Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/svN3Ok6VL2a-EVdJe6UTIYjW6Ug.roa
File:                     svN3Ok6VL2a-EVdJe6UTIYjW6Ug.roa (raw, json)
Hash identifier:          MGU8Tr1wY79f7aOOX/E7HRh3hZPVTx7pl2+ACWyvncY=
Subject key identifier:   B2:F3:77:3A:4E:95:2F:66:BE:11:57:49:7B:A5:13:21:88:D6:E9:48
Certificate issuer:       /CN=e0c5bb3da53435bf41e17f7dec47d4484e7f3129
Certificate serial:       0198AE3B152849B0FB7B73713C3B5F533854
Authority key identifier: E0:C5:BB:3D:A5:34:35:BF:41:E1:7F:7D:EC:47:D4:48:4E:7F:31:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4MW7PaU0Nb9B4X997EfUSE5_MSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/svN3Ok6VL2a-EVdJe6UTIYjW6Ug.roa
Signing time:             Fri 15 Aug 2025 14:56:04 +0000
ROA not before:           Fri 15 Aug 2025 14:56:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28753
IP address blocks:        2a04:88c5::/32 maxlen: 32
                          2a11:bb44::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/4MW7PaU0Nb9B4X997EfUSE5_MSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/4MW7PaU0Nb9B4X997EfUSE5_MSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4MW7PaU0Nb9B4X997EfUSE5_MSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ae:3b:15:28:49:b0:fb:7b:73:71:3c:3b:5f:53:38:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0c5bb3da53435bf41e17f7dec47d4484e7f3129
        Validity
            Not Before: Aug 15 14:56:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2f3773a4e952f66be1157497ba5132188d6e948
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b0:18:8f:31:09:09:7b:1b:a9:b3:37:45:0c:
                    0a:1d:82:6e:4b:a6:6b:68:79:a2:d8:bb:82:d5:d0:
                    4c:3b:c4:3e:2f:98:47:cf:4b:66:3e:58:04:41:fa:
                    73:16:90:f6:ad:09:da:b8:90:66:c3:dc:b8:71:3f:
                    f4:d2:ba:42:a6:35:48:dc:ff:89:5d:32:89:75:7f:
                    0b:6b:9d:6b:2b:cc:4e:41:7f:cc:a6:07:60:4c:af:
                    53:a3:4e:ea:00:af:b8:ee:06:2a:f3:85:d4:b6:0a:
                    8f:eb:2d:80:ca:d0:ee:74:28:72:43:3f:93:37:24:
                    7a:6f:3b:6c:a6:df:5f:25:60:1d:df:d0:42:4a:03:
                    8b:10:89:be:9d:17:33:2c:ec:07:39:49:18:ac:1e:
                    85:6e:9a:31:90:bb:ef:9f:c3:ff:3b:de:ac:ca:c5:
                    d8:40:d9:35:0e:27:f8:8f:44:8b:09:ca:77:e4:a7:
                    08:f5:23:56:1b:b1:2b:3d:fb:3d:c8:38:2d:fd:1f:
                    bd:95:d0:a8:40:da:39:b4:fe:33:6b:0c:f8:d2:71:
                    07:f6:65:58:b1:66:b6:c2:40:dd:e4:62:57:6a:a6:
                    17:45:fc:de:9c:65:82:d0:0f:e9:25:4a:91:13:5b:
                    3d:36:81:fa:dd:97:76:a5:f8:4b:70:86:31:20:c2:
                    41:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:F3:77:3A:4E:95:2F:66:BE:11:57:49:7B:A5:13:21:88:D6:E9:48
            X509v3 Authority Key Identifier:
