Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/VQ11w3hpyPj64iBdjBQvh3H40IY.roa
File:                     VQ11w3hpyPj64iBdjBQvh3H40IY.roa (raw, json)
Hash identifier:          PEPluvvkxQgJfKGG6MItpXtdaPRghraDjvwTXv4cWlU=
Subject key identifier:   55:0D:75:C3:78:69:C8:F8:FA:E2:20:5D:8C:14:2F:87:71:F8:D0:86
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0199F38AB605719E7F75BDBC399B03F3BFCC
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/VQ11w3hpyPj64iBdjBQvh3H40IY.roa
Signing time:             Fri 17 Oct 2025 18:59:38 +0000
ROA not before:           Fri 17 Oct 2025 18:59:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215330
IP address blocks:        2a0b:7a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f3:8a:b6:05:71:9e:7f:75:bd:bc:39:9b:03:f3:bf:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Oct 17 18:59:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=550d75c37869c8f8fae2205d8c142f8771f8d086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:29:b2:e0:a1:98:c5:b6:eb:8a:bb:4c:a9:10:
                    25:f0:f6:c4:58:81:31:62:2a:9f:a8:91:a0:b9:20:
                    b8:05:38:ce:8b:e5:07:2b:7e:ca:b1:0d:73:80:34:
                    64:1a:0d:e2:d7:09:57:38:7d:78:89:9e:77:6a:cc:
                    0c:b7:f2:59:e4:e1:cf:c2:71:73:1f:b3:d6:3a:78:
                    01:c4:02:fd:8f:55:bc:82:d3:6b:34:a1:ed:20:37:
                    30:11:17:6e:ab:8d:b7:a7:19:07:6b:7f:ce:fd:af:
                    fd:1e:b3:d6:c0:d8:99:d1:1f:de:df:f2:cb:87:b7:
                    17:4f:5a:45:7b:15:1a:b3:92:f5:0d:27:8e:16:54:
                    bf:4b:fe:6c:3c:71:45:6e:8c:16:c1:c4:8c:f8:85:
                    26:0c:ee:1e:11:13:b6:b3:98:bc:95:52:e4:25:17:
                    92:32:2c:48:bd:fb:67:d4:6b:ef:8f:4a:2b:43:e5:
                    7d:14:5a:2b:57:bf:9f:7a:63:4d:80:96:3f:90:09:
                    68:74:5f:eb:3e:e9:83:4f:40:53:a0:27:9a:74:6e:
                    93:bd:0d:1d:30:54:b2:66:43:dd:1a:36:06:9d:eb:
                    88:f2:d9:cb:5f:c9:2e:3b:5d:84:fc:00:ff:32:d2:
                    f3:6b:29:6f:50:13:86:bd:8a:5a:94:7e:26:e1:11:
                    b1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:0D:75:C3:78:69:C8:F8:FA:E2:20:5D:8C:14:2F:87:71:F8:D0:86
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/VQ11w3hpyPj64iBdjBQvh3H40IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:7a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:8c:63:6b:96:f7:23:28:6c:1a:b3:a8:83:3e:ef:e3:30:d1:
         85:43:f0:19:7b:1e:c7:d9:9d:2b:da:1e:04:7c:f0:77:1d:31:
         a9:b0:1e:c6:00:34:c5:76:df:c3:8e:43:ff:1c:c3:78:58:0c:
         9d:63:81:99:1e:33:11:e7:cc:57:84:da:e3:58:df:8b:ab:b8:
         d3:9a:55:dc:a3:cb:79:b9:29:fa:8b:af:2c:04:f6:5e:54:ee:
         bc:87:06:57:7d:9c:4c:fc:96:e6:6b:7a:f8:70:bd:c3:13:36:
         43:3b:7b:39:81:14:04:b4:9e:a4:ce:64:f8:a1:48:c7:6a:17:
         9b:4e:64:31:e6:9f:9d:e4:a1:69:3d:22:cc:20:63:23:7c:b4:
         8c:7d:8b:77:ac:d4:6a:78:cf:4e:8a:16:3b:87:57:22:7e:9d:
         45:80:68:68:0b:27:9d:64:e7:02:3f:33:97:b0:b3:19:76:f1:
         79:58:b7:39:55:b6:ca:a4:e8:a3:00:2f:94:2b:f1:5c:71:a4:
         44:5a:fb:e6:17:ed:53:03:9c:57:e4:9f:57:f7:95:b0:e1:c3:
         fc:f6:14:4b:08:f0:83:01:17:19:b2:f4:ae:82:c4:b2:01:00:
         34:79:3b:cb:be:64:99:75:ec:20:83:c4:fd:3e:7c:26:2e:d9:
         cc:5f:5a:d3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZnzirYFcZ5/db28OZsD87/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUxMDE3MTg1OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTBkNzVjMzc4NjljOGY4ZmFlMjIwNWQ4YzE0MmY4NzcxZjhkMDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCmy4KGYxbbrirtMqRAl8PbEWIEx
YiqfqJGguSC4BTjOi+UHK37KsQ1zgDRkGg3i1wlXOH14iZ53aswMt/JZ5OHPwnFz
H7PWOngBxAL9j1W8gtNrNKHtIDcwERduq423pxkHa3/O/a/9HrPWwNiZ0R/e3/LL
h7cXT1pFexUas5L1DSeOFlS/S/5sPHFFbowWwcSM+IUmDO4eERO2s5i8lVLkJReS
MixIvftn1Gvvj0orQ+V9FForV7+femNNgJY/kAlodF/rPumDT0BToCeadG6TvQ0d
MFSyZkPdGjYGneuI8tnLX8kuO12E/AD/MtLzaylvUBOGvYpalH4m4RGx/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFUNdcN4acj4+uIgXYwUL4dx+NCGMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvVlExMXczaHB5UGo2NGlCZGpCUXZoM0g0MElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgt6gDAN
BgkqhkiG9w0BAQsFAAOCAQEAa4xja5b3IyhsGrOogz7v4zDRhUPwGXsex9mdK9oe
BHzwdx0xqbAexgA0xXbfw45D/xzDeFgMnWOBmR4zEefMV4Ta41jfi6u405pV3KPL
ebkp+ouvLAT2XlTuvIcGV32cTPyW5mt6+HC9wxM2Qzt7OYEUBLSepM5k+KFIx2oX
m05kMeafneShaT0izCBjI3y0jH2Ld6zUanjPTooWO4dXIn6dRYBoaAsnnWTnAj8z
l7CzGXbxeVi3OVW2yqToowAvlCvxXHGkRFr75hftUwOcV+SfV/eVsOHD/PYUSwjw
gwEXGbL0roLEsgEANHk7y75kmXXsIIPE/T58Ji7ZzF9a0w==
-----END CERTIFICATE-----