Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/VwWx7TI5PfdWHmEANMaZDvrxbfM.roa
File:                     VwWx7TI5PfdWHmEANMaZDvrxbfM.roa (raw, json)
Hash identifier:          GdO5B/HxREqllXvO5zZSatBqAt9AEAlFDZB8KwpSWpc=
Subject key identifier:   57:05:B1:ED:32:39:3D:F7:56:1E:61:00:34:C6:99:0E:FA:F1:6D:F3
Certificate issuer:       /CN=8046e33860171ef6ec60ebcfc5ec5ac91c25757c
Certificate serial:       0198940A122A4754B0E7636BC8085E5EEE69
Authority key identifier: 80:46:E3:38:60:17:1E:F6:EC:60:EB:CF:C5:EC:5A:C9:1C:25:75:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gEbjOGAXHvbsYOvPxexayRwldXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/VwWx7TI5PfdWHmEANMaZDvrxbfM.roa
Signing time:             Sun 10 Aug 2025 12:52:24 +0000
ROA not before:           Sun 10 Aug 2025 12:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211408
IP address blocks:        2a11:fe40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/gEbjOGAXHvbsYOvPxexayRwldXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/gEbjOGAXHvbsYOvPxexayRwldXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gEbjOGAXHvbsYOvPxexayRwldXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 Aug 2025 12:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:94:0a:12:2a:47:54:b0:e7:63:6b:c8:08:5e:5e:ee:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8046e33860171ef6ec60ebcfc5ec5ac91c25757c
        Validity
            Not Before: Aug 10 12:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5705b1ed32393df7561e610034c6990efaf16df3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:2b:11:e8:ff:01:ef:9a:5b:a9:eb:de:87:19:
                    0b:5e:b7:c5:47:8f:c5:24:f1:e0:1a:d7:79:db:46:
                    4e:76:99:53:7c:29:10:26:e2:67:2e:7e:e8:5c:4f:
                    c7:84:69:97:43:96:b3:b4:e3:2d:b4:0f:f1:3f:f4:
                    92:d3:92:0a:c6:15:90:b7:66:ad:fb:a4:6a:5a:7f:
                    af:48:31:38:48:cd:82:83:72:a4:81:ce:dd:54:43:
                    3d:bb:3c:b8:5c:b4:4d:ed:17:91:85:f9:60:15:77:
                    e7:94:3d:3e:25:75:d6:de:f6:be:54:15:d5:b0:29:
                    0c:da:c5:32:57:3c:1f:3e:5d:30:9e:45:68:18:dd:
                    6e:7d:26:40:6f:5f:2c:91:2d:00:83:c5:92:74:c3:
                    60:fc:7d:46:53:a2:b6:03:02:83:eb:fc:27:a8:3a:
                    c8:47:d8:eb:5b:05:62:81:73:d9:61:b1:10:6e:80:
                    e3:f3:87:c9:b4:1a:2a:db:e0:fe:2e:cc:d5:35:bd:
                    e9:21:47:67:f7:7f:a6:7e:b6:fb:d9:bc:ce:c5:d7:
                    86:19:cf:e2:08:5b:3b:28:dc:70:55:27:fd:5e:1b:
                    63:a0:a0:4c:ab:1b:a7:89:47:3a:e4:78:0b:06:9c:
                    be:a8:45:21:3b:2a:f4:4c:cd:bb:82:59:e2:a8:10:
                    40:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:05:B1:ED:32:39:3D:F7:56:1E:61:00:34:C6:99:0E:FA:F1:6D:F3
            X509v3 Authority Key Identifier:
