Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/c5ff42-bbd9-47f6-8e9e-bec2195b019d/1/TtIN8gUqYh6ZpYQZIr7SZYwme3o.roa
File:                     TtIN8gUqYh6ZpYQZIr7SZYwme3o.roa (raw, json)
Hash identifier:          GvEVbOZ9uoZNCPu1mzgcIO+hcwTQFhCrycmOM34smYg=
Subject key identifier:   4E:D2:0D:F2:05:2A:62:1E:99:A5:84:19:22:BE:D2:65:8C:26:7B:7A
Certificate issuer:       /CN=6eb213b5b844576a8b48fc5c2eaad5a8ccdd1cc0
Certificate serial:       0199C296D59AB9D6F1738A6C78844591633D
Authority key identifier: 6E:B2:13:B5:B8:44:57:6A:8B:48:FC:5C:2E:AA:D5:A8:CC:DD:1C:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/brITtbhEV2qLSPxcLqrVqMzdHMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/c5ff42-bbd9-47f6-8e9e-bec2195b019d/1/TtIN8gUqYh6ZpYQZIr7SZYwme3o.roa
Signing time:             Wed 08 Oct 2025 06:51:28 +0000
ROA not before:           Wed 08 Oct 2025 06:51:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209940
IP address blocks:        212.108.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/c5ff42-bbd9-47f6-8e9e-bec2195b019d/1/brITtbhEV2qLSPxcLqrVqMzdHMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/c5ff42-bbd9-47f6-8e9e-bec2195b019d/1/brITtbhEV2qLSPxcLqrVqMzdHMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/brITtbhEV2qLSPxcLqrVqMzdHMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c2:96:d5:9a:b9:d6:f1:73:8a:6c:78:84:45:91:63:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eb213b5b844576a8b48fc5c2eaad5a8ccdd1cc0
        Validity
            Not Before: Oct  8 06:51:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ed20df2052a621e99a5841922bed2658c267b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a0:33:a8:9a:94:ea:14:cf:54:b2:a4:c5:41:
                    c3:ee:5c:1a:6f:11:33:19:5f:20:50:db:e2:c0:f5:
                    3e:b0:48:ab:b1:a6:51:96:92:98:80:67:57:e0:56:
                    3c:bd:4f:6a:7c:c6:02:34:76:72:f1:37:4e:48:51:
                    9b:58:9a:9f:af:32:22:15:ab:81:f0:97:4d:cd:14:
                    2e:56:fc:2d:9c:f9:0a:0e:c1:e4:65:bd:8d:e0:2c:
                    26:62:7f:b2:a3:88:0d:7c:e3:f7:b0:cb:29:fb:23:
                    f5:53:aa:83:9c:2e:46:da:c9:cf:fc:f9:55:a4:ec:
                    6a:2b:5d:e5:6a:a3:a2:7e:ed:eb:be:5e:8e:2d:7d:
                    71:b3:d2:4b:52:45:c3:be:30:25:aa:4b:d3:95:bf:
                    2b:98:69:7b:dd:8e:91:71:44:4c:9f:3c:46:cf:bb:
                    00:77:7c:8b:1b:10:a2:74:29:76:03:bc:b7:1c:f7:
                    f2:ba:c8:b0:7f:dc:7c:74:28:f1:04:8b:f8:d9:e1:
                    ca:93:f3:f5:85:73:99:d0:bd:a1:fa:92:e4:37:c8:
                    39:18:03:bc:5a:52:c2:67:8e:d0:69:c0:b0:75:3f:
                    be:9a:73:c6:8b:8a:9a:2a:a5:08:20:1c:2a:8a:81:
                    59:5e:6a:08:99:8c:73:3c:39:71:b7:0c:5c:da:d0:
                    7f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D2:0D:F2:05:2A:62:1E:99:A5:84:19:22:BE:D2:65:8C:26:7B:7A
            X509v3 Authority Key Identifier:
