Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/VXguZ1IP4OPQ2wSfFG2Zt-8rRmU.roa
File:                     VXguZ1IP4OPQ2wSfFG2Zt-8rRmU.roa (raw, json)
Hash identifier:          FYCub9tLigFfu6QRGXOsYxtNUaq1jqWty883jSxTd34=
Subject key identifier:   55:78:2E:67:52:0F:E0:E3:D0:DB:04:9F:14:6D:99:B7:EF:2B:46:65
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       01985A770FF1CA17B2A3C09F9A427AA2E12C
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/VXguZ1IP4OPQ2wSfFG2Zt-8rRmU.roa
Signing time:             Wed 30 Jul 2025 08:33:29 +0000
ROA not before:           Wed 30 Jul 2025 08:33:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15890
IP address blocks:        2a00:ec83::/32 maxlen: 32
                          2a04:800:5000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5a:77:0f:f1:ca:17:b2:a3:c0:9f:9a:42:7a:a2:e1:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jul 30 08:33:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55782e67520fe0e3d0db049f146d99b7ef2b4665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2d:6c:86:38:75:b2:82:81:32:9e:4b:2e:e7:
                    90:fe:b8:5d:f6:93:57:51:cb:88:21:7d:64:64:f9:
                    4c:5c:1e:20:61:74:48:f5:3f:8b:a1:6d:6f:bf:64:
                    c3:98:cf:9a:6d:d6:5f:58:32:f7:ba:d7:f3:6b:48:
                    f7:27:0e:63:73:f8:b8:18:e7:4d:16:4b:a9:76:c0:
                    a6:38:f9:09:24:00:b9:96:c0:d1:ab:99:41:b1:de:
                    22:d8:f4:15:a1:53:1b:9f:0d:ff:f3:1f:09:16:d4:
                    f4:8a:4c:c7:11:d0:93:95:da:38:d6:d1:6c:f4:51:
                    b5:02:87:1e:b6:25:9d:53:00:11:b1:a8:c1:eb:5c:
                    e8:ca:11:89:da:ac:69:83:21:20:ce:d6:fe:15:90:
                    d3:5f:c9:b7:e9:99:3d:3e:c9:c2:68:8f:6d:3b:9d:
                    f0:ff:10:8a:84:82:34:9b:e9:1f:78:51:13:ef:38:
                    3e:1c:52:1b:f8:4f:13:c9:8c:de:dd:ff:cd:12:1e:
                    80:31:99:66:e8:c2:73:39:7d:7d:84:a6:63:1d:57:
                    d1:60:d8:0f:9e:29:b1:96:55:9b:38:10:6f:b6:6c:
                    c2:19:12:a0:59:61:5f:db:b9:31:06:b0:9d:58:81:
                    b8:fc:ea:c6:1d:d7:08:88:b2:2d:d8:67:8f:6d:a1:
                    e6:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:78:2E:67:52:0F:E0:E3:D0:DB:04:9F:14:6D:99:B7:EF:2B:46:65
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/VXguZ1IP4OPQ2wSfFG2Zt-8rRmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ec83::/32
                  2a04:800:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         33:cb:c0:c3:8e:b7:a1:91:92:95:45:e4:55:aa:69:d8:84:b2:
         b3:a2:4d:a8:24:7e:3e:97:e0:a0:09:a5:9d:15:e8:87:7b:0e:
         c3:b3:08:08:a8:b9:6a:36:6a:0a:ec:0c:78:8a:5f:45:ee:b7:
         82:1f:6a:67:5b:85:6b:74:9f:60:91:da:d0:99:0f:a2:d7:f4:
         c4:6c:1e:f7:e2:dd:2d:cf:ee:cd:eb:c8:2f:44:b0:b1:4f:ba:
         34:0e:4a:95:08:d8:93:5e:8b:ba:89:7f:5a:4e:9d:56:3f:fe:
         1b:ab:ed:cc:03:f6:a6:90:8b:5e:22:67:8f:63:65:cb:a0:ed:
         08:ce:1a:e3:bd:9e:d1:33:5a:66:94:40:f2:b5:8b:c3:d0:27:
         a9:6e:80:d7:d4:dd:42:2d:a2:e8:e7:2a:8b:79:61:b3:60:1a:
         20:99:95:a5:48:43:2d:99:c7:bc:e2:07:08:85:34:24:a7:99:
         c7:b2:24:58:4f:24:50:f9:36:da:ad:af:bc:57:75:a9:1d:25:
         22:4d:85:8e:69:33:d1:ed:7f:fc:41:cb:a8:4e:ae:54:d3:93:
         c2:b9:38:a0:de:a9:c4:e6:fc:0e:55:46:4c:fb:6f:05:18:c8:
         6a:dd:16:41:64:01:92:a6:38:10:cb:39:fb:1f:c0:24:4f:4b:
         47:f1:28:46
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZhadw/xyheyo8CfmkJ6ouEsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjUwNzMwMDgzMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTc4MmU2NzUyMGZlMGUzZDBkYjA0OWYxNDZkOTliN2VmMmI0NjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkS1shjh1soKBMp5LLueQ/rhd9pNX
UcuIIX1kZPlMXB4gYXRI9T+LoW1vv2TDmM+abdZfWDL3utfza0j3Jw5jc/i4GOdN
FkupdsCmOPkJJAC5lsDRq5lBsd4i2PQVoVMbnw3/8x8JFtT0ikzHEdCTldo41tFs
9FG1AocetiWdUwARsajB61zoyhGJ2qxpgyEgztb+FZDTX8m36Zk9PsnCaI9tO53w
/xCKhII0m+kfeFET7zg+HFIb+E8TyYze3f/NEh6AMZlm6MJzOX19hKZjHVfRYNgP
nimxllWbOBBvtmzCGRKgWWFf27kxBrCdWIG4/OrGHdcIiLIt2GePbaHmkQIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFFV4LmdSD+Dj0NsEnxRtmbfvK0ZlMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvVlhndVoxSVA0T1BRMndTZkZHMlp0LThyUm1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPAwUAKgDsgwMG
BCoECABQMA0GCSqGSIb3DQEBCwUAA4IBAQAzy8DDjrehkZKVReRVqmnYhLKzok2o
JH4+l+CgCaWdFeiHew7DswgIqLlqNmoK7Ax4il9F7reCH2pnW4VrdJ9gkdrQmQ+i
1/TEbB734t0tz+7N68gvRLCxT7o0DkqVCNiTXou6iX9aTp1WP/4bq+3MA/amkIte
ImePY2XLoO0IzhrjvZ7RM1pmlEDytYvD0CepboDX1N1CLaLo5yqLeWGzYBogmZWl
SEMtmce84gcIhTQkp5nHsiRYTyRQ+Tbara+8V3WpHSUiTYWOaTPR7X/8QcuoTq5U
05PCuTig3qnE5vwOVUZM+28FGMhq3RZBZAGSpjgQyzn7H8AkT0tH8ShG
-----END CERTIFICATE-----