Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/aqX_aHr9DYDlihdIMBv6LMwHePY.roa
File:                     aqX_aHr9DYDlihdIMBv6LMwHePY.roa (raw, json)
Hash identifier:          CPN85FZ7OPhT7PlAx5nBT6Pw1xOtIkDQK0zxfnvB/+M=
Subject key identifier:   6A:A5:FF:68:7A:FD:0D:80:E5:8A:17:48:30:1B:FA:2C:CC:07:78:F6
Certificate issuer:       /CN=a0e049d00ba8421e4c45a948492945c78fd9e16d
Certificate serial:       019976CFA47DAE00635EFE58050E5760FB43
Authority key identifier: A0:E0:49:D0:0B:A8:42:1E:4C:45:A9:48:49:29:45:C7:8F:D9:E1:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/aqX_aHr9DYDlihdIMBv6LMwHePY.roa
Signing time:             Tue 23 Sep 2025 13:42:23 +0000
ROA not before:           Tue 23 Sep 2025 13:42:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59419
IP address blocks:        158.94.176.0/22 maxlen: 22
                          185.141.84.0/22 maxlen: 24
                          2a0b:aa00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 10:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:cf:a4:7d:ae:00:63:5e:fe:58:05:0e:57:60:fb:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0e049d00ba8421e4c45a948492945c78fd9e16d
        Validity
            Not Before: Sep 23 13:42:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6aa5ff687afd0d80e58a1748301bfa2ccc0778f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3e:5c:7a:a3:36:fd:b5:ec:73:9b:97:c1:c6:
                    40:b5:69:a4:4c:7e:1e:04:26:cd:ae:28:77:f8:32:
                    cb:dc:10:45:e9:60:e3:16:81:ac:f1:cf:c5:1d:16:
                    e8:4d:50:77:ab:76:69:b3:30:34:4d:6b:f2:5b:60:
                    85:28:73:57:b8:1a:05:44:d6:53:f3:b1:af:8d:49:
                    eb:2d:95:6c:e7:1b:76:a2:e4:ce:d2:43:5f:4a:66:
                    5f:f7:9f:57:5e:f8:fb:7c:ea:47:30:d2:bb:69:fe:
                    1f:0c:08:20:30:c9:24:14:b1:30:26:75:75:68:c6:
                    16:9c:ed:a6:ff:52:0f:6f:77:55:c8:77:0a:0a:b3:
                    2a:a8:ea:f9:cb:ff:6b:d6:a1:1c:6e:1b:46:7c:95:
                    8d:9f:4e:d9:f2:af:66:1d:87:ac:6d:f4:fa:89:7e:
                    74:4d:64:c7:ad:06:52:09:54:b0:16:d3:1c:76:de:
                    4d:d9:a7:e7:d2:9d:55:d2:b8:7d:dd:98:20:60:49:
                    bb:23:7f:54:f7:08:23:df:58:bc:53:f5:e8:70:64:
                    83:da:4c:99:6a:83:63:f0:1d:01:48:9a:2f:df:fb:
                    73:88:9d:6e:81:af:7f:28:cd:f2:18:67:3d:4b:7f:
                    cc:6e:9c:f2:d4:61:f4:35:63:81:a9:fa:15:9e:85:
                    28:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A5:FF:68:7A:FD:0D:80:E5:8A:17:48:30:1B:FA:2C:CC:07:78:F6
            X509v3 Authority Key Identifier:
                keyid:A0:E0:49:D0:0B:A8:42:1E:4C:45:A9:48:49:29:45:C7:8F:D9:E1:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/aqX_aHr9DYDlihdIMBv6LMwHePY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.176.0/22
