Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/3LvafaHdOiY4sxoLX_gmBxqLmUE.roa
File:                     3LvafaHdOiY4sxoLX_gmBxqLmUE.roa (raw, json)
Hash identifier:          24ccmV+MNSGljhh423pCK03UEmX0iXEO3FcUYbtEFlg=
Subject key identifier:   DC:BB:DA:7D:A1:DD:3A:26:38:B3:1A:0B:5F:F8:26:07:1A:8B:99:41
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0199DF073F926C5CBB9545A68BE55DF58CC3
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/3LvafaHdOiY4sxoLX_gmBxqLmUE.roa
Signing time:             Mon 13 Oct 2025 19:23:38 +0000
ROA not before:           Mon 13 Oct 2025 19:23:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205828
IP address blocks:        2a09:7e00::/29 maxlen: 29
                          2a11:1380::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:df:07:3f:92:6c:5c:bb:95:45:a6:8b:e5:5d:f5:8c:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Oct 13 19:23:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcbbda7da1dd3a2638b31a0b5ff826071a8b9941
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:79:32:c9:8c:26:8b:08:08:de:46:4e:76:12:
                    e5:07:d5:ee:aa:ff:49:1d:dd:da:58:56:c9:59:c9:
                    36:de:4e:6c:cb:bf:ef:8a:75:20:20:99:82:a4:4b:
                    ef:66:6d:c5:9a:c7:f4:d1:37:1a:6f:ba:71:e1:13:
                    ab:b2:d8:00:7c:b6:a5:d5:90:98:37:f4:3f:04:ce:
                    ab:9a:d1:b1:36:36:c1:9e:59:0f:98:b3:c9:b4:ac:
                    0b:61:8c:f0:0e:28:1d:18:0e:29:4f:0d:aa:a4:b6:
                    25:e3:30:df:fb:24:65:1e:59:75:fe:74:09:d2:41:
                    13:3d:da:da:79:85:f4:7e:71:16:3f:95:b9:d9:f3:
                    63:ca:ef:80:ff:84:80:a2:ae:dd:04:88:fd:ca:fc:
                    64:f5:5b:3d:28:30:c7:82:fa:48:c8:09:32:cb:ba:
                    f6:97:fc:0a:f0:cc:01:d3:ee:af:79:29:55:c5:9d:
                    55:a7:a1:33:b9:90:d9:e5:1c:6a:59:6f:28:8b:ca:
                    be:2f:72:6d:3c:f6:81:dd:d8:64:97:06:74:c9:0c:
                    32:71:f8:83:7c:f4:d4:e0:7e:41:18:03:df:0b:f9:
                    22:35:0a:f3:fc:21:0c:cd:36:f1:2b:ea:c4:42:ba:
                    8d:04:83:78:57:ab:02:f9:c1:89:f7:a2:6f:1e:61:
                    41:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BB:DA:7D:A1:DD:3A:26:38:B3:1A:0B:5F:F8:26:07:1A:8B:99:41
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/3LvafaHdOiY4sxoLX_gmBxqLmUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7e00::/29
                  2a11:1380::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:ac:61:b3:2e:d6:7e:48:1a:c9:81:4d:33:a6:27:46:8c:cf:
         4e:41:9a:fa:aa:3c:c3:c1:ef:83:39:fa:48:10:67:27:b9:2e:
         30:a8:3f:5e:a2:d7:c1:1d:ca:f6:f4:74:e4:e9:82:1c:53:3d:
         e4:b8:06:ec:bd:2b:e2:86:1e:82:02:b9:82:a6:cf:95:95:28:
         a9:62:1c:08:64:7f:02:ac:ac:26:26:12:6d:3c:2a:49:0d:43:
         2d:b6:e6:00:90:71:ee:6f:3f:7d:e3:54:df:9a:e2:ef:ee:d5:
         66:0f:4d:45:46:71:b3:0a:da:ac:b0:f8:fd:55:64:68:3d:b6:
         64:2c:29:98:3c:58:76:89:81:53:f2:43:fe:e3:cb:ab:0f:2a:
         ed:f5:61:0a:29:db:02:4e:dd:b9:70:b7:4f:86:e2:68:d3:0c:
         76:98:e1:65:64:77:82:47:56:47:0c:d5:ad:92:ee:9b:88:cf:
         38:f9:3c:90:ca:1e:ea:65:03:38:23:ca:f4:79:88:9b:0f:ca:
         33:8e:96:e1:34:ff:76:ed:68:de:af:10:46:34:4d:9d:56:94:
         98:f1:96:74:00:ec:f5:46:38:c5:e5:53:af:d7:19:33:08:f6:
         b8:44:89:6f:8a:38:c3:e4:72:e3:f3:75:d1:c8:5c:4e:f5:19:
         b6:cf:d8:f3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZnfBz+SbFy7lUWmi+Vd9YzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUxMDEzMTkyMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2JiZGE3ZGExZGQzYTI2MzhiMzFhMGI1ZmY4MjYwNzFhOGI5OTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3kyyYwmiwgI3kZOdhLlB9Xuqv9J
Hd3aWFbJWck23k5sy7/vinUgIJmCpEvvZm3Fmsf00Tcab7px4ROrstgAfLal1ZCY
N/Q/BM6rmtGxNjbBnlkPmLPJtKwLYYzwDigdGA4pTw2qpLYl4zDf+yRlHll1/nQJ
0kETPdraeYX0fnEWP5W52fNjyu+A/4SAoq7dBIj9yvxk9Vs9KDDHgvpIyAkyy7r2
l/wK8MwB0+6veSlVxZ1Vp6EzuZDZ5RxqWW8oi8q+L3JtPPaB3dhklwZ0yQwycfiD
fPTU4H5BGAPfC/kiNQrz/CEMzTbxK+rEQrqNBIN4V6sC+cGJ96JvHmFB8wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNy72n2h3TomOLMaC1/4Jgcai5lBMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvM0x2YWZhSGRPaVk0c3hvTFhfZ21CeHFMbVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgl+AAMF
AyoRE4AwDQYJKoZIhvcNAQELBQADggEBAGqsYbMu1n5IGsmBTTOmJ0aMz05Bmvqq
PMPB74M5+kgQZye5LjCoP16i18Edyvb0dOTpghxTPeS4Buy9K+KGHoICuYKmz5WV
KKliHAhkfwKsrCYmEm08KkkNQy225gCQce5vP33jVN+a4u/u1WYPTUVGcbMK2qyw
+P1VZGg9tmQsKZg8WHaJgVPyQ/7jy6sPKu31YQop2wJO3blwt0+G4mjTDHaY4WVk
d4JHVkcM1a2S7puIzzj5PJDKHuplAzgjyvR5iJsPyjOOluE0/3btaN6vEEY0TZ1W
lJjxlnQA7PVGOMXlU6/XGTMI9rhEiW+KOMPkcuPzddHIXE71GbbP2PM=
-----END CERTIFICATE-----