Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/CG3x7I98EjZtkbH9NKVH8MGo7MQ.roa
File:                     CG3x7I98EjZtkbH9NKVH8MGo7MQ.roa (raw, json)
Hash identifier:          GCfsUPcC2f3i5NeIFShOXSyPQkyaLzW3HSZxxFMMc6w=
Subject key identifier:   08:6D:F1:EC:8F:7C:12:36:6D:91:B1:FD:34:A5:47:F0:C1:A8:EC:C4
Certificate issuer:       /CN=da0589dce63981870a1850906c8c2d1d96740096
Certificate serial:       0198C259D63EECED386AA6DA9065422DD63B
Authority key identifier: DA:05:89:DC:E6:39:81:87:0A:18:50:90:6C:8C:2D:1D:96:74:00:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/CG3x7I98EjZtkbH9NKVH8MGo7MQ.roa
Signing time:             Tue 19 Aug 2025 12:42:04 +0000
ROA not before:           Tue 19 Aug 2025 12:42:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15557
IP address blocks:        2a13:7505:3::/48 maxlen: 48
                          2a13:7505:4::/48 maxlen: 48
                          2a13:7506:9004::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c2:59:d6:3e:ec:ed:38:6a:a6:da:90:65:42:2d:d6:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da0589dce63981870a1850906c8c2d1d96740096
        Validity
            Not Before: Aug 19 12:42:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=086df1ec8f7c12366d91b1fd34a547f0c1a8ecc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4f:1a:1a:a7:a8:09:2b:7f:89:f0:dc:aa:99:
                    09:e9:50:71:89:57:8a:5a:6d:f6:f7:ed:f6:a2:16:
                    f9:90:ce:51:89:b7:c8:45:78:fe:77:02:8d:36:c1:
                    f5:01:ae:8a:7e:f7:86:3e:5c:5b:1e:68:ca:b7:2f:
                    90:5c:58:4f:d1:ac:bf:05:41:b1:91:d8:4c:a2:52:
                    0d:ff:5b:94:a4:07:4f:22:c5:77:9d:52:69:ce:ce:
                    c4:08:83:93:72:f7:7d:2b:a1:99:0f:11:f3:b9:16:
                    c1:31:6d:d5:b2:3d:ac:30:02:39:b6:0d:8f:fd:66:
                    27:84:4a:95:d5:44:08:e3:6b:a7:a9:b1:43:3f:45:
                    ec:a3:25:51:40:eb:b1:3a:20:a7:d9:64:30:27:ed:
                    11:fa:e4:56:b5:df:22:c2:e4:1d:33:76:4e:eb:9e:
                    63:23:82:85:d5:52:cf:63:d7:d2:9a:bd:08:b5:6b:
                    1c:9e:2c:47:00:ac:26:30:00:e4:a5:b5:e0:a4:37:
                    b7:42:41:99:a4:e8:10:88:c7:cb:31:95:68:5e:44:
                    94:02:da:11:97:5a:96:8f:39:b7:b1:95:bd:85:45:
                    85:61:c9:11:5d:f4:52:df:bd:80:f3:43:c3:9f:2d:
                    42:3d:27:81:bb:3d:b4:93:ad:82:3c:2e:83:17:4c:
                    f7:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:6D:F1:EC:8F:7C:12:36:6D:91:B1:FD:34:A5:47:F0:C1:A8:EC:C4
            X509v3 Authority Key Identifier:
                keyid:DA:05:89:DC:E6:39:81:87:0A:18:50:90:6C:8C:2D:1D:96:74:00:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/CG3x7I98EjZtkbH9NKVH8MGo7MQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7505:3::-2a13:7505:4:ffff:ffff:ffff:ffff:ffff
