Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/e77412-b0d7-4104-926a-99ee616ca85b/1/tJRtFloSVUB88lTkNS55R53-hwU.roa
File:                     tJRtFloSVUB88lTkNS55R53-hwU.roa (raw, json)
Hash identifier:          9EHkjNm0yl8lkpw4/hLkTGb/95FKLGbpXVqh6rQ6OQ8=
Subject key identifier:   B4:94:6D:16:5A:12:55:40:7C:F2:54:E4:35:2E:79:47:9D:FE:87:05
Certificate issuer:       /CN=2292d96dfb66cb18069d8bd15c9e90cd9124f003
Certificate serial:       01993DDD946928A8A854D1E8108EBFE4A077
Authority key identifier: 22:92:D9:6D:FB:66:CB:18:06:9D:8B:D1:5C:9E:90:CD:91:24:F0:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IpLZbftmyxgGnYvRXJ6QzZEk8AM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/e77412-b0d7-4104-926a-99ee616ca85b/1/tJRtFloSVUB88lTkNS55R53-hwU.roa
Signing time:             Fri 12 Sep 2025 12:19:15 +0000
ROA not before:           Fri 12 Sep 2025 12:19:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215795
IP address blocks:        2a06:3a40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/e77412-b0d7-4104-926a-99ee616ca85b/1/IpLZbftmyxgGnYvRXJ6QzZEk8AM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/e77412-b0d7-4104-926a-99ee616ca85b/1/IpLZbftmyxgGnYvRXJ6QzZEk8AM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IpLZbftmyxgGnYvRXJ6QzZEk8AM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:dd:94:69:28:a8:a8:54:d1:e8:10:8e:bf:e4:a0:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2292d96dfb66cb18069d8bd15c9e90cd9124f003
        Validity
            Not Before: Sep 12 12:19:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4946d165a1255407cf254e4352e79479dfe8705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:4c:49:60:47:e4:bd:c3:db:90:13:7c:5e:9e:
                    44:47:54:5a:ba:c9:80:f4:f2:e5:bf:bd:aa:a6:cb:
                    26:e4:72:82:a1:31:41:93:fc:bf:15:ee:b5:e4:f2:
                    2d:01:8f:36:12:c5:b7:c7:e0:af:b6:c5:69:d3:c8:
                    bc:ab:a7:5a:3c:4c:12:e7:6b:8d:08:40:24:b3:ed:
                    35:36:56:af:c3:62:ec:f4:1d:f6:65:a2:89:ca:91:
                    77:9b:48:fd:a6:90:47:21:8a:26:cf:06:c1:a4:f1:
                    e8:ca:02:39:32:48:8d:c3:0d:ed:9a:94:d1:86:ea:
                    03:27:ac:a6:26:04:f1:dd:5f:a8:c4:62:02:59:88:
                    d0:31:bc:02:6b:e1:22:e4:7e:11:f0:e4:b5:4f:2e:
                    44:b5:db:df:cb:53:97:9f:c6:6a:48:b3:eb:16:b0:
                    49:5e:53:c8:38:10:e4:10:b6:7e:d9:12:66:b0:33:
                    26:28:58:4f:86:bf:b0:1e:fb:fc:be:f2:8b:66:c9:
                    25:8a:28:a2:0a:8e:0a:21:7e:9a:d0:07:3e:36:19:
                    1b:6c:ad:fc:da:c8:b7:92:6e:78:85:ea:a7:bf:b6:
                    72:63:2c:76:c5:c2:36:6d:e6:df:58:8d:54:e6:a3:
                    4e:cb:96:c9:0e:0f:0f:46:73:7c:ca:66:b9:07:d4:
                    d7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:94:6D:16:5A:12:55:40:7C:F2:54:E4:35:2E:79:47:9D:FE:87:05
            X509v3 Authority Key Identifier:
