Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/9tFwEMjWQpGY38canv5CBXFWsgg.roa
File:                     9tFwEMjWQpGY38canv5CBXFWsgg.roa (raw, json)
Hash identifier:          g9Iop+nni4DXMYjiEHdKEXFMG0sBe+IoUtOY1n0AioA=
Subject key identifier:   F6:D1:70:10:C8:D6:42:91:98:DF:C7:1A:9E:FE:42:05:71:56:B2:08
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019A5A880FB614510B20BC6C7704B047454C
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/9tFwEMjWQpGY38canv5CBXFWsgg.roa
Signing time:             Thu 06 Nov 2025 18:57:37 +0000
ROA not before:           Thu 06 Nov 2025 18:57:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        2a0f:b242::/32 maxlen: 48
                          2a0f:b243::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5a:88:0f:b6:14:51:0b:20:bc:6c:77:04:b0:47:45:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Nov  6 18:57:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6d17010c8d6429198dfc71a9efe42057156b208
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:20:b4:1a:2a:d9:81:af:6a:af:13:40:9e:02:
                    7e:67:52:01:50:75:d6:c9:0d:a0:7a:8a:b8:b4:c0:
                    31:10:8f:4d:da:6a:ca:e4:9f:4b:29:d0:91:f5:74:
                    f2:90:4d:60:e1:5f:3f:4d:21:49:22:fa:ed:04:a8:
                    5f:7c:a2:b3:84:fc:ef:c3:5b:0d:bf:61:c5:d5:2a:
                    6c:24:aa:33:ab:2f:16:66:88:de:b7:b2:68:8e:a2:
                    4a:cb:89:09:d1:0b:79:78:9a:56:b4:0e:8d:d0:68:
                    3e:56:b8:ce:d1:fa:41:b6:ba:57:9b:95:b8:0f:8a:
                    3d:0b:e5:0f:86:21:4a:e1:a2:b8:b8:6a:72:b1:14:
                    b2:5a:a8:c6:6b:e6:38:cc:c8:21:ae:c3:7c:65:19:
                    14:05:29:2c:d7:a9:8c:24:3e:e5:ee:10:c1:39:74:
                    93:f5:76:78:00:52:72:7d:bd:78:4d:f2:ec:d5:fc:
                    20:da:8a:15:83:a7:4c:fd:af:57:07:82:14:3a:51:
                    b0:48:59:ac:71:1b:69:3a:01:a6:81:a7:b4:58:80:
                    79:6f:64:0c:c3:64:d8:23:fb:23:22:8a:51:fb:9a:
                    4e:0a:29:64:c9:97:00:b7:45:ce:cb:a3:40:30:12:
                    dc:51:56:b3:a1:73:6f:5b:49:c4:e2:52:99:6a:e6:
                    ab:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:D1:70:10:C8:D6:42:91:98:DF:C7:1A:9E:FE:42:05:71:56:B2:08
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/9tFwEMjWQpGY38canv5CBXFWsgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b242::/31

    Signature Algorithm: sha256WithRSAEncryption
         3b:4d:5f:0f:22:2d:20:7f:56:63:1b:77:c4:2d:b4:61:e5:50:
         58:bb:23:c4:1b:eb:6a:40:55:78:af:90:83:f9:c0:a0:35:23:
         2d:7f:c9:62:22:e9:90:f0:76:14:c0:60:15:cd:3f:97:93:b6:
         06:5e:48:e9:98:8e:87:05:05:34:92:a4:dd:03:1e:f1:7b:d7:
         c1:50:26:9e:e8:36:ac:db:ce:c3:53:12:8a:59:42:cd:89:89:
         c3:a3:5b:24:9b:5e:de:25:cb:6d:0b:30:e5:8e:38:52:43:5b:
         01:5d:4d:6a:aa:1e:3b:7b:8a:9f:bd:6e:76:9a:1c:bd:d8:fb:
         fe:65:1c:26:27:84:aa:70:03:26:cd:68:79:bf:a4:e8:3f:32:
         69:c3:57:7a:4c:66:9c:12:8b:df:b2:06:a2:11:a0:62:df:34:
         dd:1e:76:ed:02:a0:f7:c5:34:e7:38:b4:03:ed:21:50:81:96:
         92:3c:a0:ad:98:a6:f2:5a:4c:21:67:56:8d:a4:3d:1c:b5:f4:
         ce:84:b3:e3:a2:fd:80:95:20:bf:e1:8e:6a:af:f7:89:c7:f6:
         99:33:d7:23:ba:05:32:f8:10:1e:8a:94:43:82:52:5f:f3:b1:
         62:26:cf:a3:b0:66:89:df:08:47:e6:e6:88:d6:02:ed:45:d9:
         ab:a0:dc:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZpaiA+2FFELILxsdwSwR0VMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMTA2MTg1NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmQxNzAxMGM4ZDY0MjkxOThkZmM3MWE5ZWZlNDIwNTcxNTZiMjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4yC0GirZga9qrxNAngJ+Z1IBUHXW
yQ2geoq4tMAxEI9N2mrK5J9LKdCR9XTykE1g4V8/TSFJIvrtBKhffKKzhPzvw1sN
v2HF1SpsJKozqy8WZojet7JojqJKy4kJ0Qt5eJpWtA6N0Gg+VrjO0fpBtrpXm5W4
D4o9C+UPhiFK4aK4uGpysRSyWqjGa+Y4zMghrsN8ZRkUBSks16mMJD7l7hDBOXST
9XZ4AFJyfb14TfLs1fwg2ooVg6dM/a9XB4IUOlGwSFmscRtpOgGmgae0WIB5b2QM
w2TYI/sjIopR+5pOCilkyZcAt0XOy6NAMBLcUVazoXNvW0nE4lKZauarNQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPbRcBDI1kKRmN/HGp7+QgVxVrIIMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvOXRGd0VNaldRcEdZMzhjYW52NUNCWEZXc2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKg+yQjAN
BgkqhkiG9w0BAQsFAAOCAQEAO01fDyItIH9WYxt3xC20YeVQWLsjxBvrakBVeK+Q
g/nAoDUjLX/JYiLpkPB2FMBgFc0/l5O2Bl5I6ZiOhwUFNJKk3QMe8XvXwVAmnug2
rNvOw1MSillCzYmJw6NbJJte3iXLbQsw5Y44UkNbAV1NaqoeO3uKn71udpocvdj7
/mUcJieEqnADJs1oeb+k6D8yacNXekxmnBKL37IGohGgYt803R527QKg98U05zi0
A+0hUIGWkjygrZim8lpMIWdWjaQ9HLX0zoSz46L9gJUgv+GOaq/3icf2mTPXI7oF
MvgQHoqUQ4JSX/OxYibPo7Bmid8IR+bmiNYC7UXZq6Dc/Q==
-----END CERTIFICATE-----