Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/DzWTdNSiIicuOV4Y1SupwMJ4YTQ.roa
File:                     DzWTdNSiIicuOV4Y1SupwMJ4YTQ.roa (raw, json)
Hash identifier:          6iTxAIlRVJrArU1N2WkqzgqHKPUpwRKvhednwfmrgWk=
Subject key identifier:   0F:35:93:74:D4:A2:22:27:2E:39:5E:18:D5:2B:A9:C0:C2:78:61:34
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019A4E44325CB8B6758C040BD6D924646BBB
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/DzWTdNSiIicuOV4Y1SupwMJ4YTQ.roa
Signing time:             Tue 04 Nov 2025 09:48:03 +0000
ROA not before:           Tue 04 Nov 2025 09:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213690
IP address blocks:        2a0c:b641:d80::/44 maxlen: 128
                          2a0c:b641:d90::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:44:32:5c:b8:b6:75:8c:04:0b:d6:d9:24:64:6b:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Nov  4 09:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f359374d4a222272e395e18d52ba9c0c2786134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:77:32:6e:64:3a:d7:7b:36:2a:92:5b:5b:13:
                    14:69:43:54:83:45:7e:74:8c:30:43:58:9e:7f:8d:
                    bc:ac:f5:7c:49:cc:ea:5e:62:95:d9:9b:84:a2:ef:
                    d4:ad:58:6b:15:ad:fb:7e:51:47:1c:ca:b0:c8:68:
                    f6:e3:ce:5f:2d:88:e5:67:b3:48:7f:bb:61:e2:77:
                    65:9e:a0:bf:ad:e0:8d:06:e7:92:4e:10:a2:a9:b4:
                    e2:32:1b:cd:87:21:eb:b7:eb:6e:b9:fc:3e:2d:6c:
                    19:24:c1:eb:ec:3f:9b:93:e8:24:ce:58:83:d0:66:
                    6d:0b:4d:75:31:b9:88:37:23:aa:62:83:a1:2b:31:
                    06:72:40:fb:2a:28:6b:c3:11:aa:95:89:a1:9c:6a:
                    de:df:9a:04:a0:dd:1d:9a:13:d4:21:ea:1c:fc:81:
                    b9:0a:26:40:e2:b8:f3:66:fd:a8:64:3a:28:21:20:
                    df:45:53:d7:1c:b9:d0:88:a2:52:7f:14:a3:80:92:
                    ae:f1:a2:c8:1e:eb:8e:bf:a6:ae:e8:47:4a:49:16:
                    09:51:2d:c3:66:ae:3c:26:5d:70:3f:4e:88:71:b0:
                    f0:b4:ac:52:a6:3b:9f:cf:41:ef:34:4f:5b:f4:ac:
                    a5:d3:41:26:f9:d9:2e:92:6c:91:dc:71:be:b7:15:
                    ae:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:35:93:74:D4:A2:22:27:2E:39:5E:18:D5:2B:A9:C0:C2:78:61:34
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/DzWTdNSiIicuOV4Y1SupwMJ4YTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:d80::/43

    Signature Algorithm: sha256WithRSAEncryption
         3d:2b:71:7f:09:29:ae:6f:8f:37:d4:b5:68:3b:00:fa:87:97:
         41:c8:34:5d:73:39:c5:66:18:92:76:6c:6f:22:f3:44:80:45:
         d0:ac:d4:e8:b5:d1:db:52:14:b9:f7:7d:72:74:ea:2f:1d:2e:
         22:a9:fa:b9:a7:bc:8f:ba:64:a6:b6:0e:05:f0:30:26:ff:6f:
         2b:ea:84:b8:2c:c7:f4:89:79:55:08:3e:79:52:37:f8:d7:f0:
         7f:ee:9b:f2:d7:66:a4:e5:7c:3f:2d:fb:2b:8c:45:91:de:94:
         91:e7:a0:9c:56:30:a6:4f:d7:0f:e4:83:6c:70:46:84:2f:6b:
         fe:5e:9d:2d:fd:d9:d3:93:0f:fb:e4:8f:be:b1:61:c0:c6:36:
         53:b6:b4:04:84:38:7c:19:1f:6f:76:b1:b6:06:2b:95:c0:71:
         8c:2a:88:a8:65:ba:b5:61:5f:9e:95:24:2e:28:0c:38:37:3d:
         d0:77:e8:4f:8a:ac:57:26:f4:49:73:12:16:9a:b6:ec:cc:c5:
         21:51:34:00:26:cd:8e:aa:c9:27:f6:01:c1:05:1c:c4:9f:a1:
         90:f8:50:a7:89:3e:d4:0d:21:e4:a4:72:0f:66:c5:4a:e8:66:
         1f:5b:39:d6:1b:ba:76:e8:b5:0d:39:bf:44:a9:6f:37:6d:d5:
         21:e2:79:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZpORDJcuLZ1jAQL1tkkZGu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUxMTA0MDk0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjM1OTM3NGQ0YTIyMjI3MmUzOTVlMThkNTJiYTljMGMyNzg2MTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ncybmQ613s2KpJbWxMUaUNUg0V+
dIwwQ1ief428rPV8SczqXmKV2ZuEou/UrVhrFa37flFHHMqwyGj2485fLYjlZ7NI
f7th4ndlnqC/reCNBueSThCiqbTiMhvNhyHrt+tuufw+LWwZJMHr7D+bk+gkzliD
0GZtC011MbmINyOqYoOhKzEGckD7KihrwxGqlYmhnGre35oEoN0dmhPUIeoc/IG5
CiZA4rjzZv2oZDooISDfRVPXHLnQiKJSfxSjgJKu8aLIHuuOv6au6EdKSRYJUS3D
Zq48Jl1wP06IcbDwtKxSpjufz0HvNE9b9Kyl00Em+dkukmyR3HG+txWuKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA81k3TUoiInLjleGNUrqcDCeGE0MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvRHpXVGROU2lJaWN1T1Y0WTFTdXB3TUo0WVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKgy2QQ2A
MA0GCSqGSIb3DQEBCwUAA4IBAQA9K3F/CSmub4831LVoOwD6h5dByDRdcznFZhiS
dmxvIvNEgEXQrNTotdHbUhS5931ydOovHS4iqfq5p7yPumSmtg4F8DAm/28r6oS4
LMf0iXlVCD55Ujf41/B/7pvy12ak5Xw/LfsrjEWR3pSR56CcVjCmT9cP5INscEaE
L2v+Xp0t/dnTkw/75I++sWHAxjZTtrQEhDh8GR9vdrG2BiuVwHGMKoioZbq1YV+e
lSQuKAw4Nz3Qd+hPiqxXJvRJcxIWmrbszMUhUTQAJs2Oqskn9gHBBRzEn6GQ+FCn
iT7UDSHkpHIPZsVK6GYfWznWG7p26LUNOb9EqW83bdUh4nkL
-----END CERTIFICATE-----