Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/eVTHYh7c14c-D-F-B7SOqDObhvM.roa
File:                     eVTHYh7c14c-D-F-B7SOqDObhvM.roa (raw, json)
Hash identifier:          qrDFV3XmeSi0Zuvt7pZ0s9LJ8U6nsNBbLnOPzpjEjB4=
Subject key identifier:   79:54:C7:62:1E:DC:D7:87:3E:0F:E1:7E:07:B4:8E:A8:33:9B:86:F3
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       01978CEC92D008166B6ED97224F991D412B8
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/eVTHYh7c14c-D-F-B7SOqDObhvM.roa
Signing time:             Fri 20 Jun 2025 10:40:03 +0000
ROA not before:           Fri 20 Jun 2025 10:40:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29182
IP address blocks:        2a0e:4346::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 07:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:ec:92:d0:08:16:6b:6e:d9:72:24:f9:91:d4:12:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jun 20 10:40:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7954c7621edcd7873e0fe17e07b48ea8339b86f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:64:47:50:0d:3a:64:89:8b:03:62:c4:bb:ac:
                    27:01:d8:9d:55:97:b9:3b:5c:a5:d2:54:d2:bd:70:
                    ca:0f:07:1c:a9:64:b6:23:66:47:eb:cb:2b:2d:6c:
                    e4:49:b1:a5:f6:35:a3:c5:f6:71:37:ba:72:ba:ad:
                    76:c0:77:38:1f:be:53:57:57:77:bb:67:3b:21:b5:
                    f7:8e:6f:5e:30:72:77:d6:46:12:78:6a:d1:58:7c:
                    ac:11:75:a8:01:4b:a4:01:86:97:c8:7e:6d:8b:b3:
                    ea:60:05:3c:90:6f:31:be:b7:62:5e:b2:7e:09:0b:
                    3c:72:04:70:a0:7a:42:b5:da:27:84:a8:16:ad:fe:
                    a2:4c:ca:b7:9d:20:d1:ba:d0:e0:46:0b:12:aa:5b:
                    3c:97:6c:ae:db:95:d6:9f:0b:fd:60:94:03:b7:ad:
                    a3:b6:4c:98:8b:67:c2:1d:8f:ba:3c:e2:a0:91:c1:
                    5f:ad:b6:52:a2:65:48:91:79:d4:a7:44:78:0f:11:
                    0c:4c:21:77:7e:14:f0:85:c8:a9:f1:c3:10:0b:52:
                    bb:53:14:9a:1d:3e:c6:f6:c1:41:89:43:b1:62:a4:
                    bb:02:a0:1f:53:e0:13:d5:a4:af:1c:ba:9f:66:c4:
                    47:82:56:35:2d:28:20:8b:3a:15:4f:36:15:2f:e2:
                    87:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:54:C7:62:1E:DC:D7:87:3E:0F:E1:7E:07:B4:8E:A8:33:9B:86:F3
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/eVTHYh7c14c-D-F-B7SOqDObhvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4346::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:8d:1c:15:b7:68:b6:cb:e1:fd:d5:82:2c:5c:4b:e1:2e:be:
         f4:5b:6e:fb:d5:07:d8:35:8a:27:b2:dc:82:23:95:69:50:fc:
         d1:2d:81:c7:dc:13:24:14:ae:62:03:c5:cc:12:43:b9:9f:a7:
         ff:01:63:b4:22:f6:4f:07:aa:c8:25:33:76:93:3a:65:67:2c:
         67:48:23:c5:60:2e:74:e9:14:ca:04:a6:bd:80:4e:56:c2:ee:
         59:25:12:b5:7c:5b:64:96:78:4c:68:73:ba:9c:d0:67:79:ef:
         23:30:86:3c:fd:17:53:12:75:18:d4:dc:cb:6e:61:90:f2:62:
         2f:bc:87:3e:e2:70:94:2c:bc:39:db:bd:86:3d:bd:f2:3f:97:
         e9:cc:ef:24:da:d0:18:cf:86:83:b6:0f:8d:e3:dc:5a:67:92:
         ba:d9:cb:e0:bf:1d:89:fd:9f:68:33:ca:8d:74:a2:50:0d:bd:
         cc:f8:a5:64:89:c3:43:22:a7:12:1d:f0:13:bd:1e:5c:e0:52:
         dd:b1:9a:65:d3:50:e1:8f:75:8b:6d:2e:ec:57:ae:13:19:25:
         a5:a3:7d:12:b2:a9:a4:4b:b2:c7:bc:bd:53:12:33:27:48:66:
         23:ea:0a:c1:13:56:64:60:e9:98:f5:c4:31:33:33:14:f3:d6:
         e0:1c:d2:1e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZeM7JLQCBZrbtlyJPmR1BK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNjIwMTA0MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTU0Yzc2MjFlZGNkNzg3M2UwZmUxN2UwN2I0OGVhODMzOWI4NmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGRHUA06ZImLA2LEu6wnAdidVZe5
O1yl0lTSvXDKDwccqWS2I2ZH68srLWzkSbGl9jWjxfZxN7pyuq12wHc4H75TV1d3
u2c7IbX3jm9eMHJ31kYSeGrRWHysEXWoAUukAYaXyH5ti7PqYAU8kG8xvrdiXrJ+
CQs8cgRwoHpCtdonhKgWrf6iTMq3nSDRutDgRgsSqls8l2yu25XWnwv9YJQDt62j
tkyYi2fCHY+6POKgkcFfrbZSomVIkXnUp0R4DxEMTCF3fhTwhcip8cMQC1K7UxSa
HT7G9sFBiUOxYqS7AqAfU+AT1aSvHLqfZsRHglY1LSggizoVTzYVL+KHKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHlUx2Ie3NeHPg/hfge0jqgzm4bzMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvZVZUSFloN2MxNGMtRC1GLUI3U09xRE9iaHZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5DRjAN
BgkqhkiG9w0BAQsFAAOCAQEAG40cFbdotsvh/dWCLFxL4S6+9Ftu+9UH2DWKJ7Lc
giOVaVD80S2Bx9wTJBSuYgPFzBJDuZ+n/wFjtCL2TweqyCUzdpM6ZWcsZ0gjxWAu
dOkUygSmvYBOVsLuWSUStXxbZJZ4TGhzupzQZ3nvIzCGPP0XUxJ1GNTcy25hkPJi
L7yHPuJwlCy8Odu9hj298j+X6czvJNrQGM+Gg7YPjePcWmeSutnL4L8dif2faDPK
jXSiUA29zPilZInDQyKnEh3wE70eXOBS3bGaZdNQ4Y91i20u7FeuExklpaN9ErKp
pEuyx7y9UxIzJ0hmI+oKwRNWZGDpmPXEMTMzFPPW4BzSHg==
-----END CERTIFICATE-----