Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/dJhnxNzwfdHlneQSztyV2rQUNh8.roa
File:                     dJhnxNzwfdHlneQSztyV2rQUNh8.roa (raw, json)
Hash identifier:          mBXD3iXgLpyd3hmkrgIDXjTXmIhHa5rAOzsMx5futIk=
Subject key identifier:   74:98:67:C4:DC:F0:7D:D1:E5:9D:E4:12:CE:DC:95:DA:B4:14:36:1F
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       0199295DE8B3DC78EC1BEA0CF46E14D202FF
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/dJhnxNzwfdHlneQSztyV2rQUNh8.roa
Signing time:             Mon 08 Sep 2025 12:47:24 +0000
ROA not before:           Mon 08 Sep 2025 12:47:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209183
IP address blocks:        2a0b:6600::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 13:49:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:29:5d:e8:b3:dc:78:ec:1b:ea:0c:f4:6e:14:d2:02:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Sep  8 12:47:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=749867c4dcf07dd1e59de412cedc95dab414361f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8d:d0:ec:92:1b:29:74:31:36:e3:8c:da:2b:
                    2a:06:26:6f:33:a4:82:75:d8:6f:16:ab:fb:f8:d7:
                    06:5c:bd:4b:88:8b:37:0a:4c:ce:3d:b6:50:37:0d:
                    61:12:01:10:c5:cd:9e:22:74:7d:c3:46:99:d1:2b:
                    fe:3e:e4:a7:b2:59:82:8e:30:45:53:79:0c:d2:89:
                    0c:44:5c:b7:a4:80:5e:38:6b:fc:2f:2f:72:cb:34:
                    fa:83:eb:84:17:3d:d6:cd:7c:ce:cd:67:85:c3:1c:
                    23:ad:df:ae:1a:0d:f0:ec:35:0c:eb:46:10:f8:a9:
                    81:9f:58:3f:76:16:e9:6a:b0:99:f0:ca:09:ab:21:
                    10:fe:40:20:d2:cc:5f:43:e2:1e:85:5c:33:e6:e2:
                    a3:f5:d2:84:5b:7e:72:6c:6b:bb:3c:bc:d0:9c:f8:
                    ac:09:5b:36:ab:a2:fe:10:80:40:7d:46:16:03:43:
                    76:76:65:3f:35:fe:be:45:41:e4:6f:dd:ad:61:31:
                    5d:f0:44:5b:d3:87:82:bc:89:00:78:60:c5:af:23:
                    aa:3f:0f:22:aa:81:3f:76:56:0e:54:f8:43:6f:3c:
                    4b:30:49:12:b0:8a:39:13:1a:f7:74:12:4f:25:50:
                    9a:5c:8d:2b:58:d6:8f:33:d1:f9:2c:ab:5e:d9:74:
                    ad:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:98:67:C4:DC:F0:7D:D1:E5:9D:E4:12:CE:DC:95:DA:B4:14:36:1F
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/dJhnxNzwfdHlneQSztyV2rQUNh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6600::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:3a:8f:c2:80:6a:a8:49:78:98:a9:82:84:d5:c2:e1:d4:c8:
         ba:dc:6b:2e:d9:a0:e4:ff:1a:d0:e9:fc:c4:69:28:ad:0d:d8:
         25:65:6a:f3:25:43:bf:e6:e4:1b:64:ca:e1:f0:42:93:e6:6a:
         64:91:66:4e:12:26:ac:81:f8:16:55:db:fc:75:d1:ae:d7:1e:
         5c:20:58:53:42:2a:9f:2d:65:1e:c0:21:40:d4:2b:12:79:77:
         50:3f:16:6f:d6:0d:b3:d9:e7:9d:ab:a5:de:fb:97:a9:76:d5:
         eb:a4:d2:01:8c:71:ff:05:4d:bb:98:0d:56:e5:07:cd:b6:78:
         10:79:e6:69:9f:f9:09:e2:10:fd:8e:f5:72:72:a0:40:e1:c1:
         d9:81:60:43:5d:af:29:4a:31:2f:cc:08:1a:b3:d6:c7:54:b1:
         af:d0:15:ea:df:70:69:28:96:53:b6:ce:6e:8a:73:0b:7c:ec:
         1d:dc:bc:bb:2c:d3:6c:c8:9a:50:33:e5:2f:7d:66:78:8b:00:
         dd:44:ad:57:99:03:fa:ef:4d:5c:02:14:eb:0a:ce:d5:65:bf:
         a7:5d:b5:99:0f:e7:49:26:c7:40:75:44:4b:bc:6b:c7:eb:c4:
         31:87:c7:fc:47:20:fc:3e:ab:ce:80:46:ba:0a:26:d4:82:35:
         b3:a7:cf:7f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkpXeiz3HjsG+oM9G4U0gL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwOTA4MTI0NzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDk4NjdjNGRjZjA3ZGQxZTU5ZGU0MTJjZWRjOTVkYWI0MTQzNjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0I3Q7JIbKXQxNuOM2isqBiZvM6SC
ddhvFqv7+NcGXL1LiIs3CkzOPbZQNw1hEgEQxc2eInR9w0aZ0Sv+PuSnslmCjjBF
U3kM0okMRFy3pIBeOGv8Ly9yyzT6g+uEFz3WzXzOzWeFwxwjrd+uGg3w7DUM60YQ
+KmBn1g/dhbparCZ8MoJqyEQ/kAg0sxfQ+IehVwz5uKj9dKEW35ybGu7PLzQnPis
CVs2q6L+EIBAfUYWA0N2dmU/Nf6+RUHkb92tYTFd8ERb04eCvIkAeGDFryOqPw8i
qoE/dlYOVPhDbzxLMEkSsIo5Exr3dBJPJVCaXI0rWNaPM9H5LKte2XStoQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHSYZ8Tc8H3R5Z3kEs7cldq0FDYfMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvZEpobnhOendmZEhsbmVRU3p0eVYyclFVTmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgtmADAN
BgkqhkiG9w0BAQsFAAOCAQEADjqPwoBqqEl4mKmChNXC4dTIutxrLtmg5P8a0On8
xGkorQ3YJWVq8yVDv+bkG2TK4fBCk+ZqZJFmThImrIH4FlXb/HXRrtceXCBYU0Iq
ny1lHsAhQNQrEnl3UD8Wb9YNs9nnnaul3vuXqXbV66TSAYxx/wVNu5gNVuUHzbZ4
EHnmaZ/5CeIQ/Y71cnKgQOHB2YFgQ12vKUoxL8wIGrPWx1Sxr9AV6t9waSiWU7bO
bopzC3zsHdy8uyzTbMiaUDPlL31meIsA3UStV5kD+u9NXAIU6wrO1WW/p121mQ/n
SSbHQHVES7xrx+vEMYfH/Ecg/D6rzoBGugom1II1s6fPfw==
-----END CERTIFICATE-----