Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/4j1kn9ZRNRslxMytu5eL1iX2ygw.roa
File:                     4j1kn9ZRNRslxMytu5eL1iX2ygw.roa (raw, json)
Hash identifier:          RrIgP4kxCXaPwvdRe3NPsmeTo+G3ybJskr4dzXhR3EY=
Subject key identifier:   E2:3D:64:9F:D6:51:35:1B:25:C4:CC:AD:BB:97:8B:D6:25:F6:CA:0C
Certificate issuer:       /CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
Certificate serial:       0197187E88C289E6F663FFB102B0E9A2BD26
Authority key identifier: 3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/4j1kn9ZRNRslxMytu5eL1iX2ygw.roa
Signing time:             Wed 28 May 2025 20:03:54 +0000
ROA not before:           Wed 28 May 2025 20:03:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        2a01:f3c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:18:7e:88:c2:89:e6:f6:63:ff:b1:02:b0:e9:a2:bd:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
        Validity
            Not Before: May 28 20:03:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e23d649fd651351b25c4ccadbb978bd625f6ca0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:45:10:fe:ef:cc:73:b6:38:d4:d4:50:52:81:
                    37:4f:df:e5:3b:b2:14:82:80:7e:e2:83:9d:ee:63:
                    dd:d0:b3:8d:6a:fb:b3:02:a2:84:ef:08:cb:30:fd:
                    8b:6e:57:b5:82:ab:68:64:3e:02:16:54:83:cb:10:
                    13:3d:a1:21:e2:b5:21:53:e3:e2:0e:0a:f5:35:6d:
                    08:11:01:e0:85:23:62:88:e0:26:64:55:0e:94:3a:
                    15:b9:54:3a:a1:7f:a5:7b:d8:ef:50:41:aa:2f:fb:
                    2d:6d:07:6e:a7:4c:dc:33:ee:c1:b3:88:b0:7a:74:
                    98:ae:b3:31:fc:be:bb:8a:b8:70:58:a8:b8:b0:99:
                    fa:d8:53:11:b4:8d:ff:1a:98:3d:f7:39:22:f3:3f:
                    fc:e5:71:33:fc:53:5c:4b:ea:bd:7f:90:ca:a6:09:
                    2f:86:52:70:c3:ca:d4:72:47:f7:e7:fc:74:ad:65:
                    2f:36:b0:26:55:53:5e:9b:60:4a:30:f6:ee:52:a1:
                    56:5d:65:3d:6f:ef:71:b9:ae:d9:f7:e2:f4:dc:2f:
                    37:e2:02:93:96:93:fc:b4:08:25:67:db:aa:5a:3e:
                    0e:25:e2:8d:20:62:ec:bd:11:d5:36:6f:9e:8f:5f:
                    17:21:bc:31:d2:a5:29:6d:71:9f:b7:0c:55:3a:81:
                    d8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:3D:64:9F:D6:51:35:1B:25:C4:CC:AD:BB:97:8B:D6:25:F6:CA:0C
            X509v3 Authority Key Identifier:
                keyid:3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/4j1kn9ZRNRslxMytu5eL1iX2ygw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:f1:f6:71:62:e9:6b:4d:fc:07:1e:e8:f4:2e:13:63:e3:9d:
         25:49:c7:15:0f:1f:50:c4:66:6e:90:07:83:ce:67:68:b6:b3:
         43:25:da:81:9c:54:79:55:e5:1b:d3:4d:53:81:9f:01:36:ce:
         e9:bd:51:95:23:ca:96:a9:f2:52:c6:e0:ca:96:65:84:64:f5:
         91:b6:46:dc:60:28:87:ad:6c:14:9d:29:4a:21:af:12:ac:0a:
         06:b4:96:6f:90:bc:e7:73:38:8b:d7:51:b5:d5:14:2c:1d:fb:
         be:78:ae:b2:12:be:ef:b6:45:a4:28:db:27:b2:ea:3e:42:44:
         ab:71:f7:9d:61:25:99:a7:1d:e5:3d:89:c6:00:ab:c9:ff:ac:
         4b:50:20:b7:9a:6f:2f:b0:17:3d:68:4e:16:a7:f0:a8:9c:0f:
         28:68:36:cc:3a:84:49:81:f2:0e:77:a3:d6:30:2c:e7:57:ed:
         12:65:86:48:20:0b:99:86:ac:1e:ed:a8:b2:94:67:19:15:c3:
         ad:05:ee:92:54:f3:6d:e4:c8:91:54:bc:37:7b:b6:96:9c:a8:
         e5:f3:25:36:ca:f9:37:d8:c8:c7:85:1e:1c:a2:21:50:cc:87:
         63:86:45:88:44:7f:f0:a6:63:1f:57:83:36:97:6c:77:c8:69:
         bd:7f:e8:62
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcYfojCieb2Y/+xArDpor0mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2Y1NTRiODAyODFkZWEyYTMwMDMxOGFhYWQ2ZDJkOTdm
MWNlNDQwHhcNMjUwNTI4MjAwMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjNkNjQ5ZmQ2NTEzNTFiMjVjNGNjYWRiYjk3OGJkNjI1ZjZjYTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEUQ/u/Mc7Y41NRQUoE3T9/lO7IU
goB+4oOd7mPd0LONavuzAqKE7wjLMP2Lble1gqtoZD4CFlSDyxATPaEh4rUhU+Pi
Dgr1NW0IEQHghSNiiOAmZFUOlDoVuVQ6oX+le9jvUEGqL/stbQdup0zcM+7Bs4iw
enSYrrMx/L67irhwWKi4sJn62FMRtI3/Gpg99zki8z/85XEz/FNcS+q9f5DKpgkv
hlJww8rUckf35/x0rWUvNrAmVVNem2BKMPbuUqFWXWU9b+9xua7Z9+L03C834gKT
lpP8tAglZ9uqWj4OJeKNIGLsvRHVNm+ej18XIbwx0qUpbXGftwxVOoHYcwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOI9ZJ/WUTUbJcTMrbuXi9Yl9soMMB8GA1UdIwQY
MBaAFD8/VUuAKB3qKjADGKqtbS2X8c5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQt
ZjUzM2I4ZGY4MGE5LzEvNGoxa245WlJOUnNseE15dHU1ZUwxaVgyeWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQtZjUzM2I4ZGY4MGE5
LzEvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHzwDAN
BgkqhkiG9w0BAQsFAAOCAQEAifH2cWLpa038Bx7o9C4TY+OdJUnHFQ8fUMRmbpAH
g85naLazQyXagZxUeVXlG9NNU4GfATbO6b1RlSPKlqnyUsbgypZlhGT1kbZG3GAo
h61sFJ0pSiGvEqwKBrSWb5C853M4i9dRtdUULB37vniushK+77ZFpCjbJ7LqPkJE
q3H3nWElmacd5T2JxgCryf+sS1Agt5pvL7AXPWhOFqfwqJwPKGg2zDqESYHyDnej
1jAs51ftEmWGSCALmYasHu2ospRnGRXDrQXuklTzbeTIkVS8N3u2lpyo5fMlNsr5
N9jIx4UeHKIhUMyHY4ZFiER/8KZjH1eDNpdsd8hpvX/oYg==
-----END CERTIFICATE-----