Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/cpBh0w2t5SUeTveHMXo0e45wl_g.roa
File:                     cpBh0w2t5SUeTveHMXo0e45wl_g.roa (raw, json)
Hash identifier:          wnpUNv6ppC8UNUrj4/3VOaysZ1B8H6QoFf3xDmtiXxw=
Subject key identifier:   72:90:61:D3:0D:AD:E5:25:1E:4E:F7:87:31:7A:34:7B:8E:70:97:F8
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       01967BE2E8A9262B4057B3A44F56B1E2B194
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/cpBh0w2t5SUeTveHMXo0e45wl_g.roa
Signing time:             Mon 28 Apr 2025 10:13:10 +0000
ROA not before:           Mon 28 Apr 2025 10:13:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a11:b785::/32 maxlen: 32
                          2a12:4c06::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:e2:e8:a9:26:2b:40:57:b3:a4:4f:56:b1:e2:b1:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Apr 28 10:13:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=729061d30dade5251e4ef787317a347b8e7097f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:dd:e3:ae:69:a5:25:59:e9:13:60:5b:c4:32:
                    61:28:59:9c:b1:98:9a:e8:27:bc:62:a1:d9:46:a5:
                    88:10:2a:9b:5e:1d:90:12:31:19:99:f1:1f:73:60:
                    2f:ba:78:74:2a:bf:b9:a4:59:0d:d0:a7:f3:e3:ed:
                    91:95:96:2b:8b:cd:34:3e:7c:4f:75:5f:ad:22:f5:
                    ba:cd:31:09:05:e2:94:8a:07:a0:53:38:ad:f3:c6:
                    dc:ee:86:a5:77:7f:58:80:7d:d2:90:85:4a:a1:96:
                    28:ea:38:d1:c7:c5:40:5f:eb:9f:61:3d:c5:3a:26:
                    1d:47:69:80:ce:88:55:80:71:06:05:a0:4a:36:28:
                    e4:56:52:0d:88:8e:ba:23:c7:60:ae:5e:0e:11:62:
                    9c:4e:68:b1:92:10:2d:7d:d5:e7:fc:fa:af:a6:72:
                    00:e5:90:9d:2f:85:f2:b6:bc:26:e4:01:44:f0:ec:
                    c8:cf:ba:60:7d:f8:66:ac:b7:7d:b8:e9:f8:8a:fe:
                    6b:b5:12:6c:8f:68:9f:8c:1f:8b:41:b7:25:f2:d5:
                    aa:3b:e5:e4:25:9f:4f:db:24:d4:f1:f4:83:dc:8c:
                    86:30:03:02:19:2f:b8:c5:b8:94:13:1a:08:28:56:
                    c0:74:d3:9e:ae:21:3d:98:af:a2:12:9e:49:76:06:
                    e7:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:90:61:D3:0D:AD:E5:25:1E:4E:F7:87:31:7A:34:7B:8E:70:97:F8
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/cpBh0w2t5SUeTveHMXo0e45wl_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:b785::/32
                  2a12:4c06::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:a8:f3:44:b6:30:ab:a1:a2:c5:c1:30:6d:d0:56:07:cf:90:
         de:c3:8c:f6:41:33:d3:c0:e1:69:5d:ee:80:90:2c:df:b4:68:
         9a:94:aa:8d:52:78:50:d1:91:71:d2:88:e3:1b:8b:e3:9a:3a:
         6d:bf:c3:b6:14:51:e8:c0:2c:aa:73:cb:3a:07:1f:8a:c8:3d:
         9b:13:50:26:7d:8d:00:db:6c:92:5b:72:92:4c:b9:ac:53:65:
         2b:43:03:a8:28:4e:c8:2d:30:64:44:73:6f:7c:c4:7b:9d:0c:
         ce:55:52:3f:14:ec:1c:10:af:c9:82:22:36:7d:93:7b:95:19:
         88:df:f6:11:a6:11:61:15:96:43:4d:3a:15:d6:a7:21:a4:a4:
         c0:5f:66:b7:5e:ca:5f:cd:b6:25:7c:c5:3a:ff:4b:e8:5c:9d:
         df:11:5b:3d:e2:4b:0b:ec:75:07:99:8d:09:37:86:c6:ca:82:
         98:06:38:52:8b:1c:89:a2:a1:ca:9e:d6:a5:cc:7a:13:d9:7b:
         f9:4b:49:4d:71:a3:cf:22:e6:a1:46:b1:fc:33:72:57:ac:3b:
         72:e7:b6:f2:7a:45:05:8e:62:ba:55:fc:fb:2d:24:0e:27:6b:
         9a:20:b9:8b:b4:39:bf:58:37:54:53:88:73:99:f8:5a:e3:22:
         62:91:e1:6b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZZ74uipJitAV7OkT1ax4rGUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNDI4MTAxMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjkwNjFkMzBkYWRlNTI1MWU0ZWY3ODczMTdhMzQ3YjhlNzA5N2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw93jrmmlJVnpE2BbxDJhKFmcsZia
6Ce8YqHZRqWIECqbXh2QEjEZmfEfc2Avunh0Kr+5pFkN0Kfz4+2RlZYri800PnxP
dV+tIvW6zTEJBeKUigegUzit88bc7oald39YgH3SkIVKoZYo6jjRx8VAX+ufYT3F
OiYdR2mAzohVgHEGBaBKNijkVlINiI66I8dgrl4OEWKcTmixkhAtfdXn/PqvpnIA
5ZCdL4Xytrwm5AFE8OzIz7pgffhmrLd9uOn4iv5rtRJsj2ifjB+LQbcl8tWqO+Xk
JZ9P2yTU8fSD3IyGMAMCGS+4xbiUExoIKFbAdNOeriE9mK+iEp5JdgbnTQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHKQYdMNreUlHk73hzF6NHuOcJf4MB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvY3BCaDB3MnQ1U1VlVHZlSE1YbzBlNDV3bF9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhG3hQMF
ACoSTAYwDQYJKoZIhvcNAQELBQADggEBAAKo80S2MKuhosXBMG3QVgfPkN7DjPZB
M9PA4Wld7oCQLN+0aJqUqo1SeFDRkXHSiOMbi+OaOm2/w7YUUejALKpzyzoHH4rI
PZsTUCZ9jQDbbJJbcpJMuaxTZStDA6goTsgtMGREc298xHudDM5VUj8U7BwQr8mC
IjZ9k3uVGYjf9hGmEWEVlkNNOhXWpyGkpMBfZrdeyl/NtiV8xTr/S+hcnd8RWz3i
SwvsdQeZjQk3hsbKgpgGOFKLHImiocqe1qXMehPZe/lLSU1xo88i5qFGsfwzcles
O3LntvJ6RQWOYrpV/PstJA4na5oguYu0Ob9YN1RTiHOZ+FrjImKR4Ws=
-----END CERTIFICATE-----