Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/XlTxg3kTbgQ4ffELpk85x3UUxbA.roa
File:                     XlTxg3kTbgQ4ffELpk85x3UUxbA.roa (raw, json)
Hash identifier:          hgNyQsC5iaVhcyee4oBmWD68ihN6089j1kYflggiKFM=
Subject key identifier:   5E:54:F1:83:79:13:6E:04:38:7D:F1:0B:A6:4F:39:C7:75:14:C5:B0
Certificate issuer:       /CN=4fd6646c93c2974789ecef7b444656ee64161729
Certificate serial:       019B77C6BDEEA8C6485B411904BDFFFD2B2C
Authority key identifier: 4F:D6:64:6C:93:C2:97:47:89:EC:EF:7B:44:46:56:EE:64:16:17:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/XlTxg3kTbgQ4ffELpk85x3UUxbA.roa
Signing time:             Thu 01 Jan 2026 04:17:51 +0000
ROA not before:           Thu 01 Jan 2026 04:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25575
IP address blocks:        213.145.224.0/19 maxlen: 22
                          2a03:1000::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:bd:ee:a8:c6:48:5b:41:19:04:bd:ff:fd:2b:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fd6646c93c2974789ecef7b444656ee64161729
        Validity
            Not Before: Jan  1 04:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e54f18379136e04387df10ba64f39c77514c5b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c2:18:c7:ad:bb:de:b4:f3:c6:1b:9c:dd:96:
                    32:f6:0b:9b:9e:e0:83:48:e5:6c:90:9a:03:3a:98:
                    3d:cc:19:f1:93:7b:37:55:b6:cf:1f:67:75:85:2e:
                    50:c5:78:a2:96:38:96:5e:36:70:bc:e1:81:49:3a:
                    3a:b2:3a:c4:ad:1a:36:d5:67:d4:b2:f6:af:75:4f:
                    ff:be:47:a6:29:dd:17:e1:13:12:80:d1:dc:fa:9d:
                    3c:3d:3d:2c:ed:09:51:56:b3:89:e4:79:73:15:f0:
                    66:1a:81:6a:77:cc:ba:ec:7b:bf:57:81:26:06:4f:
                    11:7f:70:d0:1a:5e:74:36:32:6e:6a:b3:c3:62:96:
                    51:bb:9e:98:e1:3d:79:a5:94:28:f9:ba:43:86:68:
                    55:dd:82:47:a2:04:d2:b1:65:12:19:71:76:99:05:
                    7b:d7:50:db:e3:89:18:45:cf:ea:07:af:7a:89:aa:
                    cc:b1:49:14:00:36:f4:db:4b:53:f4:67:97:92:6c:
                    c4:9a:72:f8:ce:ac:4e:32:fd:66:e4:88:a1:42:13:
                    18:82:54:2f:89:c6:a7:0c:ba:2b:1d:04:5f:e1:0c:
                    af:b7:1e:fd:3c:a2:8e:e0:e3:bd:ec:07:4b:fc:66:
                    ba:65:fb:5a:9e:c1:df:3f:cf:30:b2:95:3a:9d:1b:
                    cc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:54:F1:83:79:13:6E:04:38:7D:F1:0B:A6:4F:39:C7:75:14:C5:B0
            X509v3 Authority Key Identifier:
                keyid:4F:D6:64:6C:93:C2:97:47:89:EC:EF:7B:44:46:56:EE:64:16:17:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/XlTxg3kTbgQ4ffELpk85x3UUxbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.224.0/19
