Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/S97KWPworM5fMEwl1G0g3TDdoRw.roa
File:                     S97KWPworM5fMEwl1G0g3TDdoRw.roa (raw, json)
Hash identifier:          Zqf5Yiqvo63vOKpeH6n1ZW4niDUEVUw8iURK0euZ0sE=
Subject key identifier:   4B:DE:CA:58:FC:28:AC:CE:5F:30:4C:25:D4:6D:20:DD:30:DD:A1:1C
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       01986463A6ECDDD9BE2FE4F1975CC4A968C5
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/S97KWPworM5fMEwl1G0g3TDdoRw.roa
Signing time:             Fri 01 Aug 2025 06:48:28 +0000
ROA not before:           Fri 01 Aug 2025 06:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213529
IP address blocks:        2a0d:d940:9006::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 23:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:63:a6:ec:dd:d9:be:2f:e4:f1:97:5c:c4:a9:68:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Aug  1 06:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bdeca58fc28acce5f304c25d46d20dd30dda11c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:6b:2a:c5:10:7b:e6:bc:93:13:27:bc:f7:b7:
                    27:7e:be:a8:e4:ed:80:af:5a:4e:f6:60:81:bf:d6:
                    4c:07:74:b8:9a:06:8d:3f:7e:80:c7:ac:58:db:f7:
                    6e:82:7b:1f:2e:ea:08:06:8f:3d:89:33:28:61:60:
                    19:07:6b:af:3a:df:65:d2:4e:48:a8:7f:71:42:37:
                    cf:a8:d5:5b:b0:b8:76:eb:43:76:67:f3:f6:98:00:
                    fb:dc:03:d0:ca:7c:09:0d:9e:92:cc:a5:34:8c:71:
                    d8:46:ba:74:5f:ea:f9:87:61:2b:ce:a7:00:7b:b1:
                    37:5c:9e:e0:cb:4a:ea:9f:fc:07:56:9a:05:3e:41:
                    6d:e3:5b:15:f4:98:97:c2:f2:8d:1b:51:2f:9a:9c:
                    b1:43:d6:0f:74:f3:fe:1d:a2:c4:f9:87:5b:5c:55:
                    dd:9b:d5:47:ef:a3:11:4d:cd:81:69:18:90:09:72:
                    a9:8b:f9:07:cd:2e:d3:b1:e2:12:a9:87:be:ad:84:
                    2c:59:3c:9d:28:c0:83:dd:33:17:77:67:bb:fa:2b:
                    a3:56:64:3e:a5:3d:f1:48:3d:a1:5c:9a:47:2c:d2:
                    fa:fb:62:70:b1:31:fa:ba:44:0b:da:a1:cd:f4:22:
                    eb:8a:ba:e7:c8:38:b2:c7:d5:c0:93:b9:f6:ae:1b:
                    c4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:DE:CA:58:FC:28:AC:CE:5F:30:4C:25:D4:6D:20:DD:30:DD:A1:1C
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/S97KWPworM5fMEwl1G0g3TDdoRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:9006::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:15:9e:05:87:a8:2b:08:fc:74:01:e0:91:9e:3c:70:2b:9a:
         1d:dc:77:9b:72:cc:0e:70:67:92:f4:d7:af:ad:e2:da:9a:9a:
         ff:d4:85:68:e4:96:e4:20:91:c0:8a:52:58:44:12:44:10:ad:
         57:9d:c1:9d:34:2b:40:f0:3d:c0:be:64:eb:14:06:9b:d9:c2:
         90:16:5f:5b:2c:05:f8:dd:48:e5:fc:a6:7b:1a:f3:75:06:cb:
         ac:a7:b2:19:ea:43:94:ab:e4:09:70:38:8e:48:07:27:5f:34:
         7c:56:6b:6d:6e:d9:b1:64:ff:89:1e:2d:e8:c6:1b:b5:e0:6d:
         c9:22:8b:37:1c:17:56:48:98:d8:6a:6c:f2:17:26:94:1b:ce:
         05:cd:14:59:c0:44:e1:64:7e:62:91:ef:38:8d:5b:c9:61:cc:
         ca:d3:18:8b:85:23:1c:ad:6c:f7:1c:5f:5d:c8:46:76:3c:39:
         ae:10:e9:2c:0c:43:10:81:c1:d1:de:9c:8d:f6:c8:2a:f6:8a:
         f4:71:0e:87:fe:ae:37:78:9b:b1:0d:a5:81:5e:a8:4b:de:1c:
         78:03:0f:9c:a4:f8:03:e8:c6:06:1f:3b:96:bb:84:4c:59:ab:
         28:1b:d3:26:fc:b3:ef:f0:8b:b2:34:03:20:c1:d8:3a:8e:86:
         42:95:f6:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZhkY6bs3dm+L+Txl1zEqWjFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwODAxMDY0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmRlY2E1OGZjMjhhY2NlNWYzMDRjMjVkNDZkMjBkZDMwZGRhMTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1msqxRB75ryTEye897cnfr6o5O2A
r1pO9mCBv9ZMB3S4mgaNP36Ax6xY2/dugnsfLuoIBo89iTMoYWAZB2uvOt9l0k5I
qH9xQjfPqNVbsLh260N2Z/P2mAD73APQynwJDZ6SzKU0jHHYRrp0X+r5h2ErzqcA
e7E3XJ7gy0rqn/wHVpoFPkFt41sV9JiXwvKNG1EvmpyxQ9YPdPP+HaLE+YdbXFXd
m9VH76MRTc2BaRiQCXKpi/kHzS7TseISqYe+rYQsWTydKMCD3TMXd2e7+iujVmQ+
pT3xSD2hXJpHLNL6+2JwsTH6ukQL2qHN9CLrirrnyDiyx9XAk7n2rhvEKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEveylj8KKzOXzBMJdRtIN0w3aEcMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvUzk3S1dQd29yTTVmTUV3bDFHMGczVERkb1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQJAG
MA0GCSqGSIb3DQEBCwUAA4IBAQA3FZ4Fh6grCPx0AeCRnjxwK5od3HebcswOcGeS
9NevreLampr/1IVo5JbkIJHAilJYRBJEEK1XncGdNCtA8D3AvmTrFAab2cKQFl9b
LAX43Ujl/KZ7GvN1Bsusp7IZ6kOUq+QJcDiOSAcnXzR8VmttbtmxZP+JHi3oxhu1
4G3JIos3HBdWSJjYamzyFyaUG84FzRRZwEThZH5ike84jVvJYczK0xiLhSMcrWz3
HF9dyEZ2PDmuEOksDEMQgcHR3pyN9sgq9or0cQ6H/q43eJuxDaWBXqhL3hx4Aw+c
pPgD6MYGHzuWu4RMWasoG9Mm/LPv8IuyNAMgwdg6joZClfYA
-----END CERTIFICATE-----