Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/3Q02kvynpjcAMgmsLhS47jQNHKQ.roa
File:                     3Q02kvynpjcAMgmsLhS47jQNHKQ.roa (raw, json)
Hash identifier:          fhmaUY8AVdPFJEnE1lY4uuEoNTTiWuhBfWbelqT4haE=
Subject key identifier:   DD:0D:36:92:FC:A7:A6:37:00:32:09:AC:2E:14:B8:EE:34:0D:1C:A4
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01987C16DE64845DEB4CACA162776A8DAE44
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/3Q02kvynpjcAMgmsLhS47jQNHKQ.roa
Signing time:             Tue 05 Aug 2025 21:15:30 +0000
ROA not before:           Tue 05 Aug 2025 21:15:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214967
IP address blocks:        2a11:f084::/32 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7c:16:de:64:84:5d:eb:4c:ac:a1:62:77:6a:8d:ae:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Aug  5 21:15:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd0d3692fca7a637003209ac2e14b8ee340d1ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:63:d4:c1:03:5c:78:7c:e1:82:61:b2:62:82:
                    33:04:8b:8f:d3:3f:ce:4f:bf:6b:d6:41:1b:46:00:
                    f6:39:c0:d0:fc:e2:af:05:6f:f6:f2:d3:e7:56:a7:
                    24:99:da:3e:30:a6:56:00:13:9c:b5:c5:ac:05:d3:
                    cf:2d:99:4d:48:e1:2e:e2:38:b3:c4:71:41:a0:5b:
                    7c:0c:44:7e:62:0c:cb:69:35:28:a8:be:06:0f:8a:
                    d8:14:ce:89:bb:d6:4c:f9:e5:e4:73:68:ea:de:d4:
                    0d:0f:f4:cf:dd:c0:a6:e3:4b:3f:5f:ab:fb:1a:52:
                    a2:3b:2c:47:33:65:5a:f1:1e:cd:78:3c:49:39:2c:
                    fd:16:d0:13:6c:e6:0a:a9:65:4d:d6:6c:38:f0:db:
                    a9:0f:2d:5a:de:f3:fe:f0:5c:7a:6c:5e:b1:d5:aa:
                    9d:87:cb:f4:95:89:e6:ef:28:7f:85:ef:60:9e:21:
                    56:c2:0c:99:00:52:da:93:92:be:06:e4:49:3e:16:
                    ed:a4:7c:66:17:9a:96:15:60:b8:0e:1e:7f:ba:62:
                    23:ea:7b:ba:86:5f:87:00:26:03:6b:6e:a7:49:e7:
                    ef:41:40:ce:85:dd:8d:43:04:84:76:c4:82:71:3d:
                    02:66:b9:46:8e:08:e1:7b:96:47:fa:97:07:4a:06:
                    b6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:0D:36:92:FC:A7:A6:37:00:32:09:AC:2E:14:B8:EE:34:0D:1C:A4
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/3Q02kvynpjcAMgmsLhS47jQNHKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f084::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:c5:14:7d:76:39:60:ac:91:08:30:a3:f7:7f:e7:6b:14:dc:
         03:64:24:c3:ad:4b:bf:c1:a3:a6:b9:8a:ae:f7:a0:29:8a:d0:
         8d:fd:6f:87:39:0f:64:90:2e:a0:75:7e:78:ad:e6:b5:88:ce:
         cc:c3:d1:7f:0d:93:3e:12:7d:6a:80:5a:f9:1b:d3:90:54:75:
         7e:0f:b9:0c:94:7c:0f:31:13:81:50:78:4a:f7:52:06:f2:be:
         98:ae:88:0e:c6:64:cd:1b:ff:7a:b1:9f:17:be:8c:e8:9a:01:
         db:54:44:da:d6:84:b5:ae:1c:fe:06:ec:c2:13:c1:f5:2a:90:
         55:5c:1e:a2:c5:bd:3a:6b:d5:0b:68:f2:58:e4:80:0e:f2:0b:
         54:f4:f2:a9:c8:a4:14:fb:70:ba:3c:75:a0:c1:0f:2b:d0:a2:
         70:35:d4:b7:5c:52:2b:23:a3:68:ba:18:ba:c3:81:06:85:38:
         92:fd:3f:5f:6f:b5:5d:23:72:dc:02:c5:e7:48:1e:b9:09:d3:
         bb:b6:3d:ed:e5:f7:af:ef:f5:fb:fb:1e:0f:02:e2:7a:3c:f6:
         61:4c:65:62:06:94:59:3a:e9:ae:21:64:a2:d3:ea:27:4f:93:
         b3:61:27:4c:c4:00:a1:fb:64:13:1a:d0:b3:c7:31:c9:0c:58:
         80:90:c1:59
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZh8Ft5khF3rTKyhYndqja5EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwODA1MjExNTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDBkMzY5MmZjYTdhNjM3MDAzMjA5YWMyZTE0YjhlZTM0MGQxY2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mPUwQNceHzhgmGyYoIzBIuP0z/O
T79r1kEbRgD2OcDQ/OKvBW/28tPnVqckmdo+MKZWABOctcWsBdPPLZlNSOEu4jiz
xHFBoFt8DER+YgzLaTUoqL4GD4rYFM6Ju9ZM+eXkc2jq3tQND/TP3cCm40s/X6v7
GlKiOyxHM2Va8R7NeDxJOSz9FtATbOYKqWVN1mw48NupDy1a3vP+8Fx6bF6x1aqd
h8v0lYnm7yh/he9gniFWwgyZAFLak5K+BuRJPhbtpHxmF5qWFWC4Dh5/umIj6nu6
hl+HACYDa26nSefvQUDOhd2NQwSEdsSCcT0CZrlGjgjhe5ZH+pcHSga2kwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN0NNpL8p6Y3ADIJrC4UuO40DRykMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvM1EwMmt2eW5wamNBTWdtc0xoUzQ3alFOSEtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhHwhDAN
BgkqhkiG9w0BAQsFAAOCAQEAU8UUfXY5YKyRCDCj93/naxTcA2Qkw61Lv8GjprmK
rvegKYrQjf1vhzkPZJAuoHV+eK3mtYjOzMPRfw2TPhJ9aoBa+RvTkFR1fg+5DJR8
DzETgVB4SvdSBvK+mK6IDsZkzRv/erGfF76M6JoB21RE2taEta4c/gbswhPB9SqQ
VVweosW9OmvVC2jyWOSADvILVPTyqcikFPtwujx1oMEPK9CicDXUt1xSKyOjaLoY
usOBBoU4kv0/X2+1XSNy3ALF50geuQnTu7Y97eX3r+/1+/seDwLiejz2YUxlYgaU
WTrpriFkotPqJ0+Ts2EnTMQAoftkExrQs8cxyQxYgJDBWQ==
-----END CERTIFICATE-----