Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/XVvqkubcjpXUYCIxbNhycnQ01pE.roa
File:                     XVvqkubcjpXUYCIxbNhycnQ01pE.roa (raw, json)
Hash identifier:          rZf6JadzlMziKvvRnlTt78J5GO4AeM0Q9BFM/dim7dI=
Subject key identifier:   5D:5B:EA:92:E6:DC:8E:95:D4:60:22:31:6C:D8:72:72:74:34:D6:91
Certificate issuer:       /CN=e80ec31635f4d91bb11312ba0a3465c18f233f68
Certificate serial:       01988E61B4A97E32C6535561624E8FE90D84
Authority key identifier: E8:0E:C3:16:35:F4:D9:1B:B1:13:12:BA:0A:34:65:C1:8F:23:3F:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6A7DFjX02RuxExK6CjRlwY8jP2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/XVvqkubcjpXUYCIxbNhycnQ01pE.roa
Signing time:             Sat 09 Aug 2025 10:30:24 +0000
ROA not before:           Sat 09 Aug 2025 10:30:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214957
IP address blocks:        2a10:ed40:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/6A7DFjX02RuxExK6CjRlwY8jP2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/6A7DFjX02RuxExK6CjRlwY8jP2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6A7DFjX02RuxExK6CjRlwY8jP2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 17:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8e:61:b4:a9:7e:32:c6:53:55:61:62:4e:8f:e9:0d:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e80ec31635f4d91bb11312ba0a3465c18f233f68
        Validity
            Not Before: Aug  9 10:30:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d5bea92e6dc8e95d46022316cd872727434d691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:40:28:4c:3a:b9:e7:0f:bc:bb:a5:c0:ce:80:
                    32:b2:3a:74:80:43:10:6c:72:22:1b:06:fc:d8:aa:
                    3c:e8:c9:78:80:e3:b9:44:be:85:9c:42:5d:f0:3e:
                    53:af:f3:d9:f3:37:93:eb:b8:65:27:1f:26:c1:19:
                    0b:da:13:2f:8f:fb:ff:e9:15:0a:31:91:af:a5:64:
                    2f:18:67:f4:78:3d:b1:b5:4f:d7:a7:05:47:6c:c5:
                    21:ec:ce:ff:6b:63:ff:04:f6:47:d6:a9:fb:2d:93:
                    57:c4:1c:c7:b4:a7:29:a4:d5:69:c1:1e:eb:cd:f6:
                    29:03:7e:33:91:90:f9:16:bc:f0:4f:28:27:a8:14:
                    2f:af:ee:51:63:2f:83:e8:79:b2:dc:dc:93:a2:1b:
                    e4:e9:1c:db:2a:85:e3:9d:5d:9a:64:a1:89:d6:23:
                    f9:c9:79:06:7c:1a:7a:5f:95:80:dc:18:ec:55:51:
                    09:b5:94:bd:9b:a4:76:ad:d5:09:29:44:a0:e5:53:
                    6d:b0:bd:dd:fb:88:fb:b6:5b:2b:20:46:56:10:cb:
                    a5:af:41:8c:3e:3d:b0:a8:a8:ea:1f:ca:63:17:a8:
                    75:4e:ac:ac:aa:27:6d:24:c0:8e:b9:bc:86:41:db:
                    89:71:98:66:10:61:83:7c:e4:46:fb:f2:0d:46:07:
                    17:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:5B:EA:92:E6:DC:8E:95:D4:60:22:31:6C:D8:72:72:74:34:D6:91
            X509v3 Authority Key Identifier:
