Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/gr1d5o3sHGA3VWu-8KVK6b7UyM4.roa
File:                     gr1d5o3sHGA3VWu-8KVK6b7UyM4.roa (raw, json)
Hash identifier:          GHLuG9O5AVwW61aYh11UvqNMmcEewfjv/mRXgyvZ4yg=
Subject key identifier:   82:BD:5D:E6:8D:EC:1C:60:37:55:6B:BE:F0:A5:4A:E9:BE:D4:C8:CE
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       01995C082D55485FCA2E8AFDC6581F5E0369
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/gr1d5o3sHGA3VWu-8KVK6b7UyM4.roa
Signing time:             Thu 18 Sep 2025 08:54:23 +0000
ROA not before:           Thu 18 Sep 2025 08:54:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212027
IP address blocks:        2a06:2840::/48 maxlen: 48
                          2a12:7b40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:08:2d:55:48:5f:ca:2e:8a:fd:c6:58:1f:5e:03:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Sep 18 08:54:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82bd5de68dec1c6037556bbef0a54ae9bed4c8ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:92:00:b7:16:dc:ba:2d:e3:05:a9:05:9a:65:
                    a8:db:db:b8:a7:0e:7d:84:05:f5:c4:aa:b5:75:3d:
                    2a:79:6d:45:1d:ab:c4:66:fb:e2:f9:dd:fe:b5:19:
                    d1:82:52:e1:be:64:4d:fa:e7:fe:10:0b:a3:3a:03:
                    b5:71:9b:73:fc:9c:a8:92:83:fc:97:dd:63:30:b0:
                    92:2f:55:f8:dc:db:66:69:f0:a2:f2:3f:e1:c5:02:
                    0a:ff:08:65:80:9f:7f:0a:08:6a:43:b4:25:b7:c7:
                    57:73:ba:c6:4c:1e:b3:49:3e:3d:8f:c7:f3:b5:5e:
                    7c:47:ae:41:5c:4a:a2:92:5d:d3:4c:1b:35:19:50:
                    e7:86:55:68:2e:19:7c:7c:38:d8:aa:b9:81:48:84:
                    04:6d:a8:c1:10:67:6e:7e:fb:69:e9:aa:f4:a8:5d:
                    c5:6c:dd:c7:01:ea:8e:1f:3c:9c:69:d0:31:b0:ee:
                    c5:f9:c1:c1:cc:93:f2:25:6e:d2:54:31:bc:6d:7b:
                    ee:01:c6:36:0f:55:2d:3b:a8:fb:6f:92:8d:23:f6:
                    9c:80:e7:25:36:c1:b5:e1:2b:b2:d2:df:87:5f:bf:
                    3f:19:90:73:a4:5f:8a:1e:e8:6c:c3:32:9b:a4:1f:
                    d5:d9:04:48:2c:c8:39:03:c5:21:94:ac:a7:b7:4c:
                    4c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:BD:5D:E6:8D:EC:1C:60:37:55:6B:BE:F0:A5:4A:E9:BE:D4:C8:CE
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/gr1d5o3sHGA3VWu-8KVK6b7UyM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:2840::/48
                  2a12:7b40::/48

    Signature Algorithm: sha256WithRSAEncryption
         bb:5a:c4:59:b2:c6:7b:bf:f7:60:3b:9d:2c:0c:be:b5:c4:4c:
         d1:f6:48:41:eb:d3:ed:c8:e8:a8:02:2d:b6:20:de:f9:c1:1f:
         c6:91:10:91:55:12:d7:89:d3:61:92:58:87:cd:e3:61:23:66:
         40:6a:b7:88:e1:7f:e2:75:37:81:a7:51:f8:c1:05:0c:dc:7a:
         e1:a6:a4:46:42:8e:ad:cf:68:1b:91:df:75:61:2f:2b:b7:6d:
         cc:b8:a6:d6:d2:fc:43:fd:cd:6f:e6:18:6c:8d:f9:45:03:84:
         24:6e:0d:60:8e:34:59:d0:c4:b2:41:19:81:47:d3:9b:5f:be:
         a1:0d:77:ea:7b:04:65:92:7b:36:d7:d1:e5:ca:bf:b9:f8:0a:
         8a:d9:86:65:75:53:44:e1:66:27:23:aa:6a:ec:15:51:57:0e:
         a4:91:9b:0a:f8:dc:5a:bc:e7:7c:55:03:20:f9:e8:8c:1a:20:
         20:91:73:42:65:59:5a:98:84:49:05:3d:e2:01:7f:5e:47:7d:
         0b:a2:fc:6b:f9:d5:5b:eb:f9:cb:7c:dd:df:5a:b3:7f:94:58:
         e6:d5:73:2c:9a:df:af:64:3d:e9:5c:45:48:a2:d3:44:65:c5:
         e1:e2:d7:5b:b4:a5:4d:f2:77:c5:9d:3c:52:15:64:0d:52:e5:
         62:7d:90:50
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlcCC1VSF/KLor9xlgfXgNpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjUwOTE4MDg1NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmJkNWRlNjhkZWMxYzYwMzc1NTZiYmVmMGE1NGFlOWJlZDRjOGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ZIAtxbcui3jBakFmmWo29u4pw59
hAX1xKq1dT0qeW1FHavEZvvi+d3+tRnRglLhvmRN+uf+EAujOgO1cZtz/JyokoP8
l91jMLCSL1X43NtmafCi8j/hxQIK/whlgJ9/CghqQ7Qlt8dXc7rGTB6zST49j8fz
tV58R65BXEqikl3TTBs1GVDnhlVoLhl8fDjYqrmBSIQEbajBEGdufvtp6ar0qF3F
bN3HAeqOHzycadAxsO7F+cHBzJPyJW7SVDG8bXvuAcY2D1UtO6j7b5KNI/acgOcl
NsG14Suy0t+HX78/GZBzpF+KHuhswzKbpB/V2QRILMg5A8UhlKynt0xM7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIK9XeaN7BxgN1VrvvClSum+1MjOMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvZ3IxZDVvM3NIR0EzVld1LThLVks2YjdVeU00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgYoQAAA
AwcAKhJ7QAAAMA0GCSqGSIb3DQEBCwUAA4IBAQC7WsRZssZ7v/dgO50sDL61xEzR
9khB69PtyOioAi22IN75wR/GkRCRVRLXidNhkliHzeNhI2ZAareI4X/idTeBp1H4
wQUM3HrhpqRGQo6tz2gbkd91YS8rt23MuKbW0vxD/c1v5hhsjflFA4Qkbg1gjjRZ
0MSyQRmBR9ObX76hDXfqewRlkns219Hlyr+5+AqK2YZldVNE4WYnI6pq7BVRVw6k
kZsK+NxavOd8VQMg+eiMGiAgkXNCZVlamIRJBT3iAX9eR30Lovxr+dVb6/nLfN3f
WrN/lFjm1XMsmt+vZD3pXEVIotNEZcXh4tdbtKVN8nfFnTxSFWQNUuVifZBQ
-----END CERTIFICATE-----