Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/P2_ksmZ3IsSYcmOrhr4P2bCQBUU.roa
File:                     P2_ksmZ3IsSYcmOrhr4P2bCQBUU.roa (raw, json)
Hash identifier:          ea7paA/WKJTOqQuKHnN16SMAG1COQVuP0FaqvuguLBY=
Subject key identifier:   3F:6F:E4:B2:66:77:22:C4:98:72:63:AB:86:BE:0F:D9:B0:90:05:45
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0199609275238B405C6A04EE825D19D8A361
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/P2_ksmZ3IsSYcmOrhr4P2bCQBUU.roa
Signing time:             Fri 19 Sep 2025 06:03:54 +0000
ROA not before:           Fri 19 Sep 2025 06:03:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26506
IP address blocks:        2a00:1728:2c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:60:92:75:23:8b:40:5c:6a:04:ee:82:5d:19:d8:a3:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 19 06:03:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f6fe4b2667722c4987263ab86be0fd9b0900545
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:5d:0a:61:4e:9a:e0:c0:6f:52:eb:82:3a:4b:
                    c3:e3:f6:61:3d:3b:ae:0e:a3:f7:8d:4e:53:69:0c:
                    41:10:64:a6:c8:aa:d0:32:86:26:d9:fb:2f:b9:4f:
                    39:ff:55:b3:0c:92:09:f4:94:75:17:57:2c:3c:7f:
                    a7:11:d5:bc:53:e1:97:35:a6:04:7c:5a:66:41:b1:
                    58:5a:3e:35:ac:29:84:28:9f:74:0d:5b:97:a8:11:
                    25:54:47:85:89:f0:cf:32:89:0a:be:b9:08:d4:69:
                    4d:fc:01:c6:1e:6b:46:6e:25:18:c2:b2:9e:56:6a:
                    4b:6a:3b:ff:58:fa:49:e9:48:ec:25:b2:d3:8d:87:
                    7a:89:36:76:c5:8f:e1:85:6d:8b:4e:f9:47:e8:e2:
                    f4:ae:bd:82:b1:53:1c:11:56:74:5b:a7:49:c2:b4:
                    56:1e:67:56:d1:bd:a6:a3:4a:49:37:39:fb:2f:ff:
                    8b:51:bc:c8:33:6e:91:b1:5c:8c:2a:97:9d:e6:32:
                    43:e1:1d:02:15:b7:b5:2f:6b:2f:54:ae:b8:b1:55:
                    14:86:41:97:07:dd:55:45:13:de:9f:54:11:38:08:
                    c1:55:69:38:ee:cb:a0:be:ff:a5:5e:88:e9:6c:c9:
                    76:e9:5b:bc:0b:4e:c1:d1:52:af:9a:f4:65:80:32:
                    94:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:6F:E4:B2:66:77:22:C4:98:72:63:AB:86:BE:0F:D9:B0:90:05:45
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/P2_ksmZ3IsSYcmOrhr4P2bCQBUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1728:2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:03:73:cf:f7:7c:17:09:f5:f0:2c:35:6b:a7:aa:4c:aa:c7:
         2e:f8:ef:a1:3c:fd:30:72:f5:8b:90:cb:e6:ac:34:32:a8:7e:
         93:19:f0:bc:31:40:c9:30:7c:e7:c7:a8:2c:1d:9b:fd:e9:72:
         af:2f:6c:18:13:f7:2d:6b:df:1b:27:5f:9f:cb:4b:28:23:a4:
         bf:54:6e:84:54:26:d2:f5:fc:80:91:5f:51:f2:6f:a2:03:9f:
         62:66:93:02:52:f6:f3:23:cc:09:ce:7c:75:e7:e6:41:b8:1f:
         bd:c8:e3:98:de:3b:c3:f7:b3:e6:c9:05:d3:9a:62:13:db:2b:
         4e:ea:1d:40:82:0e:87:a5:5d:cb:ac:6d:2f:da:90:53:88:50:
         71:2e:68:af:7f:0f:6a:e7:70:4e:f0:ae:36:f3:65:1f:b9:01:
         eb:a9:53:26:0d:86:d3:96:88:25:7c:cf:40:4c:75:ce:1d:3b:
         10:ad:2d:bd:50:e5:c6:88:f0:98:6f:b7:e4:e1:68:f0:cb:35:
         b1:09:53:dc:6f:4e:1a:62:fa:d3:b2:14:ce:2f:06:6c:a5:a5:
         83:e7:40:e4:d2:06:2c:4c:89:6a:e3:b5:ee:33:f6:ce:c2:e2:
         c1:30:eb:be:7c:97:05:e5:01:9f:72:92:1a:d6:dc:26:39:05:
         82:0b:ad:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlgknUji0BcagTugl0Z2KNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwOTE5MDYwMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZmZTRiMjY2NzcyMmM0OTg3MjYzYWI4NmJlMGZkOWIwOTAwNTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA510KYU6a4MBvUuuCOkvD4/ZhPTuu
DqP3jU5TaQxBEGSmyKrQMoYm2fsvuU85/1WzDJIJ9JR1F1csPH+nEdW8U+GXNaYE
fFpmQbFYWj41rCmEKJ90DVuXqBElVEeFifDPMokKvrkI1GlN/AHGHmtGbiUYwrKe
VmpLajv/WPpJ6UjsJbLTjYd6iTZ2xY/hhW2LTvlH6OL0rr2CsVMcEVZ0W6dJwrRW
HmdW0b2mo0pJNzn7L/+LUbzIM26RsVyMKped5jJD4R0CFbe1L2svVK64sVUUhkGX
B91VRRPen1QROAjBVWk47sugvv+lXojpbMl26Vu8C07B0VKvmvRlgDKUewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD9v5LJmdyLEmHJjq4a+D9mwkAVFMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUDJfa3NtWjNJc1NZY21PcmhyNFAyYkNRQlVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAXKAAs
MA0GCSqGSIb3DQEBCwUAA4IBAQAlA3PP93wXCfXwLDVrp6pMqscu+O+hPP0wcvWL
kMvmrDQyqH6TGfC8MUDJMHznx6gsHZv96XKvL2wYE/cta98bJ1+fy0soI6S/VG6E
VCbS9fyAkV9R8m+iA59iZpMCUvbzI8wJznx15+ZBuB+9yOOY3jvD97PmyQXTmmIT
2ytO6h1Agg6HpV3LrG0v2pBTiFBxLmivfw9q53BO8K4282UfuQHrqVMmDYbTlogl
fM9ATHXOHTsQrS29UOXGiPCYb7fk4WjwyzWxCVPcb04aYvrTshTOLwZspaWD50Dk
0gYsTIlq47XuM/bOwuLBMOu+fJcF5QGfcpIa1twmOQWCC63B
-----END CERTIFICATE-----