Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/34IsY0jO75pV7BAMdtZC6Y7R63Q.roa
File:                     34IsY0jO75pV7BAMdtZC6Y7R63Q.roa (raw, json)
Hash identifier:          iHXM2CyDHwFZsOpk2M0YYfJaVLusv8i1hjOCk9r9pn0=
Subject key identifier:   DF:82:2C:63:48:CE:EF:9A:55:EC:10:0C:76:D6:42:E9:8E:D1:EB:74
Certificate issuer:       /CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Certificate serial:       0199C28016A7FB8BF10D072C31A3A8238A49
Authority key identifier: E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/34IsY0jO75pV7BAMdtZC6Y7R63Q.roa
Signing time:             Wed 08 Oct 2025 06:26:38 +0000
ROA not before:           Wed 08 Oct 2025 06:26:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49762
IP address blocks:        2001:998:82::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c2:80:16:a7:fb:8b:f1:0d:07:2c:31:a3:a8:23:8a:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
        Validity
            Not Before: Oct  8 06:26:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df822c6348ceef9a55ec100c76d642e98ed1eb74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:09:ca:89:3a:f2:4c:1a:04:2a:9d:36:c2:f3:
                    12:a6:f8:29:c6:b9:43:1b:56:60:40:eb:e0:68:df:
                    8f:dc:d8:a6:2d:6e:37:9e:3c:ae:ce:42:28:e0:a1:
                    be:3d:b7:df:b7:61:7c:c6:be:06:2f:4b:b0:b3:6d:
                    f0:b5:9f:7c:94:06:91:3e:71:48:82:f9:2c:72:67:
                    7a:46:78:cc:bb:06:73:82:a4:22:a6:0b:8c:c9:c8:
                    ef:26:6a:1d:ce:11:6a:f6:6b:c7:97:26:f1:e5:76:
                    fa:58:dd:6f:c9:93:05:68:f2:4d:11:82:bc:bb:02:
                    fd:58:c4:2c:16:e2:7b:73:eb:65:99:ad:35:f9:7b:
                    da:fd:ed:66:c2:6a:f5:75:a3:66:a5:10:49:2c:4e:
                    07:d9:18:0a:ee:4d:ba:9c:0e:87:f2:6e:b5:e5:12:
                    4f:6c:3b:5d:02:b5:6d:29:8f:4e:f8:e8:3b:af:8b:
                    ae:aa:33:0e:19:b9:0c:21:b7:4b:29:e6:b3:f6:8f:
                    a0:1c:fa:99:f0:dd:c5:25:80:ff:5f:8f:53:19:2d:
                    4f:51:64:2d:b8:ec:a0:b3:01:9b:24:fb:e0:c9:e4:
                    4c:46:5f:9f:a6:5d:16:b2:f9:fb:1a:1b:7b:a3:58:
                    7f:36:78:8b:2a:a4:eb:17:60:0d:67:05:18:76:e5:
                    05:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:82:2C:63:48:CE:EF:9A:55:EC:10:0C:76:D6:42:E9:8E:D1:EB:74
            X509v3 Authority Key Identifier:
                keyid:E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/34IsY0jO75pV7BAMdtZC6Y7R63Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:998:82::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:47:24:b0:3c:4c:3d:c3:a7:ca:e0:20:70:44:da:d1:d8:35:
         1a:e5:2b:8c:22:06:b9:c0:a5:af:4f:4a:ef:0f:3e:5f:d6:a5:
         33:ba:ae:31:03:5d:12:67:89:d8:36:a6:18:b8:e3:7a:98:51:
         27:a5:bf:72:f2:ce:23:2c:fa:4c:1a:25:6f:c0:15:a1:f4:5d:
         9f:52:e3:10:11:09:6d:c2:84:f2:9e:e3:19:31:0b:e9:61:ac:
         3c:1b:d5:f6:32:96:fc:66:d7:5c:fb:ef:07:86:df:e5:a9:09:
         36:d6:14:fe:98:a8:02:5a:8c:0b:a9:93:cb:38:dc:3f:b1:7a:
         70:c2:68:1c:52:c6:5d:82:d3:15:38:fb:18:ef:36:ad:cf:24:
         2c:60:3f:3f:dc:88:ee:cc:b6:0c:3c:98:9b:e7:13:07:30:a5:
         64:14:ab:16:70:a3:71:5f:01:e5:b7:ef:46:58:72:2d:8c:c6:
         be:65:8f:f6:56:89:51:99:a3:58:2b:20:45:6f:7f:96:33:2a:
         aa:5a:36:8c:58:39:d8:06:fc:e9:7e:2e:70:8e:a6:72:75:f1:
         06:d1:08:4c:71:5a:f4:9b:9a:79:6e:c4:0c:7a:0f:e2:10:c7:
         42:66:48:92:c0:49:6c:d6:99:c4:4c:31:94:35:cd:f0:ef:cc:
         78:06:67:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnCgBan+4vxDQcsMaOoI4pJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGVlMWIwNmJhMjRhNjc2MjEzZjk3NmE0YjUwYzEyOWRj
YjJiNzMwHhcNMjUxMDA4MDYyNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjgyMmM2MzQ4Y2VlZjlhNTVlYzEwMGM3NmQ2NDJlOThlZDFlYjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAognKiTryTBoEKp02wvMSpvgpxrlD
G1ZgQOvgaN+P3NimLW43njyuzkIo4KG+Pbfft2F8xr4GL0uws23wtZ98lAaRPnFI
gvkscmd6RnjMuwZzgqQipguMycjvJmodzhFq9mvHlybx5Xb6WN1vyZMFaPJNEYK8
uwL9WMQsFuJ7c+tlma01+Xva/e1mwmr1daNmpRBJLE4H2RgK7k26nA6H8m615RJP
bDtdArVtKY9O+Og7r4uuqjMOGbkMIbdLKeaz9o+gHPqZ8N3FJYD/X49TGS1PUWQt
uOygswGbJPvgyeRMRl+fpl0Wsvn7Ght7o1h/NniLKqTrF2ANZwUYduUF1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN+CLGNIzu+aVewQDHbWQumO0et0MB8GA1UdIwQY
MBaAFODe4bBrokpnYhP5dqS1DBKdyytzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMt
MTVlOTBiZjg3ZmFiLzEvMzRJc1kwak83NXBWN0JBTWR0WkM2WTdSNjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMtMTVlOTBiZjg3ZmFi
LzEvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEJmACC
MA0GCSqGSIb3DQEBCwUAA4IBAQA4RySwPEw9w6fK4CBwRNrR2DUa5SuMIga5wKWv
T0rvDz5f1qUzuq4xA10SZ4nYNqYYuON6mFEnpb9y8s4jLPpMGiVvwBWh9F2fUuMQ
EQltwoTynuMZMQvpYaw8G9X2Mpb8Ztdc++8Hht/lqQk21hT+mKgCWowLqZPLONw/
sXpwwmgcUsZdgtMVOPsY7zatzyQsYD8/3IjuzLYMPJib5xMHMKVkFKsWcKNxXwHl
t+9GWHItjMa+ZY/2VolRmaNYKyBFb3+WMyqqWjaMWDnYBvzpfi5wjqZydfEG0QhM
cVr0m5p5bsQMeg/iEMdCZkiSwEls1pnETDGUNc3w78x4BmfA
-----END CERTIFICATE-----