Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/36cd40-9081-40e6-97c7-1620cfdc7117/1/XAyxjA2g2s28aHQHs98tsK3etR8.roa
File:                     XAyxjA2g2s28aHQHs98tsK3etR8.roa (raw, json)
Hash identifier:          QUtciDeOFFn7dnyC4Ef30ak5vE9PG8V8NwPTRULv3/k=
Subject key identifier:   5C:0C:B1:8C:0D:A0:DA:CD:BC:68:74:07:B3:DF:2D:B0:AD:DE:B5:1F
Certificate issuer:       /CN=bc2613e0f26d3907f096340be050c201d358d6d5
Certificate serial:       01999F0498D0D35AE086740499AF73B4E4B2
Authority key identifier: BC:26:13:E0:F2:6D:39:07:F0:96:34:0B:E0:50:C2:01:D3:58:D6:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vCYT4PJtOQfwljQL4FDCAdNY1tU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/36cd40-9081-40e6-97c7-1620cfdc7117/1/XAyxjA2g2s28aHQHs98tsK3etR8.roa
Signing time:             Wed 01 Oct 2025 09:05:02 +0000
ROA not before:           Wed 01 Oct 2025 09:05:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213904
IP address blocks:        2a0b:bb00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/36cd40-9081-40e6-97c7-1620cfdc7117/1/vCYT4PJtOQfwljQL4FDCAdNY1tU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/36cd40-9081-40e6-97c7-1620cfdc7117/1/vCYT4PJtOQfwljQL4FDCAdNY1tU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vCYT4PJtOQfwljQL4FDCAdNY1tU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9f:04:98:d0:d3:5a:e0:86:74:04:99:af:73:b4:e4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc2613e0f26d3907f096340be050c201d358d6d5
        Validity
            Not Before: Oct  1 09:05:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c0cb18c0da0dacdbc687407b3df2db0addeb51f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:74:a4:22:42:45:10:9d:f6:f0:dd:30:20:d2:
                    6d:60:e0:e4:00:bf:da:56:58:f7:8b:5d:b9:14:9b:
                    88:9e:a8:47:3b:ab:db:4a:fa:a8:78:04:fb:d4:a9:
                    6a:48:05:1e:f4:c3:3c:17:75:e7:67:28:b9:6f:39:
                    f2:ec:1f:ee:2c:16:19:76:3d:48:21:05:2f:a5:dc:
                    ac:5a:c2:8d:df:76:94:96:ab:45:4e:f4:05:b6:ef:
                    62:5b:77:fc:43:c6:58:18:1a:57:c8:fc:5b:e0:04:
                    3d:27:fd:8c:cd:41:2d:62:0a:c6:6f:18:63:b7:fd:
                    c9:10:b1:3b:cb:8e:0a:59:b0:88:1f:eb:11:07:97:
                    c1:e3:06:5b:f8:67:fc:c4:e5:3e:8f:4d:a4:cd:3f:
                    1d:e5:5a:da:61:64:d7:18:23:fa:26:38:07:6e:d3:
                    54:ee:c9:ac:85:47:d1:00:a2:5b:99:86:a1:77:ab:
                    4c:b9:a7:4a:b2:44:54:bd:b0:dd:fb:f1:8f:b2:23:
                    53:76:65:d2:4f:4a:6b:82:61:52:37:0a:a4:01:7f:
                    0d:af:60:af:78:51:bf:1d:49:ce:44:44:92:1c:12:
                    3e:71:dd:dc:d1:9d:ad:7a:75:1d:23:5f:50:8f:46:
                    29:83:64:5e:bd:34:77:cb:09:95:ad:93:1e:52:2b:
                    19:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:0C:B1:8C:0D:A0:DA:CD:BC:68:74:07:B3:DF:2D:B0:AD:DE:B5:1F
            X509v3 Authority Key Identifier:
