Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/zTFcUub-pCxJAeqsrvSihP3jL9M.roa
File:                     zTFcUub-pCxJAeqsrvSihP3jL9M.roa (raw, json)
Hash identifier:          d706HBkrFmt8lHoLZfF6FkynvvwF8RHS1UFZzTJGSkk=
Subject key identifier:   CD:31:5C:52:E6:FE:A4:2C:49:01:EA:AC:AE:F4:A2:84:FD:E3:2F:D3
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       01987B8C9BD3CBA55971BDB19E478EB2DB0A
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/zTFcUub-pCxJAeqsrvSihP3jL9M.roa
Signing time:             Tue 05 Aug 2025 18:44:29 +0000
ROA not before:           Tue 05 Aug 2025 18:44:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206174
IP address blocks:        2a0c:2842::/32 maxlen: 32
                          2a12:2cc2::/32 maxlen: 32
                          2a12:3bc3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7b:8c:9b:d3:cb:a5:59:71:bd:b1:9e:47:8e:b2:db:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Aug  5 18:44:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd315c52e6fea42c4901eaacaef4a284fde32fd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:51:5a:97:8d:76:2d:0d:a0:b4:9e:13:f7:3e:
                    8d:e7:2a:3c:84:e9:bb:6f:9b:40:52:76:16:6f:60:
                    ec:77:65:89:87:a1:54:37:c5:6d:86:d2:4c:82:6c:
                    07:28:1b:0f:66:2d:b8:0d:92:6c:86:b2:6f:2c:67:
                    b7:09:da:06:f1:33:65:d9:5c:f8:e7:30:db:e7:74:
                    8b:11:69:ed:c6:87:2b:4d:9b:08:90:6d:85:79:d8:
                    90:89:74:fa:b1:8b:fa:b3:79:b8:40:f6:ef:6c:fb:
                    10:19:24:ef:7a:3e:1c:86:7a:bf:d2:dc:78:41:e8:
                    4f:e8:90:65:18:0b:f3:3e:15:69:ed:ca:14:3b:e9:
                    97:74:5b:35:90:6b:d4:24:42:50:a5:a7:a6:0d:1e:
                    38:47:be:a3:5e:22:7e:b6:77:ce:8b:8f:03:9d:5d:
                    10:46:5c:28:7c:4c:5b:df:2f:86:cb:54:95:af:fb:
                    9b:2b:ea:5c:44:d7:d4:23:fc:56:d4:84:3d:a7:16:
                    a8:ee:15:9a:bf:88:dd:2d:66:e3:3a:a4:a8:f0:cb:
                    4c:23:ba:82:44:ed:12:bd:d8:cb:8b:bf:c0:ae:5a:
                    c3:55:94:05:63:a7:fe:41:c0:76:f8:68:aa:d9:a1:
                    69:13:68:b6:72:13:f2:32:9f:78:c3:e6:12:e8:13:
                    ac:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:31:5C:52:E6:FE:A4:2C:49:01:EA:AC:AE:F4:A2:84:FD:E3:2F:D3
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/zTFcUub-pCxJAeqsrvSihP3jL9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:2842::/32
                  2a12:2cc2::/32
                  2a12:3bc3::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:2b:ad:02:6e:68:64:ef:13:73:13:28:68:9d:f6:8c:e9:ee:
         a0:e1:2e:ef:20:64:8c:5f:fa:a2:15:b2:eb:cc:3a:91:3f:c3:
         fc:0f:91:15:ff:25:2d:72:78:11:cc:a8:7a:e6:c8:3a:94:b8:
         95:71:8d:5a:74:d4:10:fc:d3:ac:be:f9:d1:0c:b2:d8:9e:fa:
         78:83:f8:2f:58:5b:68:e7:6c:f9:1f:35:b3:59:fc:2d:8b:3f:
         97:a4:64:11:d8:03:63:8c:7f:c8:b2:5b:7c:e2:72:7b:92:1b:
         cf:3f:cc:6d:14:66:eb:53:a2:96:d6:b3:6b:bf:5e:44:f7:5b:
         ec:97:84:a5:e6:80:68:08:29:29:44:1b:a5:37:b4:94:ea:9d:
         60:47:4c:f8:e0:26:f2:f9:1a:26:97:97:b2:2a:6d:76:76:d9:
         e0:57:5d:a7:da:b9:1e:33:05:f0:5f:5a:c9:dd:d9:54:87:32:
         4c:cc:ab:ea:b4:e1:fd:95:1b:c4:28:73:47:5e:6e:90:b3:be:
         b3:0f:1b:73:54:f4:94:c2:3e:8c:26:c6:1d:67:db:84:8e:05:
         da:90:6e:94:8f:40:8e:4d:76:4d:74:f9:19:be:24:47:32:14:
         6e:cd:16:54:c3:d5:1b:5a:b5:0b:f4:a5:89:36:5d:dc:61:2d:
         14:4c:99:d3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZh7jJvTy6VZcb2xnkeOstsKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwODA1MTg0NDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDMxNWM1MmU2ZmVhNDJjNDkwMWVhYWNhZWY0YTI4NGZkZTMyZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulFal412LQ2gtJ4T9z6N5yo8hOm7
b5tAUnYWb2Dsd2WJh6FUN8VthtJMgmwHKBsPZi24DZJshrJvLGe3CdoG8TNl2Vz4
5zDb53SLEWntxocrTZsIkG2FediQiXT6sYv6s3m4QPbvbPsQGSTvej4chnq/0tx4
QehP6JBlGAvzPhVp7coUO+mXdFs1kGvUJEJQpaemDR44R76jXiJ+tnfOi48DnV0Q
RlwofExb3y+Gy1SVr/ubK+pcRNfUI/xW1IQ9pxao7hWav4jdLWbjOqSo8MtMI7qC
RO0SvdjLi7/ArlrDVZQFY6f+QcB2+Giq2aFpE2i2chPyMp94w+YS6BOs5wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM0xXFLm/qQsSQHqrK70ooT94y/TMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvelRGY1V1Yi1wQ3hKQWVxc3J2U2loUDNqTDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgwoQgMF
ACoSLMIDBQAqEjvDMA0GCSqGSIb3DQEBCwUAA4IBAQBAK60Cbmhk7xNzEyhonfaM
6e6g4S7vIGSMX/qiFbLrzDqRP8P8D5EV/yUtcngRzKh65sg6lLiVcY1adNQQ/NOs
vvnRDLLYnvp4g/gvWFto52z5HzWzWfwtiz+XpGQR2ANjjH/Islt84nJ7khvPP8xt
FGbrU6KW1rNrv15E91vsl4Sl5oBoCCkpRBulN7SU6p1gR0z44Cby+Roml5eyKm12
dtngV12n2rkeMwXwX1rJ3dlUhzJMzKvqtOH9lRvEKHNHXm6Qs76zDxtzVPSUwj6M
JsYdZ9uEjgXakG6Uj0COTXZNdPkZviRHMhRuzRZUw9UbWrUL9KWJNl3cYS0UTJnT
-----END CERTIFICATE-----