                  2a13:7506:9004::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:5e:ae:f2:ff:c1:7d:9e:48:d4:ee:05:8e:f7:67:c7:91:65:
         1b:62:1c:79:47:06:b4:6d:6a:30:c9:ad:a8:b5:1e:a5:21:59:
         fc:35:81:52:b5:9c:72:b1:f3:a1:76:ac:e7:a5:46:69:46:12:
         cc:65:8f:48:06:80:99:7c:94:56:57:93:54:24:61:d3:35:2f:
         02:0f:a7:52:a7:94:58:ac:9e:2b:95:5f:c1:e0:fc:14:ce:02:
         f7:49:da:af:11:ae:22:1e:01:1f:ac:46:90:fa:b6:01:6d:de:
         4e:83:36:fe:b6:44:c5:b6:27:61:61:58:ae:43:96:91:d6:6f:
         2d:06:dd:17:f3:58:eb:7b:56:44:05:41:d4:5b:11:fa:39:cd:
         f7:eb:12:cd:af:42:92:97:1d:6a:37:83:9a:57:c4:4b:45:92:
         0c:9e:2e:78:3f:10:65:00:e8:ee:82:ba:16:6b:15:b8:a1:ce:
         f4:ea:f5:da:0d:27:84:5e:c9:d9:ea:45:ba:70:f8:29:66:23:
         75:aa:06:8e:67:64:87:c1:02:7e:23:a2:4c:af:d9:aa:b8:a2:
         f9:5d:8a:3b:ed:bb:b7:a0:41:de:da:a2:26:43:f2:a0:66:be:
         81:1d:8d:5b:98:bf:61:5c:67:0b:91:93:e7:41:e9:78:8f:ac:
         f5:ff:11:00
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZjCWdY+7O04aqbakGVCLdY7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDU4OWRjZTYzOTgxODcwYTE4NTA5MDZjOGMyZDFkOTY3
NDAwOTYwHhcNMjUwODE5MTI0MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODZkZjFlYzhmN2MxMjM2NmQ5MWIxZmQzNGE1NDdmMGMxYThlY2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl08aGqeoCSt/ifDcqpkJ6VBxiVeK
Wm329+32ohb5kM5RibfIRXj+dwKNNsH1Aa6KfveGPlxbHmjKty+QXFhP0ay/BUGx
kdhMolIN/1uUpAdPIsV3nVJpzs7ECIOTcvd9K6GZDxHzuRbBMW3Vsj2sMAI5tg2P
/WYnhEqV1UQI42unqbFDP0XsoyVRQOuxOiCn2WQwJ+0R+uRWtd8iwuQdM3ZO655j
I4KF1VLPY9fSmr0ItWscnixHAKwmMADkpbXgpDe3QkGZpOgQiMfLMZVoXkSUAtoR
l1qWjzm3sZW9hUWFYckRXfRS372A80PDny1CPSeBuz20k62CPC6DF0z3PwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFAht8eyPfBI2bZGx/TSlR/DBqOzEMB8GA1UdIwQY
MBaAFNoFidzmOYGHChhQkGyMLR2WdACWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdXSjNPWTVnWWNLR0ZDUWJJd3RIWlowQUpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC82MzI2YmItYmEzMy00MzM5LWI4YzYt
MTRlM2MyMDE3OTY5LzEvQ0czeDdJOThFalp0a2JIOU5LVkg4TUdvN01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC82MzI2YmItYmEzMy00MzM5LWI4YzYtMTRlM2MyMDE3OTY5
LzEvMmdXSjNPWTVnWWNLR0ZDUWJJd3RIWlowQUpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdMBIDBwAqE3UF
AAMDBwAqE3UFAAQDBwAqE3UGkAQwDQYJKoZIhvcNAQELBQADggEBAEhervL/wX2e
SNTuBY73Z8eRZRtiHHlHBrRtajDJrai1HqUhWfw1gVK1nHKx86F2rOelRmlGEsxl
j0gGgJl8lFZXk1QkYdM1LwIPp1KnlFisniuVX8Hg/BTOAvdJ2q8RriIeAR+sRpD6
tgFt3k6DNv62RMW2J2FhWK5DlpHWby0G3RfzWOt7VkQFQdRbEfo5zffrEs2vQpKX
HWo3g5pXxEtFkgyeLng/EGUA6O6CuhZrFbihzvTq9doNJ4ReydnqRbpw+ClmI3Wq
Bo5nZIfBAn4jokyv2aq4ovldijvtu7egQd7aoiZD8qBmvoEdjVuYv2FcZwuRk+dB
6XiPrPX/EQA=
-----END CERTIFICATE-----