Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/uWcS24zvJ13WMxHQUrc7buDsA7o.roa
File:                     uWcS24zvJ13WMxHQUrc7buDsA7o.roa (raw, json)
Hash identifier:          tbOlJpzzORkR39HmHF8in7FppFxjaYmZdxjOnH/qbIg=
Subject key identifier:   B9:67:12:DB:8C:EF:27:5D:D6:33:11:D0:52:B7:3B:6E:E0:EC:03:BA
Certificate issuer:       /CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Certificate serial:       019A5F7B26B0C1232EAE4D8C7791D3B4136D
Authority key identifier: 86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/uWcS24zvJ13WMxHQUrc7buDsA7o.roa
Signing time:             Fri 07 Nov 2025 18:01:37 +0000
ROA not before:           Fri 07 Nov 2025 18:01:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50224
IP address blocks:        2a11:3a06::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5f:7b:26:b0:c1:23:2e:ae:4d:8c:77:91:d3:b4:13:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86170339c2bc664d600fa98b8061269d48e4f2c6
        Validity
            Not Before: Nov  7 18:01:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b96712db8cef275dd63311d052b73b6ee0ec03ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9e:47:87:dc:cd:46:3f:65:1c:2a:d1:3c:37:
                    2a:3c:ab:20:0c:7f:e7:42:cc:01:6a:bd:e1:63:8e:
                    58:bb:c8:4f:20:60:3b:08:cd:74:fd:39:bc:54:59:
                    2f:4f:57:36:a7:74:c8:1e:fb:cf:90:5a:54:c0:8e:
                    64:89:a5:53:45:3c:4f:b7:b4:64:0c:d0:7e:2a:5d:
                    f5:e4:f8:b1:70:9e:fa:ff:49:8f:82:85:83:79:26:
                    51:57:ed:08:42:e3:2d:83:d2:b3:fb:91:16:2b:86:
                    97:39:a9:1c:eb:df:6c:84:3d:e8:0a:65:c7:eb:54:
                    80:3d:ee:6b:5a:a3:32:66:50:0a:37:a8:98:76:90:
                    0e:44:7f:17:e6:48:a8:24:e6:a9:3d:28:d5:4d:2c:
                    08:17:bd:ba:46:ef:dd:c6:1a:3b:2d:1b:47:4b:ee:
                    9b:0d:22:2d:ce:8f:d2:8c:da:ed:02:d2:b1:7d:44:
                    95:4e:e6:1d:05:77:71:b5:7e:ec:87:5f:ea:51:56:
                    23:13:8a:d7:0e:77:ed:65:fd:67:6f:81:87:7a:1a:
                    fe:a1:c7:73:16:9a:de:df:db:10:81:f3:85:ff:0b:
                    73:3e:79:dd:b5:03:ba:8a:a7:17:f5:97:a3:42:aa:
                    5f:7a:66:5b:bb:fa:b9:bd:f5:1a:cd:f2:ff:6b:09:
                    e0:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:67:12:DB:8C:EF:27:5D:D6:33:11:D0:52:B7:3B:6E:E0:EC:03:BA
            X509v3 Authority Key Identifier:
                keyid:86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/uWcS24zvJ13WMxHQUrc7buDsA7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:3a06::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:cf:e6:3e:fb:08:30:c1:24:c5:9e:03:78:5a:3f:a5:68:e7:
         0e:53:b5:84:fd:15:82:d4:1c:51:a3:2a:16:23:88:28:d8:9d:
         50:6b:fd:e0:06:cb:ab:73:88:40:a6:80:09:44:37:03:fa:3b:
         22:65:b8:f6:f0:cb:b6:b0:94:14:6a:99:bf:41:72:00:81:76:
         5e:0a:f7:e0:df:f8:d1:76:89:ff:49:c7:68:1f:2f:f4:5c:75:
         1e:74:3b:b1:7e:84:62:59:60:27:1f:f6:0c:e3:ea:39:70:72:
         fd:2a:b0:4a:63:9d:0c:3d:70:a4:21:89:06:11:87:2f:03:10:
         ef:a3:a3:b4:c4:a6:b2:8c:8d:ba:f9:95:e5:18:54:af:e6:58:
         75:27:02:7d:ca:50:01:5f:00:aa:21:94:95:14:cf:62:64:b1:
         f3:0b:7a:10:9d:02:fa:94:28:13:43:06:b6:1f:77:45:31:e2:
         74:e4:c7:36:70:2c:80:38:ee:7f:e1:e9:2e:68:ac:e5:14:0c:
         d4:19:99:36:d6:62:bd:c6:23:1c:08:57:9d:c6:52:1f:53:3e:
         59:3c:9a:12:09:a7:e7:b4:16:18:41:52:48:36:c8:d0:61:8a:
         17:b7:48:7c:99:6a:2d:07:42:b4:78:22:cf:ab:83:82:c5:7d:
         f3:32:ac:23
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZpfeyawwSMurk2Md5HTtBNtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTcwMzM5YzJiYzY2NGQ2MDBmYTk4YjgwNjEyNjlkNDhl
NGYyYzYwHhcNMjUxMTA3MTgwMTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTY3MTJkYjhjZWYyNzVkZDYzMzExZDA1MmI3M2I2ZWUwZWMwM2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJ5Hh9zNRj9lHCrRPDcqPKsgDH/n
QswBar3hY45Yu8hPIGA7CM10/Tm8VFkvT1c2p3TIHvvPkFpUwI5kiaVTRTxPt7Rk
DNB+Kl315PixcJ76/0mPgoWDeSZRV+0IQuMtg9Kz+5EWK4aXOakc699shD3oCmXH
61SAPe5rWqMyZlAKN6iYdpAORH8X5kioJOapPSjVTSwIF726Ru/dxho7LRtHS+6b
DSItzo/SjNrtAtKxfUSVTuYdBXdxtX7sh1/qUVYjE4rXDnftZf1nb4GHehr+ocdz
Fpre39sQgfOF/wtzPnndtQO6iqcX9ZejQqpfemZbu/q5vfUazfL/awngLQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLlnEtuM7ydd1jMR0FK3O27g7AO6MB8GA1UdIwQY
MBaAFIYXAznCvGZNYA+pi4BhJp1I5PLGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMt
NzRkOTFjZGJlMTk1LzEvdVdjUzI0enZKMTNXTXhIUVVyYzdidURzQTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMtNzRkOTFjZGJlMTk1
LzEvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhE6BjAN
BgkqhkiG9w0BAQsFAAOCAQEAoc/mPvsIMMEkxZ4DeFo/pWjnDlO1hP0VgtQcUaMq
FiOIKNidUGv94AbLq3OIQKaACUQ3A/o7ImW49vDLtrCUFGqZv0FyAIF2Xgr34N/4
0XaJ/0nHaB8v9Fx1HnQ7sX6EYllgJx/2DOPqOXBy/SqwSmOdDD1wpCGJBhGHLwMQ
76OjtMSmsoyNuvmV5RhUr+ZYdScCfcpQAV8AqiGUlRTPYmSx8wt6EJ0C+pQoE0MG
th93RTHidOTHNnAsgDjuf+HpLmis5RQM1BmZNtZivcYjHAhXncZSH1M+WTyaEgmn
57QWGEFSSDbI0GGKF7dIfJlqLQdCtHgiz6uDgsV98zKsIw==
-----END CERTIFICATE-----