                keyid:6E:B2:13:B5:B8:44:57:6A:8B:48:FC:5C:2E:AA:D5:A8:CC:DD:1C:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/brITtbhEV2qLSPxcLqrVqMzdHMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/c5ff42-bbd9-47f6-8e9e-bec2195b019d/1/TtIN8gUqYh6ZpYQZIr7SZYwme3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/c5ff42-bbd9-47f6-8e9e-bec2195b019d/1/brITtbhEV2qLSPxcLqrVqMzdHMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:f5:45:ef:6a:69:93:2a:e6:1f:38:92:70:27:eb:25:df:62:
         d6:dd:98:82:d7:b0:24:5b:94:8b:69:24:c4:ef:66:41:93:c4:
         90:82:f9:34:2b:16:53:47:fb:64:98:57:98:21:e1:23:66:48:
         ec:ad:a8:48:4a:53:79:25:2c:0c:47:1a:8d:22:cb:4b:11:a6:
         e9:c9:63:dc:ae:63:fa:3b:2f:b7:68:86:5a:cc:68:93:40:11:
         c8:ec:57:10:4a:d8:50:82:43:f6:82:a4:20:26:27:94:e9:c2:
         38:16:64:b9:2e:36:04:46:f9:e4:10:ba:65:b5:e0:2f:a6:61:
         85:b2:88:3f:b8:f7:28:1b:4c:5e:82:09:f6:83:49:83:63:e5:
         90:40:13:03:dc:ea:eb:0f:f2:dc:96:ac:81:7b:f2:5b:27:38:
         1d:12:24:c5:b0:2f:20:b4:f6:b7:51:94:c2:d1:4a:6e:6d:f4:
         d4:b1:63:e3:a9:d5:35:bb:77:a0:d4:e0:fc:1d:3d:cd:1b:a7:
         4d:1e:72:a7:1a:ef:d0:e0:5c:b6:ef:37:21:a9:da:47:da:ad:
         60:b7:89:fe:f4:6e:c0:cd:a8:8a:27:a9:82:6e:18:96:9b:3e:
         65:b8:49:1b:bb:be:4a:b5:29:e8:e9:28:ef:4a:22:d5:78:a6:
         35:0c:3d:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnCltWaudbxc4pseIRFkWM9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYjIxM2I1Yjg0NDU3NmE4YjQ4ZmM1YzJlYWFkNWE4Y2Nk
ZDFjYzAwHhcNMjUxMDA4MDY1MTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWQyMGRmMjA1MmE2MjFlOTlhNTg0MTkyMmJlZDI2NThjMjY3YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6AzqJqU6hTPVLKkxUHD7lwabxEz
GV8gUNviwPU+sEirsaZRlpKYgGdX4FY8vU9qfMYCNHZy8TdOSFGbWJqfrzIiFauB
8JdNzRQuVvwtnPkKDsHkZb2N4CwmYn+yo4gNfOP3sMsp+yP1U6qDnC5G2snP/PlV
pOxqK13laqOifu3rvl6OLX1xs9JLUkXDvjAlqkvTlb8rmGl73Y6RcURMnzxGz7sA
d3yLGxCidCl2A7y3HPfyusiwf9x8dCjxBIv42eHKk/P1hXOZ0L2h+pLkN8g5GAO8
WlLCZ47QacCwdT++mnPGi4qaKqUIIBwqioFZXmoImYxzPDlxtwxc2tB/sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7SDfIFKmIemaWEGSK+0mWMJnt6MB8GA1UdIwQY
MBaAFG6yE7W4RFdqi0j8XC6q1ajM3RzAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnJJVHRiaEVWMnFMU1B4Y0xxclZxTXpkSE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9jNWZmNDItYmJkOS00N2Y2LThlOWUt
YmVjMjE5NWIwMTlkLzEvVHRJTjhnVXFZaDZacFlRWklyN1NaWXdtZTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9jNWZmNDItYmJkOS00N2Y2LThlOWUtYmVjMjE5NWIwMTlk
LzEvYnJJVHRiaEVWMnFMU1B4Y0xxclZxTXpkSE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Gx2MA0G
CSqGSIb3DQEBCwUAA4IBAQAU9UXvammTKuYfOJJwJ+sl32LW3ZiC17AkW5SLaSTE
72ZBk8SQgvk0KxZTR/tkmFeYIeEjZkjsrahISlN5JSwMRxqNIstLEabpyWPcrmP6
Oy+3aIZazGiTQBHI7FcQSthQgkP2gqQgJieU6cI4FmS5LjYERvnkELplteAvpmGF
sog/uPcoG0xeggn2g0mDY+WQQBMD3OrrD/LclqyBe/JbJzgdEiTFsC8gtPa3UZTC
0UpubfTUsWPjqdU1u3eg1OD8HT3NG6dNHnKnGu/Q4Fy27zchqdpH2q1gt4n+9G7A
zaiKJ6mCbhiWmz5luEkbu75KtSno6SjvSiLVeKY1DD0g
-----END CERTIFICATE-----