Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/EkCtc_4p6Wq07p2MBIBwRSOGLNs.roa
File:                     EkCtc_4p6Wq07p2MBIBwRSOGLNs.roa (raw, json)
Hash identifier:          PmCi1laieXiPQLLV9yPTc6b/nV7EnLvVoi7Z0pQseeI=
Subject key identifier:   12:40:AD:73:FE:29:E9:6A:B4:EE:9D:8C:04:80:70:45:23:86:2C:DB
Certificate issuer:       /CN=05d4d49da3e14855a7b883603ff148c1bb21f690
Certificate serial:       01990637603B645833701B4F0692DC0B4E41
Authority key identifier: 05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/EkCtc_4p6Wq07p2MBIBwRSOGLNs.roa
Signing time:             Mon 01 Sep 2025 16:58:36 +0000
ROA not before:           Mon 01 Sep 2025 16:58:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205866
IP address blocks:        2a09:f1c4::/32 maxlen: 32
                          2a09:f9c3::/32 maxlen: 32
                          2a0e:7344::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 11:20:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:06:37:60:3b:64:58:33:70:1b:4f:06:92:dc:0b:4e:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05d4d49da3e14855a7b883603ff148c1bb21f690
        Validity
            Not Before: Sep  1 16:58:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1240ad73fe29e96ab4ee9d8c0480704523862cdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:57:2f:d4:b5:e7:ba:c5:34:c1:57:85:1d:60:
                    19:9d:52:26:53:f4:50:a3:b9:7c:1b:70:42:7c:72:
                    ec:c8:b7:eb:84:a1:e3:21:b1:02:f2:a2:f5:aa:fa:
                    1b:85:ba:e5:0f:c5:04:d7:60:65:57:3a:27:72:5c:
                    14:ff:ef:46:4b:cc:cb:a9:a7:d0:5f:dd:55:43:db:
                    c2:1b:e3:18:73:f6:80:61:f8:5a:1a:37:ae:94:f5:
                    ee:9f:58:75:3e:d9:5f:84:c9:23:d0:98:88:a4:d6:
                    6a:34:8e:08:c6:a4:02:78:ff:48:ad:91:59:75:fa:
                    25:ea:81:98:1d:5a:60:fe:e1:f3:5c:17:2a:ab:de:
                    d6:ad:34:ea:77:42:d9:8e:8f:95:41:be:40:37:5d:
                    18:17:1d:10:98:66:1d:07:ca:10:e8:3e:f8:b4:09:
                    34:04:00:0a:51:b1:89:8c:57:9f:29:0c:2d:1e:54:
                    06:35:59:91:7b:c1:4c:85:14:ee:c4:ee:3e:22:05:
                    41:a7:d4:ba:52:9d:a7:32:33:56:63:c1:50:fa:5c:
                    b9:8e:e1:cb:be:23:34:9d:4c:69:31:14:f2:66:dc:
                    53:e6:17:d3:a2:5f:94:97:d0:5d:f1:ef:db:66:69:
                    46:d0:e9:31:75:8f:69:0c:b9:3f:6c:f0:7c:21:da:
                    bc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:40:AD:73:FE:29:E9:6A:B4:EE:9D:8C:04:80:70:45:23:86:2C:DB
            X509v3 Authority Key Identifier:
