Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/d61b33-abdf-4903-a82c-b5172597f73a/1/ViwcSn5ZRd0_PQfWGy4jthVrawY.roa
File:                     ViwcSn5ZRd0_PQfWGy4jthVrawY.roa (raw, json)
Hash identifier:          TCVE8gL/0uqzfZRMUKYxUNskH8cEgUmyJYuVh+KEfZM=
Subject key identifier:   56:2C:1C:4A:7E:59:45:DD:3F:3D:07:D6:1B:2E:23:B6:15:6B:6B:06
Certificate issuer:       /CN=55843a1b20a2dbe3e4ed53e7548d7689678d5a37
Certificate serial:       01987A92ABF999247072B1F4069C0D6729AE
Authority key identifier: 55:84:3A:1B:20:A2:DB:E3:E4:ED:53:E7:54:8D:76:89:67:8D:5A:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYQ6GyCi2-Pk7VPnVI12iWeNWjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/d61b33-abdf-4903-a82c-b5172597f73a/1/ViwcSn5ZRd0_PQfWGy4jthVrawY.roa
Signing time:             Tue 05 Aug 2025 14:11:29 +0000
ROA not before:           Tue 05 Aug 2025 14:11:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199867
IP address blocks:        2a09:8240:100::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/d61b33-abdf-4903-a82c-b5172597f73a/1/VYQ6GyCi2-Pk7VPnVI12iWeNWjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/d61b33-abdf-4903-a82c-b5172597f73a/1/VYQ6GyCi2-Pk7VPnVI12iWeNWjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYQ6GyCi2-Pk7VPnVI12iWeNWjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7a:92:ab:f9:99:24:70:72:b1:f4:06:9c:0d:67:29:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55843a1b20a2dbe3e4ed53e7548d7689678d5a37
        Validity
            Not Before: Aug  5 14:11:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=562c1c4a7e5945dd3f3d07d61b2e23b6156b6b06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:22:44:42:c6:36:5f:1e:fd:dd:00:b9:87:e1:
                    18:cd:8d:68:18:bb:35:d2:d1:8a:f3:cf:de:70:e4:
                    b1:4c:a5:4a:30:ee:d4:f3:ea:38:c3:55:43:9b:70:
                    b3:60:49:67:7e:4c:01:a6:24:71:c3:b6:e8:f9:e1:
                    70:54:98:ac:78:dc:96:33:2d:aa:2c:b7:7c:0f:49:
                    d7:b1:e9:d5:a1:d1:5e:b7:d9:16:7f:f2:8c:6b:17:
                    e2:a9:e0:5d:df:e5:8c:bc:d9:f4:0e:24:b3:64:0b:
                    bc:f8:67:41:43:d6:9d:e4:9c:61:b2:f4:67:74:af:
                    56:a1:70:2e:61:c1:dc:b5:8d:8a:ca:2f:0d:c3:6e:
                    f2:bf:67:fa:f5:7f:b6:0e:b8:45:56:c2:a2:a5:46:
                    be:52:cc:da:7c:98:3b:db:b4:83:dc:f1:96:54:6f:
                    1a:5a:60:21:dd:ff:00:8f:08:1b:62:2a:48:52:c7:
                    8f:8e:b2:00:34:0a:5e:bb:b6:61:72:9f:78:0f:85:
                    27:30:db:a5:d0:f7:d8:f4:0f:70:35:6e:77:e2:cf:
                    1f:04:cb:39:c6:7c:f8:38:92:8d:29:0c:14:28:5a:
                    d7:b8:96:83:10:ca:72:ef:2a:84:7a:74:99:4b:48:
                    ce:b4:8e:7f:09:5f:89:20:16:69:a3:4e:20:7b:17:
                    f2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:2C:1C:4A:7E:59:45:DD:3F:3D:07:D6:1B:2E:23:B6:15:6B:6B:06
            X509v3 Authority Key Identifier:
