Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/DOAEIvCj-u7rs38MBt2OY5TO5ck.roa
File:                     DOAEIvCj-u7rs38MBt2OY5TO5ck.roa (raw, json)
Hash identifier:          L2KlUD/3hwbtTHy39+u/XA4u/e4Wc7hTiaNnBwb1Xl8=
Subject key identifier:   0C:E0:04:22:F0:A3:FA:EE:EB:B3:7F:0C:06:DD:8E:63:94:CE:E5:C9
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019892BEA74B72ED662C16FEA5969441F7F8
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/DOAEIvCj-u7rs38MBt2OY5TO5ck.roa
Signing time:             Sun 10 Aug 2025 06:50:24 +0000
ROA not before:           Sun 10 Aug 2025 06:50:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207416
IP address blocks:        2a0d:d940:1a::/48 maxlen: 48
                          2a0d:d940:1c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:92:be:a7:4b:72:ed:66:2c:16:fe:a5:96:94:41:f7:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Aug 10 06:50:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ce00422f0a3faeeebb37f0c06dd8e6394cee5c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ee:60:72:32:72:88:ab:30:7d:e1:04:42:29:
                    a2:0c:5e:47:e7:9d:d9:e6:ac:26:af:dd:4b:25:be:
                    4f:72:d9:d2:58:9c:ba:79:fb:44:5d:65:54:2c:c9:
                    f6:ae:54:16:3a:5e:7a:d2:5a:1b:74:0b:ac:6f:75:
                    04:32:3a:f5:e9:cf:5d:5d:75:a2:a6:c8:5a:a0:aa:
                    ce:67:06:3c:17:38:fa:26:14:0c:97:79:4f:80:20:
                    36:df:06:0f:f8:bd:dd:09:3f:3b:a8:d2:ee:92:c5:
                    f0:f3:b5:fe:11:e5:e9:f6:40:69:2c:54:1d:18:04:
                    54:f1:ce:30:f1:ae:26:fb:cd:d3:7b:4b:c6:f6:36:
                    d6:ed:0a:83:40:35:5e:46:1e:c8:e0:1e:e1:08:7f:
                    78:82:45:a4:9b:01:1a:09:bb:25:fa:e4:73:16:81:
                    40:b0:ab:b0:07:34:25:93:a4:8e:ea:92:17:3c:77:
                    b5:c2:48:16:25:19:6f:b1:1c:1d:e4:4c:96:8e:a4:
                    7d:a2:e5:c7:42:96:01:14:7a:21:a3:ee:1f:80:25:
                    7c:72:98:fb:88:ab:fe:3c:54:13:7d:ff:3c:40:db:
                    1d:d0:b3:fd:83:12:ab:f9:04:c0:e3:0b:ed:63:0b:
                    5b:c9:22:be:12:01:78:b2:f5:ee:a1:18:0f:c6:04:
                    2d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:E0:04:22:F0:A3:FA:EE:EB:B3:7F:0C:06:DD:8E:63:94:CE:E5:C9
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/DOAEIvCj-u7rs38MBt2OY5TO5ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:1a::/48
                  2a0d:d940:1c::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:cd:34:a3:f6:8a:a2:50:a5:fc:b8:09:fe:d2:51:3d:15:fc:
         80:62:d8:f3:c0:77:2b:95:64:ef:48:9c:2a:46:33:30:94:1c:
         cb:2e:3c:9c:dd:c4:1d:96:a4:19:e9:0b:4d:e6:b2:39:51:a7:
         65:43:b0:ca:88:9c:43:a0:8d:5e:6c:3a:17:0f:2e:fc:0a:a3:
         0b:32:41:a6:74:10:a9:65:65:e6:0b:c1:bf:7d:15:4b:93:b3:
         4d:93:6e:5b:34:62:a4:3e:58:0e:14:46:4d:3c:14:d9:02:d2:
         32:ec:66:ce:c9:bf:36:46:93:a2:ff:a6:5d:a7:c5:17:3b:bb:
         64:aa:41:34:06:3c:9e:d7:2c:0f:f3:63:53:14:61:9f:b6:25:
         66:25:f6:3a:f2:ed:ef:2f:74:94:de:63:c8:89:af:0d:18:ea:
         56:67:68:53:64:e9:4e:fd:2b:90:48:d0:8f:29:f6:f3:a3:66:
         e1:37:3d:e6:ec:82:47:49:72:2e:7d:fb:cd:03:82:74:ad:f1:
         82:94:43:30:05:43:60:88:f5:46:47:d8:c0:d0:e1:52:33:a3:
         67:61:6f:18:54:c7:73:5d:f3:d3:0f:fe:d5:10:f4:cb:10:af:
         54:92:ba:ef:22:2a:53:83:01:9e:69:3c:9b:c5:c3:03:75:3e:
         2b:23:a7:25
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZiSvqdLcu1mLBb+pZaUQff4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwODEwMDY1MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2UwMDQyMmYwYTNmYWVlZWJiMzdmMGMwNmRkOGU2Mzk0Y2VlNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2e5gcjJyiKswfeEEQimiDF5H553Z
5qwmr91LJb5PctnSWJy6eftEXWVULMn2rlQWOl560lobdAusb3UEMjr16c9dXXWi
pshaoKrOZwY8Fzj6JhQMl3lPgCA23wYP+L3dCT87qNLuksXw87X+EeXp9kBpLFQd
GARU8c4w8a4m+83Te0vG9jbW7QqDQDVeRh7I4B7hCH94gkWkmwEaCbsl+uRzFoFA
sKuwBzQlk6SO6pIXPHe1wkgWJRlvsRwd5EyWjqR9ouXHQpYBFHoho+4fgCV8cpj7
iKv+PFQTff88QNsd0LP9gxKr+QTA4wvtYwtbySK+EgF4svXuoRgPxgQtEQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAzgBCLwo/ru67N/DAbdjmOUzuXJMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvRE9BRUl2Q2otdTdyczM4TUJ0Mk9ZNVRPNWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg3ZQAAa
AwcAKg3ZQAAcMA0GCSqGSIb3DQEBCwUAA4IBAQAKzTSj9oqiUKX8uAn+0lE9FfyA
YtjzwHcrlWTvSJwqRjMwlBzLLjyc3cQdlqQZ6QtN5rI5UadlQ7DKiJxDoI1ebDoX
Dy78CqMLMkGmdBCpZWXmC8G/fRVLk7NNk25bNGKkPlgOFEZNPBTZAtIy7GbOyb82
RpOi/6Zdp8UXO7tkqkE0Bjye1ywP82NTFGGftiVmJfY68u3vL3SU3mPIia8NGOpW
Z2hTZOlO/SuQSNCPKfbzo2bhNz3m7IJHSXIuffvNA4J0rfGClEMwBUNgiPVGR9jA
0OFSM6NnYW8YVMdzXfPTD/7VEPTLEK9UkrrvIipTgwGeaTybxcMDdT4rI6cl
-----END CERTIFICATE-----