                keyid:22:92:D9:6D:FB:66:CB:18:06:9D:8B:D1:5C:9E:90:CD:91:24:F0:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IpLZbftmyxgGnYvRXJ6QzZEk8AM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/e77412-b0d7-4104-926a-99ee616ca85b/1/tJRtFloSVUB88lTkNS55R53-hwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/e77412-b0d7-4104-926a-99ee616ca85b/1/IpLZbftmyxgGnYvRXJ6QzZEk8AM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:3a40::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:78:d2:01:2a:c7:ab:ca:7c:fe:2a:d6:68:e0:df:e1:c8:a3:
         73:22:89:5d:f2:7b:f4:3b:30:3c:6d:0e:b4:48:df:42:ca:7c:
         91:78:47:94:e0:f8:d6:0c:e1:0a:60:67:c6:bd:ff:8d:6b:7c:
         2a:fe:b8:8b:11:7c:02:07:fb:af:4e:2b:6a:88:9c:d6:d6:c3:
         df:b2:dd:de:c7:c4:04:94:a6:c4:db:19:ff:87:06:47:77:66:
         bc:a8:7e:83:51:e4:b9:4e:fb:3f:1c:5c:ab:01:5b:50:d5:5f:
         de:d1:1f:c5:53:a6:b6:46:d0:f6:ca:79:d2:ef:fe:0c:d8:ee:
         b1:75:52:e2:38:b3:db:d4:b6:48:f9:3b:40:84:29:96:d4:cd:
         4c:91:39:df:8f:a1:36:fc:01:23:f3:1f:34:c5:65:49:ae:fa:
         d8:45:58:c6:9a:3c:b4:9d:6b:be:5e:84:31:06:73:70:d3:1c:
         04:bf:48:33:1a:66:6b:2a:a1:f8:74:66:c6:c3:68:c7:f0:5e:
         bc:4f:89:f4:7d:bb:db:40:f2:db:d3:88:ba:e4:ba:19:d4:ee:
         db:2b:77:9c:63:08:3e:55:6c:b9:e9:00:a9:8f:24:a9:f3:d4:
         fe:6f:44:66:5c:bf:e1:d6:d9:60:90:07:12:ff:91:c9:ff:ce:
         18:de:3d:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZk93ZRpKKioVNHoEI6/5KB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyOTJkOTZkZmI2NmNiMTgwNjlkOGJkMTVjOWU5MGNkOTEy
NGYwMDMwHhcNMjUwOTEyMTIxOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDk0NmQxNjVhMTI1NTQwN2NmMjU0ZTQzNTJlNzk0NzlkZmU4NzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0xJYEfkvcPbkBN8Xp5ER1RausmA
9PLlv72qpssm5HKCoTFBk/y/Fe615PItAY82EsW3x+CvtsVp08i8q6daPEwS52uN
CEAks+01Nlavw2Ls9B32ZaKJypF3m0j9ppBHIYomzwbBpPHoygI5MkiNww3tmpTR
huoDJ6ymJgTx3V+oxGICWYjQMbwCa+Ei5H4R8OS1Ty5Etdvfy1OXn8ZqSLPrFrBJ
XlPIOBDkELZ+2RJmsDMmKFhPhr+wHvv8vvKLZskliiiiCo4KIX6a0Ac+NhkbbK38
2si3km54heqnv7ZyYyx2xcI2bebfWI1U5qNOy5bJDg8PRnN8yma5B9TXZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLSUbRZaElVAfPJU5DUueUed/ocFMB8GA1UdIwQY
MBaAFCKS2W37ZssYBp2L0VyekM2RJPADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXBMWmJmdG15eGdHbll2UlhKNlF6WkVrOEFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lNzc0MTItYjBkNy00MTA0LTkyNmEt
OTllZTYxNmNhODViLzEvdEpSdEZsb1NWVUI4OGxUa05TNTVSNTMtaHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lNzc0MTItYjBkNy00MTA0LTkyNmEtOTllZTYxNmNhODVi
LzEvSXBMWmJmdG15eGdHbll2UlhKNlF6WkVrOEFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgY6QAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCBeNIBKserynz+KtZo4N/hyKNzIold8nv0OzA8
bQ60SN9CynyReEeU4PjWDOEKYGfGvf+Na3wq/riLEXwCB/uvTitqiJzW1sPfst3e
x8QElKbE2xn/hwZHd2a8qH6DUeS5Tvs/HFyrAVtQ1V/e0R/FU6a2RtD2ynnS7/4M
2O6xdVLiOLPb1LZI+TtAhCmW1M1MkTnfj6E2/AEj8x80xWVJrvrYRVjGmjy0nWu+
XoQxBnNw0xwEv0gzGmZrKqH4dGbGw2jH8F68T4n0fbvbQPLb04i65LoZ1O7bK3ec
Ywg+VWy56QCpjySp89T+b0RmXL/h1tlgkAcS/5HJ/84Y3j2j
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:02 2025 by rpki-client