Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/sfwAjAu-GXwERqjbAFegCNjl2ek.roa
File:                     sfwAjAu-GXwERqjbAFegCNjl2ek.roa (raw, json)
Hash identifier:          wOmEjaFSgw+sIMZgz4C+gVMxcEXH5qSK0eNAgBIfZlY=
Subject key identifier:   B1:FC:00:8C:0B:BE:19:7C:04:46:A8:DB:00:57:A0:08:D8:E5:D9:E9
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0198F0C57AFE2E76D4D07E2DB22EC0E1CE69
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/sfwAjAu-GXwERqjbAFegCNjl2ek.roa
Signing time:             Thu 28 Aug 2025 13:02:10 +0000
ROA not before:           Thu 28 Aug 2025 13:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42375
IP address blocks:        2a11:646::/32 maxlen: 32
                          2a11:6340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 10:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f0:c5:7a:fe:2e:76:d4:d0:7e:2d:b2:2e:c0:e1:ce:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Aug 28 13:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1fc008c0bbe197c0446a8db0057a008d8e5d9e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7c:f3:df:f5:7f:db:93:1e:fd:24:7f:1c:b4:
                    40:92:b4:1e:54:f0:fc:64:2c:42:72:1f:e2:79:63:
                    a0:04:33:3a:5e:32:9d:b0:8b:8e:f7:52:c0:b8:60:
                    e0:b4:cc:20:34:67:b3:3a:9c:a0:6c:80:e5:2f:1c:
                    c4:26:64:af:c4:0e:b3:09:79:48:65:b1:27:f8:48:
                    aa:66:ee:9b:cc:d8:f7:c1:f6:ba:4a:ad:68:c7:e7:
                    69:da:d7:c4:00:6d:16:db:fc:1d:22:72:78:47:40:
                    40:c0:08:0c:1b:db:02:82:a4:25:0b:27:e4:a9:8b:
                    62:31:fa:f6:f8:04:57:af:ea:30:f3:08:ae:c3:b0:
                    63:f6:5d:c4:02:6c:e0:77:d7:d4:d7:d4:bc:b1:c9:
                    35:c7:20:fc:a1:e5:33:b0:34:0d:70:5c:d4:ce:08:
                    71:71:97:28:aa:59:bc:28:0f:05:86:d4:e6:01:6e:
                    80:6e:89:92:db:92:0b:d7:46:d6:18:27:6d:f2:c9:
                    2f:13:02:23:4d:84:ee:5c:29:9c:29:23:f8:bb:8e:
                    0f:c5:54:2d:a8:c8:21:5c:f1:98:29:05:6a:9a:22:
                    66:f3:a4:72:cf:68:4e:0b:38:79:c3:05:2d:c4:be:
                    10:55:0d:31:f4:49:cd:16:60:71:59:13:10:a4:05:
                    7f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:FC:00:8C:0B:BE:19:7C:04:46:A8:DB:00:57:A0:08:D8:E5:D9:E9
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/sfwAjAu-GXwERqjbAFegCNjl2ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:646::/32
                  2a11:6340::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:e6:f6:cb:7d:79:45:ef:63:2b:6c:14:ef:9d:c0:14:a0:94:
         f9:fe:00:25:47:d9:5b:e5:a0:b7:d5:9a:39:12:1c:5e:1b:31:
         7e:6b:93:c6:1a:8c:f2:68:12:d3:8e:95:52:94:60:18:2b:fa:
         e8:a9:1c:7b:29:90:93:05:f8:cc:f8:6d:14:52:e5:9f:36:ff:
         19:79:7d:20:21:06:22:1d:21:12:6e:d1:dd:62:f1:04:b6:a5:
         7a:e9:88:1b:f6:32:50:fb:a4:d3:a1:a5:d3:b1:43:ad:e3:02:
         e1:c4:2c:d7:b9:42:5b:d5:79:21:54:a5:ec:cf:ff:1d:fe:f0:
         20:4e:61:d7:7a:f0:08:77:ef:9d:da:d2:1a:c5:5e:a9:7e:30:
         3a:3c:bc:8e:f9:e7:6b:8b:1a:3f:54:8a:84:d4:5f:98:ab:65:
         14:4a:0b:f0:42:e5:4b:e2:fd:23:6b:12:f0:62:cf:a3:6e:8b:
         74:1c:0e:3c:a5:98:e7:4a:4d:3e:2f:79:67:ca:6d:35:5b:a7:
         e4:ff:96:cc:f7:6a:fe:0c:ba:a9:9e:17:99:c2:96:89:45:f7:
         50:1d:58:38:73:8c:83:a0:15:a0:01:58:08:a4:82:fc:7c:c8:
         7d:64:c9:34:63:10:12:dc:fc:fa:8d:b6:a0:88:72:38:5a:04:
         8f:04:2f:a6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZjwxXr+LnbU0H4tsi7A4c5pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwODI4MTMwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWZjMDA4YzBiYmUxOTdjMDQ0NmE4ZGIwMDU3YTAwOGQ4ZTVkOWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3zz3/V/25Me/SR/HLRAkrQeVPD8
ZCxCch/ieWOgBDM6XjKdsIuO91LAuGDgtMwgNGezOpygbIDlLxzEJmSvxA6zCXlI
ZbEn+EiqZu6bzNj3wfa6Sq1ox+dp2tfEAG0W2/wdInJ4R0BAwAgMG9sCgqQlCyfk
qYtiMfr2+ARXr+ow8wiuw7Bj9l3EAmzgd9fU19S8sck1xyD8oeUzsDQNcFzUzghx
cZcoqlm8KA8FhtTmAW6AbomS25IL10bWGCdt8skvEwIjTYTuXCmcKSP4u44PxVQt
qMghXPGYKQVqmiJm86Ryz2hOCzh5wwUtxL4QVQ0x9EnNFmBxWRMQpAV/BwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLH8AIwLvhl8BEao2wBXoAjY5dnpMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvc2Z3QWpBdS1HWHdFUnFqYkFGZWdDTmpsMmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhEGRgMF
AyoRY0AwDQYJKoZIhvcNAQELBQADggEBAF7m9st9eUXvYytsFO+dwBSglPn+ACVH
2VvloLfVmjkSHF4bMX5rk8YajPJoEtOOlVKUYBgr+uipHHspkJMF+Mz4bRRS5Z82
/xl5fSAhBiIdIRJu0d1i8QS2pXrpiBv2MlD7pNOhpdOxQ63jAuHELNe5QlvVeSFU
pezP/x3+8CBOYdd68Ah3753a0hrFXql+MDo8vI7552uLGj9UioTUX5irZRRKC/BC
5Uvi/SNrEvBiz6Nui3QcDjylmOdKTT4veWfKbTVbp+T/lsz3av4MuqmeF5nClolF
91AdWDhzjIOgFaABWAikgvx8yH1kyTRjEBLc/PqNtqCIcjhaBI8EL6Y=
-----END CERTIFICATE-----