Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/hbNzX9sb-OFJ3CONrcdLuZ55uyU.roa
File:                     hbNzX9sb-OFJ3CONrcdLuZ55uyU.roa (raw, json)
Hash identifier:          NFMtgtynDHta0KlGWRazjZvBYm+8qkNagl80fkK/Tdk=
Subject key identifier:   85:B3:73:5F:DB:1B:F8:E1:49:DC:23:8D:AD:C7:4B:B9:9E:79:BB:25
Certificate issuer:       /CN=3936daf03756baf83ba4f38dbe5d68cb9baceff9
Certificate serial:       0199ECFF9F578DFDBBAC92DD17C0049B3194
Authority key identifier: 39:36:DA:F0:37:56:BA:F8:3B:A4:F3:8D:BE:5D:68:CB:9B:AC:EF:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OTba8DdWuvg7pPONvl1oy5us7_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/hbNzX9sb-OFJ3CONrcdLuZ55uyU.roa
Signing time:             Thu 16 Oct 2025 12:29:59 +0000
ROA not before:           Thu 16 Oct 2025 12:29:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55201
IP address blocks:        2a10:c1c0::/32 maxlen: 40
                          2a12:b480::/32 maxlen: 40
                          2a13:7740::/32 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/OTba8DdWuvg7pPONvl1oy5us7_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/OTba8DdWuvg7pPONvl1oy5us7_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OTba8DdWuvg7pPONvl1oy5us7_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ec:ff:9f:57:8d:fd:bb:ac:92:dd:17:c0:04:9b:31:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3936daf03756baf83ba4f38dbe5d68cb9baceff9
        Validity
            Not Before: Oct 16 12:29:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85b3735fdb1bf8e149dc238dadc74bb99e79bb25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:64:b4:63:71:21:43:d5:85:30:f0:d5:b2:67:
                    36:8f:d6:62:6e:7b:f4:1a:47:5a:e8:08:5a:ac:a1:
                    9f:08:23:a6:70:28:ff:b4:9f:84:9d:a8:1a:0a:44:
                    4d:ae:0e:58:6e:8e:b2:62:8e:f4:9f:f6:25:bf:fc:
                    a9:71:da:35:eb:43:08:cd:1a:00:f8:40:1f:10:95:
                    0e:77:ef:d9:eb:a8:69:de:93:d1:6c:ba:d6:f8:4b:
                    9c:42:44:c6:00:dd:4e:45:6c:84:2e:ca:dd:ca:94:
                    3e:9d:6f:56:6d:3e:74:ef:fe:a8:61:b4:a9:2d:20:
                    d1:81:bb:1b:dc:d1:c0:bf:63:67:ef:7c:88:22:4f:
                    2a:c2:47:dc:b5:14:59:25:fe:f8:06:ec:6b:41:01:
                    71:bc:d0:1c:a5:31:ed:10:40:08:ad:0d:8f:88:39:
                    3e:6b:f0:c4:26:a3:5f:d4:76:79:38:a9:45:14:0b:
                    f5:ff:ac:45:1e:bf:c6:52:60:48:9f:1f:40:f9:ca:
                    cc:27:97:87:28:13:a4:b0:6d:d8:ea:68:3a:4d:80:
                    76:31:86:a1:cb:63:90:21:d6:dd:56:ba:79:d7:e0:
                    90:42:6d:7c:9e:db:ea:a0:ea:f1:ba:33:b9:01:39:
                    97:5a:fe:10:4a:30:b1:d4:ce:3f:1b:1e:7f:e4:76:
                    ac:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B3:73:5F:DB:1B:F8:E1:49:DC:23:8D:AD:C7:4B:B9:9E:79:BB:25
            X509v3 Authority Key Identifier:
