:e4:c7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkGK3j0r4FrYn3bkGr/fdwwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwOTAxMTY0NTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGUyNDQzMTJlNmVkOWU2ZmMwZjE5MGFhYzRhMmMzZDczMzBkMGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5pQQHnSuZGGzxJYXab4468PxLVmJ
R6C780q6TYmykgxfrLcf/XwGR5Uc2x8zT0aZG02/Q5Bzo1YQ1ePLOLXZ+llHL+1U
PPnXeBT2FeQVy6Cqhex7pssLHb72uQxGMgE4vyYZ2QVKBMfp5wZUtPWcFuX8920H
dTbMMZa/YeQUJZgAaaCg00CfwgjT/9W2/UtJSKYDu4Lm4hmhlYs1J0eOMtOxjvYz
doNIZG3xq2NnqC9niZAwBRAtDgKJJIMbbgNLrX3vgA7a4RvdbkBN19InDUAxHkJb
RRlhsXbVUHeX5cfuk6Tvbxn0UU9m1XySIr9/HvitMrTVVSnzVUHMVbFuGwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDjiRDEubtnm/A8ZCqxKLD1zMNDoMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvT09KRU1TNXUyZWI4RHhrS3JFb3NQWE13ME9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgl+ADAN
BgkqhkiG9w0BAQsFAAOCAQEAW8JDKLGR+CvSD8KmgLpB5r+3xtSSpoHevqr1j/NO
URkcttZjtfzrt3QcPhSDLNI24ZE/6XMsh1RgPlLcneEyGzVlNsu2mN3D7Wj30+6d
mL5XBcY1flICO6MezlMRbdIy9jsFCVCPUELHtix3Ae9PCDxOHMdaf88WW/HVc+yk
KQD+IhV2BmSN/5vAUGcB3vlTgW8JY2hGRa2bdBwO9kFh2BUVWaLyd/F6kIQHPH3m
8h/lDPUyb8IvXwP9zca2lCvgLHwiTqxbnN5Gn3GTh179/gnEZzrB7V7sSLoILZ58
rGpQG0ujq32VrIA7Wr9wMy4ZbnT/9w1exBfLn9Le313kxw==
-----END CERTIFICATE-----