                keyid:80:46:E3:38:60:17:1E:F6:EC:60:EB:CF:C5:EC:5A:C9:1C:25:75:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gEbjOGAXHvbsYOvPxexayRwldXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/VwWx7TI5PfdWHmEANMaZDvrxbfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/gEbjOGAXHvbsYOvPxexayRwldXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:fe40::/29

    Signature Algorithm: sha256WithRSAEncryption
         b2:bf:06:8e:38:b4:03:d2:39:f0:d5:d3:64:6c:5c:dd:30:2a:
         9c:a8:7c:fb:e0:cb:57:59:7a:d0:61:d9:f4:ee:2a:fe:42:1d:
         69:d9:b7:f1:90:41:c1:55:a3:a6:da:47:0f:30:de:63:5d:f9:
         2d:5b:8c:75:f1:b7:21:f0:f4:83:44:1c:5c:7e:53:fa:a1:ad:
         58:7f:87:ae:f0:b3:ac:0d:94:68:6d:82:f9:6f:96:d7:6a:f5:
         3e:10:71:ff:31:0a:76:07:6d:ed:dc:b1:72:2f:8d:f5:be:10:
         c8:ce:99:39:96:05:8e:6c:b9:8a:83:46:46:31:1b:7c:bc:ce:
         0c:97:40:f5:f5:86:83:4e:51:23:cd:78:c0:6e:c0:03:ad:3e:
         06:2d:b2:92:9c:87:b2:dd:c3:14:db:9f:1c:42:44:f5:fd:10:
         a2:62:65:f9:62:d1:d2:7a:f6:8e:79:a2:e0:75:5c:95:0d:fc:
         be:16:86:fb:13:c3:cd:a2:29:fe:22:9f:37:ae:26:bf:cf:5d:
         50:f2:6c:88:d8:91:73:64:bd:8f:16:b6:ab:06:b1:ba:50:fe:
         7d:bb:15:0b:d8:64:de:f0:31:30:eb:30:90:08:63:70:b9:7e:
         31:90:ff:4b:9f:41:32:06:e2:22:e7:57:ea:3b:f6:e8:a9:12:
         5f:27:e3:12
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZiUChIqR1Sw52NryAheXu5pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNDZlMzM4NjAxNzFlZjZlYzYwZWJjZmM1ZWM1YWM5MWMy
NTc1N2MwHhcNMjUwODEwMTI1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzA1YjFlZDMyMzkzZGY3NTYxZTYxMDAzNGM2OTkwZWZhZjE2ZGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4isR6P8B75pbqevehxkLXrfFR4/F
JPHgGtd520ZOdplTfCkQJuJnLn7oXE/HhGmXQ5aztOMttA/xP/SS05IKxhWQt2at
+6RqWn+vSDE4SM2Cg3Kkgc7dVEM9uzy4XLRN7ReRhflgFXfnlD0+JXXW3va+VBXV
sCkM2sUyVzwfPl0wnkVoGN1ufSZAb18skS0Ag8WSdMNg/H1GU6K2AwKD6/wnqDrI
R9jrWwVigXPZYbEQboDj84fJtBoq2+D+LszVNb3pIUdn93+mfrb72bzOxdeGGc/i
CFs7KNxwVSf9XhtjoKBMqxuniUc65HgLBpy+qEUhOyr0TM27glniqBBAOwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFcFse0yOT33Vh5hADTGmQ768W3zMB8GA1UdIwQY
MBaAFIBG4zhgFx727GDrz8XsWskcJXV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0Viak9HQVhIdmJzWU92UHhleGF5UndsZFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83ODhkMTAtZThkZi00ZGFjLWFhOGYt
ZDM5ZmZjMTZlZjg5LzEvVndXeDdUSTVQZmRXSG1FQU5NYVpEdnJ4YmZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83ODhkMTAtZThkZi00ZGFjLWFhOGYtZDM5ZmZjMTZlZjg5
LzEvZ0Viak9HQVhIdmJzWU92UHhleGF5UndsZFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhH+QDAN
BgkqhkiG9w0BAQsFAAOCAQEAsr8Gjji0A9I58NXTZGxc3TAqnKh8++DLV1l60GHZ
9O4q/kIdadm38ZBBwVWjptpHDzDeY135LVuMdfG3IfD0g0QcXH5T+qGtWH+HrvCz
rA2UaG2C+W+W12r1PhBx/zEKdgdt7dyxci+N9b4QyM6ZOZYFjmy5ioNGRjEbfLzO
DJdA9fWGg05RI814wG7AA60+Bi2ykpyHst3DFNufHEJE9f0QomJl+WLR0nr2jnmi
4HVclQ38vhaG+xPDzaIp/iKfN64mv89dUPJsiNiRc2S9jxa2qwaxulD+fbsVC9hk
3vAxMOswkAhjcLl+MZD/S59BMgbiIudX6jv26KkSXyfjEg==
-----END CERTIFICATE-----