Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/e73e95-c3c9-49ae-a2d9-a7b85460f366/1/tVL_ENrKSssGhUZdoVpEaqnYAmo.roa
File:                     tVL_ENrKSssGhUZdoVpEaqnYAmo.roa (raw, json)
Hash identifier:          scu79Aiv4+leHmZHVUYIuN/rg63h5ustfxBunlMeXj4=
Subject key identifier:   B5:52:FF:10:DA:CA:4A:CB:06:85:46:5D:A1:5A:44:6A:A9:D8:02:6A
Certificate issuer:       /CN=94f8bf9f305527521508697e2eaa3be1c7a18454
Certificate serial:       01986FF2A2ABC4DBF2A074A6BA6674204E16
Authority key identifier: 94:F8:BF:9F:30:55:27:52:15:08:69:7E:2E:AA:3B:E1:C7:A1:84:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lPi_nzBVJ1IVCGl-Lqo74cehhFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/e73e95-c3c9-49ae-a2d9-a7b85460f366/1/tVL_ENrKSssGhUZdoVpEaqnYAmo.roa
Signing time:             Sun 03 Aug 2025 12:40:28 +0000
ROA not before:           Sun 03 Aug 2025 12:40:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210064
IP address blocks:        2a03:8fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/e73e95-c3c9-49ae-a2d9-a7b85460f366/1/lPi_nzBVJ1IVCGl-Lqo74cehhFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/e73e95-c3c9-49ae-a2d9-a7b85460f366/1/lPi_nzBVJ1IVCGl-Lqo74cehhFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lPi_nzBVJ1IVCGl-Lqo74cehhFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6f:f2:a2:ab:c4:db:f2:a0:74:a6:ba:66:74:20:4e:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94f8bf9f305527521508697e2eaa3be1c7a18454
        Validity
            Not Before: Aug  3 12:40:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b552ff10daca4acb0685465da15a446aa9d8026a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:11:dd:67:0f:12:dd:5c:3b:44:1d:c3:0a:14:
                    bb:7f:85:6b:c1:fe:9c:94:b1:47:b7:59:25:28:c1:
                    5d:34:42:a1:6b:67:2c:9a:89:ac:ea:c8:a0:53:ff:
                    3b:73:66:6e:d1:e4:b8:d3:ca:80:be:84:ca:1f:8f:
                    27:5a:32:11:85:e8:f3:79:6a:0e:2c:69:8a:30:40:
                    25:d7:64:46:01:b3:93:54:c0:bb:b5:73:66:9d:2a:
                    5b:76:46:d4:88:46:50:cf:ca:bf:aa:5b:73:2a:2e:
                    13:ab:0e:21:46:25:50:fe:81:c8:b1:1b:72:40:93:
                    23:78:09:ab:f0:d8:ee:e3:aa:ba:3b:f4:4a:a3:1a:
                    d0:7c:db:a9:5d:7c:18:fb:4f:46:0a:d7:e6:16:6a:
                    ca:a6:e1:c1:6a:28:87:94:cb:56:3b:e3:8e:52:ab:
                    d3:b8:da:75:d1:03:65:39:d2:f7:00:a8:43:d5:42:
                    77:1a:95:a4:b9:00:0d:84:41:e5:b2:b4:83:a1:bc:
                    b0:ea:0b:bd:9c:bd:24:21:1b:15:b5:56:61:66:be:
                    98:52:4c:02:9b:03:52:1e:39:f4:80:58:27:6c:13:
                    91:77:9f:b2:c3:a6:e0:1d:bd:d9:a0:0a:1a:42:2b:
                    59:bd:ed:13:a6:d0:da:72:89:86:14:01:95:c2:25:
                    2a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:52:FF:10:DA:CA:4A:CB:06:85:46:5D:A1:5A:44:6A:A9:D8:02:6A
            X509v3 Authority Key Identifier:
