Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Ty3UJCgNQ3PS2OLFdNF3YNXX0mQ.roa
File:                     Ty3UJCgNQ3PS2OLFdNF3YNXX0mQ.roa (raw, json)
Hash identifier:          QnxYwenhbTrtLRGoSz1wjARsZncrjAA3uu2YuxoSI9s=
Subject key identifier:   4F:2D:D4:24:28:0D:43:73:D2:D8:E2:C5:74:D1:77:60:D5:D7:D2:64
Certificate issuer:       /CN=363f09508fdf256448219b284bb09b23b2b51396
Certificate serial:       019A6985F46209C451C4D19ED3D9C89B7613
Authority key identifier: 36:3F:09:50:8F:DF:25:64:48:21:9B:28:4B:B0:9B:23:B2:B5:13:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Ty3UJCgNQ3PS2OLFdNF3YNXX0mQ.roa
Signing time:             Sun 09 Nov 2025 16:49:37 +0000
ROA not before:           Sun 09 Nov 2025 16:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        86.54.28.0/24 maxlen: 24
                          86.54.29.0/24 maxlen: 24
                          2a01:e940::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 04:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:69:85:f4:62:09:c4:51:c4:d1:9e:d3:d9:c8:9b:76:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363f09508fdf256448219b284bb09b23b2b51396
        Validity
            Not Before: Nov  9 16:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f2dd424280d4373d2d8e2c574d17760d5d7d264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d6:4b:cd:0d:44:44:78:ab:31:b2:94:db:2a:
                    f7:95:7e:32:3e:b6:37:e6:3f:26:2e:31:00:7e:03:
                    db:ce:96:0f:71:54:4c:21:a7:07:9b:c6:fa:ad:9f:
                    7b:f1:53:bb:4f:59:de:e7:8a:d9:2d:2a:0d:eb:d9:
                    6d:4a:fa:e2:d4:37:37:5c:8b:d7:d4:0e:f9:7b:01:
                    3f:99:7e:0b:58:01:04:f1:04:e3:54:ee:e4:3e:de:
                    ee:55:e1:4a:45:a4:b0:e9:ff:e6:f9:75:fe:18:28:
                    30:57:c4:cd:bd:3f:2d:be:c3:ef:87:91:e5:23:3d:
                    a0:78:fb:d0:1e:8a:6c:96:59:eb:ec:eb:b7:ec:08:
                    88:53:c5:55:ea:bf:36:76:d2:71:1d:88:a6:6f:59:
                    28:3f:fd:8b:12:21:8b:7d:44:c5:62:df:ca:f2:54:
                    05:6c:6c:00:cf:f7:f7:bb:40:fc:73:c7:37:76:ac:
                    d5:37:05:06:2e:0f:37:42:6d:01:dd:96:8d:d9:ab:
                    4b:b3:e7:8f:2b:d9:fb:81:03:6f:b7:ba:f2:d9:4c:
                    da:5e:d0:77:67:f3:5c:af:af:be:26:87:0f:3d:54:
                    f7:eb:e9:bd:ac:46:21:a8:2d:cc:3d:d2:6d:82:48:
                    94:43:a4:71:6c:bb:17:6f:12:dc:e9:40:23:77:65:
                    a1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:2D:D4:24:28:0D:43:73:D2:D8:E2:C5:74:D1:77:60:D5:D7:D2:64
            X509v3 Authority Key Identifier:
                keyid:36:3F:09:50:8F:DF:25:64:48:21:9B:28:4B:B0:9B:23:B2:B5:13:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Ty3UJCgNQ3PS2OLFdNF3YNXX0mQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.54.28.0/23
