Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/9B3oIFGiY8sz4Yr70vZGMy1E1cM.roa
File:                     9B3oIFGiY8sz4Yr70vZGMy1E1cM.roa (raw, json)
Hash identifier:          tCq0Vmn2+JW6GCrr+VO1JikMdVS8aAJkba6PLu5z4q0=
Subject key identifier:   F4:1D:E8:20:51:A2:63:CB:33:E1:8A:FB:D2:F6:46:33:2D:44:D5:C3
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       019687D785606BFF3A3C5F1A15318310F48C
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/9B3oIFGiY8sz4Yr70vZGMy1E1cM.roa
Signing time:             Wed 30 Apr 2025 17:56:10 +0000
ROA not before:           Wed 30 Apr 2025 17:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42375
IP address blocks:        2a11:646::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:87:d7:85:60:6b:ff:3a:3c:5f:1a:15:31:83:10:f4:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Apr 30 17:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f41de82051a263cb33e18afbd2f646332d44d5c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1c:59:6e:fc:43:6c:c1:5b:c1:6c:0f:28:b0:
                    48:ed:38:44:4f:ab:30:b9:f1:0a:bd:c5:03:26:5b:
                    48:18:29:11:7f:fa:99:fd:d8:1f:ce:7e:f7:10:f5:
                    5f:62:6f:e1:16:26:8f:b7:43:74:9a:92:54:e8:7a:
                    ff:bd:23:f6:59:2a:ac:d8:ca:d2:a1:71:8b:74:e8:
                    45:75:3e:5c:aa:e5:67:9c:1b:4c:db:c1:41:22:cf:
                    20:c4:6c:71:08:1f:3f:42:df:59:fe:ce:c7:a8:8e:
                    cb:62:71:dc:8a:ca:20:12:e7:8c:9d:78:57:7f:bc:
                    b4:46:84:32:81:23:41:0f:75:30:4c:81:31:ab:c8:
                    04:9c:1c:5a:22:1e:c5:34:a4:f5:59:0f:ae:40:bf:
                    75:3e:67:7a:f5:45:66:4c:4a:07:ea:b5:d6:58:90:
                    fd:ce:cf:ac:06:b0:de:57:25:a2:15:da:bb:61:ce:
                    c1:37:7d:87:7b:1a:16:a3:11:8f:1a:05:d1:4b:2b:
                    d1:59:e2:b0:80:7a:a8:64:9a:78:da:ad:41:76:ee:
                    d1:ff:1d:1e:2b:e8:6b:43:11:63:15:1d:18:36:b0:
                    f2:30:d5:14:6f:be:e7:c1:87:17:46:9c:60:d3:a7:
                    8b:79:b3:55:28:70:9a:e9:a3:36:96:ba:62:77:76:
                    f7:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:1D:E8:20:51:A2:63:CB:33:E1:8A:FB:D2:F6:46:33:2D:44:D5:C3
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/9B3oIFGiY8sz4Yr70vZGMy1E1cM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:646::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:35:d5:f7:5a:ea:7b:1f:48:5b:42:fa:23:de:9b:96:55:53:
         09:ba:9a:3b:a1:e0:00:52:02:85:8f:7f:58:98:e0:4e:31:cc:
         17:f9:88:3d:f0:0e:3c:7e:6e:8a:6d:fb:9b:ae:7a:68:70:96:
         7f:d9:94:ec:36:4f:6d:42:76:3f:25:19:90:aa:8a:3c:40:01:
         ed:5c:41:47:96:e2:e1:3f:84:06:b7:fd:24:6a:43:a8:65:f6:
         f2:6e:70:05:57:b8:83:40:94:51:35:fe:8d:e7:b8:08:39:d7:
         f2:cc:4c:38:3e:52:c1:61:dd:3d:19:a4:76:99:f2:48:24:ae:
         91:17:32:bb:10:6c:f6:b8:ca:d1:4f:3d:c0:70:d1:38:f7:d8:
         97:09:94:cc:90:75:1a:45:1b:b6:b2:cb:2e:4d:74:9f:4c:b5:
         b3:2b:44:0e:d3:63:60:22:5b:b1:e4:72:0d:c9:ed:1e:44:e5:
         26:89:b1:07:6e:43:dc:fb:f2:45:6b:7b:a7:d3:b5:58:22:f7:
         03:e1:37:cf:4a:6f:27:46:13:20:64:7c:66:04:90:41:5d:33:
         20:a2:02:6a:c3:fc:33:5d:ed:f7:b2:a1:00:c7:a6:b0:1e:ec:
         4e:73:0b:7d:39:00:46:cb:51:fa:44:18:4e:5e:ea:87:b9:cd:
         14:be:fd:b9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZaH14Vga/86PF8aFTGDEPSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNDMwMTc1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDFkZTgyMDUxYTI2M2NiMzNlMThhZmJkMmY2NDYzMzJkNDRkNWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBxZbvxDbMFbwWwPKLBI7ThET6sw
ufEKvcUDJltIGCkRf/qZ/dgfzn73EPVfYm/hFiaPt0N0mpJU6Hr/vSP2WSqs2MrS
oXGLdOhFdT5cquVnnBtM28FBIs8gxGxxCB8/Qt9Z/s7HqI7LYnHcisogEueMnXhX
f7y0RoQygSNBD3UwTIExq8gEnBxaIh7FNKT1WQ+uQL91Pmd69UVmTEoH6rXWWJD9
zs+sBrDeVyWiFdq7Yc7BN32HexoWoxGPGgXRSyvRWeKwgHqoZJp42q1Bdu7R/x0e
K+hrQxFjFR0YNrDyMNUUb77nwYcXRpxg06eLebNVKHCa6aM2lrpid3b3gwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPQd6CBRomPLM+GK+9L2RjMtRNXDMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvOUIzb0lGR2lZOHN6NFlyNzB2WkdNeTFFMWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEGRjAN
BgkqhkiG9w0BAQsFAAOCAQEAHTXV91rqex9IW0L6I96bllVTCbqaO6HgAFIChY9/
WJjgTjHMF/mIPfAOPH5uim37m656aHCWf9mU7DZPbUJ2PyUZkKqKPEAB7VxBR5bi
4T+EBrf9JGpDqGX28m5wBVe4g0CUUTX+jee4CDnX8sxMOD5SwWHdPRmkdpnySCSu
kRcyuxBs9rjK0U89wHDROPfYlwmUzJB1GkUbtrLLLk10n0y1sytEDtNjYCJbseRy
DcntHkTlJomxB25D3PvyRWt7p9O1WCL3A+E3z0pvJ0YTIGR8ZgSQQV0zIKICasP8
M13t97KhAMemsB7sTnMLfTkARstR+kQYTl7qh7nNFL79uQ==
-----END CERTIFICATE-----