                keyid:94:F8:BF:9F:30:55:27:52:15:08:69:7E:2E:AA:3B:E1:C7:A1:84:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lPi_nzBVJ1IVCGl-Lqo74cehhFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e73e95-c3c9-49ae-a2d9-a7b85460f366/1/tVL_ENrKSssGhUZdoVpEaqnYAmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e73e95-c3c9-49ae-a2d9-a7b85460f366/1/lPi_nzBVJ1IVCGl-Lqo74cehhFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:8fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:de:8b:05:1b:39:b9:b9:6f:84:90:76:c0:ba:ac:c3:d0:97:
         49:65:8c:5d:e2:23:3f:40:aa:26:56:63:48:4d:1c:ff:59:90:
         ce:1e:e9:b1:53:2e:05:9b:bc:da:f3:00:50:1e:1f:53:5f:67:
         04:eb:0f:44:51:1c:8a:b7:1e:5b:bd:4b:e7:51:a0:6e:55:c7:
         b2:88:d5:e1:81:7b:e9:67:0d:0a:1d:36:a0:9d:cb:d5:14:78:
         d6:3b:ed:fe:0c:9a:e8:85:e9:52:ae:a1:cc:29:f8:d1:19:92:
         43:77:79:43:d3:3a:76:d4:d9:9f:2d:83:9d:4d:d3:75:8f:dd:
         98:70:82:77:38:40:74:cd:d1:85:75:7f:27:3f:0b:fb:16:01:
         18:5d:23:64:83:60:17:00:08:44:6d:7d:4b:c8:59:16:63:74:
         41:43:47:a5:16:23:7d:e3:49:17:87:da:8c:0e:87:67:7f:a5:
         6b:d3:f4:b4:66:b7:03:5f:8f:03:cf:2b:f6:db:1d:bc:84:03:
         31:3a:8b:8c:39:ec:e2:20:ce:4c:78:b9:84:3d:bb:ee:14:16:
         c3:94:86:25:08:66:34:e4:2b:ff:9c:fc:f8:77:3c:46:04:be:
         6b:c0:13:66:73:aa:d8:c8:d7:b6:0c:09:a1:5b:6d:63:6d:ec:
         97:3e:9f:cf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZhv8qKrxNvyoHSmumZ0IE4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZjhiZjlmMzA1NTI3NTIxNTA4Njk3ZTJlYWEzYmUxYzdh
MTg0NTQwHhcNMjUwODAzMTI0MDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTUyZmYxMGRhY2E0YWNiMDY4NTQ2NWRhMTVhNDQ2YWE5ZDgwMjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRHdZw8S3Vw7RB3DChS7f4Vrwf6c
lLFHt1klKMFdNEKha2csmoms6sigU/87c2Zu0eS408qAvoTKH48nWjIRhejzeWoO
LGmKMEAl12RGAbOTVMC7tXNmnSpbdkbUiEZQz8q/qltzKi4Tqw4hRiVQ/oHIsRty
QJMjeAmr8Nju46q6O/RKoxrQfNupXXwY+09GCtfmFmrKpuHBaiiHlMtWO+OOUqvT
uNp10QNlOdL3AKhD1UJ3GpWkuQANhEHlsrSDobyw6gu9nL0kIRsVtVZhZr6YUkwC
mwNSHjn0gFgnbBORd5+yw6bgHb3ZoAoaQitZve0TptDacomGFAGVwiUqBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLVS/xDaykrLBoVGXaFaRGqp2AJqMB8GA1UdIwQY
MBaAFJT4v58wVSdSFQhpfi6qO+HHoYRUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFBpX256QlZKMUlWQ0dsLUxxbzc0Y2VoaEZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lNzNlOTUtYzNjOS00OWFlLWEyZDkt
YTdiODU0NjBmMzY2LzEvdFZMX0VOcktTc3NHaFVaZG9WcEVhcW5ZQW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lNzNlOTUtYzNjOS00OWFlLWEyZDktYTdiODU0NjBmMzY2
LzEvbFBpX256QlZKMUlWQ0dsLUxxbzc0Y2VoaEZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgOPwDAN
BgkqhkiG9w0BAQsFAAOCAQEAH96LBRs5ublvhJB2wLqsw9CXSWWMXeIjP0CqJlZj
SE0c/1mQzh7psVMuBZu82vMAUB4fU19nBOsPRFEcirceW71L51GgblXHsojV4YF7
6WcNCh02oJ3L1RR41jvt/gya6IXpUq6hzCn40RmSQ3d5Q9M6dtTZny2DnU3TdY/d
mHCCdzhAdM3RhXV/Jz8L+xYBGF0jZINgFwAIRG19S8hZFmN0QUNHpRYjfeNJF4fa
jA6HZ3+la9P0tGa3A1+PA88r9tsdvIQDMTqLjDns4iDOTHi5hD277hQWw5SGJQhm
NOQr/5z8+Hc8RgS+a8ATZnOq2MjXtgwJoVttY23slz6fzw==
-----END CERTIFICATE-----