Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/E4WeEv9KnG9XVwG6J3JTEqGXF0E.roa
File:                     E4WeEv9KnG9XVwG6J3JTEqGXF0E.roa (raw, json)
Hash identifier:          2S4cJxK+qFcJzomLqok68jzBeS3oEHEkMSoCRr9GRh4=
Subject key identifier:   13:85:9E:12:FF:4A:9C:6F:57:57:01:BA:27:72:53:12:A1:97:17:41
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019898CCA3C61129ACD8DFEDE1241C3B49A3
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/E4WeEv9KnG9XVwG6J3JTEqGXF0E.roa
Signing time:             Mon 11 Aug 2025 11:03:24 +0000
ROA not before:           Mon 11 Aug 2025 11:03:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211237
IP address blocks:        2a0e:8f02:f006::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:cc:a3:c6:11:29:ac:d8:df:ed:e1:24:1c:3b:49:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Aug 11 11:03:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13859e12ff4a9c6f575701ba27725312a1971741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0f:24:f2:ee:35:18:06:39:b8:31:85:c6:5f:
                    96:cd:55:3d:0a:ec:02:da:75:bc:fd:79:b1:86:f2:
                    bb:5d:ea:55:94:ec:c2:cf:f9:f6:74:2e:e2:34:cd:
                    58:d5:f6:c4:26:a7:6d:41:bb:25:1b:02:10:6c:e1:
                    33:78:75:a1:a2:31:3f:61:2a:74:a4:5b:92:e7:6a:
                    77:35:32:be:ea:31:a7:5b:86:75:8c:b7:24:1f:94:
                    cf:21:6e:a6:bc:53:10:58:80:cb:fd:b2:aa:8f:c4:
                    ac:3b:ba:ef:43:31:28:fd:d5:09:68:06:37:d1:b0:
                    95:07:a3:d5:e2:1f:ba:aa:63:08:76:ee:f7:fb:bc:
                    fc:da:f3:7f:37:c6:6c:da:25:65:7a:1b:cb:7a:ce:
                    48:13:ec:c6:8d:dd:a3:6f:a8:5d:f4:99:1a:0a:b8:
                    5c:ed:6b:a0:c4:72:ef:b4:f4:78:ff:5b:f4:a1:c6:
                    63:8a:58:0b:ef:b0:43:01:a5:bb:a8:27:66:7a:ff:
                    9c:f6:c8:92:51:ee:1a:d1:da:d4:3d:1a:08:3b:bf:
                    37:50:11:59:f4:f7:a5:7a:65:05:f6:e5:14:41:05:
                    cb:fc:8c:ac:1e:da:73:39:82:58:b6:79:c5:38:b5:
                    52:72:ab:4a:62:d7:2e:46:80:f1:01:a5:52:89:71:
                    20:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:85:9E:12:FF:4A:9C:6F:57:57:01:BA:27:72:53:12:A1:97:17:41
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/E4WeEv9KnG9XVwG6J3JTEqGXF0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f006::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:e0:51:68:7a:df:ea:fc:1d:be:bb:27:b3:a3:ef:68:71:59:
         39:89:ef:a5:31:97:20:a5:9f:7e:4a:bd:eb:9e:fb:61:b1:2c:
         1b:b5:cc:57:c4:8b:92:56:13:76:7e:0f:03:fe:99:17:72:e4:
         4d:9f:5d:e4:fd:cd:6c:a1:86:ab:ae:f5:a6:95:65:1f:e4:ad:
         5f:17:59:b0:7a:27:8a:25:9d:2f:0a:eb:70:d7:22:ab:15:b0:
         08:aa:c0:22:ef:a6:b5:b6:4c:84:b8:e8:8f:0a:35:44:f5:af:
         8f:64:48:e5:4e:d5:c7:d3:23:af:74:f2:f6:90:4d:9b:fd:29:
         9a:bb:43:80:a2:b9:ab:09:b9:e0:eb:6b:4b:b5:11:7c:35:8f:
         c0:b4:6d:2e:cb:8b:60:9f:79:31:34:d8:06:e5:dd:68:3e:74:
         c5:26:5c:b0:2a:f9:e8:1f:4c:cf:5f:88:0b:12:93:84:80:11:
         cd:cd:09:e1:c9:8b:4f:f8:a8:5e:0b:f0:18:9d:b5:72:a2:54:
         c4:5e:42:cf:26:6f:8c:1a:9c:11:a6:55:e8:7d:d7:7b:60:07:
         ff:b2:7d:4e:9f:f3:69:26:6d:25:f2:b9:0d:26:c2:10:18:45:
         f7:a0:23:75:ee:36:09:a9:e2:e7:54:56:29:25:31:10:77:d7:
         73:5b:f5:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZiYzKPGESms2N/t4SQcO0mjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwODExMTEwMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzg1OWUxMmZmNGE5YzZmNTc1NzAxYmEyNzcyNTMxMmExOTcxNzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtg8k8u41GAY5uDGFxl+WzVU9CuwC
2nW8/XmxhvK7XepVlOzCz/n2dC7iNM1Y1fbEJqdtQbslGwIQbOEzeHWhojE/YSp0
pFuS52p3NTK+6jGnW4Z1jLckH5TPIW6mvFMQWIDL/bKqj8SsO7rvQzEo/dUJaAY3
0bCVB6PV4h+6qmMIdu73+7z82vN/N8Zs2iVlehvLes5IE+zGjd2jb6hd9JkaCrhc
7WugxHLvtPR4/1v0ocZjilgL77BDAaW7qCdmev+c9siSUe4a0drUPRoIO783UBFZ
9PelemUF9uUUQQXL/IysHtpzOYJYtnnFOLVScqtKYtcuRoDxAaVSiXEgnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBOFnhL/SpxvV1cBuidyUxKhlxdBMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvRTRXZUV2OUtuRzlYVndHNkozSlRFcUdYRjBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAG
MA0GCSqGSIb3DQEBCwUAA4IBAQA84FFoet/q/B2+uyezo+9ocVk5ie+lMZcgpZ9+
Sr3rnvthsSwbtcxXxIuSVhN2fg8D/pkXcuRNn13k/c1soYarrvWmlWUf5K1fF1mw
eieKJZ0vCutw1yKrFbAIqsAi76a1tkyEuOiPCjVE9a+PZEjlTtXH0yOvdPL2kE2b
/Smau0OAormrCbng62tLtRF8NY/AtG0uy4tgn3kxNNgG5d1oPnTFJlywKvnoH0zP
X4gLEpOEgBHNzQnhyYtP+KheC/AYnbVyolTEXkLPJm+MGpwRplXofdd7YAf/sn1O
n/NpJm0l8rkNJsIQGEX3oCN17jYJqeLnVFYpJTEQd9dzW/VJ
-----END CERTIFICATE-----