                IPv6:
                  2a03:1000::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:64:ad:3b:12:cf:2d:9e:d5:2e:08:44:6e:5a:13:2b:24:65:
         cf:80:02:e6:05:d6:1c:f2:db:41:c2:ab:5a:f4:e4:77:cc:3b:
         e4:9c:0b:a5:15:77:26:21:40:97:64:43:f2:d3:f1:e9:0a:57:
         0a:93:72:4c:78:6e:85:05:fd:a0:51:bb:ae:be:39:8f:95:48:
         94:80:7d:42:4b:27:a5:83:f3:79:5a:84:95:03:8f:3b:46:81:
         f2:36:3a:5a:de:ce:24:bd:76:2b:80:3b:1a:aa:a0:d7:20:af:
         e9:1b:76:d3:e9:45:1d:db:b1:9f:73:18:8a:6f:8a:b5:2a:40:
         45:da:a9:16:0a:f7:1a:d1:15:cd:26:60:67:30:71:7e:79:c0:
         d6:e4:38:e2:f7:99:48:b5:90:1c:43:f6:96:8b:97:e5:23:c9:
         84:23:4d:14:84:da:4e:a4:8b:0c:fe:ab:84:98:9a:01:c8:34:
         81:1d:b2:92:86:7d:61:1a:97:45:99:8c:5f:69:38:15:82:44:
         9e:29:a9:03:6b:28:42:8f:c3:48:74:b2:87:18:f6:8e:1b:cc:
         0e:bf:64:a8:53:af:a6:58:6d:d6:b7:72:57:49:1b:4e:19:ee:
         7a:10:db:e7:6b:54:e7:f8:88:6d:7c:8b:37:35:f9:68:fd:0f:
         0f:4a:3d:21
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt3xr3uqMZIW0EZBL3//SssMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmZDY2NDZjOTNjMjk3NDc4OWVjZWY3YjQ0NDY1NmVlNjQx
NjE3MjkwHhcNMjYwMTAxMDQxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTU0ZjE4Mzc5MTM2ZTA0Mzg3ZGYxMGJhNjRmMzljNzc1MTRjNWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsIYx6273rTzxhuc3ZYy9gubnuCD
SOVskJoDOpg9zBnxk3s3VbbPH2d1hS5QxXiiljiWXjZwvOGBSTo6sjrErRo21WfU
svavdU//vkemKd0X4RMSgNHc+p08PT0s7QlRVrOJ5HlzFfBmGoFqd8y67Hu/V4Em
Bk8Rf3DQGl50NjJuarPDYpZRu56Y4T15pZQo+bpDhmhV3YJHogTSsWUSGXF2mQV7
11Db44kYRc/qB696iarMsUkUADb020tT9GeXkmzEmnL4zqxOMv1m5IihQhMYglQv
icanDLorHQRf4Qyvtx79PKKO4OO97AdL/Ga6ZftansHfP88wspU6nRvMRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF5U8YN5E24EOH3xC6ZPOcd1FMWwMB8GA1UdIwQY
MBaAFE/WZGyTwpdHiezve0RGVu5kFhcpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDlaa2JKUENsMGVKN085N1JFWlc3bVFXRnlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8zMzgxNmItMTQ1Yi00N2Y4LTg1ZmEt
NzZhNTM4NWM1MTVhLzEvWGxUeGcza1RiZ1E0ZmZFTHBrODV4M1VVeGJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8zMzgxNmItMTQ1Yi00N2Y4LTg1ZmEtNzZhNTM4NWM1MTVh
LzEvVDlaa2JKUENsMGVKN085N1JFWlc3bVFXRnlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1ZHgMA0E
AgACMAcDBQAqAxAAMA0GCSqGSIb3DQEBCwUAA4IBAQBEZK07Es8tntUuCERuWhMr
JGXPgALmBdYc8ttBwqta9OR3zDvknAulFXcmIUCXZEPy0/HpClcKk3JMeG6FBf2g
UbuuvjmPlUiUgH1CSyelg/N5WoSVA487RoHyNjpa3s4kvXYrgDsaqqDXIK/pG3bT
6UUd27GfcxiKb4q1KkBF2qkWCvca0RXNJmBnMHF+ecDW5Dji95lItZAcQ/aWi5fl
I8mEI00UhNpOpIsM/quEmJoByDSBHbKShn1hGpdFmYxfaTgVgkSeKakDayhCj8NI
dLKHGPaOG8wOv2SoU6+mWG3Wt3JXSRtOGe56ENvna1Tn+IhtfIs3Nflo/Q8PSj0h
-----END CERTIFICATE-----