Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/tnwWDwiMrFSZfTvte1Vk9_ZKf3A.roa
File:                     tnwWDwiMrFSZfTvte1Vk9_ZKf3A.roa (raw, json)
Hash identifier:          kuGCoClVMP+rZrndrZSC6YTeKn3fyUCuLMJ78kfXRCw=
Subject key identifier:   B6:7C:16:0F:08:8C:AC:54:99:7D:3B:ED:7B:55:64:F7:F6:4A:7F:70
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019A1BF3A360BFAAE0CDC7AD19497A743F8D
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/tnwWDwiMrFSZfTvte1Vk9_ZKf3A.roa
Signing time:             Sat 25 Oct 2025 15:19:03 +0000
ROA not before:           Sat 25 Oct 2025 15:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215590
IP address blocks:        2a01:ecc0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 11:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:1b:f3:a3:60:bf:aa:e0:cd:c7:ad:19:49:7a:74:3f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Oct 25 15:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b67c160f088cac54997d3bed7b5564f7f64a7f70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:00:7c:5f:0a:4e:da:9a:08:ca:bb:75:69:fd:
                    53:f4:cd:63:41:12:3b:ff:b0:46:d4:27:43:7d:1b:
                    aa:3a:4f:c2:18:1e:fc:56:76:52:50:00:6a:0e:4a:
                    ba:17:23:5a:bb:f0:7a:b5:da:75:d8:90:7d:d7:16:
                    1a:6b:14:54:1c:5e:1a:50:c7:c3:de:c7:1a:ad:6f:
                    01:cf:79:cf:26:0e:9f:53:41:9a:20:7a:cd:1a:12:
                    97:17:79:d2:60:49:e8:be:1b:cf:37:38:9e:d3:25:
                    25:c7:c0:d3:2d:6c:45:19:d9:fe:14:00:73:59:9c:
                    b3:b0:47:72:58:e4:04:b2:fd:4c:4e:51:1d:d3:62:
                    fc:5f:16:66:1b:4f:e2:c3:06:de:0c:05:16:08:96:
                    3b:3b:c1:91:92:ab:cc:c8:82:6e:47:de:da:a1:f5:
                    e7:d9:3a:c9:b1:05:d2:7e:d2:76:46:95:25:d5:61:
                    3d:9e:5a:37:9f:6c:2a:fa:c0:87:c3:0c:2f:08:90:
                    d8:bc:d1:2c:17:5c:c4:80:aa:2b:3d:c0:98:89:89:
                    9c:c6:34:32:14:75:a6:f6:e7:26:88:76:c1:08:eb:
                    49:ac:2f:76:60:f4:25:92:93:69:7d:fb:cf:1a:78:
                    ad:fe:33:27:07:a3:62:a8:93:92:ca:63:26:94:81:
                    04:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:7C:16:0F:08:8C:AC:54:99:7D:3B:ED:7B:55:64:F7:F6:4A:7F:70
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/tnwWDwiMrFSZfTvte1Vk9_ZKf3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:1e:20:e1:78:d4:37:b4:ac:a5:ca:b6:ab:36:df:39:57:df:
         ec:cd:11:42:92:3b:2a:88:af:41:19:9f:bd:e0:ea:84:cb:5d:
         ca:24:e3:56:db:3c:9f:98:22:0f:bf:fd:32:78:01:46:ca:10:
         74:91:ce:b5:1f:9b:10:03:33:56:fe:74:f4:03:65:6e:e2:87:
         d4:0f:e4:36:b3:57:02:48:ae:76:36:16:57:91:5b:78:76:6c:
         30:47:87:8a:aa:fd:d8:47:34:a5:2a:a0:eb:31:15:f6:d6:9b:
         bf:12:29:a2:41:f5:0e:56:f9:e2:ce:ca:d5:ba:42:65:e2:eb:
         da:2f:a2:7e:ba:f9:47:f5:df:7c:5c:ad:82:e8:bc:f1:cc:97:
         9c:ee:70:16:7c:82:ee:f8:04:29:cf:86:9b:4f:9f:fd:fb:d2:
         73:ac:ac:52:8e:2e:96:28:17:74:5a:fa:ff:b7:de:c4:4c:36:
         5b:b6:74:7e:1e:42:04:dc:f7:d0:73:cc:e4:a2:d3:65:fe:6f:
         65:27:81:65:60:27:54:ca:b4:2d:10:06:bc:4c:85:80:98:aa:
         bb:af:5e:eb:63:eb:18:23:de:c5:14:12:f0:79:a5:a6:26:ca:
         6c:d1:a8:de:e7:a0:e5:85:81:a0:6b:3a:56:34:3c:46:02:9a:
         e4:89:b3:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZob86Ngv6rgzcetGUl6dD+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUxMDI1MTUxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjdjMTYwZjA4OGNhYzU0OTk3ZDNiZWQ3YjU1NjRmN2Y2NGE3ZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgB8XwpO2poIyrt1af1T9M1jQRI7
/7BG1CdDfRuqOk/CGB78VnZSUABqDkq6FyNau/B6tdp12JB91xYaaxRUHF4aUMfD
3scarW8Bz3nPJg6fU0GaIHrNGhKXF3nSYEnovhvPNzie0yUlx8DTLWxFGdn+FABz
WZyzsEdyWOQEsv1MTlEd02L8XxZmG0/iwwbeDAUWCJY7O8GRkqvMyIJuR97aofXn
2TrJsQXSftJ2RpUl1WE9nlo3n2wq+sCHwwwvCJDYvNEsF1zEgKorPcCYiYmcxjQy
FHWm9ucmiHbBCOtJrC92YPQlkpNpffvPGnit/jMnB6NiqJOSymMmlIEEjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLZ8Fg8IjKxUmX077XtVZPf2Sn9wMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvdG53V0R3aU1yRlNaZlR2dGUxVms5X1pLZjNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHswAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCjHiDheNQ3tKylyrarNt85V9/szRFCkjsqiK9B
GZ+94OqEy13KJONW2zyfmCIPv/0yeAFGyhB0kc61H5sQAzNW/nT0A2Vu4ofUD+Q2
s1cCSK52NhZXkVt4dmwwR4eKqv3YRzSlKqDrMRX21pu/EimiQfUOVvnizsrVukJl
4uvaL6J+uvlH9d98XK2C6LzxzJec7nAWfILu+AQpz4abT5/9+9JzrKxSji6WKBd0
Wvr/t97ETDZbtnR+HkIE3PfQc8zkotNl/m9lJ4FlYCdUyrQtEAa8TIWAmKq7r17r
Y+sYI97FFBLweaWmJsps0aje56DlhYGgazpWNDxGAprkibPE
-----END CERTIFICATE-----