                keyid:E0:C5:BB:3D:A5:34:35:BF:41:E1:7F:7D:EC:47:D4:48:4E:7F:31:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4MW7PaU0Nb9B4X997EfUSE5_MSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/svN3Ok6VL2a-EVdJe6UTIYjW6Ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/4MW7PaU0Nb9B4X997EfUSE5_MSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:88c5::/32
                  2a11:bb44::/32

    Signature Algorithm: sha256WithRSAEncryption
         c2:7f:23:20:9b:2c:16:ba:95:73:bd:55:02:4f:aa:94:95:64:
         40:b7:97:d3:ea:8d:81:7a:93:fb:21:c0:bc:44:55:dc:d8:b8:
         ef:d9:87:0f:db:02:e2:4d:39:a2:e2:14:1d:86:e6:c7:bf:9b:
         a0:9f:33:58:67:73:ec:12:ce:06:8e:51:f1:1a:a5:46:05:4b:
         fa:34:97:8d:d5:e1:e3:c4:9e:cf:2c:19:10:79:34:bd:07:94:
         6b:b4:09:58:86:a3:cc:d1:ce:7c:f0:49:5e:9d:be:35:b7:74:
         ba:7b:f1:b3:6e:29:74:6a:37:58:f9:f9:3e:43:ee:40:ab:2f:
         e6:b2:f2:17:ba:53:8b:95:d9:2c:41:7e:ef:f3:58:98:e8:51:
         22:b5:ac:af:c8:56:93:92:8e:45:fb:6d:1f:e4:b9:db:58:1f:
         59:93:4a:67:fd:34:cb:d6:2e:15:13:13:88:38:74:c9:d7:b0:
         24:a6:72:4c:68:e5:c2:7d:b0:9e:65:a0:ab:ce:a9:47:f7:23:
         59:c2:21:24:5d:8f:bf:99:d9:da:a4:e6:e0:83:ca:03:d0:c4:
         d9:c6:7c:e1:1b:57:a4:0e:3b:1e:9b:b3:a2:f1:9c:2b:01:ac:
         ef:0c:b8:f7:51:f9:2f:4d:b0:d3:0e:d5:1d:98:4d:6b:ef:73:
         a3:39:a9:15
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZiuOxUoSbD7e3NxPDtfUzhUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYzViYjNkYTUzNDM1YmY0MWUxN2Y3ZGVjNDdkNDQ4NGU3
ZjMxMjkwHhcNMjUwODE1MTQ1NjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmYzNzczYTRlOTUyZjY2YmUxMTU3NDk3YmE1MTMyMTg4ZDZlOTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbAYjzEJCXsbqbM3RQwKHYJuS6Zr
aHmi2LuC1dBMO8Q+L5hHz0tmPlgEQfpzFpD2rQnauJBmw9y4cT/00rpCpjVI3P+J
XTKJdX8La51rK8xOQX/MpgdgTK9To07qAK+47gYq84XUtgqP6y2AytDudChyQz+T
NyR6bztspt9fJWAd39BCSgOLEIm+nRczLOwHOUkYrB6FbpoxkLvvn8P/O96sysXY
QNk1Dif4j0SLCcp35KcI9SNWG7ErPfs9yDgt/R+9ldCoQNo5tP4zawz40nEH9mVY
sWa2wkDd5GJXaqYXRfzenGWC0A/pJUqRE1s9NoH63Zd2pfhLcIYxIMJBfQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLLzdzpOlS9mvhFXSXulEyGI1ulIMB8GA1UdIwQY
MBaAFODFuz2lNDW/QeF/fexH1EhOfzEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE1XN1BhVTBOYjlCNFg5OTdFZlVTRTVfTVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83ZjdkOGYtMGRjOC00NWEyLWJjMTYt
ODBhZGQ5ZWEzZTVjLzEvc3ZOM09rNlZMMmEtRVZkSmU2VVRJWWpXNlVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83ZjdkOGYtMGRjOC00NWEyLWJjMTYtODBhZGQ5ZWEzZTVj
LzEvNE1XN1BhVTBOYjlCNFg5OTdFZlVTRTVfTVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgSIxQMF
ACoRu0QwDQYJKoZIhvcNAQELBQADggEBAMJ/IyCbLBa6lXO9VQJPqpSVZEC3l9Pq
jYF6k/shwLxEVdzYuO/Zhw/bAuJNOaLiFB2G5se/m6CfM1hnc+wSzgaOUfEapUYF
S/o0l43V4ePEns8sGRB5NL0HlGu0CViGo8zRznzwSV6dvjW3dLp78bNuKXRqN1j5
+T5D7kCrL+ay8he6U4uV2SxBfu/zWJjoUSK1rK/IVpOSjkX7bR/kudtYH1mTSmf9
NMvWLhUTE4g4dMnXsCSmckxo5cJ9sJ5loKvOqUf3I1nCISRdj7+Z2dqk5uCDygPQ
xNnGfOEbV6QOOx6bs6LxnCsBrO8MuPdR+S9NsNMO1R2YTWvvc6M5qRU=
-----END CERTIFICATE-----