Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kP0UTXtwcE9yVM9nZyKoMno4FLY.roa
File:                     kP0UTXtwcE9yVM9nZyKoMno4FLY.roa (raw, json)
Hash identifier:          SIzurFbKZaqHb+TFXI1+17hbMxe58TCtpchrtM1hQSo=
Subject key identifier:   90:FD:14:4D:7B:70:70:4F:72:54:CF:67:67:22:A8:32:7A:38:14:B6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019A4AF0C284B63AC1A2C96B50E2DE94C7DF
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kP0UTXtwcE9yVM9nZyKoMno4FLY.roa
Signing time:             Mon 03 Nov 2025 18:18:03 +0000
ROA not before:           Mon 03 Nov 2025 18:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204134
IP address blocks:        2a0e:97c0:750::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4a:f0:c2:84:b6:3a:c1:a2:c9:6b:50:e2:de:94:c7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov  3 18:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90fd144d7b70704f7254cf676722a8327a3814b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7d:2a:90:1d:f6:df:26:bf:3a:42:b4:91:ce:
                    dd:9a:0e:c0:11:5a:ce:4e:d4:71:48:59:60:a6:a2:
                    62:a4:96:99:57:cd:f0:5b:eb:21:5b:08:a1:a2:a9:
                    6a:b8:1a:1e:c6:17:79:13:39:23:cf:d7:02:1c:64:
                    53:5b:69:72:da:02:1e:6e:0f:09:99:5b:de:a6:4f:
                    cd:2f:f7:50:00:f2:76:8f:d8:c0:d0:f9:bb:52:75:
                    e5:63:b3:6a:97:d7:d5:34:cf:6c:52:f5:28:25:cc:
                    78:ab:72:95:da:a9:06:6b:d1:26:04:d0:06:80:00:
                    c1:2c:23:4f:91:81:99:25:99:bf:16:68:d0:43:43:
                    9e:34:4e:ca:ab:95:a7:93:03:63:70:6c:97:fa:ea:
                    2d:8a:e2:f5:07:da:75:e3:f6:f8:77:dc:9e:60:ed:
                    b2:d2:9f:69:8a:57:43:eb:46:55:68:6a:0d:1b:be:
                    76:b2:98:f5:4d:7e:5d:d9:0e:95:ea:4f:07:32:01:
                    51:64:19:2a:64:25:02:8f:1d:91:0a:80:bd:c8:7e:
                    62:cf:18:1d:98:e4:7d:1e:30:1f:9f:48:04:a0:10:
                    ac:8e:b3:bc:01:6f:48:67:8a:5f:4c:b1:2e:55:1d:
                    4a:21:69:14:39:c0:3f:6f:c9:6c:37:64:17:12:e1:
                    aa:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:FD:14:4D:7B:70:70:4F:72:54:CF:67:67:22:A8:32:7A:38:14:B6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kP0UTXtwcE9yVM9nZyKoMno4FLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:750::/44

    Signature Algorithm: sha256WithRSAEncryption
         3e:68:bd:b2:18:0e:e0:f0:ff:73:ad:21:22:3a:6a:f5:2e:c0:
         97:61:95:e1:33:3e:7f:a3:fd:fe:5d:77:95:46:0f:ab:ab:28:
         23:b8:41:0f:59:3b:05:f5:3f:96:65:71:b3:d2:99:35:1b:a9:
         52:66:2b:a9:7e:4a:ee:f1:11:99:ee:b4:d6:84:12:f7:e9:94:
         25:2d:1f:d8:cb:fa:f3:92:bf:ae:87:31:09:64:6d:30:a6:13:
         f7:7b:b3:c9:1c:e2:03:bf:77:e1:ef:99:96:3a:ef:a7:44:7f:
         ce:e2:e6:89:a5:57:71:61:39:fe:b9:ca:af:50:1a:13:61:04:
         f0:9d:ec:88:eb:f8:66:27:ff:c3:34:6c:c6:7b:ff:07:e4:2e:
         d7:c2:f9:57:d4:ad:9f:43:10:e7:76:92:9b:6e:2c:0c:fc:b8:
         42:02:9d:d7:16:86:8a:83:9d:bf:ba:8f:fe:2c:e8:c5:1d:e7:
         84:f2:dc:8c:98:e3:e2:ff:26:da:78:d0:c1:7a:ca:d6:9b:2a:
         e4:b0:f9:b8:8f:35:04:9f:81:37:11:17:13:b4:87:91:22:1e:
         94:33:76:17:63:c9:c5:8f:ae:9b:58:4e:12:31:96:de:86:09:
         7d:6d:7b:65:d6:28:18:d5:ab:34:ab:79:bd:a5:27:ae:91:a7:
         08:34:6b:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZpK8MKEtjrBoslrUOLelMffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMTAzMTgxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGZkMTQ0ZDdiNzA3MDRmNzI1NGNmNjc2NzIyYTgzMjdhMzgxNGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp30qkB323ya/OkK0kc7dmg7AEVrO
TtRxSFlgpqJipJaZV83wW+shWwihoqlquBoexhd5Ezkjz9cCHGRTW2ly2gIebg8J
mVvepk/NL/dQAPJ2j9jA0Pm7UnXlY7Nql9fVNM9sUvUoJcx4q3KV2qkGa9EmBNAG
gADBLCNPkYGZJZm/FmjQQ0OeNE7Kq5WnkwNjcGyX+uotiuL1B9p14/b4d9yeYO2y
0p9pildD60ZVaGoNG752spj1TX5d2Q6V6k8HMgFRZBkqZCUCjx2RCoC9yH5izxgd
mOR9HjAfn0gEoBCsjrO8AW9IZ4pfTLEuVR1KIWkUOcA/b8lsN2QXEuGqwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJD9FE17cHBPclTPZ2ciqDJ6OBS2MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEva1AwVVRYdHdjRTl5Vk05blp5S29Nbm80RkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAdQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA+aL2yGA7g8P9zrSEiOmr1LsCXYZXhMz5/o/3+
XXeVRg+rqygjuEEPWTsF9T+WZXGz0pk1G6lSZiupfkru8RGZ7rTWhBL36ZQlLR/Y
y/rzkr+uhzEJZG0wphP3e7PJHOIDv3fh75mWOu+nRH/O4uaJpVdxYTn+ucqvUBoT
YQTwneyI6/hmJ//DNGzGe/8H5C7XwvlX1K2fQxDndpKbbiwM/LhCAp3XFoaKg52/
uo/+LOjFHeeE8tyMmOPi/ybaeNDBesrWmyrksPm4jzUEn4E3ERcTtIeRIh6UM3YX
Y8nFj66bWE4SMZbehgl9bXtl1igY1as0q3m9pSeukacINGuF
-----END CERTIFICATE-----