                keyid:55:84:3A:1B:20:A2:DB:E3:E4:ED:53:E7:54:8D:76:89:67:8D:5A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYQ6GyCi2-Pk7VPnVI12iWeNWjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d61b33-abdf-4903-a82c-b5172597f73a/1/ViwcSn5ZRd0_PQfWGy4jthVrawY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d61b33-abdf-4903-a82c-b5172597f73a/1/VYQ6GyCi2-Pk7VPnVI12iWeNWjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:8240:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:cc:24:36:92:a2:62:6b:95:36:44:7c:ec:9c:42:c9:25:4e:
         d1:7c:9b:7b:9a:87:cc:76:e4:58:af:af:95:80:da:f4:2c:db:
         05:23:d2:90:98:55:fd:7e:47:6f:29:5b:67:0b:86:bd:46:cd:
         45:ff:31:43:a8:ff:39:68:ba:cb:ed:27:92:67:75:99:77:30:
         5e:dd:b9:43:68:0d:ba:a6:be:aa:f5:37:6a:cd:57:0f:b4:5c:
         3a:27:90:c1:54:30:71:39:0b:ba:a6:5e:a0:77:32:e4:7b:7f:
         43:f1:d1:bd:25:07:de:a6:f6:e4:67:9f:f9:a9:3f:ce:2d:42:
         28:e5:d9:c1:f9:d0:1f:e9:0c:c5:97:69:83:e2:70:3a:6e:dc:
         2f:d8:59:93:1d:75:30:c2:af:42:80:c5:d0:03:a4:80:cf:03:
         39:c7:fb:3c:27:42:03:39:a3:b2:b0:bc:06:51:96:18:45:4b:
         ce:ca:f9:eb:b3:5d:1d:9b:7a:f4:e3:cd:b4:4a:e5:82:94:d7:
         50:85:82:57:0f:7d:0a:a3:87:65:94:19:32:c2:7e:bf:32:23:
         01:cc:b8:99:9e:ae:85:f0:81:c9:7b:6a:76:6f:59:6f:67:8b:
         99:1a:69:e1:09:09:52:2f:32:8f:f6:4d:5f:18:f0:cc:51:4c:
         ad:cc:f2:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZh6kqv5mSRwcrH0BpwNZymuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODQzYTFiMjBhMmRiZTNlNGVkNTNlNzU0OGQ3Njg5Njc4
ZDVhMzcwHhcNMjUwODA1MTQxMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjJjMWM0YTdlNTk0NWRkM2YzZDA3ZDYxYjJlMjNiNjE1NmI2YjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSJEQsY2Xx793QC5h+EYzY1oGLs1
0tGK88/ecOSxTKVKMO7U8+o4w1VDm3CzYElnfkwBpiRxw7bo+eFwVJiseNyWMy2q
LLd8D0nXsenVodFet9kWf/KMaxfiqeBd3+WMvNn0DiSzZAu8+GdBQ9ad5JxhsvRn
dK9WoXAuYcHctY2Kyi8Nw27yv2f69X+2DrhFVsKipUa+UszafJg727SD3PGWVG8a
WmAh3f8AjwgbYipIUsePjrIANApeu7Zhcp94D4UnMNul0PfY9A9wNW534s8fBMs5
xnz4OJKNKQwUKFrXuJaDEMpy7yqEenSZS0jOtI5/CV+JIBZpo04gexfyEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFYsHEp+WUXdPz0H1hsuI7YVa2sGMB8GA1UdIwQY
MBaAFFWEOhsgotvj5O1T51SNdolnjVo3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllRNkd5Q2kyLVBrN1ZQblZJMTJpV2VOV2pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9kNjFiMzMtYWJkZi00OTAzLWE4MmMt
YjUxNzI1OTdmNzNhLzEvVml3Y1NuNVpSZDBfUFFmV0d5NGp0aFZyYXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9kNjFiMzMtYWJkZi00OTAzLWE4MmMtYjUxNzI1OTdmNzNh
LzEvVllRNkd5Q2kyLVBrN1ZQblZJMTJpV2VOV2pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgmCQAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQA4zCQ2kqJia5U2RHzsnELJJU7RfJt7mofMduRY
r6+VgNr0LNsFI9KQmFX9fkdvKVtnC4a9Rs1F/zFDqP85aLrL7SeSZ3WZdzBe3blD
aA26pr6q9TdqzVcPtFw6J5DBVDBxOQu6pl6gdzLke39D8dG9JQfepvbkZ5/5qT/O
LUIo5dnB+dAf6QzFl2mD4nA6btwv2FmTHXUwwq9CgMXQA6SAzwM5x/s8J0IDOaOy
sLwGUZYYRUvOyvnrs10dm3r04820SuWClNdQhYJXD30Ko4dllBkywn6/MiMBzLiZ
nq6F8IHJe2p2b1lvZ4uZGmnhCQlSLzKP9k1fGPDMUUytzPIn
-----END CERTIFICATE-----