Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/A_7wSF0gzML8ztc1Eff533SBtpM.roa
File:                     A_7wSF0gzML8ztc1Eff533SBtpM.roa (raw, json)
Hash identifier:          C4CpgxJrC1lOvhLi31t3Ht2SMlx2LuKBiXn17xFMf6c=
Subject key identifier:   03:FE:F0:48:5D:20:CC:C2:FC:CE:D7:35:11:F7:F9:DF:74:81:B6:93
Certificate issuer:       /CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
Certificate serial:       0197E957B50847A28A382FD4341C37837C28
Authority key identifier: 3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/A_7wSF0gzML8ztc1Eff533SBtpM.roa
Signing time:             Tue 08 Jul 2025 09:22:08 +0000
ROA not before:           Tue 08 Jul 2025 09:22:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f3c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 04:02:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:57:b5:08:47:a2:8a:38:2f:d4:34:1c:37:83:7c:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
        Validity
            Not Before: Jul  8 09:22:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03fef0485d20ccc2fcced73511f7f9df7481b693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ce:d9:f8:cf:5c:74:1b:25:e7:9f:23:10:06:
                    d4:9e:cf:0a:cc:a0:36:9f:0f:b8:76:89:61:83:be:
                    27:3a:b5:ce:d4:76:89:03:8f:05:ee:b0:b7:d0:fd:
                    b8:ee:ef:98:4a:bd:9a:0c:67:21:bb:7c:49:8c:12:
                    82:f4:86:01:af:e3:b3:cd:e3:d0:10:e7:22:a4:7c:
                    13:a5:17:6a:39:17:0a:37:e9:5f:a2:55:a7:00:2b:
                    10:38:67:01:e6:32:51:dd:3d:56:9e:1e:49:84:e6:
                    a8:c4:24:37:78:80:34:f0:b8:00:3a:9e:01:e1:37:
                    21:db:49:9a:e2:57:9c:4d:d8:35:28:d7:01:65:a7:
                    0c:b6:eb:fb:7b:32:f2:4a:c3:a1:f7:f2:07:29:42:
                    15:c6:b5:ec:81:52:83:05:85:e2:90:0f:a3:bd:93:
                    f7:6f:25:b8:a7:3a:a4:53:a5:62:44:f7:24:0b:74:
                    34:bd:94:63:b7:db:cd:b0:82:22:56:1e:70:6c:51:
                    2e:6c:95:20:00:31:f3:ae:5f:db:ad:25:ab:f8:c1:
                    99:5a:c2:15:86:e7:dc:c4:5a:ba:37:d1:32:fa:c4:
                    e5:2d:32:04:cc:f6:7b:6e:6f:31:a0:1a:5f:7b:d8:
                    e6:84:2a:a9:fe:91:ce:ea:3e:14:39:a5:e9:60:67:
                    5d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:FE:F0:48:5D:20:CC:C2:FC:CE:D7:35:11:F7:F9:DF:74:81:B6:93
            X509v3 Authority Key Identifier:
                keyid:3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/A_7wSF0gzML8ztc1Eff533SBtpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:5c:0d:0d:10:70:7a:93:0b:ce:fe:55:ff:ad:27:16:e2:a2:
         2b:81:67:41:4d:cd:9b:fe:57:40:79:33:c4:3d:09:88:9c:50:
         f4:b1:9e:f8:f7:01:2b:9f:63:e6:6c:fe:68:51:77:34:7c:30:
         56:d2:8d:e5:1c:65:6c:da:71:39:55:0f:7d:9b:08:33:bb:83:
         c5:27:f3:04:7b:10:c7:17:71:f0:2f:fe:48:f0:ed:ef:84:5b:
         6e:66:c5:e2:dc:b5:2f:b9:23:60:33:f1:4c:8c:c3:0e:a5:4f:
         3c:33:a9:65:49:57:00:6e:12:a1:8a:bf:18:37:11:31:92:b8:
         9a:77:75:f7:33:04:e3:82:53:ee:3f:5b:42:ec:6d:1c:47:1e:
         0b:ce:50:9a:6f:fb:b1:34:ad:e8:90:06:cd:9a:39:fb:f8:e0:
         40:73:bf:dc:ac:87:03:4b:fe:e0:be:1d:2d:3b:b7:be:22:89:
         89:cb:96:c0:24:9d:b7:ca:7c:f6:d6:06:ff:cc:08:4f:ec:5a:
         36:a5:e4:3c:88:0c:ab:2f:1b:2a:97:89:1b:b6:58:cf:6f:a3:
         3e:09:74:e1:47:e0:ce:66:3c:1a:9f:ba:e0:14:5c:5a:e5:1b:
         5b:6e:4c:fd:93:7f:7e:55:c2:95:a3:18:08:80:40:e8:dd:89:
         ab:4e:fd:49
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfpV7UIR6KKOC/UNBw3g3woMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2Y1NTRiODAyODFkZWEyYTMwMDMxOGFhYWQ2ZDJkOTdm
MWNlNDQwHhcNMjUwNzA4MDkyMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2ZlZjA0ODVkMjBjY2MyZmNjZWQ3MzUxMWY3ZjlkZjc0ODFiNjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo87Z+M9cdBsl558jEAbUns8KzKA2
nw+4dolhg74nOrXO1HaJA48F7rC30P247u+YSr2aDGchu3xJjBKC9IYBr+OzzePQ
EOcipHwTpRdqORcKN+lfolWnACsQOGcB5jJR3T1Wnh5JhOaoxCQ3eIA08LgAOp4B
4Tch20ma4lecTdg1KNcBZacMtuv7ezLySsOh9/IHKUIVxrXsgVKDBYXikA+jvZP3
byW4pzqkU6ViRPckC3Q0vZRjt9vNsIIiVh5wbFEubJUgADHzrl/brSWr+MGZWsIV
hufcxFq6N9Ey+sTlLTIEzPZ7bm8xoBpfe9jmhCqp/pHO6j4UOaXpYGddwwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAP+8EhdIMzC/M7XNRH3+d90gbaTMB8GA1UdIwQY
MBaAFD8/VUuAKB3qKjADGKqtbS2X8c5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQt
ZjUzM2I4ZGY4MGE5LzEvQV83d1NGMGd6TUw4enRjMUVmZjUzM1NCdHBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQtZjUzM2I4ZGY4MGE5
LzEvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHzwDAN
BgkqhkiG9w0BAQsFAAOCAQEAMVwNDRBwepMLzv5V/60nFuKiK4FnQU3Nm/5XQHkz
xD0JiJxQ9LGe+PcBK59j5mz+aFF3NHwwVtKN5RxlbNpxOVUPfZsIM7uDxSfzBHsQ
xxdx8C/+SPDt74RbbmbF4ty1L7kjYDPxTIzDDqVPPDOpZUlXAG4SoYq/GDcRMZK4
mnd19zME44JT7j9bQuxtHEceC85Qmm/7sTSt6JAGzZo5+/jgQHO/3KyHA0v+4L4d
LTu3viKJicuWwCSdt8p89tYG/8wIT+xaNqXkPIgMqy8bKpeJG7ZYz2+jPgl04Ufg
zmY8Gp+64BRcWuUbW25M/ZN/flXClaMYCIBA6N2Jq079SQ==
-----END CERTIFICATE-----