Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/LiN69B1lhmOfo40riGSuT3aEj4g.roa
File:                     LiN69B1lhmOfo40riGSuT3aEj4g.roa (raw, json)
Hash identifier:          dNm+My2Zs740z/F7j4HH9LWQapRmukRBAV/S0JwKyBE=
Subject key identifier:   2E:23:7A:F4:1D:65:86:63:9F:A3:8D:2B:88:64:AE:4F:76:84:8F:88
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0198A2B67ADA94015DBB169AF228C44ED9DD
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/LiN69B1lhmOfo40riGSuT3aEj4g.roa
Signing time:             Wed 13 Aug 2025 09:15:24 +0000
ROA not before:           Wed 13 Aug 2025 09:15:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a11:b682::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:b6:7a:da:94:01:5d:bb:16:9a:f2:28:c4:4e:d9:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Aug 13 09:15:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e237af41d6586639fa38d2b8864ae4f76848f88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c4:b9:6a:8c:1f:89:c5:65:d1:71:a5:3b:fb:
                    2f:9b:a1:95:75:42:c0:e0:50:90:d2:e7:97:eb:ce:
                    95:57:63:39:e3:f9:56:ab:92:c2:b5:83:52:88:3f:
                    4e:ba:68:5c:67:76:49:6f:8d:2d:fa:a3:1b:c3:9a:
                    fa:22:79:72:07:b0:fb:69:15:8f:0c:77:08:db:ad:
                    71:39:00:66:14:18:34:d4:b4:91:c3:96:cb:ea:56:
                    f4:f4:e8:4f:01:fc:2d:d8:68:aa:2c:9a:b0:24:e4:
                    90:59:10:76:33:0a:7f:62:3f:14:37:42:59:8d:dc:
                    c0:c0:db:59:a9:80:53:29:3c:f2:0e:aa:2a:49:45:
                    a9:2d:49:f1:f8:f8:89:aa:67:5a:24:7c:51:d8:c8:
                    1c:36:ba:7a:4f:bf:30:53:6a:cc:20:78:21:ef:e3:
                    de:04:c9:2e:48:c6:84:11:58:70:8f:83:0c:2d:b5:
                    cd:20:1a:ef:8a:70:03:08:93:43:d3:c0:d6:d3:55:
                    34:94:19:68:88:db:8f:be:42:ed:e1:25:87:3b:94:
                    cb:53:16:82:e8:f2:63:f4:6a:50:ea:e5:82:81:1c:
                    1c:13:9f:3d:03:b6:f0:59:a8:8c:a8:16:7a:a7:66:
                    0f:35:50:4a:77:63:82:fa:a0:0a:28:fe:82:5c:48:
                    01:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:23:7A:F4:1D:65:86:63:9F:A3:8D:2B:88:64:AE:4F:76:84:8F:88
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/LiN69B1lhmOfo40riGSuT3aEj4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:b682::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:fc:fb:cd:7f:3a:eb:16:f9:f6:7e:d1:d3:94:7a:1f:42:3e:
         21:1d:b9:99:fd:0b:d9:c6:33:00:4d:ce:c3:b7:69:d3:74:a4:
         2d:20:a7:43:54:94:be:0f:3a:33:95:ce:68:89:11:55:c2:a4:
         a2:eb:af:24:62:18:e3:0c:e8:36:91:07:5e:22:33:25:03:47:
         45:97:c2:06:14:30:fd:d3:6a:c9:20:e3:9f:24:42:ef:90:61:
         00:d8:05:4f:e6:d7:14:83:1a:f1:fc:4d:3c:0b:f4:76:0f:30:
         fa:b9:39:f1:e3:09:62:a4:cf:fa:cb:fc:5e:bf:e6:05:5a:00:
         d6:d0:d7:94:90:bb:02:9b:d4:e3:15:26:e1:06:95:bf:f3:63:
         71:2d:4f:c1:67:85:90:13:4c:83:b5:4d:1c:bc:15:60:81:71:
         c2:ca:31:a0:b4:dd:c7:25:ec:b0:1f:5e:92:ad:b8:96:e4:78:
         a8:63:c8:cc:8b:32:22:14:da:b3:b3:65:89:18:15:25:5a:0f:
         6f:97:37:46:a6:1a:77:c5:96:aa:02:88:28:f7:9e:3e:dd:81:
         d4:b0:f9:5d:10:ad:17:6b:a5:44:2c:6b:73:77:a6:e5:8e:ba:
         27:41:0a:e8:5b:ee:89:78:d2:d9:bd:ec:99:fb:27:97:8e:64:
         e7:37:50:d3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZiitnralAFduxaa8ijETtndMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwODEzMDkxNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTIzN2FmNDFkNjU4NjYzOWZhMzhkMmI4ODY0YWU0Zjc2ODQ4Zjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcS5aowficVl0XGlO/svm6GVdULA
4FCQ0ueX686VV2M54/lWq5LCtYNSiD9OumhcZ3ZJb40t+qMbw5r6InlyB7D7aRWP
DHcI261xOQBmFBg01LSRw5bL6lb09OhPAfwt2GiqLJqwJOSQWRB2Mwp/Yj8UN0JZ
jdzAwNtZqYBTKTzyDqoqSUWpLUnx+PiJqmdaJHxR2MgcNrp6T78wU2rMIHgh7+Pe
BMkuSMaEEVhwj4MMLbXNIBrvinADCJND08DW01U0lBloiNuPvkLt4SWHO5TLUxaC
6PJj9GpQ6uWCgRwcE589A7bwWaiMqBZ6p2YPNVBKd2OC+qAKKP6CXEgB0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFC4jevQdZYZjn6ONK4hkrk92hI+IMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvTGlONjlCMWxobU9mbzQwcmlHU3VUM2FFajRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhG2gjAN
BgkqhkiG9w0BAQsFAAOCAQEAC/z7zX866xb59n7R05R6H0I+IR25mf0L2cYzAE3O
w7dp03SkLSCnQ1SUvg86M5XOaIkRVcKkouuvJGIY4wzoNpEHXiIzJQNHRZfCBhQw
/dNqySDjnyRC75BhANgFT+bXFIMa8fxNPAv0dg8w+rk58eMJYqTP+sv8Xr/mBVoA
1tDXlJC7ApvU4xUm4QaVv/NjcS1PwWeFkBNMg7VNHLwVYIFxwsoxoLTdxyXssB9e
kq24luR4qGPIzIsyIhTas7NliRgVJVoPb5c3RqYad8WWqgKIKPeePt2B1LD5XRCt
F2ulRCxrc3em5Y66J0EK6FvuiXjS2b3smfsnl45k5zdQ0w==
-----END CERTIFICATE-----