Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/OYIoN89zbqPntmraJpgRonWeoa4.roa
File:                     OYIoN89zbqPntmraJpgRonWeoa4.roa (raw, json)
Hash identifier:          msUXAs2ftNoAEVb5ac65VdYNV6D9fQMn4QP7QioVYww=
Subject key identifier:   39:82:28:37:CF:73:6E:A3:E7:B6:6A:DA:26:98:11:A2:75:9E:A1:AE
Certificate issuer:       /CN=5b0329066138bb5564571fc3c29ee953e5c1c7a3
Certificate serial:       0198ADF83F8C335B42F93D8049FA05F06424
Authority key identifier: 5B:03:29:06:61:38:BB:55:64:57:1F:C3:C2:9E:E9:53:E5:C1:C7:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/OYIoN89zbqPntmraJpgRonWeoa4.roa
Signing time:             Fri 15 Aug 2025 13:43:04 +0000
ROA not before:           Fri 15 Aug 2025 13:43:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        2a0a:7740:1::/48 maxlen: 48
                          2a0a:7740:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ad:f8:3f:8c:33:5b:42:f9:3d:80:49:fa:05:f0:64:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b0329066138bb5564571fc3c29ee953e5c1c7a3
        Validity
            Not Before: Aug 15 13:43:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39822837cf736ea3e7b66ada269811a2759ea1ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e0:8d:f2:a8:4a:03:f3:cf:84:0d:24:b9:a0:
                    7c:e3:a4:14:55:d2:ce:37:8b:34:91:b9:c1:bd:ad:
                    56:73:92:8b:48:58:6c:ba:8d:82:97:33:6e:7b:7a:
                    58:e8:c2:6b:3b:27:95:5d:67:fd:9b:58:55:5e:52:
                    77:f3:03:65:04:08:fc:7b:d5:c4:09:5b:fc:49:29:
                    4b:17:f9:6d:cb:f6:80:0f:8b:33:36:2e:78:84:37:
                    7d:1a:a3:a4:b5:47:03:de:f4:7a:ab:fe:e8:76:ff:
                    bf:b3:54:e4:34:69:55:a2:77:fb:5d:c5:f5:08:d4:
                    85:81:69:6d:9c:cd:b7:b7:46:9b:ec:9a:b5:c2:21:
                    2e:33:e2:54:e8:ad:03:64:0e:28:e6:28:c5:1b:81:
                    fa:9d:a5:8b:01:6d:c4:13:e2:08:13:3c:bf:3c:0e:
                    d7:31:b6:7b:70:f7:f2:8e:20:59:18:25:a3:e7:70:
                    7a:cf:71:02:93:8c:91:28:e9:b3:b5:60:b0:5c:e8:
                    f8:4a:fc:93:68:de:20:31:d0:d5:4e:32:20:4b:3d:
                    73:c8:61:ae:0a:6c:f0:e4:d9:f6:21:25:e5:4e:ec:
                    6c:0b:65:9c:7b:a3:ab:c9:b9:be:8a:f5:fa:62:2d:
                    2f:e9:a5:20:57:b3:ea:67:d5:8c:76:9e:e0:75:82:
                    ea:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:82:28:37:CF:73:6E:A3:E7:B6:6A:DA:26:98:11:A2:75:9E:A1:AE
            X509v3 Authority Key Identifier:
                keyid:5B:03:29:06:61:38:BB:55:64:57:1F:C3:C2:9E:E9:53:E5:C1:C7:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/OYIoN89zbqPntmraJpgRonWeoa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:7740:1::-2a0a:7740:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         0c:50:55:b4:6d:db:97:0b:51:54:c0:5d:3e:8f:43:a0:48:13:
