Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/9SiGYE_ulhQ3IAEjHE9ue_UFCiU.roa
File:                     9SiGYE_ulhQ3IAEjHE9ue_UFCiU.roa (raw, json)
Hash identifier:          7fBZliJyV/oVHsWlKgszqQM/1PPTrvyNsIdq+xa6Zt0=
Subject key identifier:   F5:28:86:60:4F:EE:96:14:37:20:01:23:1C:4F:6E:7B:F5:05:0A:25
Certificate issuer:       /CN=9a24b27d9f3df6e14ebc79e146e8be32754bf800
Certificate serial:       019A063450ACCBEC3A44168FBA5985FC6FEB
Authority key identifier: 9A:24:B2:7D:9F:3D:F6:E1:4E:BC:79:E1:46:E8:BE:32:75:4B:F8:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/9SiGYE_ulhQ3IAEjHE9ue_UFCiU.roa
Signing time:             Tue 21 Oct 2025 09:58:03 +0000
ROA not before:           Tue 21 Oct 2025 09:58:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        2a09:a702:ae::/48 maxlen: 48
                          2a09:a702:af::/48 maxlen: 48
                          2a09:a702:b2::/48 maxlen: 48
                          2a09:a702:b3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:06:34:50:ac:cb:ec:3a:44:16:8f:ba:59:85:fc:6f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a24b27d9f3df6e14ebc79e146e8be32754bf800
        Validity
            Not Before: Oct 21 09:58:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f52886604fee9614372001231c4f6e7bf5050a25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:59:17:f1:20:96:bf:3c:34:7f:80:66:9d:68:
                    ac:c5:40:6c:80:ab:c9:48:d6:1f:43:d7:99:d4:a3:
                    d2:5d:7c:9e:19:7e:0d:bb:81:78:3a:62:21:83:0a:
                    48:b4:3f:c2:d0:6d:a1:70:02:f9:03:8b:b5:f5:6c:
                    9d:c2:1f:8e:2c:4b:23:8d:5a:b6:79:78:e5:3d:46:
                    79:13:27:dd:bf:0b:ea:f8:e8:63:f9:72:19:e1:36:
                    69:3a:7c:e1:2d:f2:85:16:f9:05:1b:dc:7d:4b:15:
                    ed:87:31:91:ec:d4:6f:d2:b9:17:42:65:8d:ff:4f:
                    69:41:fe:71:fd:9d:00:d0:da:03:cd:4a:a3:2c:a1:
                    cc:b6:0b:8e:a6:9b:0b:40:9a:c0:f3:7f:82:35:57:
                    1a:10:45:f8:7c:ec:91:6e:7a:51:d0:f8:3f:13:37:
                    84:ed:2e:49:f0:e8:04:79:c3:2d:4e:53:60:e6:92:
                    ed:83:f5:03:34:fe:bc:11:f3:03:9a:cf:86:2c:19:
                    50:40:5a:40:28:ad:c1:e0:0c:06:16:42:b9:52:78:
                    f5:9c:cd:f0:57:21:77:b1:08:42:9c:70:4d:a9:02:
                    c8:4b:4d:f3:5a:a0:3d:fa:00:54:7e:1b:83:01:2a:
                    60:38:67:8a:c0:d7:80:15:65:d2:d6:9c:54:e4:f7:
                    ca:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:28:86:60:4F:EE:96:14:37:20:01:23:1C:4F:6E:7B:F5:05:0A:25
            X509v3 Authority Key Identifier:
                keyid:9A:24:B2:7D:9F:3D:F6:E1:4E:BC:79:E1:46:E8:BE:32:75:4B:F8:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/9SiGYE_ulhQ3IAEjHE9ue_UFCiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:a702:ae::/47
