Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/pPTTLhksK7v4ipvrbQpEGSDbgjk.roa
File:                     pPTTLhksK7v4ipvrbQpEGSDbgjk.roa (raw, json)
Hash identifier:          o2I/GTIezXoCE5dcTj8iZrNN0OoZ4v7wD/kJ0bQOHoc=
Subject key identifier:   A4:F4:D3:2E:19:2C:2B:BB:F8:8A:9B:EB:6D:0A:44:19:20:DB:82:39
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0199B849AEDFE3A6F68D743F1251545F5B38
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/pPTTLhksK7v4ipvrbQpEGSDbgjk.roa
Signing time:             Mon 06 Oct 2025 06:51:00 +0000
ROA not before:           Mon 06 Oct 2025 06:51:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210457
IP address blocks:        2a0d:d940:400::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b8:49:ae:df:e3:a6:f6:8d:74:3f:12:51:54:5f:5b:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Oct  6 06:51:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4f4d32e192c2bbbf88a9beb6d0a441920db8239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4e:a2:30:97:59:1c:23:c6:d1:a4:ed:10:f4:
                    1c:94:7a:06:88:79:f8:48:28:e7:ef:c4:95:6c:de:
                    f2:6d:fe:79:ca:6c:08:a9:da:e5:5d:ad:af:13:81:
                    88:0a:8e:dc:26:69:a9:1c:be:3e:a3:ad:05:54:43:
                    7a:fc:86:a7:94:7b:8a:ad:5d:4a:b6:eb:14:cf:83:
                    94:1a:59:bb:ba:c9:7a:f5:88:fb:fc:e4:2b:81:86:
                    73:34:56:01:31:f1:1b:4f:c2:ab:d8:2b:49:0d:b2:
                    fb:31:6e:a9:e4:ff:d3:a0:ac:31:c8:11:1b:66:6f:
                    20:da:80:67:e1:eb:f2:c6:b4:af:70:38:35:f1:18:
                    e2:d6:45:ae:e3:1d:b8:2e:14:06:2f:c1:4b:5c:da:
                    83:13:9c:21:2b:3b:47:5c:69:bb:1b:85:d7:b2:22:
                    be:8c:8d:87:d8:bf:8a:48:8a:cf:36:39:fd:13:06:
                    dd:3f:a2:44:e5:97:e2:2f:70:6a:42:5f:dd:90:5d:
                    02:ad:5e:23:99:f9:6a:67:42:d8:72:cb:32:bd:cf:
                    d8:bc:45:d7:96:04:3d:d6:f7:cf:70:76:11:2f:e8:
                    18:81:f4:73:09:bb:0b:47:4a:63:a1:b5:f2:84:c5:
                    6e:c3:cb:b9:7f:77:ff:2c:8c:2a:5a:ff:c6:06:08:
                    6a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F4:D3:2E:19:2C:2B:BB:F8:8A:9B:EB:6D:0A:44:19:20:DB:82:39
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/pPTTLhksK7v4ipvrbQpEGSDbgjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         ce:ac:71:78:07:60:b7:cd:58:2f:0e:8a:1c:67:04:dd:c5:46:
         e0:0d:6e:52:9b:cd:2b:9c:0b:0a:8f:57:99:f3:36:27:02:30:
         d2:e3:6e:f2:31:63:d3:62:6e:2b:80:f9:79:51:d0:f7:76:13:
         e9:d0:48:24:d6:67:2c:98:a5:98:08:bb:61:08:23:c7:83:eb:
         f5:b5:89:3f:32:1a:59:40:47:69:3d:45:26:f9:fc:c4:61:ec:
         b2:47:3d:78:0f:a3:29:65:e8:62:0a:2b:58:75:a1:8f:6d:67:
         42:38:5e:30:d8:dc:14:d4:64:52:fe:27:a4:d6:71:cb:76:26:
         d7:bb:d1:8c:65:80:bb:4e:d5:da:30:6a:6b:f1:7d:9c:56:a4:
         69:0a:75:44:a1:13:ce:1c:c1:8b:6f:88:8c:60:31:45:b3:dd:
         34:49:87:ab:43:3f:f8:83:28:e1:09:9e:ef:5a:68:4a:10:af:
         57:c2:70:3d:1d:33:12:02:df:1a:37:01:2a:34:18:13:70:ba:
         97:6b:46:c0:b2:29:be:d9:00:76:8f:c8:fc:c1:c4:90:11:7b:
         b5:9d:6f:ea:ed:66:d5:1f:6e:5e:44:f1:7e:ef:08:e9:ca:41:
         64:82:29:56:82:8b:79:ed:4a:42:42:29:fc:0c:6a:f5:d5:f9:
         52:31:84:7c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZm4Sa7f46b2jXQ/ElFUX1s4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUxMDA2MDY1MTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY0ZDMyZTE5MmMyYmJiZjg4YTliZWI2ZDBhNDQxOTIwZGI4MjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk06iMJdZHCPG0aTtEPQclHoGiHn4
SCjn78SVbN7ybf55ymwIqdrlXa2vE4GICo7cJmmpHL4+o60FVEN6/IanlHuKrV1K
tusUz4OUGlm7usl69Yj7/OQrgYZzNFYBMfEbT8Kr2CtJDbL7MW6p5P/ToKwxyBEb
Zm8g2oBn4evyxrSvcDg18Rji1kWu4x24LhQGL8FLXNqDE5whKztHXGm7G4XXsiK+
jI2H2L+KSIrPNjn9EwbdP6JE5ZfiL3BqQl/dkF0CrV4jmflqZ0LYcssyvc/YvEXX
lgQ91vfPcHYRL+gYgfRzCbsLR0pjobXyhMVuw8u5f3f/LIwqWv/GBghqFwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKT00y4ZLCu7+Iqb620KRBkg24I5MB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvcFBUVExoa3NLN3Y0aXB2cmJRcEVHU0RiZ2prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg3ZQAQw
DQYJKoZIhvcNAQELBQADggEBAM6scXgHYLfNWC8OihxnBN3FRuANblKbzSucCwqP
V5nzNicCMNLjbvIxY9NibiuA+XlR0Pd2E+nQSCTWZyyYpZgIu2EII8eD6/W1iT8y
GllAR2k9RSb5/MRh7LJHPXgPoyll6GIKK1h1oY9tZ0I4XjDY3BTUZFL+J6TWcct2
Jte70YxlgLtO1dowamvxfZxWpGkKdUShE84cwYtviIxgMUWz3TRJh6tDP/iDKOEJ
nu9aaEoQr1fCcD0dMxIC3xo3ASo0GBNwupdrRsCyKb7ZAHaPyPzBxJARe7Wdb+rt
ZtUfbl5E8X7vCOnKQWSCKVaCi3ntSkJCKfwMavXV+VIxhHw=
-----END CERTIFICATE-----