Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4rV8Cu_gUyYFCcIpJ13V77BFYcQ.roa
File:                     4rV8Cu_gUyYFCcIpJ13V77BFYcQ.roa (raw, json)
Hash identifier:          96OPuf9pAXAQvk0iz7rZJbOr/izkKxlISi+ljdn7Ugo=
Subject key identifier:   E2:B5:7C:0A:EF:E0:53:26:05:09:C2:29:27:5D:D5:EF:B0:45:61:C4
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01986A03C9D18F44544393B6C6F1343A282E
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4rV8Cu_gUyYFCcIpJ13V77BFYcQ.roa
Signing time:             Sat 02 Aug 2025 09:01:29 +0000
ROA not before:           Sat 02 Aug 2025 09:01:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57433
IP address blocks:        2a02:2fc0:3::/48 maxlen: 48
                          2a02:2fc0:a::/48 maxlen: 48
                          2a02:2fc0:b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6a:03:c9:d1:8f:44:54:43:93:b6:c6:f1:34:3a:28:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Aug  2 09:01:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2b57c0aefe053260509c229275dd5efb04561c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:19:a9:fa:b4:66:32:f7:38:a4:ce:12:7e:eb:
                    3e:6b:b9:32:e8:f1:0d:d3:f7:19:43:51:50:be:f9:
                    19:63:8f:a0:ae:be:7f:81:7b:57:69:1f:a8:d5:db:
                    c3:d9:7b:5d:43:6e:45:54:52:23:3a:f6:5f:f4:a7:
                    aa:d1:ec:a1:34:44:0e:a7:2a:81:9f:2b:a8:6a:8c:
                    9c:f9:f6:0c:59:54:71:62:33:0d:fb:47:d7:ef:40:
                    fe:72:83:3c:c6:b6:aa:7c:a4:20:1d:3e:1d:7d:61:
                    7d:e4:4d:de:ff:61:21:a9:26:30:78:76:9e:60:b4:
                    52:2e:dc:72:8c:30:fb:75:17:2e:cd:57:98:77:3e:
                    b7:a9:d9:f9:d3:d4:78:dd:6b:a6:0a:61:ec:ef:ce:
                    c3:e5:10:e2:29:7c:71:04:88:e6:c4:d4:d8:0f:79:
                    9a:37:b8:b5:e8:08:5b:76:63:c6:04:51:60:e7:0f:
                    38:f8:01:a2:c9:19:b9:21:6f:ae:9e:3e:7b:55:89:
                    00:a5:bb:f2:a9:55:74:02:34:02:10:a1:60:1e:98:
                    f1:32:d7:f2:3c:53:0c:09:cc:2e:20:c4:28:b9:c3:
                    7d:3f:d1:63:8d:9d:eb:16:3f:64:34:fb:a5:b7:bd:
                    97:b3:ed:f8:40:39:2d:22:3e:4d:f4:f1:af:cd:28:
                    5e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:B5:7C:0A:EF:E0:53:26:05:09:C2:29:27:5D:D5:EF:B0:45:61:C4
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4rV8Cu_gUyYFCcIpJ13V77BFYcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2fc0:3::/48
                  2a02:2fc0:a::/47

    Signature Algorithm: sha256WithRSAEncryption
         61:f8:fb:82:30:c1:99:b0:bb:ec:3f:7f:73:a0:54:7d:2e:89:
         cf:9b:e9:d1:36:fb:e0:1f:65:93:e3:29:de:97:8e:24:50:95:
         59:38:df:c4:da:44:98:92:c2:7c:e1:f8:83:3b:cc:0f:10:3d:
         47:60:48:f5:a1:7d:e3:03:5e:85:ab:c6:09:72:de:62:6f:05:
         d2:ae:5c:f9:70:50:e8:2f:ee:c7:43:78:16:b9:c8:e0:af:2f:
         77:96:ca:91:3a:20:16:55:8f:0e:a4:4b:a3:8d:1b:20:c8:24:
         f9:6c:a9:06:07:43:29:6a:79:d6:bb:c7:83:91:3c:98:ce:c8:
         42:83:8c:2b:56:71:33:18:dc:d2:92:77:32:77:75:66:1a:f4:
         a5:53:d6:9c:c2:e9:5e:6f:24:24:7d:e9:bc:b5:5d:18:8b:72:
         f1:9d:da:3e:27:7b:8f:ed:3a:19:8f:d3:ce:58:1d:f7:1b:74:
         88:bb:3f:81:45:63:a3:59:7a:f9:50:71:63:ad:85:bb:86:38:
         fa:0c:51:1a:66:23:c3:55:1c:50:72:13:e5:44:95:3b:56:3c:
         dc:76:4e:83:af:5b:14:9b:71:a9:1e:16:ea:65:16:5c:65:4c:
         2d:15:8a:ae:65:3d:f1:84:c1:a0:f2:c1:ec:b9:fd:6d:24:ef:
         a5:a9:5e:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhqA8nRj0RUQ5O2xvE0OiguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwODAyMDkwMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmI1N2MwYWVmZTA1MzI2MDUwOWMyMjkyNzVkZDVlZmIwNDU2MWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhmp+rRmMvc4pM4Sfus+a7ky6PEN
0/cZQ1FQvvkZY4+grr5/gXtXaR+o1dvD2XtdQ25FVFIjOvZf9Keq0eyhNEQOpyqB
nyuoaoyc+fYMWVRxYjMN+0fX70D+coM8xraqfKQgHT4dfWF95E3e/2EhqSYweHae
YLRSLtxyjDD7dRcuzVeYdz63qdn509R43WumCmHs787D5RDiKXxxBIjmxNTYD3ma
N7i16AhbdmPGBFFg5w84+AGiyRm5IW+unj57VYkApbvyqVV0AjQCEKFgHpjxMtfy
PFMMCcwuIMQoucN9P9FjjZ3rFj9kNPult72Xs+34QDktIj5N9PGvzSheSQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOK1fArv4FMmBQnCKSdd1e+wRWHEMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvNHJWOEN1X2dVeVlGQ2NJcEoxM1Y3N0JGWWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgIvwAAD
AwcBKgIvwAAKMA0GCSqGSIb3DQEBCwUAA4IBAQBh+PuCMMGZsLvsP39zoFR9LonP
m+nRNvvgH2WT4ynel44kUJVZON/E2kSYksJ84fiDO8wPED1HYEj1oX3jA16Fq8YJ
ct5ibwXSrlz5cFDoL+7HQ3gWucjgry93lsqROiAWVY8OpEujjRsgyCT5bKkGB0Mp
annWu8eDkTyYzshCg4wrVnEzGNzSkncyd3VmGvSlU9acwulebyQkfem8tV0Yi3Lx
ndo+J3uP7ToZj9POWB33G3SIuz+BRWOjWXr5UHFjrYW7hjj6DFEaZiPDVRxQchPl
RJU7Vjzcdk6Dr1sUm3GpHhbqZRZcZUwtFYquZT3xhMGg8sHsuf1tJO+lqV5c
-----END CERTIFICATE-----