Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/PqzmNej6pUScvh0z29xaqy_btSQ.roa
File:                     PqzmNej6pUScvh0z29xaqy_btSQ.roa (raw, json)
Hash identifier:          pkTG1a9nNnfCx/N/ivlucnV6zBPgMepRfxwW9Sl0Bvs=
Subject key identifier:   3E:AC:E6:35:E8:FA:A5:44:9C:BE:1D:33:DB:DC:5A:AB:2F:DB:B5:24
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0198A055A75851BFDD24B31897B8E177FE20
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/PqzmNej6pUScvh0z29xaqy_btSQ.roa
Signing time:             Tue 12 Aug 2025 22:10:24 +0000
ROA not before:           Tue 12 Aug 2025 22:10:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42375
IP address blocks:        2a11:646::/32 maxlen: 32
                          2a11:4340::/29 maxlen: 29
                          2a11:6340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a0:55:a7:58:51:bf:dd:24:b3:18:97:b8:e1:77:fe:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Aug 12 22:10:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3eace635e8faa5449cbe1d33dbdc5aab2fdbb524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:2d:73:b1:0e:0c:08:a7:cf:5a:22:64:22:3f:
                    e9:15:b2:fe:fc:d4:26:04:ce:55:62:29:c4:72:51:
                    85:5b:14:a8:9e:94:8f:47:a2:07:48:01:76:8c:af:
                    02:08:82:63:1e:8a:3a:2c:a9:e6:2c:b8:06:31:57:
                    db:51:ce:12:c8:ed:7a:c1:89:cf:4d:94:7a:ce:f1:
                    66:1b:aa:96:d2:9a:10:3f:ff:a9:6a:b5:7a:1b:c6:
                    24:9a:e9:e3:37:25:ea:be:90:66:b2:af:1d:a7:a8:
                    40:cc:4e:c2:98:ad:4a:87:5a:06:be:25:d8:25:05:
                    5b:3f:ed:ab:99:d4:6a:7b:36:3c:9a:14:00:ff:58:
                    16:1f:9e:1a:f5:9a:31:36:33:49:d6:bd:d0:39:90:
                    b8:4e:91:2f:d4:e1:b5:f4:d8:85:d3:75:fb:d6:2b:
                    46:53:4b:28:2e:6a:1c:92:99:80:e2:5d:fa:2e:89:
                    7a:68:ce:88:2f:4e:4e:7f:25:ff:35:7a:ba:85:de:
                    b1:1d:56:8f:28:e4:97:14:5e:fb:ae:bb:3c:86:c0:
                    59:75:ff:ff:c6:d4:0d:dd:82:fe:7a:49:6c:50:14:
                    b2:a0:85:51:fa:ac:3e:b2:0f:e4:dc:d0:d0:82:41:
                    1d:97:f3:08:28:76:fb:d6:d3:b4:2f:b7:5d:ff:98:
                    e3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:AC:E6:35:E8:FA:A5:44:9C:BE:1D:33:DB:DC:5A:AB:2F:DB:B5:24
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/PqzmNej6pUScvh0z29xaqy_btSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:646::/32
                  2a11:4340::/29
                  2a11:6340::/29

    Signature Algorithm: sha256WithRSAEncryption
         de:63:c3:3e:aa:84:c2:5a:15:e8:92:ef:ef:25:61:91:2e:63:
         9a:44:29:8e:8b:e1:7d:cd:16:a0:ef:65:e0:fc:57:89:2a:ed:
         0b:1b:a2:7b:86:cd:b0:f9:19:6f:23:5c:81:a2:01:b5:6d:01:
         64:8e:6d:68:d7:d7:c7:45:dc:c1:e0:71:a8:b8:43:e7:06:a8:
         ac:9c:f1:cd:61:42:8a:ba:9c:c1:5c:2e:87:42:a2:cb:40:ee:
         39:57:83:d2:a6:55:34:58:8a:3a:d1:97:82:34:59:28:e0:3c:
         be:71:cd:a5:39:82:de:04:84:55:b9:33:3f:f2:2f:6d:2b:00:
         33:da:a8:82:a2:6c:48:1d:3e:9e:52:44:02:9f:c6:32:a1:45:
         cc:bf:b0:51:fa:07:1f:0d:c5:a2:76:0b:b6:51:c8:12:97:5f:
         07:86:09:8d:ce:73:2d:1e:e0:c3:95:15:fa:93:f5:9c:b8:13:
         9a:e4:51:af:fb:83:57:20:82:75:b8:7e:3f:60:9a:03:2a:af:
         4f:f1:6c:28:90:3c:83:ca:47:d0:9f:1c:ab:8f:4c:57:c0:e4:
         2a:b1:cb:5a:45:c7:65:b0:95:6f:ed:ca:fe:2f:e6:34:01:db:
         bd:ff:31:10:7d:d1:28:f9:a5:fc:6c:08:6a:10:f4:3f:8a:81:
         55:c5:e4:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZigVadYUb/dJLMYl7jhd/4gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwODEyMjIxMDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWFjZTYzNWU4ZmFhNTQ0OWNiZTFkMzNkYmRjNWFhYjJmZGJiNTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzy1zsQ4MCKfPWiJkIj/pFbL+/NQm
BM5VYinEclGFWxSonpSPR6IHSAF2jK8CCIJjHoo6LKnmLLgGMVfbUc4SyO16wYnP
TZR6zvFmG6qW0poQP/+parV6G8YkmunjNyXqvpBmsq8dp6hAzE7CmK1Kh1oGviXY
JQVbP+2rmdRqezY8mhQA/1gWH54a9ZoxNjNJ1r3QOZC4TpEv1OG19NiF03X71itG
U0soLmockpmA4l36Lol6aM6IL05OfyX/NXq6hd6xHVaPKOSXFF77rrs8hsBZdf//
xtQN3YL+eklsUBSyoIVR+qw+sg/k3NDQgkEdl/MIKHb71tO0L7dd/5jjhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD6s5jXo+qVEnL4dM9vcWqsv27UkMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvUHF6bU5lajZwVVNjdmgwejI5eGFxeV9idFNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKhEGRgMF
AyoRQ0ADBQMqEWNAMA0GCSqGSIb3DQEBCwUAA4IBAQDeY8M+qoTCWhXoku/vJWGR
LmOaRCmOi+F9zRag72Xg/FeJKu0LG6J7hs2w+RlvI1yBogG1bQFkjm1o19fHRdzB
4HGouEPnBqisnPHNYUKKupzBXC6HQqLLQO45V4PSplU0WIo60ZeCNFko4Dy+cc2l
OYLeBIRVuTM/8i9tKwAz2qiComxIHT6eUkQCn8YyoUXMv7BR+gcfDcWidgu2UcgS
l18HhgmNznMtHuDDlRX6k/WcuBOa5FGv+4NXIIJ1uH4/YJoDKq9P8WwokDyDykfQ
nxyrj0xXwOQqsctaRcdlsJVv7cr+L+Y0Adu9/zEQfdEo+aX8bAhqEPQ/ioFVxeQM
-----END CERTIFICATE-----