Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/sshGfE0PHQJIsMjWQ6xCwAfL9ss.roa
File:                     sshGfE0PHQJIsMjWQ6xCwAfL9ss.roa (raw, json)
Hash identifier:          NRl6+hvMuRUovTUsdUnT3sLoBJp473sUMroon6ol0SE=
Subject key identifier:   B2:C8:46:7C:4D:0F:1D:02:48:B0:C8:D6:43:AC:42:C0:07:CB:F6:CB
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       019997057B40D308A28914E2C94997E75232
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/sshGfE0PHQJIsMjWQ6xCwAfL9ss.roa
Signing time:             Mon 29 Sep 2025 19:49:02 +0000
ROA not before:           Mon 29 Sep 2025 19:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215330
IP address blocks:        2a12:1880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:97:05:7b:40:d3:08:a2:89:14:e2:c9:49:97:e7:52:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Sep 29 19:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2c8467c4d0f1d0248b0c8d643ac42c007cbf6cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:75:1e:dc:60:77:4c:53:7f:dd:a9:0d:fd:3b:
                    92:ba:68:74:ba:13:af:11:49:5d:ec:01:df:ff:c9:
                    68:a9:9e:80:de:7b:1c:46:d8:d9:95:36:1a:01:01:
                    ce:67:80:93:56:3b:a3:ef:23:47:9d:fd:e5:90:cf:
                    fd:d3:03:17:10:66:06:ce:92:1d:e5:b5:82:e8:2c:
                    17:12:35:49:60:44:2d:70:ee:0b:d4:00:8d:c6:c0:
                    b0:76:ba:93:0c:a1:fb:2e:87:61:15:cf:35:bd:89:
                    07:41:52:b1:63:1c:2f:df:e9:d3:d9:5f:b4:9b:9d:
                    35:e7:48:ea:43:6e:9c:0d:c7:b4:13:2a:ae:88:6e:
                    ed:81:f2:fd:fa:c2:4b:55:bb:c0:51:48:84:e8:fd:
                    07:2f:60:0f:b7:ad:ed:34:4c:07:f4:43:bd:ac:49:
                    e4:61:42:be:78:73:1e:2a:2e:19:65:ae:47:c2:bd:
                    3e:63:93:fe:71:cf:c2:a0:c1:53:21:78:3f:41:7e:
                    e8:2a:5a:60:37:52:3d:16:7d:4b:ea:02:09:80:5c:
                    f4:1f:a4:43:db:14:53:b1:61:fc:a2:3e:62:d5:69:
                    e0:f0:e9:25:0b:16:1a:cf:b2:e4:ea:a1:30:67:08:
                    1a:87:e4:78:ce:9c:f3:12:e8:27:d9:03:ab:2d:2e:
                    67:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:C8:46:7C:4D:0F:1D:02:48:B0:C8:D6:43:AC:42:C0:07:CB:F6:CB
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/sshGfE0PHQJIsMjWQ6xCwAfL9ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1880::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:4f:e8:32:ce:a5:be:ac:cb:c6:f3:da:e0:2f:86:68:ab:31:
         51:40:35:58:18:08:c5:9e:e7:84:86:d0:49:6c:6a:6d:d8:9d:
         0b:14:9f:75:8a:df:47:79:fb:16:d4:88:ce:bb:f5:93:1a:b9:
         d6:80:3a:f5:26:ea:07:03:87:86:4b:d2:9a:83:b1:69:1f:3a:
         63:53:42:f9:d8:9f:50:59:9b:6f:95:f0:de:2d:91:9b:bc:b2:
         84:d5:39:d4:3f:e5:1c:43:f1:73:5f:67:23:84:2d:e9:00:5d:
         64:a2:68:9c:af:af:f5:e1:f1:be:c3:8c:4f:83:59:31:24:3a:
         5c:03:fe:01:50:8d:d5:11:51:46:21:31:98:44:8e:c3:b8:ca:
         18:5a:54:c0:82:0f:45:4f:09:55:9f:0a:c2:6a:f0:59:53:1a:
         2c:5f:b2:17:f0:84:0e:ef:40:f4:99:e8:b1:54:3a:84:14:0f:
         2f:fa:78:df:30:74:bd:5f:2e:78:ec:2f:40:4e:0b:5a:d0:ea:
         b0:47:1a:bd:6b:ef:2b:b0:81:dc:1b:75:f1:2e:7b:44:56:f7:
         d3:7e:cd:56:c4:51:30:97:4b:0c:41:6f:43:6b:79:79:2e:fd:
         3a:e2:a7:fa:31:a9:9d:c6:c0:e4:8a:6d:ec:b2:cc:96:9f:d6:
         ea:09:e4:37
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZmXBXtA0wiiiRTiyUmX51IyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwOTI5MTk0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmM4NDY3YzRkMGYxZDAyNDhiMGM4ZDY0M2FjNDJjMDA3Y2JmNmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnUe3GB3TFN/3akN/TuSumh0uhOv
EUld7AHf/8loqZ6A3nscRtjZlTYaAQHOZ4CTVjuj7yNHnf3lkM/90wMXEGYGzpId
5bWC6CwXEjVJYEQtcO4L1ACNxsCwdrqTDKH7LodhFc81vYkHQVKxYxwv3+nT2V+0
m50150jqQ26cDce0EyquiG7tgfL9+sJLVbvAUUiE6P0HL2APt63tNEwH9EO9rEnk
YUK+eHMeKi4ZZa5Hwr0+Y5P+cc/CoMFTIXg/QX7oKlpgN1I9Fn1L6gIJgFz0H6RD
2xRTsWH8oj5i1Wng8OklCxYaz7Lk6qEwZwgah+R4zpzzEugn2QOrLS5nHwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLLIRnxNDx0CSLDI1kOsQsAHy/bLMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvc3NoR2ZFMFBIUUpJc01qV1E2eEN3QWZMOXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhIYgDAN
BgkqhkiG9w0BAQsFAAOCAQEAgE/oMs6lvqzLxvPa4C+GaKsxUUA1WBgIxZ7nhIbQ
SWxqbdidCxSfdYrfR3n7FtSIzrv1kxq51oA69SbqBwOHhkvSmoOxaR86Y1NC+dif
UFmbb5Xw3i2Rm7yyhNU51D/lHEPxc19nI4Qt6QBdZKJonK+v9eHxvsOMT4NZMSQ6
XAP+AVCN1RFRRiExmESOw7jKGFpUwIIPRU8JVZ8KwmrwWVMaLF+yF/CEDu9A9Jno
sVQ6hBQPL/p43zB0vV8ueOwvQE4LWtDqsEcavWvvK7CB3Bt18S57RFb3037NVsRR
MJdLDEFvQ2t5eS79OuKn+jGpncbA5Ipt7LLMlp/W6gnkNw==
-----END CERTIFICATE-----