Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/a19b9f-469f-4475-a1e8-b8395d653e6e/1/cImMIHu74LDJdQtr4cdiVxmjPwA.roa
File:                     cImMIHu74LDJdQtr4cdiVxmjPwA.roa (raw, json)
Hash identifier:          V4tY5FuY4hbG5AokGnGbbJm1R50idKq6hOVxa7nBfk0=
Subject key identifier:   70:89:8C:20:7B:BB:E0:B0:C9:75:0B:6B:E1:C7:62:57:19:A3:3F:00
Certificate issuer:       /CN=fb01e011cf657f4ad3f22c6dee70c7ff57b3b8b9
Certificate serial:       019938580217D72507D69C71CD770D4D89FB
Authority key identifier: FB:01:E0:11:CF:65:7F:4A:D3:F2:2C:6D:EE:70:C7:FF:57:B3:B8:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-wHgEc9lf0rT8ixt7nDH_1ezuLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/a19b9f-469f-4475-a1e8-b8395d653e6e/1/cImMIHu74LDJdQtr4cdiVxmjPwA.roa
Signing time:             Thu 11 Sep 2025 10:35:15 +0000
ROA not before:           Thu 11 Sep 2025 10:35:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211474
IP address blocks:        2a05:a840::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/a19b9f-469f-4475-a1e8-b8395d653e6e/1/1-wHgEc9lf0rT8ixt7nDH_1ezuLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/a19b9f-469f-4475-a1e8-b8395d653e6e/1/1-wHgEc9lf0rT8ixt7nDH_1ezuLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-wHgEc9lf0rT8ixt7nDH_1ezuLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:38:58:02:17:d7:25:07:d6:9c:71:cd:77:0d:4d:89:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb01e011cf657f4ad3f22c6dee70c7ff57b3b8b9
        Validity
            Not Before: Sep 11 10:35:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70898c207bbbe0b0c9750b6be1c7625719a33f00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d1:cf:fe:02:70:58:f1:1f:50:73:03:14:9d:
                    b1:4b:54:a4:ed:a2:c4:8b:60:8c:77:e7:0a:8f:d5:
                    25:61:c0:05:8f:f9:ff:8e:f0:eb:f6:94:e1:ff:ad:
                    88:55:2d:1e:6e:ef:ce:dd:bb:bb:ac:3e:49:2a:e5:
                    82:c8:36:29:0b:7c:e3:23:81:6b:d1:f5:5b:f2:f7:
                    a9:ba:d7:d3:c9:12:b8:f0:66:fb:2f:dd:3c:38:54:
                    4c:9e:a3:1a:ea:16:6e:55:00:75:ae:c8:8d:46:33:
                    8f:e5:62:30:2a:0a:d7:64:a2:6e:b7:e4:c6:f5:f6:
                    3b:60:5c:ab:74:1f:0e:78:33:2b:0b:4e:4d:54:f6:
                    59:f5:4c:dc:ec:94:91:a2:48:7d:93:62:1a:eb:ee:
                    e6:a0:9a:c0:8e:71:eb:f4:dd:8a:97:c7:33:00:e3:
                    ec:8f:c2:62:e0:4e:aa:f1:ee:78:0e:c0:36:59:be:
                    be:d0:4b:41:b4:60:2b:8f:70:54:3a:32:0f:9a:14:
                    8c:9d:df:b3:d1:d4:e0:45:7f:25:a2:7b:6e:54:a9:
                    07:36:c4:8c:40:2d:e0:bd:cd:cd:17:ff:e7:3f:d0:
                    74:14:ab:c9:49:59:2c:2b:8d:8c:0c:46:38:35:f5:
                    c7:7b:dc:48:d9:63:c2:1f:6d:47:13:45:ce:d3:56:
                    64:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:89:8C:20:7B:BB:E0:B0:C9:75:0B:6B:E1:C7:62:57:19:A3:3F:00
            X509v3 Authority Key Identifier:
