Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/sj04Ofad7HoBJaa3jacdqQiOCAM.roa
File:                     sj04Ofad7HoBJaa3jacdqQiOCAM.roa (raw, json)
Hash identifier:          k93GvRLi7WE9LRwN+r8m1L7z3CF5zil6ZM5SoRSBKmM=
Subject key identifier:   B2:3D:38:39:F6:9D:EC:7A:01:25:A6:B7:8D:A7:1D:A9:08:8E:08:03
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       0199D043F2E5FD72933AB7E9ACA3BDC8D785
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/sj04Ofad7HoBJaa3jacdqQiOCAM.roa
Signing time:             Fri 10 Oct 2025 22:35:38 +0000
ROA not before:           Fri 10 Oct 2025 22:35:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52025
IP address blocks:        2a01:fb05:2000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d0:43:f2:e5:fd:72:93:3a:b7:e9:ac:a3:bd:c8:d7:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Oct 10 22:35:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b23d3839f69dec7a0125a6b78da71da9088e0803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:5b:7a:7b:f1:6b:b9:b8:c2:c4:f3:01:92:ff:
                    34:8b:16:8e:93:04:97:22:23:18:ff:1c:61:03:8a:
                    d7:22:af:47:2e:87:2b:39:c0:52:ea:19:78:8c:ab:
                    df:d0:79:13:49:bc:f8:e6:f9:48:21:06:38:97:43:
                    38:fd:13:14:96:82:b1:64:55:de:51:80:a4:ff:1b:
                    3f:de:2b:7e:44:88:2a:b2:f9:f1:83:05:5e:73:02:
                    22:be:7a:7e:d6:40:23:77:fb:ff:21:6f:22:4a:d4:
                    57:c3:17:7f:ef:0c:cc:08:0b:d8:84:b8:9d:9d:55:
                    b5:aa:e0:3d:c2:0d:17:50:09:e8:65:0f:0c:dd:6e:
                    9a:66:58:2b:a2:23:75:5e:f5:e6:40:e1:8b:fd:98:
                    1a:da:3b:b2:db:da:60:0b:3f:80:2f:01:e9:0e:4e:
                    7d:b7:26:ae:ec:c9:a2:dd:fa:7d:d2:51:11:90:e0:
                    25:64:c5:a7:8e:8c:c7:dc:76:d5:fe:0c:a7:8f:f4:
                    70:62:85:0b:6e:37:ed:ac:b8:68:92:51:78:63:93:
                    3f:fc:1f:7e:cf:5a:83:26:9f:af:57:10:cd:77:2f:
                    1c:a2:04:cf:9c:77:4f:b8:c1:db:1a:4a:34:7c:54:
                    46:ed:99:d4:29:27:d1:90:c7:84:4f:a6:cd:b3:57:
                    0c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:3D:38:39:F6:9D:EC:7A:01:25:A6:B7:8D:A7:1D:A9:08:8E:08:03
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/sj04Ofad7HoBJaa3jacdqQiOCAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:fb05:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         73:7e:b0:a3:5a:19:bf:42:d7:61:ed:73:cf:10:cf:9f:62:5e:
         ae:53:6e:b1:1a:13:f2:0b:67:a6:c9:de:56:c8:f4:e6:77:c5:
         b2:9c:32:b2:3c:03:4b:09:06:1e:26:91:c4:fb:6d:d0:36:a2:
         80:5d:e1:3a:55:14:2d:db:a7:66:26:7a:03:01:51:47:ab:5f:
         b4:5b:82:af:3c:d5:35:95:77:86:df:92:b3:a1:09:89:96:35:
         3f:a9:62:59:0a:f4:c1:28:02:f4:bf:f4:eb:4f:8f:1a:4e:d0:
         02:82:72:9f:fb:9c:4f:ba:43:f2:33:fd:e7:07:6d:38:05:21:
         32:19:67:c1:d2:b1:19:c4:a9:c4:da:a7:62:c4:e4:69:0f:4d:
         b2:c4:83:a0:90:1f:6a:6a:b0:d2:3e:b8:6a:8a:51:1d:12:bd:
         a1:02:fb:0d:88:17:9d:ed:0e:0e:2e:05:5b:ad:1f:d4:3e:63:
         84:20:d6:e6:0f:d3:07:81:fc:43:ea:40:da:b9:84:c6:ab:87:
         91:e6:32:1c:2a:ad:58:e1:5c:c4:df:7e:5c:d6:b3:f8:8b:3d:
         93:04:4a:d5:1f:34:0c:92:f6:96:18:a8:93:15:2c:0a:2e:07:
         38:bc:a4:0c:43:f6:d7:c3:75:1e:b6:cb:af:6b:23:70:6c:7c:
         e7:9a:03:32
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZnQQ/Ll/XKTOrfprKO9yNeFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMDEwMjIzNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjNkMzgzOWY2OWRlYzdhMDEyNWE2Yjc4ZGE3MWRhOTA4OGUwODAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylt6e/FrubjCxPMBkv80ixaOkwSX
IiMY/xxhA4rXIq9HLocrOcBS6hl4jKvf0HkTSbz45vlIIQY4l0M4/RMUloKxZFXe
UYCk/xs/3it+RIgqsvnxgwVecwIivnp+1kAjd/v/IW8iStRXwxd/7wzMCAvYhLid
nVW1quA9wg0XUAnoZQ8M3W6aZlgroiN1XvXmQOGL/Zga2juy29pgCz+ALwHpDk59
tyau7Mmi3fp90lERkOAlZMWnjozH3HbV/gynj/RwYoULbjftrLhoklF4Y5M//B9+
z1qDJp+vVxDNdy8cogTPnHdPuMHbGko0fFRG7ZnUKSfRkMeET6bNs1cMDQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLI9ODn2nex6ASWmt42nHakIjggDMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvc2owNE9mYWQ3SG9CSmFhM2phY2RxUWlPQ0FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgH7BSAw
DQYJKoZIhvcNAQELBQADggEBAHN+sKNaGb9C12Htc88Qz59iXq5TbrEaE/ILZ6bJ
3lbI9OZ3xbKcMrI8A0sJBh4mkcT7bdA2ooBd4TpVFC3bp2YmegMBUUerX7Rbgq88
1TWVd4bfkrOhCYmWNT+pYlkK9MEoAvS/9OtPjxpO0AKCcp/7nE+6Q/Iz/ecHbTgF
ITIZZ8HSsRnEqcTap2LE5GkPTbLEg6CQH2pqsNI+uGqKUR0SvaEC+w2IF53tDg4u
BVutH9Q+Y4Qg1uYP0weB/EPqQNq5hMarh5HmMhwqrVjhXMTfflzWs/iLPZMEStUf
NAyS9pYYqJMVLAouBzi8pAxD9tfDdR62y69rI3BsfOeaAzI=
-----END CERTIFICATE-----