Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/h6-SfUxEZ2kBxfhWKdjK85GqAEA.roa
File:                     h6-SfUxEZ2kBxfhWKdjK85GqAEA.roa (raw, json)
Hash identifier:          g+CeuDpq1bzLG9uSPtmu/8MjAeGd2+GcQqRcvFy88jc=
Subject key identifier:   87:AF:92:7D:4C:44:67:69:01:C5:F8:56:29:D8:CA:F3:91:AA:00:40
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       019A4453F097E59FC47EA8C2F39F0CB00858
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/h6-SfUxEZ2kBxfhWKdjK85GqAEA.roa
Signing time:             Sun 02 Nov 2025 11:29:03 +0000
ROA not before:           Sun 02 Nov 2025 11:29:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212895
IP address blocks:        2a01:fb01::/32 maxlen: 32
                          2a01:fb02::/34 maxlen: 34
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:44:53:f0:97:e5:9f:c4:7e:a8:c2:f3:9f:0c:b0:08:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Nov  2 11:29:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87af927d4c44676901c5f85629d8caf391aa0040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:0d:b2:78:c3:75:52:a2:98:9d:9d:0a:b1:9a:
                    5e:7c:da:92:da:c7:47:97:90:b8:52:f4:a2:87:37:
                    88:0d:9a:87:dd:64:c0:ca:1a:52:cd:c1:c9:dd:18:
                    c9:50:a0:57:86:ac:5b:cb:ee:ae:72:9a:d9:d3:7e:
                    8e:ac:81:58:03:54:e1:d7:d5:7b:88:9a:ed:4f:47:
                    e8:ec:6e:ff:9e:59:13:3f:a6:4f:a6:41:b7:1f:1b:
                    ef:f1:9e:f1:9c:d9:42:28:9b:ff:81:49:df:5a:b9:
                    23:69:0a:29:21:1a:f2:b2:6e:33:c0:6c:15:0b:84:
                    e9:c2:4e:f1:a9:5f:e6:9e:d1:e6:99:18:0e:4b:a0:
                    70:a7:19:d0:dc:ef:0a:21:e0:51:12:19:6b:ee:76:
                    b0:14:fb:7c:3c:f9:f6:1e:af:32:b4:71:01:48:af:
                    72:b4:9c:06:cd:3b:d5:46:0f:2b:5d:39:7a:e6:29:
                    ed:d7:71:16:14:b5:8b:06:aa:12:9f:0b:72:79:a6:
                    8a:44:ac:d4:2b:eb:b0:3b:32:fa:e8:fa:f4:cb:3a:
                    09:0f:63:2a:12:34:c5:4c:ef:86:11:a6:57:5e:66:
                    0e:f6:40:1e:93:a3:61:18:f2:ea:2b:5f:ab:94:ec:
                    39:89:f8:af:90:b6:a5:db:29:c9:fb:4f:a2:50:68:
                    3c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:AF:92:7D:4C:44:67:69:01:C5:F8:56:29:D8:CA:F3:91:AA:00:40
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/h6-SfUxEZ2kBxfhWKdjK85GqAEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:fb01::-2a01:fb02:3fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         10:a9:53:1c:1a:17:d5:33:f3:56:4e:65:bb:a9:40:01:91:d1:
         d5:b1:af:ab:3f:b6:86:da:23:06:dd:e1:2a:e9:64:81:27:24:
         9a:36:da:31:fc:ef:1c:7e:82:e6:51:ed:25:dd:d2:c4:76:2c:
         59:31:e6:9c:9c:f0:88:72:b3:c1:45:28:9e:23:75:a4:52:a0:
         cb:77:fe:80:8a:be:69:e4:2d:09:e9:ea:09:34:79:d2:a7:74:
         1f:2c:79:41:40:bb:07:df:81:91:b2:c7:1d:a0:02:30:40:69:
         89:ae:ab:e0:1c:91:a4:5b:de:b8:95:72:da:44:18:23:85:41:
         c6:ef:8b:9a:3a:5c:0d:f6:0b:c1:1f:05:e5:0d:ee:b4:dd:f1:
         ad:1e:f2:f9:ad:42:03:fd:40:36:3b:76:8c:ef:30:fc:e9:39:
         da:d9:4b:77:c1:8c:b9:f0:90:60:46:f0:49:00:5c:8e:13:47:
         cc:d0:8a:2e:3e:4f:a8:93:23:02:92:10:ee:f6:7b:43:45:d1:
         20:5c:b9:47:94:1e:13:fe:88:52:40:7e:e6:3b:bd:ee:1f:ff:
         4a:28:03:d0:30:5d:da:4c:c6:64:59:a8:b1:90:4e:84:54:b4:
         8b:9e:65:4c:fc:5c:ca:ff:a9:da:ad:84:94:c2:7b:9e:94:a4:
         8f:26:0b:4a
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZpEU/CX5Z/EfqjC858MsAhYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMTAyMTEyOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2FmOTI3ZDRjNDQ2NzY5MDFjNWY4NTYyOWQ4Y2FmMzkxYWEwMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnA2yeMN1UqKYnZ0KsZpefNqS2sdH
l5C4UvSihzeIDZqH3WTAyhpSzcHJ3RjJUKBXhqxby+6ucprZ036OrIFYA1Th19V7
iJrtT0fo7G7/nlkTP6ZPpkG3Hxvv8Z7xnNlCKJv/gUnfWrkjaQopIRrysm4zwGwV
C4Tpwk7xqV/mntHmmRgOS6BwpxnQ3O8KIeBREhlr7nawFPt8PPn2Hq8ytHEBSK9y
tJwGzTvVRg8rXTl65int13EWFLWLBqoSnwtyeaaKRKzUK+uwOzL66Pr0yzoJD2Mq
EjTFTO+GEaZXXmYO9kAek6NhGPLqK1+rlOw5ifivkLal2ynJ+0+iUGg8SwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFIevkn1MRGdpAcX4VinYyvORqgBAMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvaDYtU2ZVeEVaMmtCeGZoV0tkaks4NUdxQUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARMA8DBQAqAfsB
AwYGKgH7AgAwDQYJKoZIhvcNAQELBQADggEBABCpUxwaF9Uz81ZOZbupQAGR0dWx
r6s/tobaIwbd4SrpZIEnJJo22jH87xx+guZR7SXd0sR2LFkx5pyc8Ihys8FFKJ4j
daRSoMt3/oCKvmnkLQnp6gk0edKndB8seUFAuwffgZGyxx2gAjBAaYmuq+AckaRb
3riVctpEGCOFQcbvi5o6XA32C8EfBeUN7rTd8a0e8vmtQgP9QDY7dozvMPzpOdrZ
S3fBjLnwkGBG8EkAXI4TR8zQii4+T6iTIwKSEO72e0NF0SBcuUeUHhP+iFJAfuY7
ve4f/0ooA9AwXdpMxmRZqLGQToRUtIueZUz8XMr/qdqthJTCe56UpI8mC0o=
-----END CERTIFICATE-----