                  185.141.84.0/22
                IPv6:
                  2a0b:aa00::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:5d:22:e1:07:36:2f:38:8e:34:3c:39:86:17:58:f8:83:41:
         77:e4:d4:84:e1:7f:67:16:06:1b:fd:2b:1c:07:3c:e2:e8:71:
         33:41:1e:9a:1a:83:53:81:b5:ca:9d:a5:c0:7a:c4:90:ca:51:
         a2:b9:f1:41:8f:22:10:16:a5:27:fc:c7:f1:b3:bc:ed:82:ae:
         6a:68:f8:e5:bd:58:a2:0a:3a:ab:3b:9f:41:6e:fe:50:b7:7f:
         b9:ef:7b:08:86:d5:60:be:78:60:21:2b:b5:12:33:60:2f:68:
         c1:fc:c2:0a:32:2b:2a:fb:03:c2:f9:c2:e1:d9:0a:4a:f8:52:
         fc:74:80:26:84:05:58:8b:cb:23:4f:51:62:99:02:0c:56:f0:
         50:69:17:1e:55:cb:91:3c:c4:c7:16:79:0a:d9:82:7a:a1:79:
         de:88:df:89:76:8c:6d:0f:19:8f:aa:71:81:93:15:bf:24:c5:
         3d:33:24:f7:89:fc:24:94:7a:ac:97:16:c3:d3:1a:54:46:bd:
         a5:f0:82:1c:d5:85:96:db:a5:87:e5:69:be:78:23:85:fc:1d:
         6a:45:fd:b6:93:48:f7:d9:51:1c:94:3d:16:78:ee:37:1d:f7:
         b2:b1:1e:cf:01:02:bb:58:89:dc:95:2c:ae:18:bb:5a:42:4e:
         4c:b4:cf:4f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZl2z6R9rgBjXv5YBQ5XYPtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTA0OWQwMGJhODQyMWU0YzQ1YTk0ODQ5Mjk0NWM3OGZk
OWUxNmQwHhcNMjUwOTIzMTM0MjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWE1ZmY2ODdhZmQwZDgwZTU4YTE3NDgzMDFiZmEyY2NjMDc3OGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlz5ceqM2/bXsc5uXwcZAtWmkTH4e
BCbNrih3+DLL3BBF6WDjFoGs8c/FHRboTVB3q3ZpszA0TWvyW2CFKHNXuBoFRNZT
87GvjUnrLZVs5xt2ouTO0kNfSmZf959XXvj7fOpHMNK7af4fDAggMMkkFLEwJnV1
aMYWnO2m/1IPb3dVyHcKCrMqqOr5y/9r1qEcbhtGfJWNn07Z8q9mHYesbfT6iX50
TWTHrQZSCVSwFtMcdt5N2afn0p1V0rh93ZggYEm7I39U9wgj31i8U/XocGSD2kyZ
aoNj8B0BSJov3/tziJ1uga9/KM3yGGc9S3/Mbpzy1GH0NWOBqfoVnoUo6QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGql/2h6/Q2A5YoXSDAb+izMB3j2MB8GA1UdIwQY
MBaAFKDgSdALqEIeTEWpSEkpRceP2eFtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09CSjBBdW9RaDVNUmFsSVNTbEZ4NF9aNFcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80NTYwZTktNzE3My00MjljLWI2ZjEt
NWY0YTE1Y2I5MDU0LzEvYXFYX2FIcjlEWURsaWhkSU1CdjZMTXdIZVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80NTYwZTktNzE3My00MjljLWI2ZjEtNWY0YTE1Y2I5MDU0
LzEvb09CSjBBdW9RaDVNUmFsSVNTbEZ4NF9aNFcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCnl6wAwQC
uY1UMA0EAgACMAcDBQMqC6oAMA0GCSqGSIb3DQEBCwUAA4IBAQCrXSLhBzYvOI40
PDmGF1j4g0F35NSE4X9nFgYb/SscBzzi6HEzQR6aGoNTgbXKnaXAesSQylGiufFB
jyIQFqUn/Mfxs7ztgq5qaPjlvViiCjqrO59Bbv5Qt3+573sIhtVgvnhgISu1EjNg
L2jB/MIKMisq+wPC+cLh2QpK+FL8dIAmhAVYi8sjT1FimQIMVvBQaRceVcuRPMTH
FnkK2YJ6oXneiN+JdoxtDxmPqnGBkxW/JMU9MyT3ifwklHqslxbD0xpURr2l8IIc
1YWW26WH5Wm+eCOF/B1qRf22k0j32VEclD0WeO43HfeysR7PAQK7WInclSyuGLta
Qk5MtM9P
-----END CERTIFICATE-----