Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/OgrR2CAd56z5U5HmKNv5p8BkWPc.roa
File:                     OgrR2CAd56z5U5HmKNv5p8BkWPc.roa (raw, json)
Hash identifier:          Rq+kB9vanf4G1JIJ3U+Pnkbq1HZGp2RBfUcOAAvfTYg=
Subject key identifier:   3A:0A:D1:D8:20:1D:E7:AC:F9:53:91:E6:28:DB:F9:A7:C0:64:58:F7
Certificate issuer:       /CN=494d7873416510a2fb2346ef342280155522713b
Certificate serial:       01989CA4D50BF724F1925169ACFFFFB5B383
Authority key identifier: 49:4D:78:73:41:65:10:A2:FB:23:46:EF:34:22:80:15:55:22:71:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/OgrR2CAd56z5U5HmKNv5p8BkWPc.roa
Signing time:             Tue 12 Aug 2025 04:58:24 +0000
ROA not before:           Tue 12 Aug 2025 04:58:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43289
IP address blocks:        2a02:e00:ffe8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9c:a4:d5:0b:f7:24:f1:92:51:69:ac:ff:ff:b5:b3:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=494d7873416510a2fb2346ef342280155522713b
        Validity
            Not Before: Aug 12 04:58:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a0ad1d8201de7acf95391e628dbf9a7c06458f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:18:a8:d4:c3:bd:c7:70:d3:79:a9:da:e6:b0:
                    8a:0f:fd:83:46:cf:f1:86:4a:ac:1d:25:fd:1e:e4:
                    ed:fd:37:01:b1:79:38:07:16:7a:d5:c4:4e:32:4c:
                    2f:d9:8e:c7:e9:0a:ee:95:2e:45:4e:77:39:33:a7:
                    6c:72:82:8e:41:bf:73:5e:ef:8d:f9:e8:0e:54:68:
                    73:2d:a1:65:29:91:6f:3f:58:8b:08:83:a8:bf:9e:
                    b7:2c:0b:c3:a4:1c:7f:7f:46:e0:49:48:72:75:72:
                    a6:7c:ac:91:5c:45:3b:75:fd:35:1e:bb:c8:67:0f:
                    b2:6a:69:6c:ed:f9:f3:75:02:9c:f9:78:16:f3:95:
                    89:84:e6:a4:15:51:89:ad:a8:b0:06:95:cc:30:c9:
                    31:69:2a:40:4e:9f:e3:21:3e:bb:8d:3c:b4:ce:78:
                    23:0f:4b:cc:d1:03:c8:5a:0f:aa:e1:17:55:53:ef:
                    a1:cd:5a:df:8b:61:f0:8c:48:ee:23:75:f7:f0:d4:
                    18:a3:f5:db:4e:00:4e:b6:2a:f1:1c:7b:95:e9:dd:
                    34:10:d4:be:66:08:63:c5:d8:ff:68:a0:9f:9c:0c:
                    c3:fa:2e:ed:4a:36:d4:06:cc:e9:2a:3c:77:56:71:
                    bb:e3:2a:3a:3e:3b:84:18:29:09:a3:f1:ba:ca:00:
                    83:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:0A:D1:D8:20:1D:E7:AC:F9:53:91:E6:28:DB:F9:A7:C0:64:58:F7
            X509v3 Authority Key Identifier:
                keyid:49:4D:78:73:41:65:10:A2:FB:23:46:EF:34:22:80:15:55:22:71:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/OgrR2CAd56z5U5HmKNv5p8BkWPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e00:ffe8::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:47:27:76:3a:47:31:b5:bc:90:e6:ec:e2:e4:a1:56:07:5c:
