Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/fcd855-fc2c-460e-bcea-8d7c8ac0621a/1/0lt-q8djajXZSW3y7vmC1ACoEI4.roa
File:                     0lt-q8djajXZSW3y7vmC1ACoEI4.roa (raw, json)
Hash identifier:          PA0Abb9rgpKbk80NoqHuVJw2zbwCWQARy+i28/n0L1A=
Subject key identifier:   D2:5B:7E:AB:C7:63:6A:35:D9:49:6D:F2:EE:F9:82:D4:00:A8:10:8E
Certificate issuer:       /CN=7730d16ef195864f0dbe8a8671afb637683b763b
Certificate serial:       019A2A691ED00E0E57625019AB3A798EA02F
Authority key identifier: 77:30:D1:6E:F1:95:86:4F:0D:BE:8A:86:71:AF:B6:37:68:3B:76:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dzDRbvGVhk8NvoqGca-2N2g7djs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/fcd855-fc2c-460e-bcea-8d7c8ac0621a/1/0lt-q8djajXZSW3y7vmC1ACoEI4.roa
Signing time:             Tue 28 Oct 2025 10:42:03 +0000
ROA not before:           Tue 28 Oct 2025 10:42:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211661
IP address blocks:        2a0e:d580::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/fcd855-fc2c-460e-bcea-8d7c8ac0621a/1/dzDRbvGVhk8NvoqGca-2N2g7djs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/fcd855-fc2c-460e-bcea-8d7c8ac0621a/1/dzDRbvGVhk8NvoqGca-2N2g7djs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dzDRbvGVhk8NvoqGca-2N2g7djs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 07:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2a:69:1e:d0:0e:0e:57:62:50:19:ab:3a:79:8e:a0:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7730d16ef195864f0dbe8a8671afb637683b763b
        Validity
            Not Before: Oct 28 10:42:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d25b7eabc7636a35d9496df2eef982d400a8108e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b3:ad:ec:77:6f:a2:66:de:85:32:83:b4:03:
                    0f:3f:62:a1:7f:a0:c2:51:3f:2a:27:a6:28:1f:ea:
                    ae:26:f0:e8:b1:0e:24:bb:48:0e:10:df:4d:01:92:
                    e8:4d:fd:96:c6:8b:2e:9d:2c:5f:77:07:70:10:16:
                    e4:e6:b9:5d:08:c9:ea:c2:ce:45:a8:f8:b8:df:27:
                    8b:fb:cf:53:6c:f1:32:16:2d:51:65:74:31:96:df:
                    90:a8:e9:f2:9a:ad:e3:76:ae:a4:e7:27:c3:57:64:
                    3a:d4:60:3b:88:44:85:79:d6:73:7e:a3:e4:ef:0f:
                    7c:0b:c6:91:e5:36:c5:90:fa:62:9b:e4:9d:39:20:
                    db:5b:d7:6e:17:c4:39:a0:05:bf:69:52:8f:50:f3:
                    07:e1:14:f9:d3:72:00:c8:d9:68:06:d8:bb:12:e3:
                    be:ff:a5:29:47:95:d8:78:6c:11:78:49:dd:7d:fc:
                    69:bf:1f:df:69:10:48:ee:d1:e6:48:64:ad:4f:81:
                    45:8f:dd:68:6f:ba:46:43:ac:77:c4:2b:34:b8:5d:
                    cd:1c:e2:0a:82:d9:13:63:db:d7:10:ca:bc:b0:22:
                    3f:a6:02:20:4c:15:8b:56:52:e8:74:90:a3:bf:fa:
                    b1:d8:fd:23:53:36:78:7a:e7:91:32:8c:97:73:c5:
                    95:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:5B:7E:AB:C7:63:6A:35:D9:49:6D:F2:EE:F9:82:D4:00:A8:10:8E
            X509v3 Authority Key Identifier:
                keyid:77:30:D1:6E:F1:95:86:4F:0D:BE:8A:86:71:AF:B6:37:68:3B:76:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dzDRbvGVhk8NvoqGca-2N2g7djs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/fcd855-fc2c-460e-bcea-8d7c8ac0621a/1/0lt-q8djajXZSW3y7vmC1ACoEI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/fcd855-fc2c-460e-bcea-8d7c8ac0621a/1/dzDRbvGVhk8NvoqGca-2N2g7djs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d580::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:92:ad:1b:96:55:75:c7:b0:8b:21:dc:3f:33:01:dc:6d:79:
         e4:e5:71:70:38:82:e7:18:94:c5:40:76:8d:00:52:84:71:b7:
         1d:32:93:5e:e8:4a:eb:1a:d7:65:ba:43:ee:d9:4b:6f:be:26:
         c0:dd:76:78:53:b3:fd:95:37:c6:83:3c:96:8e:b9:7b:92:a3:
         de:74:3b:6e:a8:fb:3c:ed:9b:b8:00:44:a1:7d:f6:0b:e5:29:
         c7:7e:9f:53:6f:b9:29:4c:11:50:1a:2a:98:0e:80:cd:1b:89:
         63:ac:54:42:21:7b:5d:62:b3:de:a5:87:2c:2d:b7:86:50:31:
         47:22:3b:8f:c2:65:01:19:c9:c7:74:f7:d4:d0:c8:af:4b:09:
         11:e7:a1:c5:41:b1:3d:87:bf:46:5b:7a:6f:9b:41:f0:4f:f2:
         9a:85:7a:20:2f:31:dd:69:8d:f6:83:15:d2:00:18:6b:14:4b:
         04:5e:b9:a6:d6:fa:69:5d:9e:31:17:f4:f0:64:f0:e5:16:63:
         2b:e3:37:68:d5:ca:cc:e0:01:1b:5d:e9:74:3d:0b:57:74:2d:
         80:23:ed:30:96:48:87:a4:ac:4b:92:81:08:3b:b7:34:ff:5a:
         96:17:ca:ed:d8:08:54:45:94:58:77:f6:bb:8e:1a:45:46:9a:
         bd:60:32:eb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZoqaR7QDg5XYlAZqzp5jqAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MzBkMTZlZjE5NTg2NGYwZGJlOGE4NjcxYWZiNjM3Njgz
Yjc2M2IwHhcNMjUxMDI4MTA0MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjViN2VhYmM3NjM2YTM1ZDk0OTZkZjJlZWY5ODJkNDAwYTgxMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbOt7HdvombehTKDtAMPP2Khf6DC
UT8qJ6YoH+quJvDosQ4ku0gOEN9NAZLoTf2WxosunSxfdwdwEBbk5rldCMnqws5F
qPi43yeL+89TbPEyFi1RZXQxlt+QqOnymq3jdq6k5yfDV2Q61GA7iESFedZzfqPk
7w98C8aR5TbFkPpim+SdOSDbW9duF8Q5oAW/aVKPUPMH4RT503IAyNloBti7EuO+
/6UpR5XYeGwReEndffxpvx/faRBI7tHmSGStT4FFj91ob7pGQ6x3xCs0uF3NHOIK
gtkTY9vXEMq8sCI/pgIgTBWLVlLodJCjv/qx2P0jUzZ4eueRMoyXc8WV2QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNJbfqvHY2o12Ult8u75gtQAqBCOMB8GA1UdIwQY
MBaAFHcw0W7xlYZPDb6KhnGvtjdoO3Y7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHpEUmJ2R1ZoazhOdm9xR2NhLTJOMmc3ZGpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mY2Q4NTUtZmMyYy00NjBlLWJjZWEt
OGQ3YzhhYzA2MjFhLzEvMGx0LXE4ZGphalhaU1czeTd2bUMxQUNvRUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mY2Q4NTUtZmMyYy00NjBlLWJjZWEtOGQ3YzhhYzA2MjFh
LzEvZHpEUmJ2R1ZoazhOdm9xR2NhLTJOMmc3ZGpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg7VgDAN
BgkqhkiG9w0BAQsFAAOCAQEABpKtG5ZVdcewiyHcPzMB3G155OVxcDiC5xiUxUB2
jQBShHG3HTKTXuhK6xrXZbpD7tlLb74mwN12eFOz/ZU3xoM8lo65e5Kj3nQ7bqj7
PO2buABEoX32C+Upx36fU2+5KUwRUBoqmA6AzRuJY6xUQiF7XWKz3qWHLC23hlAx
RyI7j8JlARnJx3T31NDIr0sJEeehxUGxPYe/Rlt6b5tB8E/ymoV6IC8x3WmN9oMV
0gAYaxRLBF65ptb6aV2eMRf08GTw5RZjK+M3aNXKzOABG13pdD0LV3QtgCPtMJZI
h6SsS5KBCDu3NP9alhfK7dgIVEWUWHf2u44aRUaavWAy6w==
-----END CERTIFICATE-----