Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/vHWD5zLyKhPdfmLcc6rX4l2BIao.roa
File:                     vHWD5zLyKhPdfmLcc6rX4l2BIao.roa (raw, json)
Hash identifier:          vmnaNfmj0DaTEpP8jICsJ6+YB5LdPguiBsnwREkNUQg=
Subject key identifier:   BC:75:83:E7:32:F2:2A:13:DD:7E:62:DC:73:AA:D7:E2:5D:81:21:AA
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0197640B9D4640D99A9075009F3B5C2D7A30
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/vHWD5zLyKhPdfmLcc6rX4l2BIao.roa
Signing time:             Thu 12 Jun 2025 12:09:32 +0000
ROA not before:           Thu 12 Jun 2025 12:09:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205227
IP address blocks:        2001:3183::/32 maxlen: 32
                          2a13:bfc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 13:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:64:0b:9d:46:40:d9:9a:90:75:00:9f:3b:5c:2d:7a:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jun 12 12:09:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc7583e732f22a13dd7e62dc73aad7e25d8121aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c3:82:0b:a6:f8:67:6a:99:9e:7f:15:e4:a0:
                    a5:b4:05:2b:1b:c1:1b:76:53:1e:f0:c1:c3:a2:5a:
                    87:af:d9:0f:b2:44:23:ab:30:15:5f:11:b1:23:40:
                    2f:6e:91:19:3e:91:bb:18:06:09:a5:48:4f:78:97:
                    2b:8f:29:b6:02:40:38:2e:11:aa:80:2c:af:85:d2:
                    14:cd:c2:40:12:1d:49:9a:4e:6e:43:ac:c9:26:84:
                    b8:de:00:57:96:49:2f:73:5d:fa:94:14:8a:0c:f7:
                    0e:d9:d6:04:9c:73:ee:2d:5c:7c:ae:06:a3:fd:82:
                    61:8c:b3:85:ab:9b:55:b5:6f:9c:ff:f3:09:dc:19:
                    57:4d:ae:98:83:b2:1f:65:05:15:1e:dc:82:30:d0:
                    f1:15:f1:3a:80:34:cf:dc:76:13:0e:a6:88:c2:38:
                    b8:31:0c:7e:5b:a7:60:cd:7c:e7:18:0c:74:9c:cb:
                    bb:3a:55:1e:cf:c8:15:18:5c:a8:f6:1e:87:a0:16:
                    a7:1a:a8:2b:7f:ed:3a:13:38:01:a3:52:b5:ea:3e:
                    db:15:cc:c6:bf:70:e2:d2:5b:22:72:cd:af:dd:62:
                    c7:20:3b:89:d4:b2:5f:c5:2a:23:72:66:fc:e3:44:
                    80:3b:cd:ae:58:0d:5f:e2:e1:7d:4b:e1:1a:e3:79:
                    61:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:75:83:E7:32:F2:2A:13:DD:7E:62:DC:73:AA:D7:E2:5D:81:21:AA
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/vHWD5zLyKhPdfmLcc6rX4l2BIao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3183::/32
                  2a13:bfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:02:25:11:ab:de:79:7c:45:b0:16:a3:10:51:a7:89:21:8f:
         ff:39:9a:1a:f8:ab:ee:67:45:53:85:40:c5:2c:2a:53:55:f3:
         e8:8b:d8:20:76:2f:5d:2b:9e:ee:35:b0:68:3f:1b:33:09:a7:
         85:72:93:f3:e0:0b:02:e5:f1:17:4e:79:71:b9:2a:d7:4c:9a:
         65:91:bf:ff:7a:d5:98:f9:2f:b1:df:6a:ee:06:72:be:43:aa:
         f5:f0:80:28:03:86:c1:14:88:25:44:2d:28:74:e0:ba:b6:0f:
         b0:93:06:8d:02:52:cc:25:f1:fa:f5:fb:6d:d1:28:5a:3f:f9:
         d1:c7:48:80:b3:c6:f3:56:f3:9f:4a:0d:8a:50:1a:e0:b0:5e:
         45:bb:f0:35:ea:a2:a2:e8:5b:63:22:78:9d:25:d5:b2:e0:31:
         17:23:ee:0d:3e:63:45:b0:1f:36:1f:f3:00:11:38:be:8f:65:
         bf:22:9f:57:70:cb:43:0f:d6:95:88:8d:f3:d8:5f:d3:9f:bb:
         85:96:88:94:f1:16:ad:84:86:54:96:4e:0a:32:41:28:1a:dd:
         e0:1e:65:ec:63:fe:fa:1b:ec:e7:4c:3e:3c:f9:e8:da:e4:ba:
         be:8e:ba:82:e9:2f:f8:e4:57:91:6b:d8:e2:19:1a:86:86:d8:
         b5:1c:48:32
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZdkC51GQNmakHUAnztcLXowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwNjEyMTIwOTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzc1ODNlNzMyZjIyYTEzZGQ3ZTYyZGM3M2FhZDdlMjVkODEyMWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8OCC6b4Z2qZnn8V5KCltAUrG8Eb
dlMe8MHDolqHr9kPskQjqzAVXxGxI0AvbpEZPpG7GAYJpUhPeJcrjym2AkA4LhGq
gCyvhdIUzcJAEh1Jmk5uQ6zJJoS43gBXlkkvc136lBSKDPcO2dYEnHPuLVx8rgaj
/YJhjLOFq5tVtW+c//MJ3BlXTa6Yg7IfZQUVHtyCMNDxFfE6gDTP3HYTDqaIwji4
MQx+W6dgzXznGAx0nMu7OlUez8gVGFyo9h6HoBanGqgrf+06EzgBo1K16j7bFczG
v3Di0lsics2v3WLHIDuJ1LJfxSojcmb840SAO82uWA1f4uF9S+Ea43lhhQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLx1g+cy8ioT3X5i3HOq1+JdgSGqMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvdkhXRDV6THlLaFBkZm1MY2M2clg0bDJCSWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAIAExgwMF
AyoTv8AwDQYJKoZIhvcNAQELBQADggEBAIECJRGr3nl8RbAWoxBRp4khj/85mhr4
q+5nRVOFQMUsKlNV8+iL2CB2L10rnu41sGg/GzMJp4Vyk/PgCwLl8RdOeXG5KtdM
mmWRv/961Zj5L7Hfau4Gcr5DqvXwgCgDhsEUiCVELSh04Lq2D7CTBo0CUswl8fr1
+23RKFo/+dHHSICzxvNW859KDYpQGuCwXkW78DXqoqLoW2MieJ0l1bLgMRcj7g0+
Y0WwHzYf8wAROL6PZb8in1dwy0MP1pWIjfPYX9Ofu4WWiJTxFq2EhlSWTgoyQSga
3eAeZexj/vob7OdMPjz56Nrkur6OuoLpL/jkV5Fr2OIZGoaG2LUcSDI=
-----END CERTIFICATE-----