                keyid:39:36:DA:F0:37:56:BA:F8:3B:A4:F3:8D:BE:5D:68:CB:9B:AC:EF:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OTba8DdWuvg7pPONvl1oy5us7_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/hbNzX9sb-OFJ3CONrcdLuZ55uyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/OTba8DdWuvg7pPONvl1oy5us7_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:c1c0::/32
                  2a12:b480::/32
                  2a13:7740::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:03:62:b7:9b:2b:d0:7b:22:24:40:5f:cb:4b:e4:6f:50:52:
         a0:8f:0d:78:a7:b7:02:6d:a8:82:e6:b3:db:dc:25:b4:8a:63:
         a7:3f:1c:bc:2e:3d:03:f5:67:0d:b3:98:0f:50:9f:93:41:47:
         c7:32:9a:d6:2e:df:f4:ab:99:85:86:97:f2:bb:7e:8d:60:a7:
         e1:6e:da:51:69:9c:66:11:d6:0a:ea:24:44:27:6c:03:f8:cd:
         10:ef:53:91:bb:8f:10:85:0c:82:2a:eb:32:4f:6f:f4:8e:2d:
         93:b1:21:3c:af:60:eb:ab:ec:15:49:02:e2:5e:8f:43:70:fa:
         37:9d:06:08:a5:3a:e6:58:0d:e8:b3:dd:a5:57:0e:2b:49:04:
         7f:72:44:3d:df:c9:cb:bd:90:18:3a:83:d4:73:29:d0:ec:73:
         c9:38:e7:7b:22:9d:b0:b1:fb:d9:ce:70:66:c2:87:3b:5a:2c:
         b3:b1:dd:18:55:40:cd:53:c3:b6:c7:fa:ae:05:45:90:c7:26:
         f0:35:25:5c:2a:53:e9:83:61:4b:f4:b1:77:87:e0:81:21:dc:
         99:a6:84:81:39:49:46:e4:0c:bb:f1:b9:1d:b5:5d:31:b1:3d:
         9e:c9:f3:23:95:7e:d8:b1:df:88:33:ae:40:5f:71:75:f8:d8:
         55:b0:2e:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZns/59Xjf27rJLdF8AEmzGUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MzZkYWYwMzc1NmJhZjgzYmE0ZjM4ZGJlNWQ2OGNiOWJh
Y2VmZjkwHhcNMjUxMDE2MTIyOTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWIzNzM1ZmRiMWJmOGUxNDlkYzIzOGRhZGM3NGJiOTllNzliYjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGS0Y3EhQ9WFMPDVsmc2j9Zibnv0
Gkda6AharKGfCCOmcCj/tJ+EnagaCkRNrg5Ybo6yYo70n/Ylv/ypcdo160MIzRoA
+EAfEJUOd+/Z66hp3pPRbLrW+EucQkTGAN1ORWyELsrdypQ+nW9WbT507/6oYbSp
LSDRgbsb3NHAv2Nn73yIIk8qwkfctRRZJf74BuxrQQFxvNAcpTHtEEAIrQ2PiDk+
a/DEJqNf1HZ5OKlFFAv1/6xFHr/GUmBInx9A+crMJ5eHKBOksG3Y6mg6TYB2MYah
y2OQIdbdVrp51+CQQm18ntvqoOrxujO5ATmXWv4QSjCx1M4/Gx5/5HascwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIWzc1/bG/jhSdwjja3HS7meebslMB8GA1UdIwQY
MBaAFDk22vA3Vrr4O6Tzjb5daMubrO/5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1RiYThEZFd1dmc3cFBPTnZsMW95NXVzN19rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8wNGVhMzMtODNhYS00ZTU2LTk4Y2Mt
Zjk1ZjY2ZDYwNTVjLzEvaGJOelg5c2ItT0ZKM0NPTnJjZEx1WjU1dXlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8wNGVhMzMtODNhYS00ZTU2LTk4Y2MtZjk1ZjY2ZDYwNTVj
LzEvT1RiYThEZFd1dmc3cFBPTnZsMW95NXVzN19rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKhDBwAMF
ACoStIADBQAqE3dAMA0GCSqGSIb3DQEBCwUAA4IBAQBqA2K3myvQeyIkQF/LS+Rv
UFKgjw14p7cCbaiC5rPb3CW0imOnPxy8Lj0D9WcNs5gPUJ+TQUfHMprWLt/0q5mF
hpfyu36NYKfhbtpRaZxmEdYK6iREJ2wD+M0Q71ORu48QhQyCKusyT2/0ji2TsSE8
r2Drq+wVSQLiXo9DcPo3nQYIpTrmWA3os92lVw4rSQR/ckQ938nLvZAYOoPUcynQ
7HPJOOd7Ip2wsfvZznBmwoc7Wiyzsd0YVUDNU8O2x/quBUWQxybwNSVcKlPpg2FL
9LF3h+CBIdyZpoSBOUlG5Ay78bkdtV0xsT2eyfMjlX7Ysd+IM65AX3F1+NhVsC7v
-----END CERTIFICATE-----