Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/8ddhy9tWwbdT6YuDfe5AyBAl9Co.roa
File:                     8ddhy9tWwbdT6YuDfe5AyBAl9Co.roa (raw, json)
Hash identifier:          pZrOoiqX4rIC6PbaxG1zUT8RGSfoW+lq0tcfCxkDkAQ=
Subject key identifier:   F1:D7:61:CB:DB:56:C1:B7:53:E9:8B:83:7D:EE:40:C8:10:25:F4:2A
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       01997C9CA1C44504306ADBADBE0101EA8AE3
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/8ddhy9tWwbdT6YuDfe5AyBAl9Co.roa
Signing time:             Wed 24 Sep 2025 16:44:23 +0000
ROA not before:           Wed 24 Sep 2025 16:44:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29182
IP address blocks:        2a0e:4346::/32 maxlen: 32
                          2a11:34c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7c:9c:a1:c4:45:04:30:6a:db:ad:be:01:01:ea:8a:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Sep 24 16:44:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1d761cbdb56c1b753e98b837dee40c81025f42a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1b:04:ff:46:f4:f7:21:0b:0e:48:22:24:e7:
                    a4:b5:9a:90:39:25:19:d1:4f:2d:5b:22:55:c6:b4:
                    95:9a:bb:ab:72:86:a7:f4:5c:7b:5e:4d:1d:e2:01:
                    31:57:6a:5a:9e:ec:9a:76:06:b3:78:1f:7f:28:bb:
                    ef:f2:89:54:d0:26:88:e7:f3:c4:0a:39:6a:6a:bc:
                    cd:00:95:95:42:05:09:67:74:c8:6d:ee:c1:53:f1:
                    e0:0e:29:68:da:34:6b:87:66:1e:06:b9:6d:93:e1:
                    b8:7f:3d:b3:e8:e8:4d:f0:00:a0:1c:04:7e:a8:72:
                    97:76:f0:3c:7b:ab:3f:fe:e4:b3:cf:1c:23:4a:51:
                    b3:7a:71:7a:92:0b:26:00:f2:eb:6d:bf:7e:01:77:
                    03:4d:fb:61:e4:db:c4:3e:9b:35:a5:73:5e:c5:65:
                    e9:72:46:76:5c:0f:f0:d2:56:77:13:c7:0e:98:b4:
                    3d:6b:34:95:dc:e1:ec:41:b2:30:ce:79:d1:d7:b4:
                    fa:e8:87:a2:2c:ab:2e:c3:ca:6b:b2:74:f5:e7:7f:
                    79:23:82:ce:c8:cc:20:9b:96:64:ac:03:00:5c:80:
                    fb:76:d1:c1:6b:c5:34:18:0a:f6:33:12:28:ae:ed:
                    d4:88:77:cc:c7:66:9f:90:2b:a9:b6:2c:f7:86:4b:
                    c6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D7:61:CB:DB:56:C1:B7:53:E9:8B:83:7D:EE:40:C8:10:25:F4:2A
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/8ddhy9tWwbdT6YuDfe5AyBAl9Co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4346::/32
                  2a11:34c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:69:cb:1e:f0:8d:e7:10:be:d1:21:12:c5:f9:9f:8b:a3:93:
         69:40:eb:ee:22:90:c0:d6:06:02:8f:18:d2:b7:94:f8:6a:71:
         1b:b8:04:82:54:07:73:d8:77:d1:15:e6:d8:3d:85:e5:5e:76:
         cc:16:3a:d8:98:84:77:65:df:b0:be:58:20:02:0f:c9:da:1c:
         82:ce:01:c9:59:35:73:25:10:5a:d3:aa:59:78:9a:25:07:88:
         45:61:54:de:68:56:f9:e7:fa:45:3a:f7:e4:6b:7c:7b:8f:4f:
         d9:24:f5:11:ff:a7:15:42:22:b8:1a:04:cf:e8:30:d5:74:d4:
         d8:b6:a1:f0:97:36:85:cf:0b:a8:ae:1e:89:f5:fe:67:a6:8b:
         22:0f:26:90:2c:e0:02:6f:c2:3e:e3:55:f3:c5:ac:44:48:26:
         18:56:00:99:e2:44:e1:f1:99:69:e3:91:ca:4e:0b:3e:d4:d1:
         8a:86:81:05:6a:d2:ab:76:ee:ba:f2:ad:19:dc:7d:b4:1e:a3:
         03:1c:f0:c6:df:ba:60:97:08:d0:b3:85:5d:71:37:9c:99:fa:
         ac:55:49:e1:53:9a:b0:69:a4:7e:d8:c1:ba:a8:7b:b1:81:61:
         77:e8:6e:0e:8c:f5:51:91:84:10:de:d8:ba:de:31:7f:5a:87:
         c6:dd:51:f3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZl8nKHERQQwatutvgEB6orjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwOTI0MTY0NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ3NjFjYmRiNTZjMWI3NTNlOThiODM3ZGVlNDBjODEwMjVmNDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshsE/0b09yELDkgiJOektZqQOSUZ
0U8tWyJVxrSVmrurcoan9Fx7Xk0d4gExV2panuyadgazeB9/KLvv8olU0CaI5/PE
CjlqarzNAJWVQgUJZ3TIbe7BU/HgDilo2jRrh2YeBrltk+G4fz2z6OhN8ACgHAR+
qHKXdvA8e6s//uSzzxwjSlGzenF6kgsmAPLrbb9+AXcDTfth5NvEPps1pXNexWXp
ckZ2XA/w0lZ3E8cOmLQ9azSV3OHsQbIwznnR17T66IeiLKsuw8prsnT15395I4LO
yMwgm5ZkrAMAXID7dtHBa8U0GAr2MxIoru3UiHfMx2afkCuptiz3hkvG9QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPHXYcvbVsG3U+mLg33uQMgQJfQqMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvOGRkaHk5dFd3YmRUNll1RGZlNUF5QkFsOUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg5DRgMF
ACoRNMEwDQYJKoZIhvcNAQELBQADggEBAG5pyx7wjecQvtEhEsX5n4ujk2lA6+4i
kMDWBgKPGNK3lPhqcRu4BIJUB3PYd9EV5tg9heVedswWOtiYhHdl37C+WCACD8na
HILOAclZNXMlEFrTqll4miUHiEVhVN5oVvnn+kU69+RrfHuPT9kk9RH/pxVCIrga
BM/oMNV01Ni2ofCXNoXPC6iuHon1/memiyIPJpAs4AJvwj7jVfPFrERIJhhWAJni
ROHxmWnjkcpOCz7U0YqGgQVq0qt27rryrRncfbQeowMc8MbfumCXCNCzhV1xN5yZ
+qxVSeFTmrBppH7Ywbqoe7GBYXfobg6M9VGRhBDe2LreMX9ah8bdUfM=
-----END CERTIFICATE-----