Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/FL8RMPvYjZOOIH-tYQtC_xdAvvs.roa
File:                     FL8RMPvYjZOOIH-tYQtC_xdAvvs.roa (raw, json)
Hash identifier:          ezxuKkKk4E/dW0F4biDlMwtG9fyCWW48njBvZTt+EQk=
Subject key identifier:   14:BF:11:30:FB:D8:8D:93:8E:20:7F:AD:61:0B:42:FF:17:40:BE:FB
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       019857C5FA58DCC40C26F180016036783271
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/FL8RMPvYjZOOIH-tYQtC_xdAvvs.roa
Signing time:             Tue 29 Jul 2025 20:00:49 +0000
ROA not before:           Tue 29 Jul 2025 20:00:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a11:1f03::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 02:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:57:c5:fa:58:dc:c4:0c:26:f1:80:01:60:36:78:32:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Jul 29 20:00:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14bf1130fbd88d938e207fad610b42ff1740befb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:11:2d:08:9e:fe:91:9e:55:19:7c:df:32:ad:
                    30:3b:e8:a6:c4:6f:d8:ff:9b:24:48:54:2c:06:7b:
                    f6:f5:c4:cb:24:58:20:79:20:b3:03:3f:c0:be:94:
                    52:da:da:96:0a:95:ae:8e:8d:c7:d4:ee:98:aa:09:
                    8a:02:54:1a:4d:22:29:85:ab:72:64:8e:42:73:d0:
                    4d:ec:cd:85:28:58:cf:ce:87:be:3a:75:4f:ea:cf:
                    1a:78:48:24:bf:a3:2d:c6:fb:8a:82:41:53:ff:8d:
                    2c:86:48:da:86:41:c7:12:7f:e1:c5:04:86:da:9f:
                    32:18:bb:49:0d:10:74:a6:a6:8d:e7:28:9a:64:b4:
                    f1:0f:7b:dd:91:9d:e8:e3:2b:85:e6:54:02:86:1b:
                    9b:ab:4a:dc:e2:27:d6:e7:c9:ae:81:78:ee:68:d5:
                    ef:50:29:47:a2:2c:b2:8d:67:26:bb:bb:12:24:5b:
                    1f:83:36:e4:73:e0:38:98:37:00:0c:f2:6c:68:79:
                    8f:67:80:ff:68:38:6f:02:e4:71:be:47:8f:68:e5:
                    ee:43:ab:c4:4c:6a:85:c7:86:32:0c:42:2e:8c:b1:
                    73:18:d4:fe:a0:86:9c:06:ac:2d:40:b3:26:a9:71:
                    d1:88:fe:bb:76:9d:a9:1b:dd:da:4a:b6:3d:36:6b:
                    5e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:BF:11:30:FB:D8:8D:93:8E:20:7F:AD:61:0B:42:FF:17:40:BE:FB
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/FL8RMPvYjZOOIH-tYQtC_xdAvvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1f03::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:28:5c:ee:48:a2:42:43:14:52:ce:44:9f:f8:62:40:7c:5d:
         df:97:e2:15:53:07:c7:d5:59:56:45:20:89:de:0c:cc:4b:80:
         93:c1:3e:81:a0:38:23:c0:bc:f1:50:bc:f0:a5:6d:6b:7b:15:
         0b:11:c1:26:26:a6:4f:b1:ce:53:24:01:31:f1:53:4c:89:23:
         a1:07:46:30:23:e8:04:26:ff:0d:f7:f1:5b:e2:79:2e:fc:e6:
         7a:3c:0b:f8:b5:65:78:97:63:66:20:a3:7f:cd:aa:41:7f:a1:
         33:0d:58:d3:76:39:a0:a9:55:ab:ec:e8:b1:6a:65:d5:c0:2d:
         01:c0:8a:6f:c3:66:7b:d8:aa:a5:47:b7:9e:59:36:e4:21:10:
         a6:34:03:c3:b9:8b:0b:f3:82:b2:60:49:b0:5e:25:ac:33:cc:
         e7:bf:b9:39:89:05:ad:c2:0e:d2:13:a1:87:79:f5:fd:eb:3d:
         55:17:9c:1a:e8:17:fb:79:c7:ee:42:69:0c:b0:60:a4:bf:d7:
         af:4b:fd:30:fe:c7:d4:b7:3e:2d:c6:19:48:57:89:d0:8b:d6:
         44:c3:74:5b:7a:5f:40:d1:ba:3e:6c:d3:f6:69:28:0a:29:61:
         02:f2:d3:62:a4:4e:bb:3d:ca:f8:90:0c:f1:c3:af:ce:80:c3:
         39:39:70:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZhXxfpY3MQMJvGAAWA2eDJxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwNzI5MjAwMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGJmMTEzMGZiZDg4ZDkzOGUyMDdmYWQ2MTBiNDJmZjE3NDBiZWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxEtCJ7+kZ5VGXzfMq0wO+imxG/Y
/5skSFQsBnv29cTLJFggeSCzAz/AvpRS2tqWCpWujo3H1O6YqgmKAlQaTSIphaty
ZI5Cc9BN7M2FKFjPzoe+OnVP6s8aeEgkv6MtxvuKgkFT/40shkjahkHHEn/hxQSG
2p8yGLtJDRB0pqaN5yiaZLTxD3vdkZ3o4yuF5lQChhubq0rc4ifW58mugXjuaNXv
UClHoiyyjWcmu7sSJFsfgzbkc+A4mDcADPJsaHmPZ4D/aDhvAuRxvkePaOXuQ6vE
TGqFx4YyDEIujLFzGNT+oIacBqwtQLMmqXHRiP67dp2pG93aSrY9NmteqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBS/ETD72I2TjiB/rWELQv8XQL77MB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvRkw4Uk1QdllqWk9PSUgtdFlRdENfeGRBdnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEfAzAN
BgkqhkiG9w0BAQsFAAOCAQEAdShc7kiiQkMUUs5En/hiQHxd35fiFVMHx9VZVkUg
id4MzEuAk8E+gaA4I8C88VC88KVta3sVCxHBJiamT7HOUyQBMfFTTIkjoQdGMCPo
BCb/DffxW+J5LvzmejwL+LVleJdjZiCjf82qQX+hMw1Y03Y5oKlVq+zosWpl1cAt
AcCKb8Nme9iqpUe3nlk25CEQpjQDw7mLC/OCsmBJsF4lrDPM57+5OYkFrcIO0hOh
h3n1/es9VRecGugX+3nH7kJpDLBgpL/Xr0v9MP7H1Lc+LcYZSFeJ0IvWRMN0W3pf
QNG6PmzT9mkoCilhAvLTYqROuz3K+JAM8cOvzoDDOTlwEQ==
-----END CERTIFICATE-----