         d2:30:0f:1a:58:b5:1d:45:27:98:0e:e4:10:a7:90:ea:8f:52:
         17:5c:6f:68:a4:2a:aa:fe:e2:e0:65:b1:41:2d:1c:3c:68:45:
         a7:e4:39:b5:26:e6:ba:e8:c9:52:b2:0b:56:c9:bc:42:6f:13:
         52:34:a3:70:4d:83:85:de:d2:d5:e6:bd:97:eb:55:0b:6d:f1:
         e9:6e:2f:87:bd:65:08:20:7e:60:37:df:d0:89:f6:78:28:07:
         a0:f9:5c:c9:c8:ab:99:78:a8:66:51:e2:ae:b2:06:a5:cc:c5:
         ae:45:89:79:fc:d7:ca:99:35:82:6b:b0:6f:54:2b:f7:d8:52:
         eb:30:c3:46:59:e6:52:d5:fb:02:a0:34:ad:5d:a9:d3:a4:7c:
         12:3d:70:87:f5:aa:09:85:a2:59:0b:2e:2f:15:0f:35:23:db:
         cb:af:7e:a7:3b:39:54:bf:05:ef:10:8c:3f:d4:82:a8:d2:48:
         01:40:b2:48:e1:90:fa:7f:1f:64:c4:3a:73:b5:cb:ca:55:97:
         60:58:00:ab:d0:b2:3c:c8:8d:ea:18:74:fc:c1:d7:7b:0b:26:
         10:98:ca:75:62:d8:66:95:8c:ab:a4:66:12:fd:55:39:b2:e6:
         67:84:c0:5e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZit+D+MM1tC+T2ASfoF8GQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMDMyOTA2NjEzOGJiNTU2NDU3MWZjM2MyOWVlOTUzZTVj
MWM3YTMwHhcNMjUwODE1MTM0MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTgyMjgzN2NmNzM2ZWEzZTdiNjZhZGEyNjk4MTFhMjc1OWVhMWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeCN8qhKA/PPhA0kuaB846QUVdLO
N4s0kbnBva1Wc5KLSFhsuo2ClzNue3pY6MJrOyeVXWf9m1hVXlJ38wNlBAj8e9XE
CVv8SSlLF/lty/aAD4szNi54hDd9GqOktUcD3vR6q/7odv+/s1TkNGlVonf7XcX1
CNSFgWltnM23t0ab7Jq1wiEuM+JU6K0DZA4o5ijFG4H6naWLAW3EE+IIEzy/PA7X
MbZ7cPfyjiBZGCWj53B6z3ECk4yRKOmztWCwXOj4SvyTaN4gMdDVTjIgSz1zyGGu
Cmzw5Nn2ISXlTuxsC2Wce6Orybm+ivX6Yi0v6aUgV7PqZ9WMdp7gdYLq4wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDmCKDfPc26j57Zq2iaYEaJ1nqGuMB8GA1UdIwQY
MBaAFFsDKQZhOLtVZFcfw8Ke6VPlwcejMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3dNcEJtRTR1MVZrVnhfRHdwN3BVLVhCeDZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC83NzA5NmYtYmI4OS00MTFlLTkwZTAt
MzBjN2YzOWQ4ZTFjLzEvT1lJb044OXpicVBudG1yYUpwZ1Jvbldlb2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC83NzA5NmYtYmI4OS00MTFlLTkwZTAtMzBjN2YzOWQ4ZTFj
LzEvV3dNcEJtRTR1MVZrVnhfRHdwN3BVLVhCeDZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqCndA
AAEDBwAqCndAAAIwDQYJKoZIhvcNAQELBQADggEBAAxQVbRt25cLUVTAXT6PQ6BI
E9IwDxpYtR1FJ5gO5BCnkOqPUhdcb2ikKqr+4uBlsUEtHDxoRafkObUm5rroyVKy
C1bJvEJvE1I0o3BNg4Xe0tXmvZfrVQtt8eluL4e9ZQggfmA339CJ9ngoB6D5XMnI
q5l4qGZR4q6yBqXMxa5FiXn818qZNYJrsG9UK/fYUusww0ZZ5lLV+wKgNK1dqdOk
fBI9cIf1qgmFolkLLi8VDzUj28uvfqc7OVS/Be8QjD/UgqjSSAFAskjhkPp/H2TE
OnO1y8pVl2BYAKvQsjzIjeoYdPzB13sLJhCYynVi2GaVjKukZhL9VTmy5meEwF4=
-----END CERTIFICATE-----