Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/CikwBtDrpk_Y04YCbOYT8RF-nag.roa
File:                     CikwBtDrpk_Y04YCbOYT8RF-nag.roa (raw, json)
Hash identifier:          FALNdfrlSyLhlDyqgC3nieyWRWeKqBpM0mehDp7pdN0=
Subject key identifier:   0A:29:30:06:D0:EB:A6:4F:D8:D3:86:02:6C:E6:13:F1:11:7E:9D:A8
Certificate issuer:       /CN=855be74d09d9b05251dad2c9696793c04b40f241
Certificate serial:       0199C958E230DCD7D20C8248D2806A7C53A3
Authority key identifier: 85:5B:E7:4D:09:D9:B0:52:51:DA:D2:C9:69:67:93:C0:4B:40:F2:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/CikwBtDrpk_Y04YCbOYT8RF-nag.roa
Signing time:             Thu 09 Oct 2025 14:21:09 +0000
ROA not before:           Thu 09 Oct 2025 14:21:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210570
IP address blocks:        2a12:7c6:abc::/48 maxlen: 48
                          2a12:7c6:affe::/48 maxlen: 48
                          2a12:7c6:c001::/48 maxlen: 48
                          2a12:7c6:d001::/48 maxlen: 48
                          2a12:7c6:e001::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c9:58:e2:30:dc:d7:d2:0c:82:48:d2:80:6a:7c:53:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=855be74d09d9b05251dad2c9696793c04b40f241
        Validity
            Not Before: Oct  9 14:21:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a293006d0eba64fd8d386026ce613f1117e9da8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3a:59:28:10:a6:5a:a0:70:5d:14:46:5e:88:
                    d6:9f:0b:c5:00:7b:43:3a:0b:ae:63:e6:3a:d6:6f:
                    3a:81:76:bb:2b:a4:07:b5:31:b0:b9:0c:51:b0:a5:
                    07:21:fd:98:3e:d0:b6:fa:ff:e0:0b:e5:19:15:ba:
                    b2:3e:80:11:f0:f5:75:95:ac:1d:28:bd:3c:7e:f1:
                    1a:21:51:e4:2a:88:15:f5:0e:9c:e5:60:97:df:f3:
                    e3:65:36:4b:62:f7:b0:a6:f5:76:21:7f:9e:ad:54:
                    dd:3d:ea:84:1f:a7:19:dd:95:1d:ed:30:04:52:61:
                    11:ba:5b:a2:c9:e7:ae:fe:b2:af:57:9e:66:d8:c5:
                    e0:6e:2b:43:39:5c:d4:ea:02:4c:cb:34:dc:ca:e0:
                    ae:6a:3b:51:02:2e:8f:c7:b7:c9:95:53:81:21:a9:
                    b3:a8:1a:e9:4c:5a:a4:75:3a:22:1f:8f:7d:e6:96:
                    9f:a4:25:6a:46:bb:aa:16:32:97:99:3f:a3:ab:a6:
                    90:be:a6:87:ed:7d:7f:f9:28:5c:66:5e:f6:90:33:
                    b1:45:db:a9:5f:9c:64:17:f4:66:0a:0d:4c:12:08:
                    22:13:2c:77:bc:86:5c:d8:5a:fd:7c:31:02:68:f1:
                    5c:d3:ce:b3:b1:e6:c8:a0:a2:ce:54:45:8c:da:9b:
                    4b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:29:30:06:D0:EB:A6:4F:D8:D3:86:02:6C:E6:13:F1:11:7E:9D:A8
            X509v3 Authority Key Identifier:
                keyid:85:5B:E7:4D:09:D9:B0:52:51:DA:D2:C9:69:67:93:C0:4B:40:F2:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/CikwBtDrpk_Y04YCbOYT8RF-nag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:7c6:abc::/48
