Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/LLDN_VlIX6uSYmTBHX9Ec_R1T-4.roa
File:                     LLDN_VlIX6uSYmTBHX9Ec_R1T-4.roa (raw, json)
Hash identifier:          hv1fz/RMOjKKf9RN0y/htAasmo3HpIuTxmY1YS1UNXM=
Subject key identifier:   2C:B0:CD:FD:59:48:5F:AB:92:62:64:C1:1D:7F:44:73:F4:75:4F:EE
Certificate issuer:       /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial:       0198602FE80548DCD39FC19E9DD33C25DB69
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/LLDN_VlIX6uSYmTBHX9Ec_R1T-4.roa
Signing time:             Thu 31 Jul 2025 11:13:28 +0000
ROA not before:           Thu 31 Jul 2025 11:13:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212683
IP address blocks:        2a11:2646::/32 maxlen: 32
                          2a11:2647::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 14:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:60:2f:e8:05:48:dc:d3:9f:c1:9e:9d:d3:3c:25:db:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
        Validity
            Not Before: Jul 31 11:13:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cb0cdfd59485fab926264c11d7f4473f4754fee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d3:2d:eb:20:e9:5c:34:c3:a2:5b:f9:2c:c9:
                    1a:f5:12:57:d1:a6:46:1b:16:83:1e:9f:f4:38:38:
                    e1:33:16:37:b5:45:8e:9b:be:e6:2c:6e:42:48:4e:
                    b0:02:e4:42:41:c3:cd:9c:ad:fa:92:41:75:9b:70:
                    78:c4:3c:44:86:d7:81:06:f6:49:09:ec:08:0b:b7:
                    02:b0:2b:9a:70:55:cf:4c:f5:42:ca:55:cb:2d:57:
                    e7:6c:db:75:3b:b4:02:a4:36:6e:fb:8b:ab:3c:5b:
                    9e:e4:b9:2c:35:a9:1f:53:cc:db:79:80:92:c4:77:
                    8c:97:ff:8f:80:6e:e8:9f:f9:48:d3:1e:7a:c5:bb:
                    a8:bf:fb:f4:ac:de:1e:4b:4f:7d:23:7a:2a:6a:93:
                    c4:1a:03:4b:50:f4:ef:ea:6e:6c:ce:2c:5d:05:57:
                    b7:1b:09:d0:57:71:91:75:f8:e5:60:37:3c:77:62:
                    8a:cf:e9:bd:10:e1:02:ff:74:0f:84:17:ad:8b:44:
                    86:dc:01:d0:d5:2a:0d:fe:a0:5f:b1:42:b0:33:89:
                    ea:1c:27:d3:7b:4c:bc:f2:58:9c:93:b1:0e:3d:c7:
                    31:c4:9a:e8:68:3a:77:14:23:29:04:ff:bb:77:db:
                    30:9b:18:f9:7c:3d:a4:21:4f:d2:aa:a9:ab:5d:9a:
                    1b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:B0:CD:FD:59:48:5F:AB:92:62:64:C1:1D:7F:44:73:F4:75:4F:EE
            X509v3 Authority Key Identifier:
                keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/LLDN_VlIX6uSYmTBHX9Ec_R1T-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:2646::/31

    Signature Algorithm: sha256WithRSAEncryption
         7f:23:d3:c1:bf:16:d9:08:61:73:bb:e1:23:99:8f:89:e9:76:
         be:d7:3b:b9:76:15:ca:82:ed:94:8a:2d:27:c0:22:67:fe:da:
         72:cf:83:b9:54:a9:3a:27:31:a0:40:fb:c0:5b:96:4a:0b:61:
         1b:1c:10:49:8c:a8:de:d3:f9:99:4d:71:10:2a:64:c2:0c:1b:
         d6:16:e7:f5:84:47:f7:36:27:8d:2e:35:cf:7a:ea:c6:71:03:
         cf:c2:88:00:94:e8:37:99:31:d6:6f:45:9c:81:7f:cd:8b:b5:
         31:25:18:45:94:ca:52:3c:e0:ba:f6:39:f5:da:80:61:ff:e0:
         31:c0:9c:02:f3:e6:48:b6:04:16:fb:02:12:7c:8d:52:f7:ce:
         18:e1:1b:7a:fe:61:b2:8f:6a:19:9d:5d:bd:5f:8f:62:05:55:
         30:8f:59:e3:3e:11:be:73:d7:93:e8:fd:d0:72:c8:a5:0f:9b:
         67:7c:42:ea:5d:71:8b:a7:b5:77:30:52:9d:dc:79:b0:fe:2e:
         e0:03:41:37:3b:0f:c1:a4:d2:b7:36:78:df:b3:20:84:63:35:
         e5:b0:cb:d8:a5:e1:d5:17:00:a3:f4:60:4f:26:c1:e1:49:61:
         22:c5:b9:9f:6b:6f:63:9c:89:e0:2e:4b:64:38:e4:5a:c1:9a:
         84:90:d3:ec
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZhgL+gFSNzTn8GendM8JdtpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjUwNzMxMTExMzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2IwY2RmZDU5NDg1ZmFiOTI2MjY0YzExZDdmNDQ3M2Y0NzU0ZmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNMt6yDpXDTDolv5LMka9RJX0aZG
GxaDHp/0ODjhMxY3tUWOm77mLG5CSE6wAuRCQcPNnK36kkF1m3B4xDxEhteBBvZJ
CewIC7cCsCuacFXPTPVCylXLLVfnbNt1O7QCpDZu+4urPFue5LksNakfU8zbeYCS
xHeMl/+PgG7on/lI0x56xbuov/v0rN4eS099I3oqapPEGgNLUPTv6m5szixdBVe3
GwnQV3GRdfjlYDc8d2KKz+m9EOEC/3QPhBeti0SG3AHQ1SoN/qBfsUKwM4nqHCfT
e0y88lick7EOPccxxJroaDp3FCMpBP+7d9swmxj5fD2kIU/SqqmrXZobQwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCywzf1ZSF+rkmJkwR1/RHP0dU/uMB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvTExETl9WbElYNnVTWW1UQkhYOUVjX1IxVC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhEmRjAN
BgkqhkiG9w0BAQsFAAOCAQEAfyPTwb8W2Qhhc7vhI5mPiel2vtc7uXYVyoLtlIot
J8AiZ/7acs+DuVSpOicxoED7wFuWSgthGxwQSYyo3tP5mU1xECpkwgwb1hbn9YRH
9zYnjS41z3rqxnEDz8KIAJToN5kx1m9FnIF/zYu1MSUYRZTKUjzguvY59dqAYf/g
McCcAvPmSLYEFvsCEnyNUvfOGOEbev5hso9qGZ1dvV+PYgVVMI9Z4z4RvnPXk+j9
0HLIpQ+bZ3xC6l1xi6e1dzBSndx5sP4u4ANBNzsPwaTStzZ437MghGM15bDL2KXh
1RcAo/RgTybB4UlhIsW5n2tvY5yJ4C5LZDjkWsGahJDT7A==
-----END CERTIFICATE-----