Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/HlZrGl1aO3kV1Y6YybleSS-qS48.roa
File:                     HlZrGl1aO3kV1Y6YybleSS-qS48.roa (raw, json)
Hash identifier:          YzOs1UcuCc3VF2OmGWOmyNrxNY+9CZqIdsz2OYFNBdU=
Subject key identifier:   1E:56:6B:1A:5D:5A:3B:79:15:D5:8E:98:C9:B9:5E:49:2F:AA:4B:8F
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       01978896088EFBBA0FB89F1481BFA2D7EFF5
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/HlZrGl1aO3kV1Y6YybleSS-qS48.roa
Signing time:             Thu 19 Jun 2025 14:27:03 +0000
ROA not before:           Thu 19 Jun 2025 14:27:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11967
IP address blocks:        2a0d:d940:70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:96:08:8e:fb:ba:0f:b8:9f:14:81:bf:a2:d7:ef:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jun 19 14:27:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e566b1a5d5a3b7915d58e98c9b95e492faa4b8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:33:bd:b2:24:9f:8e:9b:3f:4b:a2:dc:e0:41:
                    8d:5c:35:aa:6a:27:e3:c1:22:0a:8a:fd:d1:c4:fb:
                    b6:f7:31:b3:bd:cf:9c:14:f2:e0:23:0c:8c:72:0b:
                    9e:33:49:d8:69:3b:97:75:3f:99:48:93:7b:df:e1:
                    ee:78:67:d7:b8:e7:35:57:cb:8c:bc:99:4d:5a:f4:
                    38:0c:97:81:b1:e0:b8:ff:09:6c:6b:9d:61:79:17:
                    ef:c6:30:34:2c:a2:29:46:26:96:bc:d8:45:8a:b7:
                    00:38:0f:af:34:6c:e9:0c:21:c7:9d:ae:f8:80:73:
                    59:ba:09:0f:b4:e1:ed:1e:b1:30:56:0f:62:62:94:
                    65:24:9a:fc:40:5b:2e:0c:91:78:f7:6b:b2:ff:ba:
                    b8:42:d2:03:01:ff:f4:18:e0:89:4d:14:80:01:e3:
                    45:29:0f:b6:74:fc:ac:96:8d:a0:ec:d0:a6:85:28:
                    70:0d:5b:e1:73:dc:5b:e9:2a:09:07:b0:ec:f3:3f:
                    76:4a:e2:19:2b:ff:09:dc:6e:b8:79:8b:bf:af:b9:
                    15:04:44:f9:3b:31:c9:e4:83:7e:4e:a5:6f:10:ab:
                    c4:c0:51:cd:17:ad:f0:53:6e:60:bf:9a:cd:6c:80:
                    0d:9f:b4:82:61:bd:38:75:6a:73:1e:4a:1f:1a:98:
                    03:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:56:6B:1A:5D:5A:3B:79:15:D5:8E:98:C9:B9:5E:49:2F:AA:4B:8F
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/HlZrGl1aO3kV1Y6YybleSS-qS48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:70::/44

    Signature Algorithm: sha256WithRSAEncryption
         61:41:d0:43:22:69:cb:53:a6:a0:5a:91:f6:59:23:2f:02:61:
         12:d5:63:e3:f8:14:dc:7e:3a:f7:bf:14:85:bb:70:51:9b:4d:
         4a:63:91:39:70:f8:ea:9e:29:cb:60:69:5b:18:e6:d7:2f:08:
         19:ad:1b:3d:c6:bd:af:a7:d9:56:a8:ab:4f:88:7f:78:bf:7f:
         86:1f:20:21:44:a5:11:67:12:21:b7:46:2f:0d:c3:7b:14:1a:
         00:13:dd:7b:ab:3a:b0:18:f2:36:a6:5e:78:94:10:83:76:b4:
         a8:fd:54:71:47:30:89:4a:95:30:b9:94:f2:eb:fe:b1:ea:2b:
         ad:79:a3:ae:73:ac:35:4b:cf:ad:c0:0c:3e:21:7d:14:d4:20:
         25:a9:26:7b:ce:b7:ec:70:83:48:cd:b1:95:e4:ee:36:9d:aa:
         f4:a9:df:d0:76:5e:fc:32:62:46:fe:8a:b8:39:fb:7b:36:9e:
         70:f6:c1:3a:1c:a6:6d:c3:eb:6e:04:ec:de:25:63:82:50:24:
         f5:8f:0c:f9:0a:56:68:6e:7f:d2:37:2a:72:42:21:5b:c4:47:
         05:0f:bd:b5:50:d5:5c:9d:64:00:45:e7:33:b1:d1:c4:f7:9c:
         79:35:d8:21:46:25:87:62:de:b8:55:f3:42:c3:60:8f:c8:dc:
         88:f7:13:5d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZeIlgiO+7oPuJ8Ugb+i1+/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwNjE5MTQyNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTU2NmIxYTVkNWEzYjc5MTVkNThlOThjOWI5NWU0OTJmYWE0YjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDO9siSfjps/S6Lc4EGNXDWqaifj
wSIKiv3RxPu29zGzvc+cFPLgIwyMcgueM0nYaTuXdT+ZSJN73+HueGfXuOc1V8uM
vJlNWvQ4DJeBseC4/wlsa51heRfvxjA0LKIpRiaWvNhFircAOA+vNGzpDCHHna74
gHNZugkPtOHtHrEwVg9iYpRlJJr8QFsuDJF492uy/7q4QtIDAf/0GOCJTRSAAeNF
KQ+2dPyslo2g7NCmhShwDVvhc9xb6SoJB7Ds8z92SuIZK/8J3G64eYu/r7kVBET5
OzHJ5IN+TqVvEKvEwFHNF63wU25gv5rNbIANn7SCYb04dWpzHkofGpgDBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB5WaxpdWjt5FdWOmMm5XkkvqkuPMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvSGxackdsMWFPM2tWMVk2WXlibGVTUy1xUzQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQABw
MA0GCSqGSIb3DQEBCwUAA4IBAQBhQdBDImnLU6agWpH2WSMvAmES1WPj+BTcfjr3
vxSFu3BRm01KY5E5cPjqninLYGlbGObXLwgZrRs9xr2vp9lWqKtPiH94v3+GHyAh
RKURZxIht0YvDcN7FBoAE917qzqwGPI2pl54lBCDdrSo/VRxRzCJSpUwuZTy6/6x
6iuteaOuc6w1S8+twAw+IX0U1CAlqSZ7zrfscINIzbGV5O42nar0qd/Qdl78MmJG
/oq4Oft7Np5w9sE6HKZtw+tuBOzeJWOCUCT1jwz5ClZobn/SNypyQiFbxEcFD721
UNVcnWQAReczsdHE95x5NdghRiWHYt64VfNCw2CPyNyI9xNd
-----END CERTIFICATE-----