Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/CMjm3mT93yGkp8LUoyzkdQ6l3EE.roa
File:                     CMjm3mT93yGkp8LUoyzkdQ6l3EE.roa (raw, json)
Hash identifier:          TkauNWMtnY8DBb4v5VsfB1yBCMV9bCsSOJxWA8/FXoo=
Subject key identifier:   08:C8:E6:DE:64:FD:DF:21:A4:A7:C2:D4:A3:2C:E4:75:0E:A5:DC:41
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       0197A8B6D0453AB58860FFA30366A8EBCB2D
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/CMjm3mT93yGkp8LUoyzkdQ6l3EE.roa
Signing time:             Wed 25 Jun 2025 20:10:42 +0000
ROA not before:           Wed 25 Jun 2025 20:10:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10099
IP address blocks:        2a04:ac03::/64 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a8:b6:d0:45:3a:b5:88:60:ff:a3:03:66:a8:eb:cb:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jun 25 20:10:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08c8e6de64fddf21a4a7c2d4a32ce4750ea5dc41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:88:6f:51:98:3f:e1:b1:9a:5c:57:04:43:ae:
                    bf:9e:c9:27:f4:ce:2a:77:aa:0e:5b:62:54:a1:dd:
                    70:a0:bf:13:90:67:b6:a0:df:09:8a:e6:94:80:b5:
                    44:b3:92:33:dd:60:ae:b5:3e:80:d4:ff:5e:e9:d6:
                    f6:55:d3:86:c2:11:11:93:c0:03:4a:e8:33:20:f5:
                    29:e4:dd:f0:b4:ac:43:ed:4b:ad:4a:d3:ee:ea:f3:
                    0c:dc:85:9b:a0:d8:d6:1d:48:01:70:06:05:1f:fc:
                    22:7e:54:02:96:8f:04:d5:fb:14:4c:18:02:1e:de:
                    b1:3a:dd:d4:5a:90:74:be:a4:9d:3f:eb:1f:9c:df:
                    0d:e4:e2:04:b5:73:8e:16:1e:99:a4:d2:43:4d:c9:
                    3f:e6:f4:d5:31:ee:90:fb:fd:90:91:50:df:59:3e:
                    d7:12:89:c9:d2:51:ca:5f:81:61:d7:f5:9e:17:ad:
                    50:c5:cd:ac:fd:5b:de:19:6a:d3:41:d6:94:03:97:
                    a0:61:18:4e:03:d2:60:78:d4:4d:21:44:20:2a:de:
                    e8:b7:11:5b:a5:e4:7f:75:ca:46:6c:07:3c:10:24:
                    50:b6:dc:19:a8:f4:b6:11:09:52:21:74:cf:b8:6c:
                    d8:91:89:d6:6b:68:90:0a:37:84:72:10:fa:70:90:
                    b6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:C8:E6:DE:64:FD:DF:21:A4:A7:C2:D4:A3:2C:E4:75:0E:A5:DC:41
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/CMjm3mT93yGkp8LUoyzkdQ6l3EE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ac03::/64

    Signature Algorithm: sha256WithRSAEncryption
         a5:b0:3b:5f:19:4c:10:71:bb:d5:e1:97:71:9f:94:fd:b2:7b:
         f1:a7:ef:60:da:c0:a9:14:20:6d:a5:76:8d:ac:94:4f:0b:62:
         07:42:41:77:7d:13:20:4b:b8:47:97:bc:bd:f1:39:60:a0:0a:
         aa:7c:1b:e2:cb:91:8e:77:df:b8:1b:f1:1c:9b:cd:8e:fb:a3:
         fb:e5:86:c8:4d:12:51:2e:9f:b2:a8:a2:50:e1:b1:f0:f2:17:
         ce:b4:10:0a:d8:c1:30:2d:e3:11:f2:25:9c:2a:a2:3f:3c:04:
         3b:13:16:ce:ed:a5:c7:17:51:76:08:23:d7:2b:8e:8e:93:e6:
         3f:99:39:db:74:59:b8:ec:91:fb:59:d3:fe:b2:0d:2f:e3:c5:
         c0:a8:81:eb:b0:19:59:ad:bc:6f:55:01:d5:fa:3f:b5:ef:4b:
         b2:41:b3:28:9b:bb:3e:c6:46:1a:96:8c:2c:bf:3c:33:f4:c3:
         99:5e:b8:69:12:f8:39:04:7a:97:02:56:39:1a:2b:d0:3d:44:
         81:ac:82:c2:5e:f2:ea:50:51:ca:e3:83:81:62:00:69:d7:f2:
         36:75:3a:75:28:97:09:a3:36:04:17:18:9f:08:f5:96:1b:c0:
         53:5f:14:9a:a7:20:d8:08:9b:6a:fc:e1:10:b1:43:30:84:10:
         fb:73:e4:05
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZeottBFOrWIYP+jA2ao68stMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjUwNjI1MjAxMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGM4ZTZkZTY0ZmRkZjIxYTRhN2MyZDRhMzJjZTQ3NTBlYTVkYzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIhvUZg/4bGaXFcEQ66/nskn9M4q
d6oOW2JUod1woL8TkGe2oN8JiuaUgLVEs5Iz3WCutT6A1P9e6db2VdOGwhERk8AD
SugzIPUp5N3wtKxD7UutStPu6vMM3IWboNjWHUgBcAYFH/wiflQClo8E1fsUTBgC
Ht6xOt3UWpB0vqSdP+sfnN8N5OIEtXOOFh6ZpNJDTck/5vTVMe6Q+/2QkVDfWT7X
EonJ0lHKX4Fh1/WeF61Qxc2s/VveGWrTQdaUA5egYRhOA9JgeNRNIUQgKt7otxFb
peR/dcpGbAc8ECRQttwZqPS2EQlSIXTPuGzYkYnWa2iQCjeEchD6cJC2NwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFAjI5t5k/d8hpKfC1KMs5HUOpdxBMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvQ01qbTNtVDkzeUdrcDhMVW95emtkUTZsM0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAAjALAwkAKgSsAwAA
AAAwDQYJKoZIhvcNAQELBQADggEBAKWwO18ZTBBxu9Xhl3GflP2ye/Gn72DawKkU
IG2ldo2slE8LYgdCQXd9EyBLuEeXvL3xOWCgCqp8G+LLkY5337gb8RybzY77o/vl
hshNElEun7KoolDhsfDyF860EArYwTAt4xHyJZwqoj88BDsTFs7tpccXUXYII9cr
jo6T5j+ZOdt0WbjskftZ0/6yDS/jxcCogeuwGVmtvG9VAdX6P7XvS7JBsyibuz7G
RhqWjCy/PDP0w5leuGkS+DkEepcCVjkaK9A9RIGsgsJe8upQUcrjg4FiAGnX8jZ1
OnUolwmjNgQXGJ8I9ZYbwFNfFJqnINgIm2r84RCxQzCEEPtz5AU=
-----END CERTIFICATE-----