         2b:39:6d:82:69:55:71:90:2c:ef:bb:9e:03:f9:32:39:ec:8e:
         b4:c8:96:a6:32:f6:08:1a:d9:31:4d:95:32:09:ca:38:5b:48:
         e1:84:dd:b2:58:48:a6:c1:07:e6:70:49:a7:46:fc:e8:78:96:
         f7:e8:03:ed:19:5a:ae:ea:b5:e9:78:48:d6:bd:03:b4:fe:10:
         91:fa:75:7a:45:bb:7d:e5:9b:b8:66:db:54:d4:fa:1b:1e:2b:
         c9:2a:68:fb:13:ed:e6:e2:42:10:36:00:4e:c8:1b:e5:95:df:
         17:c6:73:60:3f:a9:a8:b2:af:b7:52:40:7c:86:c6:60:d9:59:
         59:10:48:da:cc:8d:0f:c6:b7:e8:e6:54:6a:30:66:fa:17:fb:
         08:8e:d6:30:35:d2:d7:46:14:c8:e8:f0:3e:1f:0e:25:6c:09:
         23:d5:6e:8b:c6:23:61:27:03:1f:43:66:94:4c:5a:81:79:4c:
         68:44:95:08:4d:b8:e9:33:b2:14:31:48:14:01:c9:b5:ac:5e:
         f0:05:53:83:e5:92:2f:37:e7:8c:79:eb:25:ba:72:c0:84:f8:
         53:cb:a3:5a:bc:b0:be:36:41:00:4e:fc:e4:a4:d8:97:c8:19:
         07:e2:04:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZicpNUL9yTxklFprP//tbODMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NGQ3ODczNDE2NTEwYTJmYjIzNDZlZjM0MjI4MDE1NTUy
MjcxM2IwHhcNMjUwODEyMDQ1ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTBhZDFkODIwMWRlN2FjZjk1MzkxZTYyOGRiZjlhN2MwNjQ1OGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhio1MO9x3DTeana5rCKD/2DRs/x
hkqsHSX9HuTt/TcBsXk4BxZ61cROMkwv2Y7H6QrulS5FTnc5M6dscoKOQb9zXu+N
+egOVGhzLaFlKZFvP1iLCIOov563LAvDpBx/f0bgSUhydXKmfKyRXEU7df01HrvI
Zw+yamls7fnzdQKc+XgW85WJhOakFVGJraiwBpXMMMkxaSpATp/jIT67jTy0zngj
D0vM0QPIWg+q4RdVU++hzVrfi2HwjEjuI3X38NQYo/XbTgBOtirxHHuV6d00ENS+
Zghjxdj/aKCfnAzD+i7tSjbUBszpKjx3VnG74yo6PjuEGCkJo/G6ygCDMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDoK0dggHees+VOR5ijb+afAZFj3MB8GA1UdIwQY
MBaAFElNeHNBZRCi+yNG7zQigBVVInE7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1UxNGMwRmxFS0w3STBidk5DS0FGVlVpY1RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8yOGY3YTYtZTFiYS00OTc4LTkxMjIt
ZTE4ZTdiMmFjNTM2LzEvT2dyUjJDQWQ1Nno1VTVIbUtOdjVwOEJrV1BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8yOGY3YTYtZTFiYS00OTc4LTkxMjItZTE4ZTdiMmFjNTM2
LzEvU1UxNGMwRmxFS0w3STBidk5DS0FGVlVpY1RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIOAP/o
MA0GCSqGSIb3DQEBCwUAA4IBAQBERyd2OkcxtbyQ5uzi5KFWB1wrOW2CaVVxkCzv
u54D+TI57I60yJamMvYIGtkxTZUyCco4W0jhhN2yWEimwQfmcEmnRvzoeJb36APt
GVqu6rXpeEjWvQO0/hCR+nV6Rbt95Zu4ZttU1PobHivJKmj7E+3m4kIQNgBOyBvl
ld8XxnNgP6mosq+3UkB8hsZg2VlZEEjazI0Pxrfo5lRqMGb6F/sIjtYwNdLXRhTI
6PA+Hw4lbAkj1W6LxiNhJwMfQ2aUTFqBeUxoRJUITbjpM7IUMUgUAcm1rF7wBVOD
5ZIvN+eMeeslunLAhPhTy6NavLC+NkEATvzkpNiXyBkH4gRV
-----END CERTIFICATE-----