                  2a12:7c6:affe::/48
                  2a12:7c6:c001::/48
                  2a12:7c6:d001::/48
                  2a12:7c6:e001::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:44:08:a3:db:64:a6:47:3f:20:28:60:20:76:d8:4d:90:56:
         0b:bd:cc:3e:dc:28:a3:6a:8e:af:21:b9:84:2d:a7:69:37:10:
         28:3c:e7:9e:af:1c:61:4f:76:6f:26:30:b4:63:3f:2a:3c:a4:
         ff:92:69:95:0b:4c:53:da:95:c1:f4:16:d1:46:e5:d6:40:a3:
         e3:de:1e:51:1e:8b:18:4c:e0:26:8b:cd:c5:8f:bc:31:99:a8:
         b6:9d:59:bd:bf:5b:33:d4:5f:33:e6:da:f8:d9:5d:02:a8:7e:
         4c:c7:0e:84:c8:31:89:20:00:6c:b8:7b:85:6b:f3:6d:02:68:
         bd:bc:f2:60:7a:9f:4b:bf:46:a2:41:a2:ae:a0:37:a2:0d:c2:
         4c:81:71:5a:76:12:7e:ed:c0:5e:6a:73:59:45:5f:ad:ab:43:
         34:b6:2c:a4:ef:ed:ae:c8:61:68:77:e8:42:41:61:9a:c7:f9:
         77:e8:6a:5b:2f:02:3b:67:a0:88:7d:15:e5:4f:37:b5:1e:73:
         dc:b3:49:eb:84:c4:2d:f8:07:3b:bb:a3:3f:79:1f:a3:cd:0b:
         4b:df:77:4a:be:fd:9a:02:62:a3:dd:7d:6d:76:f9:d9:02:bc:
         c1:15:ed:cb:15:73:8d:a3:97:c6:6d:8b:93:dd:f0:4f:16:4b:
         b2:83:5d:b6
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZnJWOIw3NfSDIJI0oBqfFOjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NWJlNzRkMDlkOWIwNTI1MWRhZDJjOTY5Njc5M2MwNGI0
MGYyNDEwHhcNMjUxMDA5MTQyMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTI5MzAwNmQwZWJhNjRmZDhkMzg2MDI2Y2U2MTNmMTExN2U5ZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DpZKBCmWqBwXRRGXojWnwvFAHtD
OguuY+Y61m86gXa7K6QHtTGwuQxRsKUHIf2YPtC2+v/gC+UZFbqyPoAR8PV1lawd
KL08fvEaIVHkKogV9Q6c5WCX3/PjZTZLYvewpvV2IX+erVTdPeqEH6cZ3ZUd7TAE
UmERuluiyeeu/rKvV55m2MXgbitDOVzU6gJMyzTcyuCuajtRAi6Px7fJlVOBIamz
qBrpTFqkdToiH4995pafpCVqRruqFjKXmT+jq6aQvqaH7X1/+ShcZl72kDOxRdup
X5xkF/RmCg1MEggiEyx3vIZc2Fr9fDECaPFc086zsebIoKLOVEWM2ptLEwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFAopMAbQ66ZP2NOGAmzmE/ERfp2oMB8GA1UdIwQY
MBaAFIVb500J2bBSUdrSyWlnk8BLQPJBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFZ2blRRblpzRkpSMnRMSmFXZVR3RXRBOGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC80OGQwOTItYTc2Yy00YzI4LWI4NGIt
MzlhZDgwZjU0MmEwLzEvQ2lrd0J0RHJwa19ZMDRZQ2JPWVQ4UkYtbmFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC80OGQwOTItYTc2Yy00YzI4LWI4NGItMzlhZDgwZjU0MmEw
LzEvaFZ2blRRblpzRkpSMnRMSmFXZVR3RXRBOGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAAjAtAwcAKhIHxgq8
AwcAKhIHxq/+AwcAKhIHxsABAwcAKhIHxtABAwcAKhIHxuABMA0GCSqGSIb3DQEB
CwUAA4IBAQAwRAij22SmRz8gKGAgdthNkFYLvcw+3Cijao6vIbmELadpNxAoPOee
rxxhT3ZvJjC0Yz8qPKT/kmmVC0xT2pXB9BbRRuXWQKPj3h5RHosYTOAmi83Fj7wx
mai2nVm9v1sz1F8z5tr42V0CqH5Mxw6EyDGJIABsuHuFa/NtAmi9vPJgep9Lv0ai
QaKuoDeiDcJMgXFadhJ+7cBeanNZRV+tq0M0tiyk7+2uyGFod+hCQWGax/l36Gpb
LwI7Z6CIfRXlTze1HnPcs0nrhMQt+Ac7u6M/eR+jzQtL33dKvv2aAmKj3X1tdvnZ
ArzBFe3LFXONo5fGbYuT3fBPFkuyg122
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:25:02 2025 by rpki-client