Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/XnU4MO1qmutBcwnzzodTGDfwqRY.roa
File:                     XnU4MO1qmutBcwnzzodTGDfwqRY.roa (raw, json)
Hash identifier:          4DHEwpJMP31+RmL1IjeYNFYi56VQufOK2qPDktHlARo=
Subject key identifier:   5E:75:38:30:ED:6A:9A:EB:41:73:09:F3:CE:87:53:18:37:F0:A9:16
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019A3133B46790C57AE485A0D3B02AD6D5FC
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/XnU4MO1qmutBcwnzzodTGDfwqRY.roa
Signing time:             Wed 29 Oct 2025 18:21:03 +0000
ROA not before:           Wed 29 Oct 2025 18:21:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213294
IP address blocks:        2a0e:19c1::/32 maxlen: 32
                          2a0e:19c7::/32 maxlen: 32
                          2a12:bc00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:31:33:b4:67:90:c5:7a:e4:85:a0:d3:b0:2a:d6:d5:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Oct 29 18:21:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e753830ed6a9aeb417309f3ce87531837f0a916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b3:63:f4:c9:d4:1a:03:07:97:0d:0e:4b:12:
                    c6:e5:e8:54:95:60:16:87:74:72:69:bb:14:32:b3:
                    9e:0e:67:f8:5d:b0:53:68:9e:37:2c:ca:c8:ef:13:
                    93:bf:0d:6a:58:fd:85:38:d3:9c:f8:b8:07:54:6b:
                    25:e9:d9:57:1c:ae:ce:7c:e7:bd:21:ae:ae:41:71:
                    59:a8:e9:44:10:55:14:e8:af:50:40:cc:2e:33:f0:
                    5e:38:60:f7:29:56:17:2e:b0:28:e2:d4:39:17:7c:
                    56:f7:ec:6b:78:8a:d9:47:d3:59:72:32:00:1c:fb:
                    65:cc:f4:11:55:f4:74:e4:74:37:f5:36:a1:60:12:
                    43:2b:94:33:56:62:31:d3:75:8f:37:f0:2e:b1:2c:
                    c1:a6:5b:42:af:4b:c7:b2:6d:31:5c:d1:0e:25:bd:
                    c2:91:11:6e:35:f2:49:fe:8c:5e:ba:21:b8:a6:78:
                    53:8b:4e:24:42:14:60:b7:d2:09:bd:e0:0e:06:12:
                    76:76:ab:55:ea:00:63:fb:84:bb:c4:44:b7:25:d9:
                    70:a8:32:a9:24:70:f6:04:0e:71:38:4c:1d:42:ab:
                    45:82:f5:98:2a:99:3f:eb:c3:54:07:4b:44:cd:36:
                    73:28:0e:c5:01:f0:a2:59:42:f1:9d:42:76:b1:d9:
                    8a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:75:38:30:ED:6A:9A:EB:41:73:09:F3:CE:87:53:18:37:F0:A9:16
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/XnU4MO1qmutBcwnzzodTGDfwqRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:19c1::/32
                  2a0e:19c7::/32
                  2a12:bc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:f3:c7:39:c7:d3:fb:c6:5c:ec:f9:bd:8a:cc:53:85:65:d9:
         11:a9:f8:a1:52:2f:22:1b:71:e6:e3:1d:12:0b:4a:ad:8e:aa:
         c0:ef:db:2b:e2:13:d6:13:b0:c1:92:c6:fc:8d:e7:b5:f2:de:
         e3:71:ea:79:4f:e6:e2:3b:74:16:bc:2b:c2:bd:81:38:6e:3c:
         ba:92:f9:47:1f:81:8b:c8:f2:54:5f:ba:85:7f:18:a6:0b:72:
         67:ba:a2:3c:94:9e:18:6e:3f:b6:c3:bd:00:ef:6c:df:00:e3:
         fb:d0:fe:e8:e1:b8:1a:95:6c:98:6b:74:55:64:b8:13:97:b3:
         58:65:82:53:52:83:4a:45:ec:53:65:b6:e3:ac:72:65:c5:60:
         d6:73:cf:74:aa:96:6a:56:61:7c:bb:63:19:c2:aa:4f:4c:83:
         01:f9:a0:d6:9f:e8:53:aa:16:43:e9:e6:21:5d:30:f2:d9:be:
         cf:6e:89:8e:d3:cb:5b:3b:a4:07:a8:1c:05:2c:bf:d9:6e:e6:
         8f:c9:b8:0e:d3:d2:d9:26:3a:fb:42:6d:7d:fa:0b:bf:3d:b8:
         3c:ad:f4:b9:b6:98:56:df:36:8b:be:c0:09:7a:65:5c:13:0f:
         dc:8d:52:74:5b:b5:cb:6a:2d:09:df:13:57:cc:e6:50:69:50:
         5d:c2:f5:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoxM7RnkMV65IWg07Aq1tX8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUxMDI5MTgyMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTc1MzgzMGVkNmE5YWViNDE3MzA5ZjNjZTg3NTMxODM3ZjBhOTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7Nj9MnUGgMHlw0OSxLG5ehUlWAW
h3RyabsUMrOeDmf4XbBTaJ43LMrI7xOTvw1qWP2FONOc+LgHVGsl6dlXHK7OfOe9
Ia6uQXFZqOlEEFUU6K9QQMwuM/BeOGD3KVYXLrAo4tQ5F3xW9+xreIrZR9NZcjIA
HPtlzPQRVfR05HQ39TahYBJDK5QzVmIx03WPN/AusSzBpltCr0vHsm0xXNEOJb3C
kRFuNfJJ/oxeuiG4pnhTi04kQhRgt9IJveAOBhJ2dqtV6gBj+4S7xES3JdlwqDKp
JHD2BA5xOEwdQqtFgvWYKpk/68NUB0tEzTZzKA7FAfCiWULxnUJ2sdmKmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF51ODDtaprrQXMJ886HUxg38KkWMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvWG5VNE1PMXFtdXRCY3duenpvZFRHRGZ3cVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg4ZwQMF
ACoOGccDBQMqErwAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ88c5x9P7xlzs+b2KzFOF
ZdkRqfihUi8iG3Hm4x0SC0qtjqrA79sr4hPWE7DBksb8jee18t7jcep5T+biO3QW
vCvCvYE4bjy6kvlHH4GLyPJUX7qFfximC3JnuqI8lJ4Ybj+2w70A72zfAOP70P7o
4bgalWyYa3RVZLgTl7NYZYJTUoNKRexTZbbjrHJlxWDWc890qpZqVmF8u2MZwqpP
TIMB+aDWn+hTqhZD6eYhXTDy2b7PbomO08tbO6QHqBwFLL/ZbuaPybgO09LZJjr7
Qm19+gu/Pbg8rfS5tphW3zaLvsAJemVcEw/cjVJ0W7XLai0J3xNXzOZQaVBdwvUS
-----END CERTIFICATE-----