Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/zoJKKU_UCg8-ktBxKw-bCEDck7o.roa
File:                     zoJKKU_UCg8-ktBxKw-bCEDck7o.roa (raw, json)
Hash identifier:          t/HhL8JHqN2l/JgR0XHogWXqUI0o5odIjuYe4hIp5ME=
Subject key identifier:   CE:82:4A:29:4F:D4:0A:0F:3E:92:D0:71:2B:0F:9B:08:40:DC:93:BA
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       0198D349C694651A9B191AB15E5A7DB83A4C
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/zoJKKU_UCg8-ktBxKw-bCEDck7o.roa
Signing time:             Fri 22 Aug 2025 19:38:04 +0000
ROA not before:           Fri 22 Aug 2025 19:38:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        2a11:c447::/32 maxlen: 32
                          2a12:3ac4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 04:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d3:49:c6:94:65:1a:9b:19:1a:b1:5e:5a:7d:b8:3a:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Aug 22 19:38:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce824a294fd40a0f3e92d0712b0f9b0840dc93ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3d:b2:65:69:1c:a0:ea:7c:db:30:9d:78:18:
                    ab:b1:8e:ee:7a:e1:ef:e2:5f:f3:b9:08:f3:19:50:
                    7b:2d:e4:b2:04:24:a7:28:9a:1e:25:29:48:42:0e:
                    aa:dc:81:e7:47:c5:8b:c1:37:21:b8:35:0b:e5:5c:
                    49:de:76:fb:ac:01:84:11:0a:8b:19:e6:17:f0:da:
                    73:63:12:d4:f3:28:b5:3e:a9:c8:bb:8f:6f:d4:6c:
                    57:3d:62:88:e0:7c:a6:d0:fc:ff:db:bb:f5:a3:03:
                    62:bc:07:fb:82:18:71:21:a0:99:50:92:9f:f5:42:
                    4a:e3:11:a1:97:95:a9:22:3a:e9:50:37:b9:3b:fb:
                    1d:af:db:60:37:d8:2f:86:ee:4a:1d:5e:4a:29:0e:
                    a2:e9:8f:f5:fe:65:88:2f:9d:8e:0e:d3:ad:96:4b:
                    34:13:e1:d6:49:4c:53:e1:b9:ea:26:9c:cc:b1:73:
                    51:fc:52:c5:46:c9:59:a4:d1:10:c8:86:60:3e:ef:
                    3f:ed:49:82:f1:5c:b7:fd:9b:17:ef:fb:a1:4c:2b:
                    29:e9:d8:58:15:78:88:34:9f:58:ca:34:22:60:ac:
                    8c:66:96:cd:09:72:17:f7:7b:6d:dc:5c:f8:cb:03:
                    43:9c:ff:49:62:2e:fa:40:1b:58:83:5b:3a:d0:26:
                    fa:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:82:4A:29:4F:D4:0A:0F:3E:92:D0:71:2B:0F:9B:08:40:DC:93:BA
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/zoJKKU_UCg8-ktBxKw-bCEDck7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:c447::/32
                  2a12:3ac4::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:26:79:fd:07:ce:0d:84:12:33:f7:fa:95:ac:af:69:29:cd:
         de:5b:0c:42:74:d4:8f:33:17:a2:14:22:be:dc:cc:7c:75:6a:
         57:08:65:55:b5:82:68:7b:98:15:b0:fa:62:cc:20:fd:26:5b:
         22:0f:58:8e:8f:63:f7:f6:07:04:b4:4c:a6:a2:8a:0a:33:6b:
         c3:7f:b2:5f:fa:c0:b2:db:11:59:c6:8f:f8:7d:af:6e:8f:0b:
         a9:f7:8a:6b:88:39:6b:ac:81:79:5b:da:56:23:52:b1:ff:35:
         f5:05:01:2d:4c:b0:03:d0:48:4b:7b:73:0f:98:51:15:67:02:
         e4:eb:ab:65:0f:d1:d5:cc:8a:49:1c:3c:84:cb:48:12:80:f6:
         f0:92:3a:df:de:36:32:e1:a1:e6:27:9c:41:3d:5d:f6:e8:3b:
         e4:c0:f3:64:b0:21:8b:f8:b3:a1:cc:a9:b6:12:b8:93:75:2c:
         32:3e:26:9f:9f:1e:c4:42:2a:95:7c:d9:bf:6c:70:9a:05:ad:
         0e:d8:cf:04:25:d8:16:75:48:f7:d0:ec:ed:c0:ae:e5:fd:eb:
         c8:e8:a0:12:73:f4:61:2d:77:89:86:4c:0b:71:f7:2f:ef:94:
         23:2b:d4:b3:dd:fb:58:dc:44:be:0d:a2:f7:23:64:88:10:cc:
         52:3f:18:a3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZjTScaUZRqbGRqxXlp9uDpMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwODIyMTkzODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTgyNGEyOTRmZDQwYTBmM2U5MmQwNzEyYjBmOWIwODQwZGM5M2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApD2yZWkcoOp82zCdeBirsY7ueuHv
4l/zuQjzGVB7LeSyBCSnKJoeJSlIQg6q3IHnR8WLwTchuDUL5VxJ3nb7rAGEEQqL
GeYX8NpzYxLU8yi1PqnIu49v1GxXPWKI4Hym0Pz/27v1owNivAf7ghhxIaCZUJKf
9UJK4xGhl5WpIjrpUDe5O/sdr9tgN9gvhu5KHV5KKQ6i6Y/1/mWIL52ODtOtlks0
E+HWSUxT4bnqJpzMsXNR/FLFRslZpNEQyIZgPu8/7UmC8Vy3/ZsX7/uhTCsp6dhY
FXiINJ9YyjQiYKyMZpbNCXIX93tt3Fz4ywNDnP9JYi76QBtYg1s60Cb6WwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM6CSilP1AoPPpLQcSsPmwhA3JO6MB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvem9KS0tVX1VDZzgta3RCeEt3LWJDRURjazdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhHERwMF
ACoSOsQwDQYJKoZIhvcNAQELBQADggEBAGAmef0Hzg2EEjP3+pWsr2kpzd5bDEJ0
1I8zF6IUIr7czHx1alcIZVW1gmh7mBWw+mLMIP0mWyIPWI6PY/f2BwS0TKaiigoz
a8N/sl/6wLLbEVnGj/h9r26PC6n3imuIOWusgXlb2lYjUrH/NfUFAS1MsAPQSEt7
cw+YURVnAuTrq2UP0dXMikkcPITLSBKA9vCSOt/eNjLhoeYnnEE9XfboO+TA82Sw
IYv4s6HMqbYSuJN1LDI+Jp+fHsRCKpV82b9scJoFrQ7YzwQl2BZ1SPfQ7O3AruX9
68jooBJz9GEtd4mGTAtx9y/vlCMr1LPd+1jcRL4NovcjZIgQzFI/GKM=
-----END CERTIFICATE-----