Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/8oBoddXfq5WQIOR9BAD0MLlQStQ.roa
File:                     8oBoddXfq5WQIOR9BAD0MLlQStQ.roa (raw, json)
Hash identifier:          W/vNLrn9Q1IaOdZkGTVXj1JEa3UDztdzNPeCSH3oCMc=
Subject key identifier:   F2:80:68:75:D5:DF:AB:95:90:20:E4:7D:04:00:F4:30:B9:50:4A:D4
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       0199E7E353AD1847D25CD98D5928AFEBDFBA
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/8oBoddXfq5WQIOR9BAD0MLlQStQ.roa
Signing time:             Wed 15 Oct 2025 12:40:58 +0000
ROA not before:           Wed 15 Oct 2025 12:40:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210092
IP address blocks:        2a0a:2c0:1a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e7:e3:53:ad:18:47:d2:5c:d9:8d:59:28:af:eb:df:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Oct 15 12:40:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2806875d5dfab959020e47d0400f430b9504ad4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4f:29:4d:b7:bf:26:38:7f:ba:01:e2:af:e3:
                    8f:e2:e9:b4:c9:86:e3:c5:52:23:3b:f1:8e:18:86:
                    f7:16:dd:a8:23:b7:09:72:20:11:eb:7d:e1:c6:9a:
                    30:6e:a7:fe:46:9f:8b:b7:02:df:95:7e:fa:e3:14:
                    82:8f:44:22:26:90:0f:4b:dd:6e:73:88:82:d6:83:
                    d6:f5:ff:a3:e7:0a:60:3c:f7:23:f3:37:11:14:bc:
                    31:6c:b1:3b:21:29:ef:ee:f3:fc:e9:d4:e3:45:4f:
                    55:08:73:8a:c0:4c:83:ea:4e:27:41:14:09:75:b3:
                    a9:c3:a3:49:1c:56:1c:e1:15:ee:f8:8a:07:08:00:
                    e6:5d:3b:23:3c:91:5a:f2:78:f4:00:b5:2a:c6:a6:
                    4c:5b:ae:73:0b:89:eb:e4:cd:61:d5:9f:7e:78:c7:
                    57:b3:01:43:02:6f:bd:1d:88:bf:23:8f:16:f7:98:
                    5f:10:42:14:7f:c7:b1:d5:57:e5:f2:17:5f:66:ca:
                    93:14:85:82:10:2b:99:a3:a8:81:92:97:93:95:13:
                    60:e5:a1:d9:e6:58:4d:07:54:30:a8:17:b6:2f:d8:
                    79:cb:40:0d:13:2b:31:0d:2a:68:71:7d:91:d7:43:
                    11:08:da:cb:61:47:cf:2f:40:a2:c3:be:b7:df:42:
                    4e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:80:68:75:D5:DF:AB:95:90:20:E4:7D:04:00:F4:30:B9:50:4A:D4
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/8oBoddXfq5WQIOR9BAD0MLlQStQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2c0:1a::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:f0:59:6d:b0:9a:e0:85:38:b6:4a:ab:2f:8b:68:bf:8f:00:
         55:20:32:7d:63:09:4d:c5:ce:78:4b:94:5d:42:4a:ee:58:ff:
         4d:f8:57:1f:50:24:a4:bb:2b:bf:5d:eb:60:a0:ce:07:a8:bd:
         3b:16:da:e8:8b:35:ff:a7:92:22:aa:03:ca:83:70:dd:83:04:
         37:ae:23:e0:b6:13:ac:96:94:58:12:d1:cc:10:a6:d0:f3:22:
         b0:6a:bb:2a:c9:50:2a:65:4f:da:3c:0f:3f:6a:82:52:5a:6f:
         1c:8b:35:3c:22:9b:2e:81:67:79:d7:06:d4:4b:20:68:ee:15:
         2a:29:e1:69:6e:87:59:75:46:b9:11:db:76:f1:1f:fe:15:7c:
         e0:ea:c7:11:5e:fc:aa:24:a7:2d:51:fe:58:07:2d:10:cd:16:
         58:48:69:74:a9:dc:86:28:67:b8:13:9c:47:69:7b:3d:dd:1f:
         22:a2:bf:cc:4a:7b:da:db:a7:6a:0f:ef:fe:82:6f:f7:03:e5:
         82:92:11:2a:72:c7:31:a8:c2:6f:a0:97:7d:80:fc:e9:27:24:
         c6:fc:78:af:c7:1e:d1:28:c4:42:e1:3b:37:f3:6d:b7:ef:57:
         54:fd:82:bc:77:ba:ba:9d:57:b4:37:dd:11:39:82:15:66:90:
         08:84:1c:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnn41OtGEfSXNmNWSiv69+6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjUxMDE1MTI0MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjgwNjg3NWQ1ZGZhYjk1OTAyMGU0N2QwNDAwZjQzMGI5NTA0YWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx08pTbe/Jjh/ugHir+OP4um0yYbj
xVIjO/GOGIb3Ft2oI7cJciAR633hxpowbqf+Rp+LtwLflX764xSCj0QiJpAPS91u
c4iC1oPW9f+j5wpgPPcj8zcRFLwxbLE7ISnv7vP86dTjRU9VCHOKwEyD6k4nQRQJ
dbOpw6NJHFYc4RXu+IoHCADmXTsjPJFa8nj0ALUqxqZMW65zC4nr5M1h1Z9+eMdX
swFDAm+9HYi/I48W95hfEEIUf8ex1Vfl8hdfZsqTFIWCECuZo6iBkpeTlRNg5aHZ
5lhNB1QwqBe2L9h5y0ANEysxDSpocX2R10MRCNrLYUfPL0Ciw76330JOXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPKAaHXV36uVkCDkfQQA9DC5UErUMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvOG9Cb2RkWGZxNVdRSU9SOUJBRDBNTGxRU3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgoCwAAa
MA0GCSqGSIb3DQEBCwUAA4IBAQBG8FltsJrghTi2Sqsvi2i/jwBVIDJ9YwlNxc54
S5RdQkruWP9N+FcfUCSkuyu/XetgoM4HqL07FtroizX/p5IiqgPKg3DdgwQ3riPg
thOslpRYEtHMEKbQ8yKwarsqyVAqZU/aPA8/aoJSWm8cizU8IpsugWd51wbUSyBo
7hUqKeFpbodZdUa5Edt28R/+FXzg6scRXvyqJKctUf5YBy0QzRZYSGl0qdyGKGe4
E5xHaXs93R8ior/MSnva26dqD+/+gm/3A+WCkhEqcscxqMJvoJd9gPzpJyTG/Hiv
xx7RKMRC4Ts3822371dU/YK8d7q6nVe0N90ROYIVZpAIhBxB
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:17 2025 by rpki-client