                  2a09:a702:b2::/47

    Signature Algorithm: sha256WithRSAEncryption
         6f:70:57:b8:aa:31:49:10:52:5a:24:d1:93:5f:0a:90:a9:20:
         f3:cb:8c:50:85:f0:98:d3:47:23:c2:fd:90:24:3b:20:37:51:
         22:9e:e2:18:27:77:49:2e:43:5d:5f:d8:20:c5:76:34:9e:66:
         98:56:b3:24:ba:e2:a7:d0:dc:5d:6e:61:b4:0a:bd:bd:16:86:
         f9:22:65:18:f9:f4:73:5d:0d:81:e7:3e:ce:cc:e8:8c:1d:8e:
         cc:fe:a0:ac:79:9c:5e:b3:a4:b4:be:01:c7:d5:8a:a6:56:e1:
         89:ac:1e:85:e9:3e:32:b5:76:cd:ee:e0:75:b1:22:f3:61:85:
         39:d2:9d:4b:f9:8b:03:53:05:ea:92:be:13:9a:6c:5d:ac:5c:
         d0:8e:3d:e7:93:cd:c8:17:18:77:e3:96:85:7d:6b:02:c9:bc:
         9f:26:71:97:db:44:51:d0:71:bb:85:3b:df:76:d8:8c:e5:51:
         63:d2:47:24:b8:90:fc:9b:38:eb:88:e1:f9:ea:4a:56:b7:52:
         3b:5e:31:1e:a0:d6:dd:8f:fa:fd:df:05:41:b1:40:7e:1b:62:
         08:5c:01:35:ca:09:ef:fe:eb:ea:01:e5:50:96:0c:86:44:0d:
         eb:de:c3:7d:4e:e8:ef:90:4a:4f:0d:bc:65:85:a0:5e:53:9e:
         d1:90:eb:20
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoGNFCsy+w6RBaPulmF/G/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMjRiMjdkOWYzZGY2ZTE0ZWJjNzllMTQ2ZThiZTMyNzU0
YmY4MDAwHhcNMjUxMDIxMDk1ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTI4ODY2MDRmZWU5NjE0MzcyMDAxMjMxYzRmNmU3YmY1MDUwYTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVkX8SCWvzw0f4BmnWisxUBsgKvJ
SNYfQ9eZ1KPSXXyeGX4Nu4F4OmIhgwpItD/C0G2hcAL5A4u19Wydwh+OLEsjjVq2
eXjlPUZ5Eyfdvwvq+Ohj+XIZ4TZpOnzhLfKFFvkFG9x9SxXthzGR7NRv0rkXQmWN
/09pQf5x/Z0A0NoDzUqjLKHMtguOppsLQJrA83+CNVcaEEX4fOyRbnpR0Pg/EzeE
7S5J8OgEecMtTlNg5pLtg/UDNP68EfMDms+GLBlQQFpAKK3B4AwGFkK5Unj1nM3w
VyF3sQhCnHBNqQLIS03zWqA9+gBUfhuDASpgOGeKwNeAFWXS1pxU5PfK5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPUohmBP7pYUNyABIxxPbnv1BQolMB8GA1UdIwQY
MBaAFJoksn2fPfbhTrx54UbovjJ1S/gAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWlTeWZaODk5dUZPdkhuaFJ1aS1NblZMLUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8wMjUxZjItYTFiYi00NGZiLWI5MDgt
NDhkNWZmNGJhMjU1LzEvOVNpR1lFX3VsaFEzSUFFakhFOXVlX1VGQ2lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8wMjUxZjItYTFiYi00NGZiLWI5MDgtNDhkNWZmNGJhMjU1
LzEvbWlTeWZaODk5dUZPdkhuaFJ1aS1NblZMLUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKgmnAgCu
AwcBKgmnAgCyMA0GCSqGSIb3DQEBCwUAA4IBAQBvcFe4qjFJEFJaJNGTXwqQqSDz
y4xQhfCY00cjwv2QJDsgN1EinuIYJ3dJLkNdX9ggxXY0nmaYVrMkuuKn0NxdbmG0
Cr29Fob5ImUY+fRzXQ2B5z7OzOiMHY7M/qCseZxes6S0vgHH1YqmVuGJrB6F6T4y
tXbN7uB1sSLzYYU50p1L+YsDUwXqkr4TmmxdrFzQjj3nk83IFxh345aFfWsCybyf
JnGX20RR0HG7hTvfdtiM5VFj0kckuJD8mzjriOH56kpWt1I7XjEeoNbdj/r93wVB
sUB+G2IIXAE1ygnv/uvqAeVQlgyGRA3r3sN9TujvkEpPDbxlhaBeU57RkOsg
-----END CERTIFICATE-----