Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/I4FzYb9p9RT-JZ74HwXYRQPH2T0.roa
File:                     I4FzYb9p9RT-JZ74HwXYRQPH2T0.roa (raw, json)
Hash identifier:          Ag4CFeb/clbsGhMt/6QT5L0pe6Pr6LXxJwu80Vg1E00=
Subject key identifier:   23:81:73:61:BF:69:F5:14:FE:25:9E:F8:1F:05:D8:45:03:C7:D9:3D
Certificate issuer:       /CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Certificate serial:       019A4EDB6E3E3DA07418B91F272EF7DBC346
Authority key identifier: BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/I4FzYb9p9RT-JZ74HwXYRQPH2T0.roa
Signing time:             Tue 04 Nov 2025 12:33:14 +0000
ROA not before:           Tue 04 Nov 2025 12:33:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213294
IP address blocks:        2a11:4046::/32 maxlen: 32
                          2a11:84c0::/32 maxlen: 32
                          2a11:a181::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:db:6e:3e:3d:a0:74:18:b9:1f:27:2e:f7:db:c3:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
        Validity
            Not Before: Nov  4 12:33:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23817361bf69f514fe259ef81f05d84503c7d93d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6d:dc:ad:c6:e8:c7:92:98:2b:51:44:26:63:
                    b5:07:61:27:55:b4:10:59:ad:63:20:97:81:94:c1:
                    e7:0a:53:32:ad:b3:64:38:06:77:3c:74:e3:0b:a5:
                    e6:fd:a9:93:97:26:13:4e:6b:cf:b9:f9:fa:b5:06:
                    24:62:49:9f:30:1a:32:d1:3d:4d:c9:f1:cd:58:6c:
                    ed:21:ab:60:6f:dd:e2:4c:cf:49:f7:7d:6e:20:67:
                    93:32:0b:cb:49:33:5c:61:9e:ad:8e:13:ac:43:3d:
                    30:14:a6:5d:cb:53:2b:f8:4d:62:2e:58:17:41:64:
                    b7:51:e8:e9:4c:93:67:0f:f8:78:66:21:c0:8c:ec:
                    99:53:d8:91:d9:f3:32:19:d1:6f:62:b2:56:69:5f:
                    91:8c:c6:13:d1:f2:94:e4:0c:02:5e:87:44:61:15:
                    d4:cb:6b:68:12:eb:7a:5d:e5:40:c3:75:e1:f7:e5:
                    66:f2:f2:d8:b8:0b:3f:56:d3:3b:a8:cc:8a:a4:4b:
                    ce:3d:86:a5:e0:69:e2:13:c7:43:23:01:5d:dc:21:
                    14:45:30:06:36:2c:16:44:13:d5:f3:ec:dc:08:47:
                    47:66:70:f4:a8:a2:fb:e4:34:4e:2f:2c:6e:47:c6:
                    30:86:01:6d:89:7d:f7:98:b6:e3:73:5a:66:21:01:
                    6e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:81:73:61:BF:69:F5:14:FE:25:9E:F8:1F:05:D8:45:03:C7:D9:3D
            X509v3 Authority Key Identifier:
                keyid:BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/I4FzYb9p9RT-JZ74HwXYRQPH2T0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4046::/32
                  2a11:84c0::/32
                  2a11:a181::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:ac:62:4c:fb:0b:a9:7b:52:45:4d:9d:66:42:9b:30:d8:7c:
         d2:c9:5b:9d:81:ec:54:34:a0:d7:7c:35:02:e2:06:d0:cc:d1:
         70:e4:79:4b:2c:fc:c6:b2:4b:83:88:d5:91:0c:fd:5a:2e:74:
         b9:7e:13:35:75:f8:6b:d3:a7:47:75:21:b0:62:69:c9:c1:6a:
         6f:41:58:90:b0:e2:e0:37:98:41:ed:c6:f7:99:87:19:6d:d1:
         f8:b2:ab:ec:05:dd:8e:da:87:a9:12:09:1c:97:e9:dd:d6:b9:
         c6:45:10:26:63:39:4c:07:ce:af:47:dc:be:0a:62:34:8f:3c:
         e3:2d:6e:75:67:ef:9a:e6:99:d8:0a:38:b5:e9:91:97:55:19:
         ef:8b:4f:ce:7d:b3:1e:98:d0:90:80:0d:11:31:3a:7c:8b:1c:
         f3:7c:6f:37:46:34:9e:0e:59:95:f2:49:6c:b0:72:fc:60:7e:
         44:08:b8:74:d9:ba:d0:02:79:b8:ae:6c:ee:e0:2e:29:e1:6a:
         20:c9:bf:6c:06:a6:e4:c8:e1:b5:bc:47:7e:a2:e1:71:c4:8e:
         b4:6c:21:40:73:38:3e:da:1e:a6:b9:1c:f9:e4:35:2f:31:b8:
         b6:6b:2f:dd:d2:00:36:17:63:82:c5:d0:ef:06:ef:99:22:ef:
         b4:7f:d1:54
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZpO224+PaB0GLkfJy7328NGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTBmMjU4ZWVmNGIyYmY0YmJhYTg0MzBjMWU1OGNhOGMx
ODhlYTcwHhcNMjUxMTA0MTIzMzE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzgxNzM2MWJmNjlmNTE0ZmUyNTllZjgxZjA1ZDg0NTAzYzdkOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy23crcbox5KYK1FEJmO1B2EnVbQQ
Wa1jIJeBlMHnClMyrbNkOAZ3PHTjC6Xm/amTlyYTTmvPufn6tQYkYkmfMBoy0T1N
yfHNWGztIatgb93iTM9J931uIGeTMgvLSTNcYZ6tjhOsQz0wFKZdy1Mr+E1iLlgX
QWS3UejpTJNnD/h4ZiHAjOyZU9iR2fMyGdFvYrJWaV+RjMYT0fKU5AwCXodEYRXU
y2toEut6XeVAw3Xh9+Vm8vLYuAs/VtM7qMyKpEvOPYal4GniE8dDIwFd3CEURTAG
NiwWRBPV8+zcCEdHZnD0qKL75DROLyxuR8YwhgFtiX33mLbjc1pmIQFuTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCOBc2G/afUU/iWe+B8F2EUDx9k9MB8GA1UdIwQY
MBaAFLqg8lju9LK/S7qoQwweWMqMGI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEt
ZTU3NjhkNmIxODJjLzEvSTRGelliOXA5UlQtSlo3NEh3WFlSUVBIMlQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEtZTU3NjhkNmIxODJj
LzEvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKhFARgMF
ACoRhMADBQAqEaGBMA0GCSqGSIb3DQEBCwUAA4IBAQBErGJM+wupe1JFTZ1mQpsw
2HzSyVudgexUNKDXfDUC4gbQzNFw5HlLLPzGskuDiNWRDP1aLnS5fhM1dfhr06dH
dSGwYmnJwWpvQViQsOLgN5hB7cb3mYcZbdH4sqvsBd2O2oepEgkcl+nd1rnGRRAm
YzlMB86vR9y+CmI0jzzjLW51Z++a5pnYCji16ZGXVRnvi0/OfbMemNCQgA0RMTp8
ixzzfG83RjSeDlmV8klssHL8YH5ECLh02brQAnm4rmzu4C4p4Wogyb9sBqbkyOG1
vEd+ouFxxI60bCFAczg+2h6muRz55DUvMbi2ay/d0gA2F2OCxdDvBu+ZIu+0f9FU
-----END CERTIFICATE-----