Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/J5rHfmaHUphVTGysaGaEpdGNYhY.roa
File:                     J5rHfmaHUphVTGysaGaEpdGNYhY.roa (raw, json)
Hash identifier:          6LwL5JZxSQ7OcpDpgDX4gpMn2M/avt8b7echOTZbJ1E=
Subject key identifier:   27:9A:C7:7E:66:87:52:98:55:4C:6C:AC:68:66:84:A5:D1:8D:62:16
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       0198B2A8813A911733684FB6A687707A14E4
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/J5rHfmaHUphVTGysaGaEpdGNYhY.roa
Signing time:             Sat 16 Aug 2025 11:34:04 +0000
ROA not before:           Sat 16 Aug 2025 11:34:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205397
IP address blocks:        2a03:5840:130::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b2:a8:81:3a:91:17:33:68:4f:b6:a6:87:70:7a:14:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Aug 16 11:34:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=279ac77e66875298554c6cac686684a5d18d6216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6c:20:34:82:38:9a:87:2c:9d:33:88:68:4e:
                    75:5a:e8:57:ae:f0:df:26:ce:12:dd:6f:03:94:23:
                    db:b5:6c:87:8b:3e:06:22:75:b2:54:ce:97:cb:f8:
                    32:34:c4:11:a6:02:7d:86:5f:0e:a5:8d:ae:72:fe:
                    06:95:34:d2:03:99:63:98:39:61:cb:23:d2:f6:0e:
                    6f:31:d1:b4:f6:03:51:f2:bd:da:9c:32:8a:31:cc:
                    f6:98:d7:4e:89:38:87:96:f5:ed:28:d9:94:20:5f:
                    59:4f:f3:1e:51:86:1a:01:51:a7:0f:ca:0c:96:6f:
                    45:f1:a7:08:37:4f:05:a0:71:75:d0:76:5f:cb:81:
                    07:4c:54:06:96:86:d7:73:90:7d:fb:6f:53:3b:34:
                    53:8c:68:7e:f5:fb:04:28:a2:67:85:30:f3:bb:9f:
                    75:ea:3e:02:fd:d2:c3:5e:6c:ad:95:8f:e5:f7:25:
                    97:83:4c:49:95:bf:64:d8:d3:e4:f8:bf:62:ca:a6:
                    3a:36:c4:f4:d1:9c:7d:c8:fa:aa:86:9b:fc:d6:10:
                    9e:0b:3f:31:ad:d0:a3:79:ac:63:6b:3d:8d:d1:a1:
                    e7:af:ca:5a:8d:90:cd:5d:0a:3d:ef:bb:5d:52:a9:
                    c4:5e:fa:cd:65:78:1a:2d:bd:bc:b2:64:3b:80:94:
                    b2:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:9A:C7:7E:66:87:52:98:55:4C:6C:AC:68:66:84:A5:D1:8D:62:16
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/J5rHfmaHUphVTGysaGaEpdGNYhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:130::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:4d:ac:26:59:53:ce:ff:1e:25:0b:7e:b0:bd:9d:c1:b2:e9:
         89:0e:4d:27:a2:7e:10:26:da:3a:32:65:97:ab:54:49:9d:2f:
         50:1f:3d:f7:7f:56:c3:31:6b:e2:d6:b3:18:5b:1a:64:33:c1:
         db:ab:51:59:12:2a:a3:27:12:b9:22:a8:48:a8:b1:db:62:7e:
         15:ee:98:af:58:3b:c8:17:26:dc:b3:2a:13:ad:e3:4f:58:75:
         69:9a:bf:18:7c:1e:b4:dd:6c:7f:27:4e:c5:72:a1:e5:8b:bb:
         81:bc:bb:79:94:79:bd:91:5b:be:2a:b9:ee:e2:fe:53:52:35:
         09:d6:9c:4a:37:b6:9b:92:08:6a:f9:bf:d9:bd:59:66:02:b2:
         e7:6c:c7:29:f5:a0:eb:b4:9a:15:14:54:2d:cc:dd:96:36:36:
         f6:82:f0:ca:0e:f1:bc:3f:e6:54:07:cc:ab:91:b6:06:cb:27:
         c2:b8:09:2f:5d:60:9d:b8:42:9a:9c:97:12:88:b8:0c:e4:f6:
         ad:2f:07:54:57:36:f5:ab:d7:6c:e1:ab:21:e5:1e:cd:c8:94:
         17:53:9e:3f:94:8e:5f:f1:60:22:33:b8:9a:d1:84:31:ac:a5:
         ad:2c:3f:18:8f:45:65:73:82:64:92:63:98:6d:6f:42:af:ae:
         e6:1e:e4:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZiyqIE6kRczaE+2podwehTkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwODE2MTEzNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzlhYzc3ZTY2ODc1Mjk4NTU0YzZjYWM2ODY2ODRhNWQxOGQ2MjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2wgNII4mocsnTOIaE51WuhXrvDf
Js4S3W8DlCPbtWyHiz4GInWyVM6Xy/gyNMQRpgJ9hl8OpY2ucv4GlTTSA5ljmDlh
yyPS9g5vMdG09gNR8r3anDKKMcz2mNdOiTiHlvXtKNmUIF9ZT/MeUYYaAVGnD8oM
lm9F8acIN08FoHF10HZfy4EHTFQGlobXc5B9+29TOzRTjGh+9fsEKKJnhTDzu591
6j4C/dLDXmytlY/l9yWXg0xJlb9k2NPk+L9iyqY6NsT00Zx9yPqqhpv81hCeCz8x
rdCjeaxjaz2N0aHnr8pajZDNXQo977tdUqnEXvrNZXgaLb28smQ7gJSy2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCeax35mh1KYVUxsrGhmhKXRjWIWMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvSjVySGZtYUhVcGhWVEd5c2FHYUVwZEdOWWhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEw
MA0GCSqGSIb3DQEBCwUAA4IBAQA2TawmWVPO/x4lC36wvZ3BsumJDk0non4QJto6
MmWXq1RJnS9QHz33f1bDMWvi1rMYWxpkM8Hbq1FZEiqjJxK5IqhIqLHbYn4V7piv
WDvIFybcsyoTreNPWHVpmr8YfB603Wx/J07FcqHli7uBvLt5lHm9kVu+Krnu4v5T
UjUJ1pxKN7abkghq+b/ZvVlmArLnbMcp9aDrtJoVFFQtzN2WNjb2gvDKDvG8P+ZU
B8yrkbYGyyfCuAkvXWCduEKanJcSiLgM5PatLwdUVzb1q9ds4ash5R7NyJQXU54/
lI5f8WAiM7ia0YQxrKWtLD8Yj0Vlc4JkkmOYbW9Cr67mHuSw
-----END CERTIFICATE-----