Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/gi5eF85DS2YJELAZM_ySYFsKV08.roa
File:                     gi5eF85DS2YJELAZM_ySYFsKV08.roa (raw, json)
Hash identifier:          MIgOllfsmrhmY3owqBnBM3hgcAd1OAro3szJ6UxB+Hk=
Subject key identifier:   82:2E:5E:17:CE:43:4B:66:09:10:B0:19:33:FC:92:60:5B:0A:57:4F
Certificate issuer:       /CN=954a2aee086174b01272fae779ad431eb092aeb7
Certificate serial:       019A46E9DD749A086372088D8262ED1C7C5B
Authority key identifier: 95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/gi5eF85DS2YJELAZM_ySYFsKV08.roa
Signing time:             Sun 02 Nov 2025 23:32:02 +0000
ROA not before:           Sun 02 Nov 2025 23:32:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203555
IP address blocks:        2a03:404::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 05:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:46:e9:dd:74:9a:08:63:72:08:8d:82:62:ed:1c:7c:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=954a2aee086174b01272fae779ad431eb092aeb7
        Validity
            Not Before: Nov  2 23:32:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=822e5e17ce434b660910b01933fc92605b0a574f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:c9:c1:70:eb:29:06:1b:96:8a:51:f9:f4:40:
                    f7:53:b5:7a:b6:49:3e:7f:7e:fe:78:94:d1:9a:1d:
                    df:8a:f2:ab:42:76:4c:75:cc:cd:19:5e:58:17:53:
                    fb:51:ec:26:21:6a:0d:27:ab:c8:2a:55:7f:8c:27:
                    14:1f:6a:1d:98:59:f4:e7:1d:9a:41:60:53:f3:15:
                    bf:c7:94:b7:89:77:af:92:6c:19:22:a9:35:d8:01:
                    d8:fc:bd:b6:38:f4:70:a6:b3:9d:67:d5:d2:80:61:
                    9c:bc:d1:80:93:d7:1c:5a:6a:29:c3:fb:9b:ee:4a:
                    66:24:5a:be:db:95:ab:19:0d:55:c1:86:81:7a:14:
                    78:7f:e0:97:fb:2c:02:cf:3a:0d:11:96:57:51:b3:
                    11:66:75:de:4a:ac:b0:4b:f9:3b:46:17:40:03:da:
                    09:49:1e:1e:63:8c:fd:5f:12:d8:9f:de:10:35:7f:
                    8e:5f:e1:13:4f:4c:8f:03:a3:13:85:56:ce:c5:6c:
                    a4:54:57:fc:a7:4b:5c:75:08:9f:d2:86:8c:b5:32:
                    a4:d3:e3:fa:47:cb:b2:9b:51:7d:17:e1:a8:99:4f:
                    14:20:53:94:d5:6f:81:29:1d:cd:0b:35:b5:9b:e8:
                    58:7f:4d:2b:d7:3c:3f:52:69:94:02:de:b1:21:9a:
                    89:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:2E:5E:17:CE:43:4B:66:09:10:B0:19:33:FC:92:60:5B:0A:57:4F
            X509v3 Authority Key Identifier:
                keyid:95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/gi5eF85DS2YJELAZM_ySYFsKV08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:404::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:e6:b0:51:6b:c9:c7:80:c8:66:04:b8:4d:ff:b2:37:36:60:
         b2:f6:36:9a:21:83:c6:ff:46:cd:b8:56:0e:19:2f:5e:f7:3a:
         39:63:95:fb:7b:51:4f:dc:32:1d:c9:91:11:13:31:73:65:23:
         63:e3:a6:74:dd:69:10:f6:af:67:4b:c2:52:53:2e:3c:fb:6f:
         77:50:a0:51:07:53:a9:9f:9f:70:24:c7:b7:62:37:85:f3:96:
         c5:bd:88:68:5f:4f:98:80:81:95:65:63:0e:92:f8:54:e6:d5:
         bb:39:e5:1c:29:04:65:a4:a0:1e:df:98:d4:2d:21:f0:10:6f:
         bd:e2:41:57:da:83:76:f2:b0:d3:20:95:a3:79:e2:db:94:4d:
         a6:7f:2b:ee:00:fb:9a:8e:be:00:b5:fe:a0:fc:dc:46:46:1a:
         36:44:74:36:15:86:b2:9e:6e:fe:c6:8b:ad:e1:67:a1:c0:d4:
         2e:0f:f3:b8:dc:7f:b6:25:93:ba:c5:44:27:ed:46:25:2a:b3:
         f1:e7:81:b9:bf:6a:1c:f6:c0:29:bf:0e:94:8f:fe:00:67:68:
         f9:cd:5e:85:83:da:1e:20:7e:61:24:d3:72:8d:da:20:7a:d4:
         7b:1f:b6:45:c2:43:0b:32:98:ec:94:81:ab:22:7c:37:eb:2b:
         5d:a9:e8:c7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZpG6d10mghjcgiNgmLtHHxbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGEyYWVlMDg2MTc0YjAxMjcyZmFlNzc5YWQ0MzFlYjA5
MmFlYjcwHhcNMjUxMTAyMjMzMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjJlNWUxN2NlNDM0YjY2MDkxMGIwMTkzM2ZjOTI2MDViMGE1NzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3snBcOspBhuWilH59ED3U7V6tkk+
f37+eJTRmh3fivKrQnZMdczNGV5YF1P7UewmIWoNJ6vIKlV/jCcUH2odmFn05x2a
QWBT8xW/x5S3iXevkmwZIqk12AHY/L22OPRwprOdZ9XSgGGcvNGAk9ccWmopw/ub
7kpmJFq+25WrGQ1VwYaBehR4f+CX+ywCzzoNEZZXUbMRZnXeSqywS/k7RhdAA9oJ
SR4eY4z9XxLYn94QNX+OX+ETT0yPA6MThVbOxWykVFf8p0tcdQif0oaMtTKk0+P6
R8uym1F9F+GomU8UIFOU1W+BKR3NCzW1m+hYf00r1zw/UmmUAt6xIZqJtwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIIuXhfOQ0tmCRCwGTP8kmBbCldPMB8GA1UdIwQY
MBaAFJVKKu4IYXSwEnL653mtQx6wkq63MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEt
NDU2NWYwNGY4ZDg1LzEvZ2k1ZUY4NURTMllKRUxBWk1feVNZRnNLVjA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEtNDU2NWYwNGY4ZDg1
LzEvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgMEBDAN
BgkqhkiG9w0BAQsFAAOCAQEARuawUWvJx4DIZgS4Tf+yNzZgsvY2miGDxv9GzbhW
DhkvXvc6OWOV+3tRT9wyHcmRERMxc2UjY+OmdN1pEPavZ0vCUlMuPPtvd1CgUQdT
qZ+fcCTHt2I3hfOWxb2IaF9PmICBlWVjDpL4VObVuznlHCkEZaSgHt+Y1C0h8BBv
veJBV9qDdvKw0yCVo3ni25RNpn8r7gD7mo6+ALX+oPzcRkYaNkR0NhWGsp5u/saL
reFnocDULg/zuNx/tiWTusVEJ+1GJSqz8eeBub9qHPbAKb8OlI/+AGdo+c1ehYPa
HiB+YSTTco3aIHrUex+2RcJDCzKY7JSBqyJ8N+srXanoxw==
-----END CERTIFICATE-----