Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/zrpiIy9T7GkrsyWEfm0Il1oiwIw.roa
File:                     zrpiIy9T7GkrsyWEfm0Il1oiwIw.roa (raw, json)
Hash identifier:          YicThxjGmSmAP8xAiEtZBKsuHsDSqsfKzhzACvzYBi8=
Subject key identifier:   CE:BA:62:23:2F:53:EC:69:2B:B3:25:84:7E:6D:08:97:5A:22:C0:8C
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019A41BC2F70392DC051C313843CFC048CF5
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/zrpiIy9T7GkrsyWEfm0Il1oiwIw.roa
Signing time:             Sat 01 Nov 2025 23:24:03 +0000
ROA not before:           Sat 01 Nov 2025 23:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        5.180.35.0/24 maxlen: 24
                          5.180.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:41:bc:2f:70:39:2d:c0:51:c3:13:84:3c:fc:04:8c:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Nov  1 23:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ceba62232f53ec692bb325847e6d08975a22c08c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2f:55:bf:10:5d:80:31:e3:79:15:0f:63:a9:
                    e3:27:f1:2e:23:f7:2d:fa:49:8e:da:b2:ba:82:37:
                    7a:1e:26:5e:72:e7:ee:70:3c:01:1b:c0:34:da:63:
                    8a:f1:d2:58:ec:7b:ae:2b:fa:29:7e:c5:08:bf:54:
                    bb:7b:cf:5d:32:0c:18:93:ea:61:03:8d:87:98:c4:
                    c7:77:8a:4b:2d:c9:c4:ae:f6:a8:3d:98:75:8c:0d:
                    62:aa:2a:f0:8c:44:d4:58:e2:fa:a5:ae:7f:40:ef:
                    02:04:77:2a:f9:72:9c:5e:6f:a8:c0:60:87:8c:d1:
                    24:e2:05:9f:44:2d:a5:c3:b8:59:01:10:a1:f1:78:
                    71:2c:32:1b:20:4e:e4:c8:a3:c9:80:a4:b4:8e:c1:
                    12:fd:7a:e1:ac:5f:ea:36:45:8b:de:58:e4:60:73:
                    72:99:72:47:3b:cf:9d:ea:ea:29:b4:92:86:8f:1d:
                    b9:a3:45:61:41:90:5e:53:85:e1:3f:b6:33:b9:fb:
                    73:1b:7f:7e:dd:b7:b8:90:76:6a:37:aa:58:e2:14:
                    29:58:8d:65:a6:c2:7d:a0:76:cf:44:83:c3:fe:a7:
                    f5:d8:f1:6c:a6:63:bf:76:94:b8:4f:91:f9:9e:45:
                    5c:92:6d:de:fa:02:57:af:f3:56:25:43:96:01:18:
                    1d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:BA:62:23:2F:53:EC:69:2B:B3:25:84:7E:6D:08:97:5A:22:C0:8C
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/zrpiIy9T7GkrsyWEfm0Il1oiwIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.35.0/24
                  5.180.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:b7:49:8f:78:c5:df:89:58:4e:fd:07:7c:cd:ed:9b:6e:06:
         5a:c0:31:dc:08:5a:cf:68:ca:92:ae:9e:78:11:14:aa:43:b8:
         a0:a0:21:3a:5b:ea:77:5f:37:8b:51:8a:29:b5:5a:b7:77:e1:
         97:bf:91:fc:a4:3b:bf:1b:f8:b3:91:1f:84:83:5e:5f:cc:ea:
         8c:fa:a8:9f:a4:4e:bb:64:0e:20:ef:0a:bd:24:07:09:f0:16:
         f2:31:5c:56:54:98:3d:48:c7:94:c8:6a:ac:75:33:0f:6f:51:
         e9:dd:4d:ab:aa:f1:47:df:87:12:e6:d0:2d:50:0c:41:94:05:
         0a:e4:6d:f8:c5:b2:85:63:19:0e:55:3a:16:4d:51:43:4f:54:
         69:14:73:fb:58:b0:4b:0a:79:15:25:22:17:f4:03:f2:88:3d:
         b1:19:81:67:b5:b8:e1:6a:34:83:bd:63:7e:bb:54:03:78:35:
         c2:91:74:e1:a5:3c:56:ac:3f:97:86:4e:19:d1:0a:b8:ea:c0:
         58:54:5f:c0:91:38:b3:2a:bb:11:3d:de:b2:25:61:45:8e:51:
         6b:90:08:96:65:67:46:34:d1:b3:65:6e:ab:88:85:72:fb:a3:
         17:22:fe:41:cc:6a:0b:96:40:5b:79:3f:89:d6:c1:55:fb:e0:
         74:c9:fc:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpBvC9wOS3AUcMThDz8BIz1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUxMTAxMjMyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWJhNjIyMzJmNTNlYzY5MmJiMzI1ODQ3ZTZkMDg5NzVhMjJjMDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi9VvxBdgDHjeRUPY6njJ/EuI/ct
+kmO2rK6gjd6HiZecufucDwBG8A02mOK8dJY7HuuK/opfsUIv1S7e89dMgwYk+ph
A42HmMTHd4pLLcnErvaoPZh1jA1iqirwjETUWOL6pa5/QO8CBHcq+XKcXm+owGCH
jNEk4gWfRC2lw7hZARCh8XhxLDIbIE7kyKPJgKS0jsES/XrhrF/qNkWL3ljkYHNy
mXJHO8+d6uoptJKGjx25o0VhQZBeU4XhP7YzuftzG39+3be4kHZqN6pY4hQpWI1l
psJ9oHbPRIPD/qf12PFspmO/dpS4T5H5nkVckm3e+gJXr/NWJUOWARgd8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM66YiMvU+xpK7MlhH5tCJdaIsCMMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvenJwaUl5OVQ3R2tyc3lXRWZtMElsMW9pd0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbQjAwQA
BbToMA0GCSqGSIb3DQEBCwUAA4IBAQB5t0mPeMXfiVhO/Qd8ze2bbgZawDHcCFrP
aMqSrp54ERSqQ7igoCE6W+p3XzeLUYoptVq3d+GXv5H8pDu/G/izkR+Eg15fzOqM
+qifpE67ZA4g7wq9JAcJ8BbyMVxWVJg9SMeUyGqsdTMPb1Hp3U2rqvFH34cS5tAt
UAxBlAUK5G34xbKFYxkOVToWTVFDT1RpFHP7WLBLCnkVJSIX9APyiD2xGYFntbjh
ajSDvWN+u1QDeDXCkXThpTxWrD+Xhk4Z0Qq46sBYVF/AkTizKrsRPd6yJWFFjlFr
kAiWZWdGNNGzZW6riIVy+6MXIv5BzGoLlkBbeT+J1sFV++B0yfwV
-----END CERTIFICATE-----