Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XQypmlXPNa-ZTFDdSk98CrUWg24.roa
File:                     XQypmlXPNa-ZTFDdSk98CrUWg24.roa (raw, json)
Hash identifier:          p61HYxNWcnHE3LvbBj1Lk+Yhh6GyFlRNl9od7MPa3hQ=
Subject key identifier:   5D:0C:A9:9A:55:CF:35:AF:99:4C:50:DD:4A:4F:7C:0A:B5:16:83:6E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019A53156D411383D6FE2A8AD630A6BBEAE4
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XQypmlXPNa-ZTFDdSk98CrUWg24.roa
Signing time:             Wed 05 Nov 2025 08:15:04 +0000
ROA not before:           Wed 05 Nov 2025 08:15:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215614
IP address blocks:        2a10:2f00:167::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:53:15:6d:41:13:83:d6:fe:2a:8a:d6:30:a6:bb:ea:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov  5 08:15:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d0ca99a55cf35af994c50dd4a4f7c0ab516836e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:85:d2:c1:e8:b5:cf:83:3a:d5:66:a1:a7:4d:
                    00:93:de:11:11:26:07:76:10:d8:e1:9b:34:84:52:
                    88:95:c3:0b:86:eb:e3:78:69:19:2f:09:d5:42:a2:
                    5a:f6:4d:c4:9f:1e:c9:0b:6c:00:2b:b6:48:07:ac:
                    0b:b9:99:fe:d7:d0:ed:4c:cd:7b:87:71:4a:b5:b4:
                    86:c9:ce:46:53:c3:d6:b2:49:f7:e4:b4:30:ab:56:
                    34:25:a2:c3:a3:a1:61:03:27:b7:43:26:b2:dd:6b:
                    25:0f:88:1b:64:ba:55:cb:f0:a5:65:a9:80:94:7d:
                    53:10:b0:bd:98:27:40:6b:8b:fc:43:13:73:00:c2:
                    9e:f4:71:0f:29:57:fd:89:7c:c0:14:93:fd:52:9c:
                    44:54:e5:2f:5e:a5:cf:81:c4:16:f1:56:ca:fb:74:
                    58:76:21:92:f4:7d:b9:da:e7:5b:b2:12:9a:71:fd:
                    27:30:33:04:72:d3:79:9c:14:ac:c9:f1:76:4d:33:
                    19:98:16:0e:e1:6f:ae:14:d1:b1:80:a7:f8:8c:01:
                    d0:6c:06:41:22:c7:5a:87:62:33:7c:47:22:d7:b2:
                    cb:a7:cc:3e:2b:39:d2:ff:8d:ed:d5:3f:12:3c:90:
                    be:e3:a8:9f:6d:bc:ec:19:f9:d5:d0:d5:8c:49:f5:
                    3a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:0C:A9:9A:55:CF:35:AF:99:4C:50:DD:4A:4F:7C:0A:B5:16:83:6E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XQypmlXPNa-ZTFDdSk98CrUWg24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:167::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:9e:b0:a0:a2:1c:15:b0:9f:f9:2e:c9:3e:c5:84:5d:b1:78:
         42:39:8e:33:5a:78:35:27:5a:50:4e:c0:a4:ed:eb:b7:94:68:
         4b:d0:65:a2:a6:71:1d:b3:e3:f0:98:05:10:84:17:d8:a4:4f:
         56:b9:ae:78:10:25:8f:f8:0f:55:dd:c3:60:ff:c7:9f:8a:69:
         99:72:a9:dd:a0:36:4b:b8:06:7f:e5:eb:a3:d1:18:2e:64:df:
         25:d0:48:e6:45:62:53:17:90:fd:82:14:80:d8:67:95:4a:81:
         e9:23:26:4f:39:07:27:20:46:5a:96:7b:c5:3e:c8:4e:1a:f7:
         78:84:c9:68:17:9e:b0:fd:61:94:ac:b4:6c:59:57:94:25:0e:
         50:83:dd:5a:26:b0:63:d4:10:e0:55:ef:c0:68:66:a0:e6:b5:
         3c:b4:db:dd:dc:e1:ae:4f:80:82:cf:15:df:9f:b8:1d:24:92:
         97:ae:05:7e:72:70:e1:c0:56:80:30:a1:09:72:b6:d6:31:a2:
         bc:4d:57:c4:fb:9c:29:5e:d2:1a:af:56:a6:78:3e:c0:25:b2:
         a2:e7:7f:b8:2c:96:c0:20:08:1f:1e:d1:3d:f8:ec:00:65:b1:
         93:b2:34:97:0b:50:87:68:b3:3d:7d:1f:1b:0e:4c:ec:15:09:
         3b:5b:9a:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZpTFW1BE4PW/iqK1jCmu+rkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMTA1MDgxNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDBjYTk5YTU1Y2YzNWFmOTk0YzUwZGQ0YTRmN2MwYWI1MTY4MzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3oXSwei1z4M61Wahp00Ak94RESYH
dhDY4Zs0hFKIlcMLhuvjeGkZLwnVQqJa9k3Enx7JC2wAK7ZIB6wLuZn+19DtTM17
h3FKtbSGyc5GU8PWskn35LQwq1Y0JaLDo6FhAye3Qyay3WslD4gbZLpVy/ClZamA
lH1TELC9mCdAa4v8QxNzAMKe9HEPKVf9iXzAFJP9UpxEVOUvXqXPgcQW8VbK+3RY
diGS9H252udbshKacf0nMDMEctN5nBSsyfF2TTMZmBYO4W+uFNGxgKf4jAHQbAZB
Isdah2IzfEci17LLp8w+KznS/43t1T8SPJC+46ifbbzsGfnV0NWMSfU6pQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF0MqZpVzzWvmUxQ3UpPfAq1FoNuMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWFF5cG1sWFBOYS1aVEZEZFNrOThDclVXZzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFn
MA0GCSqGSIb3DQEBCwUAA4IBAQAYnrCgohwVsJ/5Lsk+xYRdsXhCOY4zWng1J1pQ
TsCk7eu3lGhL0GWipnEds+PwmAUQhBfYpE9Wua54ECWP+A9V3cNg/8efimmZcqnd
oDZLuAZ/5euj0RguZN8l0EjmRWJTF5D9ghSA2GeVSoHpIyZPOQcnIEZalnvFPshO
Gvd4hMloF56w/WGUrLRsWVeUJQ5Qg91aJrBj1BDgVe/AaGag5rU8tNvd3OGuT4CC
zxXfn7gdJJKXrgV+cnDhwFaAMKEJcrbWMaK8TVfE+5wpXtIar1ameD7AJbKi53+4
LJbAIAgfHtE9+OwAZbGTsjSXC1CHaLM9fR8bDkzsFQk7W5q3
-----END CERTIFICATE-----