Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/hmhsGXGseV2PwIXfLkkzy9brjH8.roa
File:                     hmhsGXGseV2PwIXfLkkzy9brjH8.roa (raw, json)
Hash identifier:          LD7+KdCf6+q+GHIUMNOAE/kbGPimpdSNwZOTxjTUsL4=
Subject key identifier:   86:68:6C:19:71:AC:79:5D:8F:C0:85:DF:2E:49:33:CB:D6:EB:8C:7F
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       01995C056EFC8ED26527C2B19460806D7213
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/hmhsGXGseV2PwIXfLkkzy9brjH8.roa
Signing time:             Thu 18 Sep 2025 08:51:23 +0000
ROA not before:           Thu 18 Sep 2025 08:51:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26042
IP address blocks:        2a11:2a47::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 22:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:05:6e:fc:8e:d2:65:27:c2:b1:94:60:80:6d:72:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Sep 18 08:51:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86686c1971ac795d8fc085df2e4933cbd6eb8c7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4a:0c:ed:c7:fd:51:e0:1e:34:b9:df:2a:cf:
                    18:8e:79:00:0d:9d:26:5c:64:db:c8:06:a0:f3:a7:
                    e7:d7:a7:8c:d2:e5:1e:f8:65:e0:54:bb:58:af:4b:
                    24:b3:f5:e8:85:98:57:3b:7b:b8:9c:83:33:5e:9a:
                    ce:9b:9b:c1:82:cf:66:ae:01:47:32:6a:23:c4:a2:
                    25:92:bd:38:40:3d:a3:6d:cb:c9:70:65:02:34:5f:
                    d8:05:ef:f5:da:a1:26:65:2b:0a:3a:1e:97:8c:68:
                    23:ca:39:4c:72:5b:21:11:f4:d3:bb:64:13:11:65:
                    d7:d8:c8:ce:f7:4a:97:83:62:d3:9c:73:82:bd:83:
                    64:62:18:c8:80:0e:af:7b:30:c5:96:9f:d4:fd:fc:
                    75:cd:79:8c:fe:c9:20:0c:82:f6:71:43:b2:84:2c:
                    a3:9c:7b:6a:fd:5a:be:6a:9e:1f:c5:8e:84:00:4a:
                    47:29:8f:d4:94:78:ed:3a:ed:0d:78:7d:33:17:ea:
                    88:98:d1:76:0d:14:d6:e7:7f:91:fd:66:18:2c:41:
                    09:1e:77:b4:cf:32:16:24:22:bf:be:5a:60:c0:d1:
                    75:37:27:9d:a7:ee:b4:01:ee:ea:6f:64:77:b3:26:
                    4d:20:ba:6b:6e:74:ee:dc:8b:4f:ec:93:2a:c5:10:
                    e7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:68:6C:19:71:AC:79:5D:8F:C0:85:DF:2E:49:33:CB:D6:EB:8C:7F
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/hmhsGXGseV2PwIXfLkkzy9brjH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:2a47::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:9f:2b:cd:62:ad:fe:d7:89:66:7d:41:b3:1d:af:01:8a:92:
         64:aa:82:0b:19:ec:dd:7d:ce:b1:6a:4a:06:a7:13:98:c4:0c:
         6e:a2:46:83:e7:35:bf:e7:43:3f:6e:a5:11:ae:3b:27:c9:fe:
         4e:a1:42:83:45:2a:54:67:33:c1:0f:f7:e8:60:23:ec:e5:a6:
         f6:68:bf:58:5e:8d:bd:71:09:b2:e6:d3:58:0f:4d:b4:2a:0d:
         e2:2f:e4:ba:21:0d:03:1d:a9:99:d0:21:40:c2:00:7e:ee:64:
         f5:31:3a:63:fd:a7:e9:7b:76:47:00:a1:ea:e5:a2:c5:ab:43:
         2a:fc:1a:b3:1e:d3:c9:9d:9d:59:c8:41:77:64:13:fa:33:8c:
         cd:3c:d5:33:7c:4b:b7:71:9c:f2:19:f6:a6:50:a9:cb:fc:ab:
         78:32:bf:fd:6a:00:60:4d:11:0c:d3:99:64:13:8a:ef:89:a6:
         6a:f7:2e:2d:1e:6f:f8:28:ba:15:67:cf:41:f1:61:6a:4f:1b:
         05:7d:dc:19:2b:d3:aa:e0:79:52:1f:88:bb:d2:06:0d:ef:da:
         a1:38:24:c9:d9:63:59:f4:62:75:fc:e9:aa:bd:2d:ee:57:4c:
         5f:db:b8:15:6d:03:ab:3f:cf:8a:51:b1:0f:c8:40:89:86:bf:
         f8:ed:a6:5b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZlcBW78jtJlJ8KxlGCAbXITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjUwOTE4MDg1MTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjY4NmMxOTcxYWM3OTVkOGZjMDg1ZGYyZTQ5MzNjYmQ2ZWI4YzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EoM7cf9UeAeNLnfKs8YjnkADZ0m
XGTbyAag86fn16eM0uUe+GXgVLtYr0sks/XohZhXO3u4nIMzXprOm5vBgs9mrgFH
MmojxKIlkr04QD2jbcvJcGUCNF/YBe/12qEmZSsKOh6XjGgjyjlMclshEfTTu2QT
EWXX2MjO90qXg2LTnHOCvYNkYhjIgA6vezDFlp/U/fx1zXmM/skgDIL2cUOyhCyj
nHtq/Vq+ap4fxY6EAEpHKY/UlHjtOu0NeH0zF+qImNF2DRTW53+R/WYYLEEJHne0
zzIWJCK/vlpgwNF1Nyedp+60Ae7qb2R3syZNILprbnTu3ItP7JMqxRDnCQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIZobBlxrHldj8CF3y5JM8vW64x/MB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvaG1oc0dYR3NlVjJQd0lYZkxra3p5OWJyakg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEqRzAN
BgkqhkiG9w0BAQsFAAOCAQEAYJ8rzWKt/teJZn1Bsx2vAYqSZKqCCxns3X3OsWpK
BqcTmMQMbqJGg+c1v+dDP26lEa47J8n+TqFCg0UqVGczwQ/36GAj7OWm9mi/WF6N
vXEJsubTWA9NtCoN4i/kuiENAx2pmdAhQMIAfu5k9TE6Y/2n6Xt2RwCh6uWixatD
Kvwasx7TyZ2dWchBd2QT+jOMzTzVM3xLt3Gc8hn2plCpy/yreDK//WoAYE0RDNOZ
ZBOK74mmavcuLR5v+Ci6FWfPQfFhak8bBX3cGSvTquB5Uh+Iu9IGDe/aoTgkydlj
WfRidfzpqr0t7ldMX9u4FW0Dqz/PilGxD8hAiYa/+O2mWw==
-----END CERTIFICATE-----