Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/m1CtBgjGeJHMfVzLBTApIVNp1W8.roa
File:                     m1CtBgjGeJHMfVzLBTApIVNp1W8.roa (raw, json)
Hash identifier:          BIlXVwgVJUkUDePkYPpVwgHBjRwARJ/MKpZUJQKWSCY=
Subject key identifier:   9B:50:AD:06:08:C6:78:91:CC:7D:5C:CB:05:30:29:21:53:69:D5:6F
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       01994ED043388385B82A1EBBAAD024DE0E56
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/m1CtBgjGeJHMfVzLBTApIVNp1W8.roa
Signing time:             Mon 15 Sep 2025 19:18:15 +0000
ROA not before:           Mon 15 Sep 2025 19:18:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204968
IP address blocks:        2a11:4342::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 19:18:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:d0:43:38:83:85:b8:2a:1e:bb:aa:d0:24:de:0e:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Sep 15 19:18:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b50ad0608c67891cc7d5ccb053029215369d56f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:9e:c6:52:de:00:ed:fb:07:1b:61:54:19:40:
                    c3:93:84:e3:98:7c:ea:41:8f:fa:35:9d:75:a7:d8:
                    04:27:a6:03:b0:5b:82:68:29:90:fd:83:80:eb:12:
                    6e:17:59:32:c8:6e:eb:03:2f:95:a8:43:5c:d2:7e:
                    cc:4a:51:42:2f:9b:75:c0:dd:99:5f:a7:46:6c:92:
                    f6:19:86:a7:11:15:8b:9b:3d:90:9a:a1:d5:c7:bb:
                    b6:57:55:f7:11:2f:09:c6:44:e2:88:93:63:d7:5c:
                    99:20:8f:db:28:02:f4:48:80:d6:f0:a3:ed:57:0e:
                    f8:3a:ac:10:42:68:c3:96:1e:0e:ed:45:66:0a:fe:
                    56:f0:aa:b3:b6:9b:cc:74:4c:c6:aa:8b:9c:95:f4:
                    09:33:a1:9d:9f:4f:0a:7a:3f:f4:87:1f:c9:3c:8e:
                    f4:e7:f1:7a:49:86:69:87:8d:ea:a3:9b:0a:ae:c1:
                    2b:2b:74:c4:a5:28:ff:d1:13:6c:d7:84:0f:f4:de:
                    b9:5b:dd:1f:a5:c1:39:9d:c3:3e:8b:d5:6b:b6:92:
                    52:dc:39:dc:2c:60:b2:69:b3:96:ea:ba:56:f1:13:
                    b3:93:d7:5e:cd:08:3d:66:df:94:e4:dd:5b:18:f1:
                    ff:90:4c:d3:af:0f:d3:68:d8:ef:aa:54:c6:6a:2f:
                    89:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:50:AD:06:08:C6:78:91:CC:7D:5C:CB:05:30:29:21:53:69:D5:6F
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/m1CtBgjGeJHMfVzLBTApIVNp1W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4342::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:d2:da:b0:06:f2:21:40:26:17:91:2a:7b:8a:f7:06:57:db:
         09:d7:44:38:ed:0e:5e:19:14:c2:3e:16:5d:ac:ea:f5:a1:20:
         50:fd:53:c8:d7:56:49:03:52:92:a7:8c:54:34:3f:a6:c9:96:
         48:d7:7a:7c:ed:d5:6c:a2:74:e4:54:1e:bb:df:e2:cd:2f:38:
         64:f8:f1:00:4a:dd:23:f7:4d:c0:a6:b6:e4:ce:12:ce:bc:54:
         23:f2:58:14:6d:c3:b1:30:64:5a:df:99:aa:14:22:da:53:04:
         db:d9:eb:3c:3a:f9:fa:e3:33:0d:10:7c:0b:41:48:e4:3d:d4:
         d4:61:a9:5d:48:0b:33:81:1b:19:1f:60:2d:4a:1d:e3:47:a0:
         07:a9:ba:c7:7c:69:d8:33:9a:4e:a3:28:cb:33:88:e6:33:fb:
         5d:0a:31:f1:33:ff:97:d6:89:bb:96:f9:fe:7d:2b:ca:d5:5b:
         68:d3:04:05:25:dd:fe:c8:97:2d:cf:95:81:a7:d7:a3:a7:e6:
         44:2b:b9:76:ca:3e:46:e1:73:24:55:60:16:a1:9b:5f:5d:63:
         9c:2e:b5:ce:df:79:80:9c:42:12:54:11:f3:7f:09:87:50:55:
         f8:dc:75:ec:f6:a9:7b:3f:f1:c7:f5:2a:01:b0:17:92:9d:8c:
         6a:ae:20:48
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZlO0EM4g4W4Kh67qtAk3g5WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwOTE1MTkxODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjUwYWQwNjA4YzY3ODkxY2M3ZDVjY2IwNTMwMjkyMTUzNjlkNTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Z7GUt4A7fsHG2FUGUDDk4TjmHzq
QY/6NZ11p9gEJ6YDsFuCaCmQ/YOA6xJuF1kyyG7rAy+VqENc0n7MSlFCL5t1wN2Z
X6dGbJL2GYanERWLmz2QmqHVx7u2V1X3ES8JxkTiiJNj11yZII/bKAL0SIDW8KPt
Vw74OqwQQmjDlh4O7UVmCv5W8KqztpvMdEzGqouclfQJM6Gdn08Kej/0hx/JPI70
5/F6SYZph43qo5sKrsErK3TEpSj/0RNs14QP9N65W90fpcE5ncM+i9VrtpJS3Dnc
LGCyabOW6rpW8ROzk9dezQg9Zt+U5N1bGPH/kEzTrw/TaNjvqlTGai+JtQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJtQrQYIxniRzH1cywUwKSFTadVvMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvbTFDdEJnakdlSkhNZlZ6TEJUQXBJVk5wMVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhFDQjAN
BgkqhkiG9w0BAQsFAAOCAQEARNLasAbyIUAmF5Eqe4r3BlfbCddEOO0OXhkUwj4W
Xazq9aEgUP1TyNdWSQNSkqeMVDQ/psmWSNd6fO3VbKJ05FQeu9/izS84ZPjxAErd
I/dNwKa25M4SzrxUI/JYFG3DsTBkWt+ZqhQi2lME29nrPDr5+uMzDRB8C0FI5D3U
1GGpXUgLM4EbGR9gLUod40egB6m6x3xp2DOaTqMoyzOI5jP7XQox8TP/l9aJu5b5
/n0rytVbaNMEBSXd/siXLc+VgafXo6fmRCu5dso+RuFzJFVgFqGbX11jnC61zt95
gJxCElQR838Jh1BV+Nx17Papez/xx/UqAbAXkp2Maq4gSA==
-----END CERTIFICATE-----