Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/dISl5Ukw4YQJK0H6aBRNMVHoUHY.roa
File:                     dISl5Ukw4YQJK0H6aBRNMVHoUHY.roa (raw, json)
Hash identifier:          HAxvloz4GQvfIeGFIns8AnRlOc6klJKO+6R8zX7/dw8=
Subject key identifier:   74:84:A5:E5:49:30:E1:84:09:2B:41:FA:68:14:4D:31:51:E8:50:76
Certificate issuer:       /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial:       01993D2DCC27233D81EC0896C6EC3247795D
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/dISl5Ukw4YQJK0H6aBRNMVHoUHY.roa
Signing time:             Fri 12 Sep 2025 09:07:15 +0000
ROA not before:           Fri 12 Sep 2025 09:07:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207193
IP address blocks:        2a07:8145::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:2d:cc:27:23:3d:81:ec:08:96:c6:ec:32:47:79:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
        Validity
            Not Before: Sep 12 09:07:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7484a5e54930e184092b41fa68144d3151e85076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:44:05:f8:ba:8b:ec:3c:be:76:9c:34:cd:34:
                    06:e0:b9:9e:b3:e0:e3:65:ee:a4:ac:8a:f9:00:f7:
                    c5:09:35:8e:02:47:da:a4:11:af:b9:db:4e:1f:79:
                    1d:45:e8:8e:e0:6c:89:f5:5f:f9:08:e1:b6:c9:0e:
                    14:a5:18:17:c2:e8:0b:85:15:9d:f9:15:78:2a:6c:
                    ea:4d:ec:46:f7:b7:90:6d:94:62:9b:f7:38:c5:3d:
                    6c:c5:c0:57:c9:27:c1:32:59:44:e3:63:68:42:82:
                    60:4f:20:cc:28:b6:99:a6:e3:e0:22:0a:6e:60:ba:
                    f8:33:bb:64:4e:66:6c:49:e6:80:28:be:a3:e6:ee:
                    ca:f1:2a:d8:d7:c0:8e:01:c9:12:31:07:45:d1:a3:
                    80:c1:57:7b:8f:b5:0d:47:b8:cb:51:75:9b:a5:8a:
                    e5:94:10:fa:45:ce:b3:14:a7:38:0f:33:de:28:19:
                    7c:2c:4f:f4:ff:dc:6a:a8:11:86:6d:00:81:1e:87:
                    c0:c3:70:48:a0:ad:8c:db:27:6d:73:9d:5d:4f:bb:
                    cd:ba:d4:12:58:ac:ad:0c:6c:da:41:7a:be:d3:f2:
                    a1:37:ef:9d:dc:e0:a0:53:e3:09:62:b4:14:e4:f7:
                    5f:27:a7:9b:f1:35:c1:43:dc:9d:26:fb:f3:fb:9a:
                    e3:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:84:A5:E5:49:30:E1:84:09:2B:41:FA:68:14:4D:31:51:E8:50:76
            X509v3 Authority Key Identifier:
                keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/dISl5Ukw4YQJK0H6aBRNMVHoUHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:8145::/36

    Signature Algorithm: sha256WithRSAEncryption
         bb:c3:f9:87:ff:8a:8c:7d:92:c0:40:f1:de:7d:77:4f:13:74:
         5d:a2:54:3e:aa:71:e1:e7:1e:c6:fc:41:44:a2:4e:bf:6a:bd:
         91:8f:6c:26:d7:8d:43:77:2b:61:c7:e9:36:a5:e7:0c:cc:ac:
         5e:0a:52:93:f7:a3:55:47:f9:df:00:44:86:67:e9:32:de:85:
         52:db:62:83:17:a6:4e:d0:06:3e:37:ed:7d:a2:7e:f0:3b:1b:
         3b:af:b5:be:92:8e:80:95:38:45:53:38:4a:e8:df:80:ad:6d:
         f9:bf:22:b5:0e:30:13:1f:fa:c4:97:09:a8:c1:89:f4:c7:03:
         d3:75:fe:0c:64:48:2c:ef:3a:72:11:f7:79:d8:19:d6:18:45:
         fe:47:fa:0a:99:59:b6:73:81:45:7c:50:b9:46:61:7c:72:39:
         4e:b0:cb:ef:ba:67:ea:c7:e9:02:c1:09:a5:c0:a1:5c:db:ca:
         8b:b6:9e:78:32:7a:9b:ce:d9:6f:1e:bf:f6:36:01:b5:04:2d:
         f5:75:58:c5:4d:7c:ef:d3:a4:09:c1:99:db:e9:f6:08:97:0f:
         56:43:3a:3d:6e:b1:0d:53:85:0f:98:97:44:90:40:c8:5c:fa:
         b0:29:07:04:09:2a:01:f0:51:9b:13:79:60:13:28:ef:5c:a4:
         59:c4:b9:40
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZk9LcwnIz2B7AiWxuwyR3ldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjUwOTEyMDkwNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDg0YTVlNTQ5MzBlMTg0MDkyYjQxZmE2ODE0NGQzMTUxZTg1MDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0QF+LqL7Dy+dpw0zTQG4Lmes+Dj
Ze6krIr5APfFCTWOAkfapBGvudtOH3kdReiO4GyJ9V/5COG2yQ4UpRgXwugLhRWd
+RV4KmzqTexG97eQbZRim/c4xT1sxcBXySfBMllE42NoQoJgTyDMKLaZpuPgIgpu
YLr4M7tkTmZsSeaAKL6j5u7K8SrY18COAckSMQdF0aOAwVd7j7UNR7jLUXWbpYrl
lBD6Rc6zFKc4DzPeKBl8LE/0/9xqqBGGbQCBHofAw3BIoK2M2ydtc51dT7vNutQS
WKytDGzaQXq+0/KhN++d3OCgU+MJYrQU5PdfJ6eb8TXBQ9ydJvvz+5rj7QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHSEpeVJMOGECStB+mgUTTFR6FB2MB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvZElTbDVVa3c0WVFKSzBINmFCUk5NVkhvVUhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgeBRQAw
DQYJKoZIhvcNAQELBQADggEBALvD+Yf/iox9ksBA8d59d08TdF2iVD6qceHnHsb8
QUSiTr9qvZGPbCbXjUN3K2HH6Tal5wzMrF4KUpP3o1VH+d8ARIZn6TLehVLbYoMX
pk7QBj437X2ifvA7Gzuvtb6SjoCVOEVTOEro34Ctbfm/IrUOMBMf+sSXCajBifTH
A9N1/gxkSCzvOnIR93nYGdYYRf5H+gqZWbZzgUV8ULlGYXxyOU6wy++6Z+rH6QLB
CaXAoVzbyou2nngyepvO2W8ev/Y2AbUELfV1WMVNfO/TpAnBmdvp9giXD1ZDOj1u
sQ1ThQ+Yl0SQQMhc+rApBwQJKgHwUZsTeWATKO9cpFnEuUA=
-----END CERTIFICATE-----