Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/6jcVUGpz8KKMN7ENGG5jyHPKbPk.roa
File:                     6jcVUGpz8KKMN7ENGG5jyHPKbPk.roa (raw, json)
Hash identifier:          Y79G1C6W8jAkB6mHz/uOGZyJX3IEy5g0CJCkZUigQOw=
Subject key identifier:   EA:37:15:50:6A:73:F0:A2:8C:37:B1:0D:18:6E:63:C8:73:CA:6C:F9
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019934091292B777FC8B5EA65382906C92E8
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/6jcVUGpz8KKMN7ENGG5jyHPKbPk.roa
Signing time:             Wed 10 Sep 2025 14:30:33 +0000
ROA not before:           Wed 10 Sep 2025 14:30:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216438
IP address blocks:        2a0e:8f02:f077::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:34:09:12:92:b7:77:fc:8b:5e:a6:53:82:90:6c:92:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Sep 10 14:30:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea3715506a73f0a28c37b10d186e63c873ca6cf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ee:59:81:a5:fe:e3:90:b6:12:37:2d:fc:37:
                    87:7e:07:60:1a:8d:c7:64:ff:cb:9b:ce:d7:fd:1b:
                    50:d6:26:1c:0b:4b:86:23:70:c8:8d:8d:98:29:28:
                    a3:7d:37:b7:62:31:3c:82:aa:98:62:b0:ca:a2:cc:
                    b8:c2:6d:f2:d3:a0:b5:ec:36:ed:83:27:9a:20:05:
                    d2:d7:26:7d:48:0e:3e:e9:e5:65:82:fb:02:20:de:
                    e4:5c:ed:0f:42:16:7b:78:69:66:e5:8a:2a:f3:92:
                    2e:99:ba:fe:a7:c5:4e:fb:68:b2:af:57:86:6c:61:
                    da:9e:2f:5c:8c:cd:6f:12:99:4c:03:57:83:14:c2:
                    86:de:0d:34:06:68:dd:4b:1d:7c:fa:21:e2:cb:c1:
                    21:2e:6a:cb:d8:58:8e:ed:b8:78:47:ad:c4:32:20:
                    14:ac:46:69:1d:b3:fd:54:93:ef:49:bb:0d:a1:cd:
                    a0:f9:45:fb:8f:e7:b2:29:0e:a0:89:e9:a5:27:0a:
                    2e:46:1d:f5:f0:bf:30:7c:87:fc:95:0a:c9:c9:a7:
                    c5:8e:85:94:7f:c6:25:0d:77:9f:27:29:79:0d:48:
                    76:c9:c7:18:f5:a9:65:46:5c:9e:6c:50:af:42:75:
                    b6:8f:90:98:48:c5:77:f6:ec:bf:6b:de:53:5a:dc:
                    b3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:37:15:50:6A:73:F0:A2:8C:37:B1:0D:18:6E:63:C8:73:CA:6C:F9
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/6jcVUGpz8KKMN7ENGG5jyHPKbPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f077::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:dd:a0:da:be:ba:21:a4:d3:1a:0e:f8:9e:52:21:2b:2a:c0:
         b0:e2:07:01:48:2a:99:8f:a2:de:1f:78:b6:c6:ff:d4:0e:88:
         05:52:19:87:3d:a3:05:3d:ad:96:5a:28:4f:02:50:c5:e1:58:
         cd:b8:08:bb:b7:b3:99:ab:ff:f5:f0:c1:f3:f2:68:73:b6:b4:
         04:58:e1:c0:ec:7b:ec:12:55:3e:60:2c:d6:b7:b7:95:95:c2:
         8c:7a:02:2f:6b:47:2c:d3:72:12:6e:44:b7:c3:ab:bc:55:87:
         7c:99:8e:32:d7:a3:34:ce:40:fb:bd:71:4d:f9:98:3d:0e:d7:
         72:9a:3c:87:04:a2:e1:7d:d2:49:91:95:e2:b0:d2:23:79:41:
         89:0d:c1:87:bb:fd:7a:7e:4e:36:ae:45:49:e3:5f:98:1f:47:
         7d:c0:75:d8:49:23:09:80:47:f9:8e:21:3c:29:f1:60:fc:de:
         06:b8:82:ca:83:04:a5:72:59:b3:30:f5:55:7f:7f:f8:25:4c:
         b8:44:52:49:35:87:00:90:15:57:51:a8:e1:d1:92:1c:fc:55:
         5e:b3:22:11:90:6b:ae:2c:25:6e:b9:21:ec:2f:33:30:a0:0b:
         cd:38:d1:91:82:4d:17:4e:d3:9a:28:de:06:d2:14:75:a9:f3:
         00:8d:f3:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZk0CRKSt3f8i16mU4KQbJLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwOTEwMTQzMDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTM3MTU1MDZhNzNmMGEyOGMzN2IxMGQxODZlNjNjODczY2E2Y2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwu5ZgaX+45C2Ejct/DeHfgdgGo3H
ZP/Lm87X/RtQ1iYcC0uGI3DIjY2YKSijfTe3YjE8gqqYYrDKosy4wm3y06C17Dbt
gyeaIAXS1yZ9SA4+6eVlgvsCIN7kXO0PQhZ7eGlm5Yoq85Iumbr+p8VO+2iyr1eG
bGHani9cjM1vEplMA1eDFMKG3g00BmjdSx18+iHiy8EhLmrL2FiO7bh4R63EMiAU
rEZpHbP9VJPvSbsNoc2g+UX7j+eyKQ6giemlJwouRh318L8wfIf8lQrJyafFjoWU
f8YlDXefJyl5DUh2yccY9allRlyebFCvQnW2j5CYSMV39uy/a95TWtyzUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOo3FVBqc/CijDexDRhuY8hzymz5MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvNmpjVlVHcHo4S0tNTjdFTkdHNWp5SFBLYlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvB3
MA0GCSqGSIb3DQEBCwUAA4IBAQAH3aDavrohpNMaDvieUiErKsCw4gcBSCqZj6Le
H3i2xv/UDogFUhmHPaMFPa2WWihPAlDF4VjNuAi7t7OZq//18MHz8mhztrQEWOHA
7HvsElU+YCzWt7eVlcKMegIva0cs03ISbkS3w6u8VYd8mY4y16M0zkD7vXFN+Zg9
DtdymjyHBKLhfdJJkZXisNIjeUGJDcGHu/16fk42rkVJ41+YH0d9wHXYSSMJgEf5
jiE8KfFg/N4GuILKgwSlclmzMPVVf3/4JUy4RFJJNYcAkBVXUajh0ZIc/FVesyIR
kGuuLCVuuSHsLzMwoAvNONGRgk0XTtOaKN4G0hR1qfMAjfN7
-----END CERTIFICATE-----