Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/d6088c-3110-41e1-b996-32d4ad8f56de/1/tdMNK9TEqxpF4VZ5o4_bR4yE7Hc.roa
File:                     tdMNK9TEqxpF4VZ5o4_bR4yE7Hc.roa (raw, json)
Hash identifier:          XOeW5f83fNYsxiZeF2CyzZjG5tuKR78BMMUdvSarePY=
Subject key identifier:   B5:D3:0D:2B:D4:C4:AB:1A:45:E1:56:79:A3:8F:DB:47:8C:84:EC:77
Certificate issuer:       /CN=4fa5cde524f7810d5868bc49ab0bf6621f44dc21
Certificate serial:       019898F4011454EBF567604D34A815D9CD6D
Authority key identifier: 4F:A5:CD:E5:24:F7:81:0D:58:68:BC:49:AB:0B:F6:62:1F:44:DC:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T6XN5ST3gQ1YaLxJqwv2Yh9E3CE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/d6088c-3110-41e1-b996-32d4ad8f56de/1/tdMNK9TEqxpF4VZ5o4_bR4yE7Hc.roa
Signing time:             Mon 11 Aug 2025 11:46:24 +0000
ROA not before:           Mon 11 Aug 2025 11:46:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200132
IP address blocks:        2a12:4447::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/d6088c-3110-41e1-b996-32d4ad8f56de/1/T6XN5ST3gQ1YaLxJqwv2Yh9E3CE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/d6088c-3110-41e1-b996-32d4ad8f56de/1/T6XN5ST3gQ1YaLxJqwv2Yh9E3CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T6XN5ST3gQ1YaLxJqwv2Yh9E3CE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:f4:01:14:54:eb:f5:67:60:4d:34:a8:15:d9:cd:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fa5cde524f7810d5868bc49ab0bf6621f44dc21
        Validity
            Not Before: Aug 11 11:46:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5d30d2bd4c4ab1a45e15679a38fdb478c84ec77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:b9:7d:aa:a9:0e:a2:d9:38:29:4f:5e:0f:4f:
                    38:a7:6b:4b:52:56:45:98:5b:2f:82:37:4f:57:40:
                    89:bf:fc:4c:ce:53:49:e3:0b:40:93:21:a0:5f:14:
                    74:59:18:6b:f2:8e:24:76:3b:f7:ad:ff:0e:73:c8:
                    e0:0e:5c:36:be:10:ba:28:8e:e4:53:b4:47:31:12:
                    76:2e:06:bf:4b:5f:1f:f1:10:5d:8d:f0:d5:6a:5a:
                    3c:7d:45:7f:72:88:88:ff:8a:aa:98:35:10:7e:4a:
                    59:f7:02:67:05:8b:c2:34:22:88:39:a6:39:b5:80:
                    3e:bb:f4:fc:fb:99:d5:a4:59:eb:01:f4:36:ba:bf:
                    22:58:95:26:d8:64:49:d5:60:58:b3:63:fd:33:d8:
                    cb:7d:9c:f3:a8:8a:92:fd:46:6c:c8:51:2e:ac:39:
                    c5:05:98:7f:04:a0:db:a7:4b:64:08:ed:8c:24:f1:
                    bc:a7:53:58:36:8d:d3:05:9a:54:8e:2c:51:f8:5f:
                    3f:be:44:3f:b2:58:a0:de:71:f3:3d:06:66:b1:bf:
                    bb:cc:d3:ac:6d:95:38:54:6c:b9:ff:6a:91:f6:ac:
                    2b:3f:7e:60:f4:e2:d2:93:75:37:a0:fc:ab:8d:01:
                    a6:1d:5c:0a:55:b2:70:7f:b2:1d:28:82:e0:e6:3a:
                    41:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:D3:0D:2B:D4:C4:AB:1A:45:E1:56:79:A3:8F:DB:47:8C:84:EC:77
            X509v3 Authority Key Identifier:
                keyid:4F:A5:CD:E5:24:F7:81:0D:58:68:BC:49:AB:0B:F6:62:1F:44:DC:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T6XN5ST3gQ1YaLxJqwv2Yh9E3CE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/d6088c-3110-41e1-b996-32d4ad8f56de/1/tdMNK9TEqxpF4VZ5o4_bR4yE7Hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/d6088c-3110-41e1-b996-32d4ad8f56de/1/T6XN5ST3gQ1YaLxJqwv2Yh9E3CE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4447::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:4a:fc:ff:13:aa:c0:ba:f9:d6:45:e6:50:18:31:f5:5b:d0:
         b9:62:8d:e2:eb:18:42:28:80:2b:db:5e:b7:c5:68:9c:1a:91:
         53:15:44:30:a6:2f:fb:db:c2:da:72:88:26:eb:1d:05:aa:bc:
         cc:e6:6d:26:53:42:ea:59:17:e8:23:87:f8:97:4c:70:23:4a:
         45:5e:11:a2:e3:c5:6f:e4:80:2f:5f:3f:af:d9:8a:b3:56:7b:
         fe:a0:b8:54:83:8a:89:38:75:60:d8:d5:c2:53:20:0e:40:c4:
         d1:9e:76:df:ed:f4:dc:16:e0:62:62:77:fe:66:4c:dc:f7:d7:
         6c:d2:39:07:7e:2f:74:9e:dd:47:65:a4:5a:b3:9e:8c:9a:ed:
         9c:6d:50:d1:98:3b:83:94:eb:52:b7:09:72:28:49:07:99:6c:
         f3:ff:0c:a5:d9:c2:dc:4c:59:c6:6b:e4:43:62:27:60:0b:c6:
         5a:18:62:3e:4a:4c:3c:c9:c0:4a:72:7a:69:fa:cf:8f:da:63:
         60:e2:55:b0:a2:c6:b2:90:1c:e2:89:2f:74:51:49:a7:73:82:
         c9:e2:f2:fc:97:4d:ff:ef:f0:ab:16:74:df:94:c0:27:04:3c:
         2b:5c:b7:78:c1:e2:b6:16:10:50:7b:67:cc:f4:d5:85:84:3d:
         ea:fe:16:77
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZiY9AEUVOv1Z2BNNKgV2c1tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYTVjZGU1MjRmNzgxMGQ1ODY4YmM0OWFiMGJmNjYyMWY0
NGRjMjEwHhcNMjUwODExMTE0NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWQzMGQyYmQ0YzRhYjFhNDVlMTU2NzlhMzhmZGI0NzhjODRlYzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6rl9qqkOotk4KU9eD084p2tLUlZF
mFsvgjdPV0CJv/xMzlNJ4wtAkyGgXxR0WRhr8o4kdjv3rf8Oc8jgDlw2vhC6KI7k
U7RHMRJ2Lga/S18f8RBdjfDValo8fUV/coiI/4qqmDUQfkpZ9wJnBYvCNCKIOaY5
tYA+u/T8+5nVpFnrAfQ2ur8iWJUm2GRJ1WBYs2P9M9jLfZzzqIqS/UZsyFEurDnF
BZh/BKDbp0tkCO2MJPG8p1NYNo3TBZpUjixR+F8/vkQ/slig3nHzPQZmsb+7zNOs
bZU4VGy5/2qR9qwrP35g9OLSk3U3oPyrjQGmHVwKVbJwf7IdKILg5jpBBwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLXTDSvUxKsaReFWeaOP20eMhOx3MB8GA1UdIwQY
MBaAFE+lzeUk94ENWGi8SasL9mIfRNwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDZYTjVTVDNnUTFZYUx4SnF3djJZaDlFM0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9kNjA4OGMtMzExMC00MWUxLWI5OTYt
MzJkNGFkOGY1NmRlLzEvdGRNTks5VEVxeHBGNFZaNW80X2JSNHlFN0hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9kNjA4OGMtMzExMC00MWUxLWI5OTYtMzJkNGFkOGY1NmRl
LzEvVDZYTjVTVDNnUTFZYUx4SnF3djJZaDlFM0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJERzAN
BgkqhkiG9w0BAQsFAAOCAQEAIEr8/xOqwLr51kXmUBgx9VvQuWKN4usYQiiAK9te
t8VonBqRUxVEMKYv+9vC2nKIJusdBaq8zOZtJlNC6lkX6COH+JdMcCNKRV4RouPF
b+SAL18/r9mKs1Z7/qC4VIOKiTh1YNjVwlMgDkDE0Z523+303BbgYmJ3/mZM3PfX
bNI5B34vdJ7dR2WkWrOejJrtnG1Q0Zg7g5TrUrcJcihJB5ls8/8MpdnC3ExZxmvk
Q2InYAvGWhhiPkpMPMnASnJ6afrPj9pjYOJVsKLGspAc4okvdFFJp3OCyeLy/JdN
/+/wqxZ035TAJwQ8K1y3eMHithYQUHtnzPTVhYQ96v4Wdw==
-----END CERTIFICATE-----