Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/L_uBncq6JPrhD07DEJ6xBAuvmUM.roa
File:                     L_uBncq6JPrhD07DEJ6xBAuvmUM.roa (raw, json)
Hash identifier:          7oHQZcP91VAepicxLsrLYdifXbG7hBNRiCty5f4IKcc=
Subject key identifier:   2F:FB:81:9D:CA:BA:24:FA:E1:0F:4E:C3:10:9E:B1:04:0B:AF:99:43
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       0198A2B67B928575E21295AEE0F2EC17D6E1
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/L_uBncq6JPrhD07DEJ6xBAuvmUM.roa
Signing time:             Wed 13 Aug 2025 09:15:24 +0000
ROA not before:           Wed 13 Aug 2025 09:15:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a11:b785::/32 maxlen: 32
                          2a12:4c06::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:b6:7b:92:85:75:e2:12:95:ae:e0:f2:ec:17:d6:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Aug 13 09:15:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ffb819dcaba24fae10f4ec3109eb1040baf9943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:24:8a:56:a4:d5:ba:8d:c1:57:a7:96:86:86:
                    30:f1:aa:50:ed:9c:4c:ab:74:53:07:95:c2:3b:e6:
                    ee:57:2d:63:eb:6f:16:87:e0:cc:1b:ce:f7:af:6b:
                    b2:30:99:38:4f:3e:bd:23:8e:f7:68:94:89:c4:71:
                    f8:79:84:1c:2e:42:ea:0d:3c:64:6e:98:f5:9f:62:
                    b0:cf:0a:5e:72:c4:b9:1f:31:b0:54:6a:86:3f:9b:
                    54:37:c2:a9:6f:72:ca:03:3a:68:23:04:33:6f:81:
                    76:8b:f2:74:17:ae:31:21:dc:3f:8c:02:06:b4:ed:
                    05:dd:b8:c8:4a:c5:e8:7f:4e:d6:b7:81:46:f4:e8:
                    7f:84:e1:85:53:e2:1b:ee:24:77:d8:ee:b4:78:fb:
                    d2:c3:e8:a2:ee:5f:42:4b:5b:3d:39:37:0f:e7:5d:
                    2d:61:f7:1d:fe:a4:33:9e:29:13:04:b2:73:b9:69:
                    4e:c0:d6:b5:74:ee:6f:ef:96:07:1f:2b:07:95:75:
                    27:2e:7e:73:43:23:e6:86:f2:77:96:06:9b:aa:40:
                    e3:7d:d2:0d:60:2a:94:a8:44:bd:69:04:1d:bb:85:
                    0e:ae:bf:09:2d:77:e8:40:69:f6:87:48:8d:cb:85:
                    40:02:71:8c:2b:1a:a2:73:a3:0d:91:e7:6e:d4:9a:
                    31:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:FB:81:9D:CA:BA:24:FA:E1:0F:4E:C3:10:9E:B1:04:0B:AF:99:43
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/L_uBncq6JPrhD07DEJ6xBAuvmUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:b785::/32
                  2a12:4c06::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:eb:65:ee:62:eb:31:a8:88:6d:25:55:bc:a5:5b:d7:dd:5a:
         4d:b9:d7:40:d8:de:48:28:93:c2:31:d8:8f:1c:5b:76:3c:f9:
         9b:56:3e:39:49:84:36:c2:4a:55:d4:03:a7:92:0b:03:74:65:
         9a:70:6b:02:a1:ca:84:ef:d0:09:fd:c4:62:39:80:18:48:fb:
         b6:16:99:d6:41:ed:fb:3f:c8:69:d2:28:e2:c1:3a:0b:8a:97:
         5e:fa:c1:6e:6b:af:c0:df:91:76:35:d7:33:7c:b3:3a:94:94:
         d5:94:a6:be:ae:72:e3:d1:3c:9b:8e:b7:5f:e0:d1:01:55:8b:
         14:d0:70:25:cd:d5:60:cf:af:6a:8d:71:ef:46:6a:6a:13:26:
         7a:75:dd:16:65:87:f2:2d:60:cf:fa:a2:e6:1e:33:d5:cc:7d:
         f6:77:81:ce:bd:45:d0:68:d3:2a:a3:e1:22:44:14:ff:f9:51:
         e5:40:33:ed:89:8e:dc:f4:23:95:ff:55:9b:34:69:95:9e:a3:
         d2:0c:f9:08:d6:f0:9a:bf:2b:c4:45:fa:63:3b:d4:3e:3e:9c:
         dc:27:91:85:51:ce:dd:ad:06:83:b4:85:6d:de:68:99:e5:5f:
         8d:4f:f9:3e:e2:f4:3a:a3:16:5e:f9:fa:f1:40:2e:60:ce:f5:
         b3:55:f5:4c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZiitnuShXXiEpWu4PLsF9bhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwODEzMDkxNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmZiODE5ZGNhYmEyNGZhZTEwZjRlYzMxMDllYjEwNDBiYWY5OTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2iSKVqTVuo3BV6eWhoYw8apQ7ZxM
q3RTB5XCO+buVy1j628Wh+DMG873r2uyMJk4Tz69I473aJSJxHH4eYQcLkLqDTxk
bpj1n2KwzwpecsS5HzGwVGqGP5tUN8Kpb3LKAzpoIwQzb4F2i/J0F64xIdw/jAIG
tO0F3bjISsXof07Wt4FG9Oh/hOGFU+Ib7iR32O60ePvSw+ii7l9CS1s9OTcP510t
Yfcd/qQznikTBLJzuWlOwNa1dO5v75YHHysHlXUnLn5zQyPmhvJ3lgabqkDjfdIN
YCqUqES9aQQdu4UOrr8JLXfoQGn2h0iNy4VAAnGMKxqic6MNkedu1JoxJwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC/7gZ3KuiT64Q9OwxCesQQLr5lDMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvTF91Qm5jcTZKUHJoRDA3REVKNnhCQXV2bVVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhG3hQMF
ACoSTAYwDQYJKoZIhvcNAQELBQADggEBAHPrZe5i6zGoiG0lVbylW9fdWk2510DY
3kgok8Ix2I8cW3Y8+ZtWPjlJhDbCSlXUA6eSCwN0ZZpwawKhyoTv0An9xGI5gBhI
+7YWmdZB7fs/yGnSKOLBOguKl176wW5rr8DfkXY11zN8szqUlNWUpr6ucuPRPJuO
t1/g0QFVixTQcCXN1WDPr2qNce9GamoTJnp13RZlh/ItYM/6ouYeM9XMffZ3gc69
RdBo0yqj4SJEFP/5UeVAM+2Jjtz0I5X/VZs0aZWeo9IM+QjW8Jq/K8RF+mM71D4+
nNwnkYVRzt2tBoO0hW3eaJnlX41P+T7i9DqjFl75+vFALmDO9bNV9Uw=
-----END CERTIFICATE-----