                keyid:E8:0E:C3:16:35:F4:D9:1B:B1:13:12:BA:0A:34:65:C1:8F:23:3F:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6A7DFjX02RuxExK6CjRlwY8jP2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/XVvqkubcjpXUYCIxbNhycnQ01pE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/6A7DFjX02RuxExK6CjRlwY8jP2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ed40:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:ba:57:1b:2a:43:bc:b9:01:ce:d8:8e:07:e6:9d:45:be:f2:
         2b:c6:0b:e5:ec:42:90:bf:c6:00:91:62:61:ea:ec:a0:d8:dd:
         71:48:5a:16:95:a8:b5:99:e3:bb:8c:e1:50:a0:72:47:b8:98:
         a2:8a:b6:40:3d:9d:37:85:80:b0:3c:a9:ac:c1:73:71:7d:55:
         ec:71:87:fa:2a:f1:a6:49:fe:45:fa:55:c2:96:34:71:8b:d1:
         14:26:4e:8e:0e:5c:05:f2:55:f0:17:9e:9e:bd:37:79:cb:df:
         ed:84:34:23:50:38:30:6d:b3:17:2c:3a:2b:8e:d9:73:53:0d:
         f6:b2:2e:1e:ca:45:7d:b8:b0:4e:3c:d5:62:b0:84:33:cb:9f:
         1c:ac:07:92:2d:30:b3:cc:4c:53:d7:cb:c6:17:e1:eb:c8:6b:
         8e:31:f5:3e:35:47:31:b1:7b:42:f7:14:29:db:09:b4:51:63:
         54:93:8f:45:cc:48:14:75:b3:3b:bc:c7:c9:1f:5f:b4:ed:f3:
         61:ab:3a:f2:a5:06:9d:9f:d1:2b:92:e0:e9:f9:7a:bc:5d:98:
         0b:fa:6d:08:e2:25:4f:f7:90:26:31:b9:f0:e2:f7:c3:e3:45:
         61:92:81:da:67:a0:88:d4:b7:4a:3e:62:f3:85:1e:ae:15:37:
         45:3c:78:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZiOYbSpfjLGU1VhYk6P6Q2EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MGVjMzE2MzVmNGQ5MWJiMTEzMTJiYTBhMzQ2NWMxOGYy
MzNmNjgwHhcNMjUwODA5MTAzMDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDViZWE5MmU2ZGM4ZTk1ZDQ2MDIyMzE2Y2Q4NzI3Mjc0MzRkNjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UAoTDq55w+8u6XAzoAysjp0gEMQ
bHIiGwb82Ko86Ml4gOO5RL6FnEJd8D5Tr/PZ8zeT67hlJx8mwRkL2hMvj/v/6RUK
MZGvpWQvGGf0eD2xtU/XpwVHbMUh7M7/a2P/BPZH1qn7LZNXxBzHtKcppNVpwR7r
zfYpA34zkZD5FrzwTygnqBQvr+5RYy+D6Hmy3NyTohvk6RzbKoXjnV2aZKGJ1iP5
yXkGfBp6X5WA3BjsVVEJtZS9m6R2rdUJKUSg5VNtsL3d+4j7tlsrIEZWEMulr0GM
Pj2wqKjqH8pjF6h1TqysqidtJMCOubyGQduJcZhmEGGDfORG+/INRgcXPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF1b6pLm3I6V1GAiMWzYcnJ0NNaRMB8GA1UdIwQY
MBaAFOgOwxY19NkbsRMSugo0ZcGPIz9oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkE3REZqWDAyUnV4RXhLNkNqUmx3WThqUDJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8xMzA3MmYtMTc4ZC00ZjBjLTlmZmIt
NGRiZTEwYzNhNzFmLzEvWFZ2cWt1YmNqcFhVWUNJeGJOaHljblEwMXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8xMzA3MmYtMTc4ZC00ZjBjLTlmZmItNGRiZTEwYzNhNzFm
LzEvNkE3REZqWDAyUnV4RXhLNkNqUmx3WThqUDJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDtQAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQA4ulcbKkO8uQHO2I4H5p1FvvIrxgvl7EKQv8YA
kWJh6uyg2N1xSFoWlai1meO7jOFQoHJHuJiiirZAPZ03hYCwPKmswXNxfVXscYf6
KvGmSf5F+lXCljRxi9EUJk6ODlwF8lXwF56evTd5y9/thDQjUDgwbbMXLDorjtlz
Uw32si4eykV9uLBOPNVisIQzy58crAeSLTCzzExT18vGF+HryGuOMfU+NUcxsXtC
9xQp2wm0UWNUk49FzEgUdbM7vMfJH1+07fNhqzrypQadn9ErkuDp+Xq8XZgL+m0I
4iVP95AmMbnw4vfD40VhkoHaZ6CI1LdKPmLzhR6uFTdFPHgs
-----END CERTIFICATE-----