Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/OD8FF3bzXgR90_KVqhd9MLzHmAw.roa
File:                     OD8FF3bzXgR90_KVqhd9MLzHmAw.roa (raw, json)
Hash identifier:          jzLxdDmjDJ4y9FgIRz0UlTc/mjLkyHig2G3vYZkTFSM=
Subject key identifier:   38:3F:05:17:76:F3:5E:04:7D:D3:F2:95:AA:17:7D:30:BC:C7:98:0C
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       0199E4CCE8662C7B37698622F0DA4AB38F02
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/OD8FF3bzXgR90_KVqhd9MLzHmAw.roa
Signing time:             Tue 14 Oct 2025 22:17:38 +0000
ROA not before:           Tue 14 Oct 2025 22:17:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202512
IP address blocks:        2a0e:1cc0:b00b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e4:cc:e8:66:2c:7b:37:69:86:22:f0:da:4a:b3:8f:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Oct 14 22:17:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=383f051776f35e047dd3f295aa177d30bcc7980c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b9:b1:0c:26:6f:61:e1:20:17:c5:f5:54:f0:
                    91:25:b8:24:ed:e3:af:79:1e:f9:98:20:36:46:b0:
                    e6:2c:ca:e6:ce:1c:30:a1:db:ad:ff:6b:27:52:ae:
                    26:b0:92:58:25:6f:08:8a:46:72:b6:04:c3:fc:dc:
                    09:58:d8:e0:93:e3:ea:a4:70:22:22:06:f9:04:17:
                    62:fb:42:eb:24:95:ea:7c:f0:b2:e9:03:d4:71:96:
                    20:ac:d7:f9:d4:d4:00:06:b7:44:1e:26:f2:1a:f9:
                    3a:01:4c:b9:d1:51:aa:dc:bc:24:c9:e1:0b:a4:3c:
                    3e:e9:9f:f5:cf:fa:f7:50:d4:ee:2e:69:44:9e:aa:
                    c6:7b:bf:f1:c7:9d:ec:8f:b8:28:1c:39:d6:a3:36:
                    8c:b9:f8:73:85:c4:df:1c:98:c9:36:6d:91:a1:44:
                    c8:a5:59:55:0a:a3:f6:0a:db:a6:bf:f6:44:e3:7a:
                    54:ca:0a:c3:a8:5d:09:8e:0f:85:ec:13:a1:cd:27:
                    6f:60:ef:24:73:7e:f7:a9:43:9a:48:af:f8:a3:ae:
                    44:fa:b8:b8:3f:0f:37:d9:f0:c2:79:a5:a0:35:3b:
                    ee:de:1e:c5:d1:af:fd:03:31:30:35:43:37:36:2d:
                    06:8e:f0:af:f3:73:e6:30:11:ab:87:ef:5c:21:99:
                    2c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:3F:05:17:76:F3:5E:04:7D:D3:F2:95:AA:17:7D:30:BC:C7:98:0C
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/OD8FF3bzXgR90_KVqhd9MLzHmAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1cc0:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:19:a3:74:f7:e7:12:1f:ba:71:14:62:a0:62:50:4e:23:90:
         92:b7:b2:c3:c6:c8:ef:04:ea:31:f2:83:fa:19:2a:1a:2a:0c:
         ee:f4:5e:25:70:eb:1b:fa:a0:54:3a:21:b1:6c:86:e3:46:ff:
         1d:cd:87:ac:49:31:2a:71:31:ab:4a:c2:ec:d4:84:86:06:c9:
         72:3c:16:59:a1:5a:d0:d1:e7:42:9c:ec:2c:ad:9e:7a:dd:3c:
         28:b4:3f:67:08:e8:ef:ae:9e:30:06:98:93:a0:96:ae:1d:2f:
         83:36:cb:00:a5:de:1f:32:ac:72:c4:be:01:02:1a:43:ee:df:
         aa:e0:ca:b9:b8:f7:d6:2f:b3:bb:1a:22:91:23:46:f1:92:b2:
         39:25:99:39:e1:b9:de:fe:35:ef:71:5c:03:f4:0c:c1:4c:f0:
         5c:73:6d:c8:a7:d0:d5:c7:ef:5a:83:16:8a:01:76:22:1b:f7:
         5a:2a:96:57:59:d2:77:4e:a0:57:bb:da:2e:5d:b1:0a:ec:79:
         ba:d2:c0:02:a0:ec:ad:9b:30:fe:1b:7f:52:2c:e6:6f:19:49:
         86:aa:15:a4:b9:2c:3d:19:b1:09:06:d5:32:dc:b8:06:7d:17:
         34:ad:28:9a:8d:7c:2d:db:6d:aa:5c:74:e2:17:ca:b7:bc:69:
         59:b1:58:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnkzOhmLHs3aYYi8NpKs48CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjUxMDE0MjIxNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODNmMDUxNzc2ZjM1ZTA0N2RkM2YyOTVhYTE3N2QzMGJjYzc5ODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7mxDCZvYeEgF8X1VPCRJbgk7eOv
eR75mCA2RrDmLMrmzhwwodut/2snUq4msJJYJW8IikZytgTD/NwJWNjgk+PqpHAi
Igb5BBdi+0LrJJXqfPCy6QPUcZYgrNf51NQABrdEHibyGvk6AUy50VGq3LwkyeEL
pDw+6Z/1z/r3UNTuLmlEnqrGe7/xx53sj7goHDnWozaMufhzhcTfHJjJNm2RoUTI
pVlVCqP2Ctumv/ZE43pUygrDqF0Jjg+F7BOhzSdvYO8kc373qUOaSK/4o65E+ri4
Pw832fDCeaWgNTvu3h7F0a/9AzEwNUM3Ni0GjvCv83PmMBGrh+9cIZksuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDg/BRd2814EfdPylaoXfTC8x5gMMB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEvT0Q4RkYzYnpYZ1I5MF9LVnFoZDlNTHpIbUF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2ItMTE1OWRiZmJlZDU0
LzEvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4cwLAL
MA0GCSqGSIb3DQEBCwUAA4IBAQB5GaN09+cSH7pxFGKgYlBOI5CSt7LDxsjvBOox
8oP6GSoaKgzu9F4lcOsb+qBUOiGxbIbjRv8dzYesSTEqcTGrSsLs1ISGBslyPBZZ
oVrQ0edCnOwsrZ563TwotD9nCOjvrp4wBpiToJauHS+DNssApd4fMqxyxL4BAhpD
7t+q4Mq5uPfWL7O7GiKRI0bxkrI5JZk54bne/jXvcVwD9AzBTPBcc23Ip9DVx+9a
gxaKAXYiG/daKpZXWdJ3TqBXu9ouXbEK7Hm60sACoOytmzD+G39SLOZvGUmGqhWk
uSw9GbEJBtUy3LgGfRc0rSiajXwt222qXHTiF8q3vGlZsVhs
-----END CERTIFICATE-----