Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/XVwZQRv1vz6JSSnd8P8GyNHVWKI.roa
File:                     XVwZQRv1vz6JSSnd8P8GyNHVWKI.roa (raw, json)
Hash identifier:          UKsEAKn0FU1wyu4cVCRnP9Y8nY4SlsAm5Omp7LeDq8o=
Subject key identifier:   5D:5C:19:41:1B:F5:BF:3E:89:49:29:DD:F0:FF:06:C8:D1:D5:58:A2
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       0199575C5F0E0C9A4611F4A10EC21648EED2
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/XVwZQRv1vz6JSSnd8P8GyNHVWKI.roa
Signing time:             Wed 17 Sep 2025 11:08:15 +0000
ROA not before:           Wed 17 Sep 2025 11:08:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        2a00:15c8::/29 maxlen: 29
                          2a00:15c8:1083::/48 maxlen: 48
                          2a00:15c9::/32 maxlen: 32
                          2a00:15c9::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 11:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:57:5c:5f:0e:0c:9a:46:11:f4:a1:0e:c2:16:48:ee:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Sep 17 11:08:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d5c19411bf5bf3e894929ddf0ff06c8d1d558a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8f:f6:7b:c3:c2:6a:b4:79:b7:88:d8:22:6f:
                    be:92:9e:eb:10:f4:0a:c0:c7:9b:64:f9:62:0b:7a:
                    f2:f0:31:5a:d4:46:1e:5c:44:8a:a7:34:55:31:ad:
                    08:56:cf:0b:cd:38:ca:7d:c9:c3:68:f3:62:96:0f:
                    2e:07:78:4c:83:0d:6c:90:45:8e:e4:f4:69:ee:cf:
                    6f:d2:dc:06:18:43:d3:5d:16:d7:8a:00:bf:12:a1:
                    67:22:96:41:b7:60:b5:72:22:44:b5:a8:e2:0c:7c:
                    92:e3:09:f4:82:f0:49:20:f2:a5:fe:75:32:e7:76:
                    ed:9b:64:f4:06:8c:5c:20:c1:c5:0a:40:d3:1e:3a:
                    4e:4e:51:d0:46:2b:7b:c4:48:53:25:cc:ec:5d:92:
                    8e:fa:f0:c6:e3:61:55:55:40:cb:3c:5a:15:09:22:
                    ae:62:77:8a:20:5d:05:4c:35:52:19:be:49:e4:e9:
                    00:ee:00:1b:6a:0e:f6:f6:1e:77:6b:93:61:42:1a:
                    53:cc:da:b3:f9:7c:03:53:04:77:62:fb:cd:d5:05:
                    09:85:0e:90:8a:87:81:84:fd:7c:18:55:d9:ca:77:
                    45:a4:a8:c4:fb:64:85:46:7d:c1:d9:5e:44:4a:75:
                    77:23:e6:cf:9f:33:53:d4:04:74:bc:a5:6b:5a:08:
                    4a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:5C:19:41:1B:F5:BF:3E:89:49:29:DD:F0:FF:06:C8:D1:D5:58:A2
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/XVwZQRv1vz6JSSnd8P8GyNHVWKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:15c8::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:b9:c1:4a:8b:81:4f:31:6f:f9:d6:a7:7c:b6:3e:44:9f:7a:
         61:96:f6:2e:33:88:a1:46:9a:8a:3e:5f:b4:6b:27:2c:81:0b:
         0f:78:ba:00:a0:3a:91:18:b1:0b:6f:5b:4e:17:d7:99:64:08:
         89:15:a4:99:70:ff:1b:aa:b3:c9:7f:44:72:b2:3f:64:d7:bd:
         c9:35:8c:4b:94:3c:9c:30:d0:6e:7a:81:b3:24:c5:dc:51:7f:
         e6:05:99:0a:10:de:57:20:c0:20:f0:c5:ba:13:c7:89:74:86:
         cf:ca:1a:78:be:6e:f7:f9:ae:d3:5f:94:52:b3:9d:d1:26:79:
         8b:61:01:10:0f:33:d0:52:4a:06:6a:57:1f:9a:f5:ce:bb:0b:
         b5:d3:08:80:bf:2d:a2:c2:8a:7e:9f:20:e6:fe:e0:57:71:c2:
         51:14:a9:40:bd:0c:c1:d1:f5:aa:e6:31:61:b0:be:04:e4:2a:
         e1:5e:00:d4:a1:d6:53:83:84:41:5a:8d:b8:14:6f:43:06:ba:
         23:07:07:7c:33:6a:52:da:b3:c1:ff:d6:c0:9c:31:c9:25:be:
         25:b8:ba:bd:97:c9:eb:ed:f5:bb:e5:65:04:59:b6:9c:49:94:
         31:da:f9:7e:f2:cf:69:be:7d:1a:7d:cd:95:33:c4:0e:14:0a:
         2f:35:a9:d5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZlXXF8ODJpGEfShDsIWSO7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjUwOTE3MTEwODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDVjMTk0MTFiZjViZjNlODk0OTI5ZGRmMGZmMDZjOGQxZDU1OGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4/2e8PCarR5t4jYIm++kp7rEPQK
wMebZPliC3ry8DFa1EYeXESKpzRVMa0IVs8LzTjKfcnDaPNilg8uB3hMgw1skEWO
5PRp7s9v0twGGEPTXRbXigC/EqFnIpZBt2C1ciJEtajiDHyS4wn0gvBJIPKl/nUy
53btm2T0BoxcIMHFCkDTHjpOTlHQRit7xEhTJczsXZKO+vDG42FVVUDLPFoVCSKu
YneKIF0FTDVSGb5J5OkA7gAbag729h53a5NhQhpTzNqz+XwDUwR3YvvN1QUJhQ6Q
ioeBhP18GFXZyndFpKjE+2SFRn3B2V5ESnV3I+bPnzNT1AR0vKVrWghKFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF1cGUEb9b8+iUkp3fD/BsjR1ViiMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvWFZ3WlFSdjF2ejZKU1NuZDhQOEd5TkhWV0tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgAVyDAN
BgkqhkiG9w0BAQsFAAOCAQEAf7nBSouBTzFv+danfLY+RJ96YZb2LjOIoUaaij5f
tGsnLIELD3i6AKA6kRixC29bThfXmWQIiRWkmXD/G6qzyX9EcrI/ZNe9yTWMS5Q8
nDDQbnqBsyTF3FF/5gWZChDeVyDAIPDFuhPHiXSGz8oaeL5u9/mu01+UUrOd0SZ5
i2EBEA8z0FJKBmpXH5r1zrsLtdMIgL8tosKKfp8g5v7gV3HCURSpQL0MwdH1quYx
YbC+BOQq4V4A1KHWU4OEQVqNuBRvQwa6IwcHfDNqUtqzwf/WwJwxySW+Jbi6vZfJ
6+31u+VlBFm2nEmUMdr5fvLPab59Gn3NlTPEDhQKLzWp1Q==
-----END CERTIFICATE-----