Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/llV-T5OHByUu8L74VWUv92cAzng.roa
File:                     llV-T5OHByUu8L74VWUv92cAzng.roa (raw, json)
Hash identifier:          9tBLuUshvL8XHJW+P3MzIrJyocKmZrwAHXHerORBago=
Subject key identifier:   96:55:7E:4F:93:87:07:25:2E:F0:BE:F8:55:65:2F:F7:67:00:CE:78
Certificate issuer:       /CN=667d377dd4c830c246cb48a934699699e4b37741
Certificate serial:       019B7A5B725E769DDABEAEFDE2AC36C7847C
Authority key identifier: 66:7D:37:7D:D4:C8:30:C2:46:CB:48:A9:34:69:96:99:E4:B3:77:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zn03fdTIMMJGy0ipNGmWmeSzd0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/llV-T5OHByUu8L74VWUv92cAzng.roa
Signing time:             Thu 01 Jan 2026 16:19:32 +0000
ROA not before:           Thu 01 Jan 2026 16:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1712
IP address blocks:        2a09:6847::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Zn03fdTIMMJGy0ipNGmWmeSzd0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Zn03fdTIMMJGy0ipNGmWmeSzd0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zn03fdTIMMJGy0ipNGmWmeSzd0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:72:5e:76:9d:da:be:ae:fd:e2:ac:36:c7:84:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=667d377dd4c830c246cb48a934699699e4b37741
        Validity
            Not Before: Jan  1 16:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=96557e4f938707252ef0bef855652ff76700ce78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:eb:e5:08:80:88:1d:70:91:57:5c:b4:e6:a3:
                    e9:fa:ca:73:f2:25:5b:65:9c:84:ff:30:38:f2:78:
                    61:b8:54:69:6f:14:10:f7:51:56:2f:9f:02:7e:8d:
                    68:ac:cd:8d:20:77:a5:c4:06:32:87:84:48:6e:44:
                    46:5a:7e:ab:d5:fe:0d:b5:b7:bc:56:ef:c1:a9:a1:
                    a9:24:a6:2d:60:8e:1c:71:03:5c:ab:ea:e9:e0:71:
                    87:90:32:2c:8d:0d:07:72:9d:1e:17:d5:e1:7e:e6:
                    56:89:3b:cf:f8:a9:8e:45:d4:b0:e0:46:c0:2e:5b:
                    23:bf:5b:4b:44:ea:e3:99:99:8b:de:d8:53:89:3a:
                    d2:05:3c:aa:fe:a3:01:93:cb:f9:ae:7d:48:7a:14:
                    be:8e:ba:b3:85:3a:d5:d7:3b:e2:24:f4:e9:56:d9:
                    75:49:fc:91:f4:c7:c2:ad:98:51:59:85:a4:77:55:
                    5c:6a:63:f0:80:28:11:f8:27:9c:86:0d:86:8d:d3:
                    72:44:5c:7b:c7:b3:65:e6:bb:4e:24:ec:a0:bd:0e:
                    12:70:0c:93:79:be:af:1e:91:ed:fe:7d:54:fe:8f:
                    61:40:7c:4f:65:bd:83:22:6c:3e:c9:f2:73:e8:f2:
                    3b:e4:dc:23:d7:01:b3:bd:d0:47:de:c5:21:c8:b1:
                    28:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:55:7E:4F:93:87:07:25:2E:F0:BE:F8:55:65:2F:F7:67:00:CE:78
            X509v3 Authority Key Identifier:
