Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/i5mGJT0yJZDnIoQ1wNKAWKtKyaQ.roa
File:                     i5mGJT0yJZDnIoQ1wNKAWKtKyaQ.roa (raw, json)
Hash identifier:          RYHnkpcFD3LGUlEQEfMbI20B/0yaDUu4RMrbiJV8nWc=
Subject key identifier:   8B:99:86:25:3D:32:25:90:E7:22:84:35:C0:D2:80:58:AB:4A:C9:A4
Certificate issuer:       /CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
Certificate serial:       0198E75ACCA297035B2DF24BF83F62912602
Authority key identifier: C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/i5mGJT0yJZDnIoQ1wNKAWKtKyaQ.roa
Signing time:             Tue 26 Aug 2025 17:09:04 +0000
ROA not before:           Tue 26 Aug 2025 17:09:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6718
IP address blocks:        2a06:a880:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 07:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e7:5a:cc:a2:97:03:5b:2d:f2:4b:f8:3f:62:91:26:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
        Validity
            Not Before: Aug 26 17:09:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b9986253d322590e7228435c0d28058ab4ac9a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:9e:b9:62:2a:ac:3f:d6:82:1a:74:d9:d0:20:
                    eb:5a:fb:aa:c9:40:d3:53:da:3e:05:ab:5e:1d:2c:
                    c5:e0:db:bc:45:6a:f8:91:54:ea:3d:1a:f4:ae:45:
                    b9:94:91:1c:56:3c:fe:f1:a2:4b:73:28:a9:64:e3:
                    75:30:3c:df:b6:a2:bb:d6:96:e6:d4:79:dd:b4:5b:
                    a7:15:ac:b7:e3:3e:35:7b:47:50:6d:97:80:05:81:
                    f3:b2:cd:fa:07:01:dc:0d:42:25:32:3e:56:cd:ee:
                    d0:67:ce:dc:8b:4f:64:6c:c0:5d:10:10:58:27:6b:
                    de:98:ba:ab:d8:99:0b:b7:4b:7b:10:b3:f8:74:e8:
                    18:2a:4b:8e:bf:0a:24:ff:77:ae:76:83:27:71:9a:
                    52:e5:38:af:6b:4a:ef:86:15:2c:dc:24:db:33:c3:
                    ff:a4:1a:ef:fa:00:b9:cc:f2:7f:59:2e:11:ca:80:
                    5d:1b:7c:0f:bb:43:a3:6b:30:32:be:92:f2:4c:00:
                    34:a7:7f:be:90:14:9c:d1:b4:90:d5:9b:9a:e4:b9:
                    56:3d:39:f1:07:b2:92:f5:ef:0a:7f:97:1c:a5:4e:
                    37:ab:87:fb:98:3f:03:07:58:3c:19:80:e2:e3:90:
                    82:4c:4b:43:03:c4:47:72:91:7c:65:a0:ac:7a:53:
                    09:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:99:86:25:3D:32:25:90:E7:22:84:35:C0:D2:80:58:AB:4A:C9:A4
            X509v3 Authority Key Identifier:
                keyid:C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/i5mGJT0yJZDnIoQ1wNKAWKtKyaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a880:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:e7:ae:c7:4b:18:dc:64:5f:2b:c8:ac:48:bb:79:c6:b0:44:
         cc:d6:ad:7d:fd:46:f4:34:f6:81:95:e1:dd:20:cc:7f:e3:af:
         d3:9b:db:e8:8e:bc:77:e2:dd:53:5e:f1:19:39:75:0f:27:ea:
         59:e6:06:89:60:a7:1d:e1:da:c2:c6:a6:4a:99:f2:ce:29:80:
         71:e6:41:e9:dc:ad:9b:4f:8f:09:0d:16:3e:a5:28:1e:1c:21:
         30:e6:5f:7e:0b:55:68:ff:ca:11:a0:12:5b:3b:3e:52:33:50:
         f5:19:fb:17:ec:5a:2e:44:ce:94:89:9e:ac:ce:dd:28:ca:44:
         18:be:5b:db:77:a0:c5:42:fa:53:fc:86:e1:c9:0c:6f:1f:ce:
         38:34:90:f9:28:f1:14:57:90:cf:89:c9:9b:fa:ff:d0:14:a6:
         e4:82:b4:70:d8:e6:63:d4:cb:fb:13:9c:ea:28:7c:b5:5f:6b:
         d6:b2:f8:52:e4:8e:3d:99:01:c2:02:b8:f4:ed:46:09:09:bc:
         d0:97:3b:3f:14:d8:eb:eb:eb:48:64:9d:f0:c6:ab:19:47:4f:
         07:ae:c7:39:4e:81:b9:6a:96:9b:c1:a4:ff:ba:63:aa:e1:ac:
         9c:fd:ce:03:68:f9:2a:72:4c:50:eb:ef:ed:b5:45:bb:46:cf:
         af:8a:11:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZjnWsyilwNbLfJL+D9ikSYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzA1OTFlMmViNDlkMDU1OWU2ZmNlN2VlMmFhODFmMGY1
OWJhNmYwHhcNMjUwODI2MTcwOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yjk5ODYyNTNkMzIyNTkwZTcyMjg0MzVjMGQyODA1OGFiNGFjOWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3p65YiqsP9aCGnTZ0CDrWvuqyUDT
U9o+BateHSzF4Nu8RWr4kVTqPRr0rkW5lJEcVjz+8aJLcyipZON1MDzftqK71pbm
1HndtFunFay34z41e0dQbZeABYHzss36BwHcDUIlMj5Wze7QZ87ci09kbMBdEBBY
J2vemLqr2JkLt0t7ELP4dOgYKkuOvwok/3eudoMncZpS5Tiva0rvhhUs3CTbM8P/
pBrv+gC5zPJ/WS4RyoBdG3wPu0OjazAyvpLyTAA0p3++kBSc0bSQ1Zua5LlWPTnx
B7KS9e8Kf5ccpU43q4f7mD8DB1g8GYDi45CCTEtDA8RHcpF8ZaCselMJuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIuZhiU9MiWQ5yKENcDSgFirSsmkMB8GA1UdIwQY
MBaAFMPAWR4utJ0FWeb85+4qqB8PWbpvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQt
ZTM0MDcxNzQ2NjNiLzEvaTVtR0pUMHlKWkRuSW9RMXdOS0FXS3RLeWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQtZTM0MDcxNzQ2NjNi
LzEvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaogAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCO567HSxjcZF8ryKxIu3nGsETM1q19/Ub0NPaB
leHdIMx/46/Tm9vojrx34t1TXvEZOXUPJ+pZ5gaJYKcd4drCxqZKmfLOKYBx5kHp
3K2bT48JDRY+pSgeHCEw5l9+C1Vo/8oRoBJbOz5SM1D1GfsX7FouRM6UiZ6szt0o
ykQYvlvbd6DFQvpT/IbhyQxvH844NJD5KPEUV5DPicmb+v/QFKbkgrRw2OZj1Mv7
E5zqKHy1X2vWsvhS5I49mQHCArj07UYJCbzQlzs/FNjr6+tIZJ3wxqsZR08Hrsc5
ToG5apabwaT/umOq4ayc/c4DaPkqckxQ6+/ttUW7Rs+vihFA
-----END CERTIFICATE-----