                keyid:05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/EkCtc_4p6Wq07p2MBIBwRSOGLNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:f1c4::/32
                  2a09:f9c3::/32
                  2a0e:7344::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:a5:d4:b1:a9:af:aa:be:35:3c:63:28:bb:01:34:a3:a2:b7:
         03:8f:29:e7:6f:e7:a4:57:38:91:f4:f6:e2:87:4b:da:06:b0:
         7d:07:3f:a6:93:31:af:af:12:fd:f1:14:5f:69:a8:3d:d2:44:
         52:88:da:af:c7:c3:1c:a6:ad:36:f7:17:5c:54:1d:b9:7a:95:
         e3:17:a2:cb:97:04:b0:87:3b:24:95:59:aa:82:6d:d7:48:7d:
         bd:74:c9:24:33:f2:67:72:b1:48:51:b2:1e:b8:bd:2e:55:21:
         03:d6:c1:0e:a9:68:aa:8d:dd:cf:d1:24:15:4d:26:b6:4d:7f:
         b7:b0:e9:da:5a:67:1c:bf:59:a5:f6:3b:fa:de:6b:cb:f0:89:
         45:9d:23:ff:85:3d:9d:b7:44:6d:59:8e:18:a3:f2:76:59:cd:
         8b:24:71:e2:da:24:c0:35:cd:d0:d4:10:98:9a:ef:0d:0e:15:
         43:a2:34:b2:b2:52:7d:07:26:a1:2c:a1:37:e1:77:d5:76:c8:
         78:8c:b6:f5:a1:73:0d:e3:47:47:61:7f:f2:fe:7b:2f:74:d6:
         e2:9d:84:5f:5c:1e:f7:ea:c1:14:d1:33:f8:57:23:14:67:c1:
         63:16:d2:63:02:16:35:e2:7b:2d:57:cd:22:29:22:71:53:c4:
         e0:1e:37:80
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkGN2A7ZFgzcBtPBpLcC05BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZDRkNDlkYTNlMTQ4NTVhN2I4ODM2MDNmZjE0OGMxYmIy
MWY2OTAwHhcNMjUwOTAxMTY1ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjQwYWQ3M2ZlMjllOTZhYjRlZTlkOGMwNDgwNzA0NTIzODYyY2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlcv1LXnusU0wVeFHWAZnVImU/RQ
o7l8G3BCfHLsyLfrhKHjIbEC8qL1qvobhbrlD8UE12BlVzonclwU/+9GS8zLqafQ
X91VQ9vCG+MYc/aAYfhaGjeulPXun1h1PtlfhMkj0JiIpNZqNI4IxqQCeP9IrZFZ
dfol6oGYHVpg/uHzXBcqq97WrTTqd0LZjo+VQb5AN10YFx0QmGYdB8oQ6D74tAk0
BAAKUbGJjFefKQwtHlQGNVmRe8FMhRTuxO4+IgVBp9S6Up2nMjNWY8FQ+ly5juHL
viM0nUxpMRTyZtxT5hfTol+Ul9Bd8e/bZmlG0OkxdY9pDLk/bPB8Idq8bQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBJArXP+KelqtO6djASAcEUjhizbMB8GA1UdIwQY
MBaAFAXU1J2j4UhVp7iDYD/xSMG7IfaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQt
NThmMWNiZjNjYWMzLzEvRWtDdGNfNHA2V3EwN3AyTUJJQndSU09HTE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQtNThmMWNiZjNjYWMz
LzEvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgnxxAMF
ACoJ+cMDBQAqDnNEMA0GCSqGSIb3DQEBCwUAA4IBAQAopdSxqa+qvjU8Yyi7ATSj
orcDjynnb+ekVziR9Pbih0vaBrB9Bz+mkzGvrxL98RRfaag90kRSiNqvx8Mcpq02
9xdcVB25epXjF6LLlwSwhzsklVmqgm3XSH29dMkkM/JncrFIUbIeuL0uVSED1sEO
qWiqjd3P0SQVTSa2TX+3sOnaWmccv1ml9jv63mvL8IlFnSP/hT2dt0RtWY4Yo/J2
Wc2LJHHi2iTANc3Q1BCYmu8NDhVDojSyslJ9ByahLKE34XfVdsh4jLb1oXMN40dH
YX/y/nsvdNbinYRfXB736sEU0TP4VyMUZ8FjFtJjAhY14nstV80iKSJxU8TgHjeA
-----END CERTIFICATE-----