                keyid:66:7D:37:7D:D4:C8:30:C2:46:CB:48:A9:34:69:96:99:E4:B3:77:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zn03fdTIMMJGy0ipNGmWmeSzd0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/llV-T5OHByUu8L74VWUv92cAzng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Zn03fdTIMMJGy0ipNGmWmeSzd0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6847::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:6e:68:b5:63:e6:9b:da:e2:dc:5f:a6:5f:00:ba:5c:23:b4:
         5b:02:3e:5a:0a:f6:c6:c2:03:3d:a1:f5:43:68:e6:d6:d1:57:
         9f:a0:ff:9b:50:15:8c:89:8c:2f:7a:c2:3e:6f:b4:b7:24:db:
         e7:4c:3c:b2:81:b8:39:f0:f4:3a:23:f3:c0:8e:b7:68:22:1d:
         18:ed:f2:83:74:89:fd:f5:49:0d:e2:10:cd:b2:5e:45:67:ef:
         ef:bf:f6:e2:49:91:92:25:f6:b6:a3:54:7d:da:d3:8a:81:24:
         94:49:33:2b:28:f8:42:e5:5d:1b:76:97:03:e2:6e:9e:bb:7c:
         7b:f9:45:17:d0:a6:88:aa:5b:f7:14:44:e1:77:ca:6b:36:f1:
         52:09:fa:bb:14:82:1d:5b:2a:9b:9f:c4:b8:b2:2b:2d:76:e3:
         11:ab:dd:08:c8:27:11:b2:9a:a5:c1:8f:ff:41:85:ff:53:3d:
         94:19:d9:db:8a:72:ca:de:03:bc:1e:4e:93:51:2f:f2:d3:bb:
         5e:5d:b6:c4:a2:9d:8f:54:9a:ac:7c:4d:2d:9a:48:71:3e:81:
         80:11:b4:1d:6c:9d:d2:76:b5:8d:22:1e:2a:c7:bd:8b:41:fe:
         3b:d6:5d:ca:9e:15:f8:ef:75:14:90:26:6e:08:66:14:c9:f3:
         8a:7c:47:8f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6W3Jedp3avq794qw2x4R8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2N2QzNzdkZDRjODMwYzI0NmNiNDhhOTM0Njk5Njk5ZTRi
Mzc3NDEwHhcNMjYwMTAxMTYxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjU1N2U0ZjkzODcwNzI1MmVmMGJlZjg1NTY1MmZmNzY3MDBjZTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOvlCICIHXCRV1y05qPp+spz8iVb
ZZyE/zA48nhhuFRpbxQQ91FWL58Cfo1orM2NIHelxAYyh4RIbkRGWn6r1f4Ntbe8
Vu/BqaGpJKYtYI4ccQNcq+rp4HGHkDIsjQ0Hcp0eF9XhfuZWiTvP+KmORdSw4EbA
Llsjv1tLROrjmZmL3thTiTrSBTyq/qMBk8v5rn1IehS+jrqzhTrV1zviJPTpVtl1
SfyR9MfCrZhRWYWkd1VcamPwgCgR+Cechg2GjdNyRFx7x7Nl5rtOJOygvQ4ScAyT
eb6vHpHt/n1U/o9hQHxPZb2DImw+yfJz6PI75Nwj1wGzvdBH3sUhyLEoGwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJZVfk+ThwclLvC++FVlL/dnAM54MB8GA1UdIwQY
MBaAFGZ9N33UyDDCRstIqTRplpnks3dBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm4wM2ZkVElNTUpHeTBpcE5HbVdtZVN6ZDBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9lNjgxMmUtOTZhNC00OGI0LWFiNjEt
MTIxZmY0NjAxOGYzLzEvbGxWLVQ1T0hCeVV1OEw3NFZXVXY5MmNBem5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9lNjgxMmUtOTZhNC00OGI0LWFiNjEtMTIxZmY0NjAxOGYz
LzEvWm4wM2ZkVElNTUpHeTBpcE5HbVdtZVN6ZDBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgloRzAN
BgkqhkiG9w0BAQsFAAOCAQEAFW5otWPmm9ri3F+mXwC6XCO0WwI+Wgr2xsIDPaH1
Q2jm1tFXn6D/m1AVjImML3rCPm+0tyTb50w8soG4OfD0OiPzwI63aCIdGO3yg3SJ
/fVJDeIQzbJeRWfv77/24kmRkiX2tqNUfdrTioEklEkzKyj4QuVdG3aXA+Junrt8
e/lFF9CmiKpb9xRE4XfKazbxUgn6uxSCHVsqm5/EuLIrLXbjEavdCMgnEbKapcGP
/0GF/1M9lBnZ24pyyt4DvB5Ok1Ev8tO7Xl22xKKdj1SarHxNLZpIcT6BgBG0HWyd
0na1jSIeKse9i0H+O9Zdyp4V+O91FJAmbghmFMnzinxHjw==
-----END CERTIFICATE-----