                keyid:BC:26:13:E0:F2:6D:39:07:F0:96:34:0B:E0:50:C2:01:D3:58:D6:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vCYT4PJtOQfwljQL4FDCAdNY1tU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/36cd40-9081-40e6-97c7-1620cfdc7117/1/XAyxjA2g2s28aHQHs98tsK3etR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/36cd40-9081-40e6-97c7-1620cfdc7117/1/vCYT4PJtOQfwljQL4FDCAdNY1tU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:bb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:7b:2e:e7:42:8d:92:75:a0:b4:62:8d:ea:79:61:7f:46:f0:
         da:d8:bb:0b:24:88:80:6e:6d:9f:10:56:6f:cb:ea:96:c0:3e:
         77:82:19:5d:60:2f:9a:9b:e0:30:01:c6:5d:df:d7:97:7f:78:
         17:9d:2b:e0:a5:29:d3:7c:3e:f0:3b:68:b1:ba:44:53:a1:77:
         d5:ef:26:2d:91:90:3f:bc:22:cb:5f:d5:53:f6:99:42:11:05:
         65:68:06:96:c4:d7:86:05:2f:90:35:bd:e9:8b:b5:bf:03:d8:
         42:8d:2a:ad:d3:73:ea:94:4d:a3:08:fb:64:77:c4:18:0a:61:
         3a:59:5c:1a:ba:47:75:bf:42:48:f4:f0:df:3c:1c:2b:8f:03:
         ad:b3:3b:5e:2c:0b:15:af:bf:b9:54:d8:63:f8:1c:9f:9c:b5:
         06:51:43:0d:27:94:09:21:b4:7e:62:e6:6d:ed:82:a4:b4:e3:
         83:e2:03:ad:6d:74:c2:cf:b2:f3:1a:7a:fe:0f:27:d8:89:79:
         b8:ff:8b:40:5f:7b:b5:03:ec:d0:18:92:aa:42:b9:93:56:4c:
         b8:d8:8e:1d:1d:d9:96:72:1b:58:79:37:26:a1:03:a0:91:75:
         f3:b2:ec:10:a2:6a:8b:61:2c:25:24:9d:86:fc:33:99:0e:41:
         b3:7a:00:cd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZmfBJjQ01rghnQEma9ztOSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMjYxM2UwZjI2ZDM5MDdmMDk2MzQwYmUwNTBjMjAxZDM1
OGQ2ZDUwHhcNMjUxMDAxMDkwNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzBjYjE4YzBkYTBkYWNkYmM2ODc0MDdiM2RmMmRiMGFkZGViNTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXSkIkJFEJ328N0wINJtYODkAL/a
Vlj3i125FJuInqhHO6vbSvqoeAT71KlqSAUe9MM8F3XnZyi5bzny7B/uLBYZdj1I
IQUvpdysWsKN33aUlqtFTvQFtu9iW3f8Q8ZYGBpXyPxb4AQ9J/2MzUEtYgrGbxhj
t/3JELE7y44KWbCIH+sRB5fB4wZb+Gf8xOU+j02kzT8d5VraYWTXGCP6JjgHbtNU
7smshUfRAKJbmYahd6tMuadKskRUvbDd+/GPsiNTdmXST0prgmFSNwqkAX8Nr2Cv
eFG/HUnORESSHBI+cd3c0Z2tenUdI19Qj0Ypg2RevTR3ywmVrZMeUisZoQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFwMsYwNoNrNvGh0B7PfLbCt3rUfMB8GA1UdIwQY
MBaAFLwmE+DybTkH8JY0C+BQwgHTWNbVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkNZVDRQSnRPUWZ3bGpRTDRGRENBZE5ZMXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8zNmNkNDAtOTA4MS00MGU2LTk3Yzct
MTYyMGNmZGM3MTE3LzEvWEF5eGpBMmcyczI4YUhRSHM5OHRzSzNldFI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8zNmNkNDAtOTA4MS00MGU2LTk3YzctMTYyMGNmZGM3MTE3
LzEvdkNZVDRQSnRPUWZ3bGpRTDRGRENBZE5ZMXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgu7ADAN
BgkqhkiG9w0BAQsFAAOCAQEAJ3su50KNknWgtGKN6nlhf0bw2ti7CySIgG5tnxBW
b8vqlsA+d4IZXWAvmpvgMAHGXd/Xl394F50r4KUp03w+8DtosbpEU6F31e8mLZGQ
P7wiy1/VU/aZQhEFZWgGlsTXhgUvkDW96Yu1vwPYQo0qrdNz6pRNowj7ZHfEGAph
OllcGrpHdb9CSPTw3zwcK48DrbM7XiwLFa+/uVTYY/gcn5y1BlFDDSeUCSG0fmLm
be2CpLTjg+IDrW10ws+y8xp6/g8n2Il5uP+LQF97tQPs0BiSqkK5k1ZMuNiOHR3Z
lnIbWHk3JqEDoJF187LsEKJqi2EsJSSdhvwzmQ5Bs3oAzQ==
-----END CERTIFICATE-----