Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Ta09L9XTyU7qwRDoVLtdzvmVOdM.roa
File:                     Ta09L9XTyU7qwRDoVLtdzvmVOdM.roa (raw, json)
Hash identifier:          LyLVnh5hhz5tLCaKzpTX8JKP0/BQLeObjNAxjTizwos=
Subject key identifier:   4D:AD:3D:2F:D5:D3:C9:4E:EA:C1:10:E8:54:BB:5D:CE:F9:95:39:D3
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       0199E17CD098C53F5926C7CF032C61E2FA82
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Ta09L9XTyU7qwRDoVLtdzvmVOdM.roa
Signing time:             Tue 14 Oct 2025 06:51:17 +0000
ROA not before:           Tue 14 Oct 2025 06:51:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        213.220.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e1:7c:d0:98:c5:3f:59:26:c7:cf:03:2c:61:e2:fa:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Oct 14 06:51:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4dad3d2fd5d3c94eeac110e854bb5dcef99539d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:74:fa:55:7d:18:3d:be:aa:4c:4d:b9:31:cc:
                    f8:f0:d1:b9:ea:50:39:fe:ac:9e:3b:d0:6e:da:79:
                    34:f7:2b:ae:e4:e9:22:45:6a:6b:20:27:23:a9:df:
                    84:5c:f0:bd:f1:4c:da:77:1a:50:db:3f:71:85:ed:
                    fe:a5:59:b4:fc:00:3b:5b:c4:b0:34:88:7a:d1:8b:
                    5a:ab:6b:42:48:89:74:2f:18:cd:29:68:54:89:75:
                    61:1e:20:8c:9f:09:da:dd:02:23:b8:6e:84:95:40:
                    3f:48:ca:1e:8d:ca:ea:89:86:75:5e:05:c6:27:ee:
                    92:15:a2:20:61:49:75:f3:e5:e1:9a:41:aa:0a:3d:
                    9b:de:a6:3b:58:d9:f8:68:1f:f7:a9:2a:99:60:f7:
                    75:13:a3:60:08:94:16:36:8f:e4:3c:90:27:10:51:
                    3b:74:17:4d:31:2f:cc:45:76:42:47:b8:c7:1d:26:
                    d5:0d:b0:1e:4d:1d:b9:b2:79:03:8b:aa:1a:73:ed:
                    ce:76:67:e2:69:1c:42:91:8d:bb:76:ee:21:f3:f9:
                    6f:c5:72:39:3b:c1:b1:be:ab:95:e8:9b:bd:ee:4c:
                    ec:2b:c4:53:7d:4f:6b:18:00:8c:3e:54:a1:6f:e8:
                    25:b8:29:f1:9d:da:e1:9f:29:bb:d4:fc:e7:2a:ca:
                    75:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:AD:3D:2F:D5:D3:C9:4E:EA:C1:10:E8:54:BB:5D:CE:F9:95:39:D3
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Ta09L9XTyU7qwRDoVLtdzvmVOdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:32:d5:c7:eb:86:3e:df:fa:ff:e2:19:20:1c:53:7a:1c:dd:
         06:eb:ff:9e:c4:ce:87:e9:c1:06:f7:de:2a:55:60:7f:af:df:
         02:74:67:10:41:3f:f3:69:34:f9:db:b4:10:7d:29:cc:e5:5e:
         44:c0:0d:81:3c:15:11:cd:e2:0a:71:69:b7:68:d7:58:d2:89:
         93:ec:98:1d:cb:c8:1e:8f:41:81:a7:ca:df:e8:53:b2:7c:9d:
         2d:3b:4c:9b:ca:3d:83:f4:48:56:75:bc:66:5d:66:6d:fb:d1:
         65:25:dd:7b:91:7f:e9:13:67:98:44:b3:1f:7f:0d:7d:68:a0:
         c2:22:b7:c3:d6:ac:a6:f5:fc:41:9c:58:a0:eb:4a:08:96:19:
         3e:7d:82:0b:11:a1:7d:33:ee:c0:e9:4b:dd:c8:e8:03:99:ab:
         0e:1d:77:2b:e9:c5:b1:ea:fc:07:04:dc:bb:55:24:57:13:12:
         cb:51:f8:41:4b:d8:37:9f:fa:ee:da:16:e7:a2:cf:36:86:20:
         cc:69:47:a3:d7:a2:fe:e1:1a:45:83:a7:63:86:f7:27:6f:c6:
         33:ba:d1:cf:a0:a6:6c:57:1b:41:d8:af:e6:17:ad:f0:f5:db:
         2b:e2:f8:db:49:39:57:b8:08:c6:30:e2:f6:d5:c3:71:a4:4a:
         3f:21:e5:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnhfNCYxT9ZJsfPAyxh4vqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUxMDE0MDY1MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGFkM2QyZmQ1ZDNjOTRlZWFjMTEwZTg1NGJiNWRjZWY5OTUzOWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nT6VX0YPb6qTE25Mcz48NG56lA5
/qyeO9Bu2nk09yuu5OkiRWprICcjqd+EXPC98UzadxpQ2z9xhe3+pVm0/AA7W8Sw
NIh60Ytaq2tCSIl0LxjNKWhUiXVhHiCMnwna3QIjuG6ElUA/SMoejcrqiYZ1XgXG
J+6SFaIgYUl18+XhmkGqCj2b3qY7WNn4aB/3qSqZYPd1E6NgCJQWNo/kPJAnEFE7
dBdNMS/MRXZCR7jHHSbVDbAeTR25snkDi6oac+3OdmfiaRxCkY27du4h8/lvxXI5
O8GxvquV6Ju97kzsK8RTfU9rGACMPlShb+gluCnxndrhnym71PznKsp1oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2tPS/V08lO6sEQ6FS7Xc75lTnTMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvVGEwOUw5WFR5VTdxd1JEb1ZMdGR6dm1WT2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dwAMA0G
CSqGSIb3DQEBCwUAA4IBAQAtMtXH64Y+3/r/4hkgHFN6HN0G6/+exM6H6cEG994q
VWB/r98CdGcQQT/zaTT527QQfSnM5V5EwA2BPBURzeIKcWm3aNdY0omT7Jgdy8ge
j0GBp8rf6FOyfJ0tO0ybyj2D9EhWdbxmXWZt+9FlJd17kX/pE2eYRLMffw19aKDC
IrfD1qym9fxBnFig60oIlhk+fYILEaF9M+7A6UvdyOgDmasOHXcr6cWx6vwHBNy7
VSRXExLLUfhBS9g3n/ru2hbnos82hiDMaUej16L+4RpFg6djhvcnb8YzutHPoKZs
VxtB2K/mF63w9dsr4vjbSTlXuAjGMOL21cNxpEo/IeVO
-----END CERTIFICATE-----