Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/tra90j-TkDoNhw2jYUOuCLQtLHQ.roa
File:                     tra90j-TkDoNhw2jYUOuCLQtLHQ.roa (raw, json)
Hash identifier:          rMHYa+7snR9OTOD/IZ29XHnehX6LzLjK9r4pNKm+rGM=
Subject key identifier:   B6:B6:BD:D2:3F:93:90:3A:0D:87:0D:A3:61:43:AE:08:B4:2D:2C:74
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       01986463A73EC351D1D7571F8C2DE876E5F5
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/tra90j-TkDoNhw2jYUOuCLQtLHQ.roa
Signing time:             Fri 01 Aug 2025 06:48:29 +0000
ROA not before:           Fri 01 Aug 2025 06:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215443
IP address blocks:        2a0d:d940:2000::/48 maxlen: 48
                          2a0d:d940:9005::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 10:46:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:63:a7:3e:c3:51:d1:d7:57:1f:8c:2d:e8:76:e5:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Aug  1 06:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6b6bdd23f93903a0d870da36143ae08b42d2c74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7c:ef:97:07:d0:ed:8e:82:8f:2e:66:79:f8:
                    c9:16:67:ad:bd:e9:d5:a7:3d:25:c5:d3:fb:fa:76:
                    53:29:c0:f2:20:e0:be:ee:6c:2c:a3:79:c5:a0:11:
                    46:c5:f0:93:44:7b:1c:f2:2e:2c:98:34:26:0f:8a:
                    b4:d0:40:47:8a:68:03:f8:43:9b:ef:34:24:cf:9a:
                    b3:f7:5a:95:cc:ef:b8:a1:6a:28:9c:9d:48:73:bb:
                    5b:97:5f:2a:97:37:21:da:11:74:16:1c:86:83:88:
                    d0:63:d6:86:9f:9f:03:52:b4:10:28:95:4e:2d:88:
                    a4:a1:f3:18:c5:e7:c9:4e:fe:37:5b:fc:c1:90:18:
                    18:31:2f:27:f5:2a:71:03:15:45:17:85:d6:55:6f:
                    b8:7f:1b:58:6c:c6:7e:ae:f9:f4:82:b4:d8:80:6a:
                    0d:f8:3a:91:d2:ec:ad:85:ac:b4:49:69:3b:1d:a0:
                    f3:51:3f:cb:06:ce:cd:36:6a:6f:95:91:a9:d5:8f:
                    46:56:1b:0d:1b:5f:d3:54:2b:42:a6:21:02:40:8f:
                    1c:2a:1b:03:75:dc:40:84:b5:ab:ff:d5:cf:a6:f5:
                    6e:0d:f4:8c:e7:fa:15:73:f8:89:65:39:73:13:ab:
                    32:80:56:01:8f:f2:2b:67:5e:d3:33:48:02:52:a4:
                    b2:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:B6:BD:D2:3F:93:90:3A:0D:87:0D:A3:61:43:AE:08:B4:2D:2C:74
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/tra90j-TkDoNhw2jYUOuCLQtLHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:2000::/48
                  2a0d:d940:9005::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:a4:45:14:73:52:80:60:93:23:fa:df:dc:a6:33:ce:47:ec:
         69:74:a7:6c:05:77:7b:6e:8b:76:71:0e:d7:10:73:10:38:da:
         10:4e:3e:cf:1d:2d:a1:fe:5b:8e:3f:34:a5:39:aa:54:97:04:
         f0:d6:7b:26:ea:c1:e5:27:23:14:98:ea:b9:bd:36:a7:68:0f:
         a8:0c:99:8d:b7:84:cb:35:19:2f:53:cc:48:41:2a:53:14:1b:
         90:9d:25:e8:fb:83:80:14:db:21:68:d1:22:f3:22:de:15:0d:
         48:43:32:43:db:61:60:46:aa:2c:aa:d1:39:26:ad:4a:b1:9b:
         e9:bb:56:66:14:67:ca:ab:d7:5c:da:a0:2a:16:55:29:43:88:
         0a:38:67:8a:93:53:59:e6:3b:e2:c3:17:2f:82:95:10:11:0d:
         4d:9e:f0:88:21:f7:f3:df:bf:84:bd:c9:7f:36:e5:bf:90:2a:
         91:01:b8:a8:5b:50:08:40:da:b3:df:7f:dd:43:87:7f:cc:be:
         9b:e2:ba:c3:70:d4:32:dc:3b:61:b5:ac:bc:d0:6a:b0:f3:b5:
         e8:a0:0b:f5:99:e3:ab:27:b9:f8:ef:aa:ab:64:aa:e6:01:fc:
         47:8f:0b:37:2a:6e:8c:c9:5c:19:f1:0f:f6:d3:d1:1a:51:21:
         10:e8:37:8f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhkY6c+w1HR11cfjC3oduX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwODAxMDY0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmI2YmRkMjNmOTM5MDNhMGQ4NzBkYTM2MTQzYWUwOGI0MmQyYzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXzvlwfQ7Y6Cjy5mefjJFmetvenV
pz0lxdP7+nZTKcDyIOC+7mwso3nFoBFGxfCTRHsc8i4smDQmD4q00EBHimgD+EOb
7zQkz5qz91qVzO+4oWoonJ1Ic7tbl18qlzch2hF0FhyGg4jQY9aGn58DUrQQKJVO
LYikofMYxefJTv43W/zBkBgYMS8n9SpxAxVFF4XWVW+4fxtYbMZ+rvn0grTYgGoN
+DqR0uythay0SWk7HaDzUT/LBs7NNmpvlZGp1Y9GVhsNG1/TVCtCpiECQI8cKhsD
ddxAhLWr/9XPpvVuDfSM5/oVc/iJZTlzE6sygFYBj/IrZ17TM0gCUqSyOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLa2vdI/k5A6DYcNo2FDrgi0LSx0MB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvdHJhOTBqLVRrRG9OaHcyallVT3VDTFF0TEhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg3ZQCAA
AwcAKg3ZQJAFMA0GCSqGSIb3DQEBCwUAA4IBAQAFpEUUc1KAYJMj+t/cpjPOR+xp
dKdsBXd7bot2cQ7XEHMQONoQTj7PHS2h/luOPzSlOapUlwTw1nsm6sHlJyMUmOq5
vTanaA+oDJmNt4TLNRkvU8xIQSpTFBuQnSXo+4OAFNshaNEi8yLeFQ1IQzJD22Fg
RqosqtE5Jq1KsZvpu1ZmFGfKq9dc2qAqFlUpQ4gKOGeKk1NZ5jviwxcvgpUQEQ1N
nvCIIffz37+Evcl/NuW/kCqRAbioW1AIQNqz33/dQ4d/zL6b4rrDcNQy3Dthtay8
0Gqw87XooAv1meOrJ7n476qrZKrmAfxHjws3Km6MyVwZ8Q/209EaUSEQ6DeP
-----END CERTIFICATE-----