                keyid:FB:01:E0:11:CF:65:7F:4A:D3:F2:2C:6D:EE:70:C7:FF:57:B3:B8:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-wHgEc9lf0rT8ixt7nDH_1ezuLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/a19b9f-469f-4475-a1e8-b8395d653e6e/1/cImMIHu74LDJdQtr4cdiVxmjPwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/a19b9f-469f-4475-a1e8-b8395d653e6e/1/1-wHgEc9lf0rT8ixt7nDH_1ezuLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:a840::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:50:cd:23:f2:3f:ad:06:56:37:00:c2:5f:ae:9b:92:8c:4c:
         8b:17:06:16:16:5c:e5:6a:17:90:fd:d6:49:81:d9:3f:aa:1a:
         dc:ec:2a:11:95:e5:f5:64:0f:99:57:47:e5:df:c9:e0:fb:5e:
         41:97:96:28:af:1e:cd:87:c9:7b:02:d7:0c:c8:11:22:73:24:
         96:30:b1:9c:e3:e2:e7:d9:23:74:85:20:d4:04:fa:a2:fe:01:
         26:36:9c:9f:ae:d5:a7:a4:a1:8a:cc:87:12:f7:4b:ff:1b:92:
         be:4e:cc:b4:20:ec:8a:fc:fa:bb:97:f0:d7:59:bd:8f:dc:64:
         e7:85:e1:f0:4c:b4:f0:f3:dd:6d:70:a4:06:14:c5:d5:79:fc:
         3f:31:35:85:ca:9b:78:17:f0:7d:0b:06:d3:eb:83:20:9c:17:
         84:03:b7:0e:3d:28:e1:5e:62:fc:a8:7c:15:0c:35:2c:16:cd:
         3d:33:9f:bb:60:c9:80:06:b2:fc:75:94:5e:5b:4e:86:c8:a6:
         b0:e5:94:33:c8:8d:5c:47:42:be:f7:17:b9:7b:d2:fa:f9:1a:
         16:2e:6c:d2:cb:79:86:fa:13:b3:2d:05:64:21:f6:f2:c6:d0:
         db:86:47:85:fa:fd:aa:7a:b3:77:94:77:91:21:c5:36:eb:da:
         d1:22:45:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZk4WAIX1yUH1pxxzXcNTYn7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMDFlMDExY2Y2NTdmNGFkM2YyMmM2ZGVlNzBjN2ZmNTdi
M2I4YjkwHhcNMjUwOTExMTAzNTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDg5OGMyMDdiYmJlMGIwYzk3NTBiNmJlMWM3NjI1NzE5YTMzZjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotHP/gJwWPEfUHMDFJ2xS1Sk7aLE
i2CMd+cKj9UlYcAFj/n/jvDr9pTh/62IVS0ebu/O3bu7rD5JKuWCyDYpC3zjI4Fr
0fVb8veputfTyRK48Gb7L908OFRMnqMa6hZuVQB1rsiNRjOP5WIwKgrXZKJut+TG
9fY7YFyrdB8OeDMrC05NVPZZ9Uzc7JSRokh9k2Ia6+7moJrAjnHr9N2Kl8czAOPs
j8Ji4E6q8e54DsA2Wb6+0EtBtGArj3BUOjIPmhSMnd+z0dTgRX8lontuVKkHNsSM
QC3gvc3NF//nP9B0FKvJSVksK42MDEY4NfXHe9xI2WPCH21HE0XO01ZkmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHCJjCB7u+CwyXULa+HHYlcZoz8AMB8GA1UdIwQY
MBaAFPsB4BHPZX9K0/Isbe5wx/9Xs7i5MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS13SGdFYzlsZjByVDhpeHQ3bkRIXzFlenVMay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2EvYTE5YjlmLTQ2OWYtNDQ3NS1hMWU4
LWI4Mzk1ZDY1M2U2ZS8xL2NJbU1JSHU3NExESmRRdHI0Y2RpVnhtalB3QS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2EvYTE5YjlmLTQ2OWYtNDQ3NS1hMWU4LWI4Mzk1ZDY1M2U2
ZS8xLzEtd0hnRWM5bGYwclQ4aXh0N25ESF8xZXp1TGsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqBahA
MA0GCSqGSIb3DQEBCwUAA4IBAQBeUM0j8j+tBlY3AMJfrpuSjEyLFwYWFlzlaheQ
/dZJgdk/qhrc7CoRleX1ZA+ZV0fl38ng+15Bl5Yorx7Nh8l7AtcMyBEicySWMLGc
4+Ln2SN0hSDUBPqi/gEmNpyfrtWnpKGKzIcS90v/G5K+Tsy0IOyK/Pq7l/DXWb2P
3GTnheHwTLTw891tcKQGFMXVefw/MTWFypt4F/B9CwbT64MgnBeEA7cOPSjhXmL8
qHwVDDUsFs09M5+7YMmABrL8dZReW06GyKaw5ZQzyI1cR0K+9xe5e9L6+RoWLmzS
y3mG+hOzLQVkIfbyxtDbhkeF+v2qerN3lHeRIcU269rRIkV+
-----END CERTIFICATE-----