Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/omApJ8ZKR4XFaIu8UV0AdkcF3F4.roa
File:                     omApJ8ZKR4XFaIu8UV0AdkcF3F4.roa (raw, json)
Hash identifier:          xZcc8vbsQpepsoA3jDnIWvOKGnfbdef1RwrZnZhSI2M=
Subject key identifier:   A2:60:29:27:C6:4A:47:85:C5:68:8B:BC:51:5D:00:76:47:05:DC:5E
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       0199E97D7B6486596EDDB619B9AE8ABB3493
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/omApJ8ZKR4XFaIu8UV0AdkcF3F4.roa
Signing time:             Wed 15 Oct 2025 20:08:58 +0000
ROA not before:           Wed 15 Oct 2025 20:08:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204909
IP address blocks:        2a11:3440::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 12:40:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e9:7d:7b:64:86:59:6e:dd:b6:19:b9:ae:8a:bb:34:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Oct 15 20:08:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2602927c64a4785c5688bbc515d00764705dc5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f5:53:32:84:42:98:1f:91:ad:24:1e:a5:84:
                    6d:a4:de:da:a9:bf:ae:0e:ee:b6:67:50:e8:5d:ec:
                    b9:5c:d9:14:5d:e7:a5:d7:b0:ad:d2:aa:20:58:6f:
                    95:7f:1d:3e:4c:d1:a9:fd:86:3a:29:64:7a:44:98:
                    b5:78:a3:00:ff:1f:c9:09:09:f2:f9:60:80:de:6a:
                    cc:33:96:de:28:7e:a4:c1:bd:08:57:31:d7:ef:f0:
                    51:c8:f9:d6:64:52:71:da:ee:1d:e7:4d:2f:5c:35:
                    c2:4d:67:49:ab:01:fd:31:c8:99:73:5d:03:69:c3:
                    b7:df:b0:0c:de:0c:00:b4:2f:ce:cb:39:f7:f3:98:
                    14:df:f6:ac:51:38:70:ab:be:85:51:bf:b2:3e:cc:
                    1a:8f:92:df:0f:6b:78:1a:30:b2:8e:9c:67:b5:11:
                    9d:ca:37:17:52:41:98:24:d1:5a:42:bf:a6:a7:70:
                    db:f2:db:cc:b7:47:28:7b:ca:0f:15:19:15:d2:1a:
                    e2:fe:f7:3e:78:56:27:3b:58:2d:79:0a:00:6a:ec:
                    05:59:33:2c:b8:7e:e9:bb:6f:58:27:2a:da:5e:fe:
                    86:7a:ee:16:e5:3a:d9:17:6a:1f:d5:be:43:ec:6a:
                    da:1c:a8:2e:0e:52:7b:ec:0e:ac:01:d4:cc:56:4a:
                    71:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:60:29:27:C6:4A:47:85:C5:68:8B:BC:51:5D:00:76:47:05:DC:5E
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/omApJ8ZKR4XFaIu8UV0AdkcF3F4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:3440::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:55:47:f8:bb:3f:dc:a9:ea:09:17:6f:6f:f6:4a:31:37:32:
         af:82:48:79:8f:ed:d1:30:a1:c3:85:da:50:fc:ec:9e:c6:c2:
         9b:37:ba:40:63:ec:f5:45:c2:98:b1:00:7c:fd:b2:15:aa:2c:
         64:ca:b8:16:b2:d5:a5:61:2c:a1:a2:95:7c:22:46:94:ea:59:
         82:1c:e3:ff:30:8d:00:46:ad:56:39:f0:c7:39:84:cb:8e:27:
         31:b3:33:74:19:74:30:cd:cd:8c:d1:4d:d9:3c:75:05:ec:5e:
         01:d0:58:cc:fd:eb:7f:7e:d9:96:82:98:37:69:37:eb:d9:23:
         cd:f0:32:48:8d:13:30:eb:13:8d:3e:bc:79:1d:bb:7d:6c:5c:
         69:f4:1e:71:8b:72:15:70:7e:04:11:07:3b:9b:bd:f4:78:71:
         f5:ea:95:18:9e:ee:79:21:77:55:b1:49:48:f0:20:e2:11:4e:
         5a:7c:2c:9a:05:87:71:66:26:62:37:f6:85:c5:e5:b5:73:e2:
         ac:ba:f7:5f:ef:6d:ab:cb:27:ba:a8:a9:47:61:1c:7e:68:93:
         d4:04:6c:e1:40:e7:c3:52:36:24:50:34:16:44:f2:d4:93:1c:
         de:76:25:b3:ea:79:e6:bf:ea:b6:63:16:85:4d:82:a2:27:b7:
         b5:f8:ac:ae
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZnpfXtkhllu3bYZua6KuzSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUxMDE1MjAwODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjYwMjkyN2M2NGE0Nzg1YzU2ODhiYmM1MTVkMDA3NjQ3MDVkYzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/VTMoRCmB+RrSQepYRtpN7aqb+u
Du62Z1DoXey5XNkUXeel17Ct0qogWG+Vfx0+TNGp/YY6KWR6RJi1eKMA/x/JCQny
+WCA3mrMM5beKH6kwb0IVzHX7/BRyPnWZFJx2u4d500vXDXCTWdJqwH9MciZc10D
acO337AM3gwAtC/Oyzn385gU3/asUThwq76FUb+yPswaj5LfD2t4GjCyjpxntRGd
yjcXUkGYJNFaQr+mp3Db8tvMt0coe8oPFRkV0hri/vc+eFYnO1gteQoAauwFWTMs
uH7pu29YJyraXv6Geu4W5TrZF2of1b5D7GraHKguDlJ77A6sAdTMVkpxwwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKJgKSfGSkeFxWiLvFFdAHZHBdxeMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvb21BcEo4WktSNFhGYUl1OFVWMEFka2NGM0Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhE0QDAN
BgkqhkiG9w0BAQsFAAOCAQEAJFVH+Ls/3KnqCRdvb/ZKMTcyr4JIeY/t0TChw4Xa
UPzsnsbCmze6QGPs9UXCmLEAfP2yFaosZMq4FrLVpWEsoaKVfCJGlOpZghzj/zCN
AEatVjnwxzmEy44nMbMzdBl0MM3NjNFN2Tx1BexeAdBYzP3rf37ZloKYN2k369kj
zfAySI0TMOsTjT68eR27fWxcafQecYtyFXB+BBEHO5u99Hhx9eqVGJ7ueSF3VbFJ
SPAg4hFOWnwsmgWHcWYmYjf2hcXltXPirLr3X+9tq8snuqipR2EcfmiT1ARs4UDn
w1I2JFA0FkTy1JMc3nYls+p55r/qtmMWhU2Coie3tfisrg==
-----END CERTIFICATE-----