Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/XKsWSdLhRTm8gjvClV_GNNpoCtc.roa
File:                     XKsWSdLhRTm8gjvClV_GNNpoCtc.roa (raw, json)
Hash identifier:          KzhS3En/I42C0iMadSwm0isXBogBsqCsvnDb64RYfSg=
Subject key identifier:   5C:AB:16:49:D2:E1:45:39:BC:82:3B:C2:95:5F:C6:34:DA:68:0A:D7
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0199C454D5ED524E45C71B4C27742A0F855A
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/XKsWSdLhRTm8gjvClV_GNNpoCtc.roa
Signing time:             Wed 08 Oct 2025 14:58:38 +0000
ROA not before:           Wed 08 Oct 2025 14:58:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200993
IP address blocks:        2a0d:d940:52::/47 maxlen: 47
                          2a0d:d940:1f00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c4:54:d5:ed:52:4e:45:c7:1b:4c:27:74:2a:0f:85:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Oct  8 14:58:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cab1649d2e14539bc823bc2955fc634da680ad7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6d:c8:f7:9b:3b:fd:79:6b:35:c8:3a:17:d4:
                    41:16:95:04:1b:49:1c:d5:8d:a1:03:72:3e:24:5c:
                    d9:06:ae:a6:ea:d5:82:2a:a4:a3:17:e1:b6:b6:64:
                    e4:73:6c:9b:ac:33:f3:59:2d:26:b2:2b:e8:58:26:
                    32:87:28:30:05:5f:c0:08:cb:04:67:8f:9b:33:89:
                    08:cc:e7:ad:14:a9:71:71:87:2c:8a:21:e0:27:f8:
                    30:fc:ec:f0:07:24:f8:42:25:46:d8:8b:cb:ee:69:
                    94:6e:9d:d8:3e:3b:33:17:5e:6d:1a:34:37:45:06:
                    7b:49:54:ae:cc:47:1c:a3:57:a4:15:69:34:49:c1:
                    22:48:8a:c3:55:14:75:fd:47:d5:46:33:42:1e:74:
                    ef:86:13:b5:9b:3e:1a:90:81:9a:96:ec:5c:30:25:
                    ea:75:f1:0a:bd:78:cc:0c:b4:7a:11:46:5a:db:c7:
                    0d:a9:5b:b9:31:06:60:4c:5f:1a:2c:25:c9:9c:31:
                    0e:1f:6f:40:1e:6c:2c:5c:97:35:81:70:eb:15:3a:
                    9c:6f:4f:f1:d8:17:01:d0:00:00:2c:f1:04:94:0d:
                    c4:a7:92:9b:fb:1a:73:da:a0:8a:5d:db:1c:2d:7b:
                    71:8c:d2:6f:ca:9b:a0:84:84:e4:6c:f7:b9:24:9b:
                    94:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:AB:16:49:D2:E1:45:39:BC:82:3B:C2:95:5F:C6:34:DA:68:0A:D7
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/XKsWSdLhRTm8gjvClV_GNNpoCtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:52::/47
                  2a0d:d940:1f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         52:47:92:c5:c9:9e:cb:2d:9b:62:98:ff:27:65:b5:cb:6b:88:
         14:24:b2:85:86:74:6f:0a:08:67:8e:7f:4f:94:30:99:f0:8a:
         46:08:db:2b:92:ef:d2:54:89:c4:37:76:7a:a6:62:3d:fa:3e:
         48:72:11:e7:a1:c7:fb:0d:e5:83:86:04:98:59:99:5a:64:92:
         52:c9:9d:39:8b:3c:a8:f8:2f:72:44:4e:03:a4:7e:a4:95:61:
         b8:85:63:85:73:93:78:f1:5c:52:1d:91:de:ee:6a:12:36:6e:
         08:63:ca:4e:39:6c:ca:40:d2:8b:6e:1a:04:e9:86:ae:e3:58:
         01:99:c0:b6:90:68:cb:6b:c3:d2:c6:6b:e2:7f:5a:38:7c:c9:
         55:8a:b0:d8:87:32:1b:f2:12:c2:a2:65:07:b1:c1:38:6f:21:
         84:a1:6c:b6:73:09:17:85:f6:1e:40:e6:db:44:6d:05:9b:12:
         7c:54:5c:45:2a:98:e2:ac:1f:55:f3:fd:39:2b:fb:7d:94:a4:
         dc:8f:a6:b0:a7:ed:72:43:62:5e:df:92:e3:33:ea:88:a7:12:
         11:9d:56:48:c5:d9:fa:72:60:1e:7d:69:42:60:55:5f:dd:b2:
         9b:f7:b3:88:e2:88:1c:13:fd:c3:d3:6c:76:ca:a1:49:04:ac:
         02:1e:79:c0
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZnEVNXtUk5FxxtMJ3QqD4VaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUxMDA4MTQ1ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2FiMTY0OWQyZTE0NTM5YmM4MjNiYzI5NTVmYzYzNGRhNjgwYWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqG3I95s7/XlrNcg6F9RBFpUEG0kc
1Y2hA3I+JFzZBq6m6tWCKqSjF+G2tmTkc2ybrDPzWS0msivoWCYyhygwBV/ACMsE
Z4+bM4kIzOetFKlxcYcsiiHgJ/gw/OzwByT4QiVG2IvL7mmUbp3YPjszF15tGjQ3
RQZ7SVSuzEcco1ekFWk0ScEiSIrDVRR1/UfVRjNCHnTvhhO1mz4akIGaluxcMCXq
dfEKvXjMDLR6EUZa28cNqVu5MQZgTF8aLCXJnDEOH29AHmwsXJc1gXDrFTqcb0/x
2BcB0AAALPEElA3Ep5Kb+xpz2qCKXdscLXtxjNJvypughITkbPe5JJuUvwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFFyrFknS4UU5vII7wpVfxjTaaArXMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvWEtzV1NkTGhSVG04Z2p2Q2xWX0dOTnBvQ3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcBKg3ZQABS
AwYAKg3ZQB8wDQYJKoZIhvcNAQELBQADggEBAFJHksXJnsstm2KY/ydltctriBQk
soWGdG8KCGeOf0+UMJnwikYI2yuS79JUicQ3dnqmYj36PkhyEeehx/sN5YOGBJhZ
mVpkklLJnTmLPKj4L3JETgOkfqSVYbiFY4Vzk3jxXFIdkd7uahI2bghjyk45bMpA
0otuGgTphq7jWAGZwLaQaMtrw9LGa+J/Wjh8yVWKsNiHMhvyEsKiZQexwThvIYSh
bLZzCReF9h5A5ttEbQWbEnxUXEUqmOKsH1Xz/Tkr+32UpNyPprCn7XJDYl7fkuMz
6oinEhGdVkjF2fpyYB59aUJgVV/dspv3s4jiiBwT/cPTbHbKoUkErAIeecA=
-----END CERTIFICATE-----