                IPv6:
                  2a01:e940::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:48:fd:88:7e:3f:b3:e1:5e:de:2b:cc:55:0e:52:16:17:fa:
         44:6f:ee:47:5a:a5:5b:61:2f:54:c7:cc:4c:55:f5:bc:55:72:
         9a:5c:d2:54:65:13:9f:21:e2:b7:24:67:de:c1:1e:25:2d:75:
         c2:8c:13:3f:75:37:89:a8:07:e0:f8:c6:58:67:c5:5b:8b:da:
         9a:08:d8:95:1b:8e:f9:2e:4f:ce:f3:cd:a1:1d:83:0c:56:2e:
         10:6c:a5:37:d3:7c:96:de:7e:68:51:40:c8:3a:dd:5a:b9:3e:
         47:97:f2:fc:6e:d5:97:8d:ef:cc:a6:1e:48:20:36:a8:51:8f:
         ad:71:c2:ee:3e:3a:7d:95:a1:6f:0c:6e:28:0c:d9:9d:6b:f4:
         e6:ed:e0:86:88:98:80:54:64:10:2c:28:fd:ac:58:c9:ac:13:
         a1:96:99:80:2e:17:b8:88:e8:30:2e:6a:32:d4:b4:4d:ea:fe:
         27:b5:32:c4:7b:0c:34:3e:ec:5c:03:64:9b:1c:a0:2c:cb:7f:
         21:79:84:e0:f6:0f:63:20:b9:90:29:7d:85:1b:ae:6c:5e:11:
         0a:3f:12:b1:f8:a5:1c:34:65:eb:86:4a:a5:b9:bd:de:12:b6:
         fb:c7:ca:1f:e1:f7:d2:d8:2a:09:af:56:9e:ea:08:f6:a1:fe:
         30:ed:e8:0b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZpphfRiCcRRxNGe09nIm3YTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2M2YwOTUwOGZkZjI1NjQ0ODIxOWIyODRiYjA5YjIzYjJi
NTEzOTYwHhcNMjUxMTA5MTY0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjJkZDQyNDI4MGQ0MzczZDJkOGUyYzU3NGQxNzc2MGQ1ZDdkMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdZLzQ1ERHirMbKU2yr3lX4yPrY3
5j8mLjEAfgPbzpYPcVRMIacHm8b6rZ978VO7T1ne54rZLSoN69ltSvri1Dc3XIvX
1A75ewE/mX4LWAEE8QTjVO7kPt7uVeFKRaSw6f/m+XX+GCgwV8TNvT8tvsPvh5Hl
Iz2gePvQHopsllnr7Ou37AiIU8VV6r82dtJxHYimb1koP/2LEiGLfUTFYt/K8lQF
bGwAz/f3u0D8c8c3dqzVNwUGLg83Qm0B3ZaN2atLs+ePK9n7gQNvt7ry2UzaXtB3
Z/Ncr6++JocPPVT36+m9rEYhqC3MPdJtgkiUQ6RxbLsXbxLc6UAjd2Wh1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE8t1CQoDUNz0tjixXTRd2DV19JkMB8GA1UdIwQY
MBaAFDY/CVCP3yVkSCGbKEuwmyOytROWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmo4SlVJX2ZKV1JJSVpzb1M3Q2JJN0sxRTVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9hZDA1ZjItYWIzOS00MTMyLTg0OTIt
ZmQ4MTQ0NTVhODY4LzEvVHkzVUpDZ05RM1BTMk9MRmRORjNZTlhYMG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9hZDA1ZjItYWIzOS00MTMyLTg0OTItZmQ4MTQ0NTVhODY4
LzEvTmo4SlVJX2ZKV1JJSVpzb1M3Q2JJN0sxRTVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBVjYcMA8E
AgACMAkDBwAqAelAAAAwDQYJKoZIhvcNAQELBQADggEBAA9I/Yh+P7PhXt4rzFUO
UhYX+kRv7kdapVthL1THzExV9bxVcppc0lRlE58h4rckZ97BHiUtdcKMEz91N4mo
B+D4xlhnxVuL2poI2JUbjvkuT87zzaEdgwxWLhBspTfTfJbefmhRQMg63Vq5PkeX
8vxu1ZeN78ymHkggNqhRj61xwu4+On2VoW8MbigM2Z1r9Obt4IaImIBUZBAsKP2s
WMmsE6GWmYAuF7iI6DAuajLUtE3q/ie1MsR7DDQ+7FwDZJscoCzLfyF5hOD2D2Mg
uZApfYUbrmxeEQo/ErH4pRw0ZeuGSqW5vd4StvvHyh/h99LYKgmvVp7qCPah/jDt
6As=
-----END CERTIFICATE-----