Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/XDE5yWHym2A5ak6WQEhkh6UG6-E.roa
File:                     XDE5yWHym2A5ak6WQEhkh6UG6-E.roa (raw, json)
Hash identifier:          ZtYfbKKZBHtlgDqAoKqJ/Mw8EPVT2w6fQRb3QDPCDXI=
Subject key identifier:   5C:31:39:C9:61:F2:9B:60:39:6A:4E:96:40:48:64:87:A5:06:EB:E1
Certificate issuer:       /CN=f8f73c5c0f3a106a8ba7dff3e35c816d1078dc71
Certificate serial:       0199E218C4BBEDB63005D1F7726B4D8D9EF2
Authority key identifier: F8:F7:3C:5C:0F:3A:10:6A:8B:A7:DF:F3:E3:5C:81:6D:10:78:DC:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/XDE5yWHym2A5ak6WQEhkh6UG6-E.roa
Signing time:             Tue 14 Oct 2025 09:41:37 +0000
ROA not before:           Tue 14 Oct 2025 09:41:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137409
IP address blocks:        31.14.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e2:18:c4:bb:ed:b6:30:05:d1:f7:72:6b:4d:8d:9e:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8f73c5c0f3a106a8ba7dff3e35c816d1078dc71
        Validity
            Not Before: Oct 14 09:41:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c3139c961f29b60396a4e9640486487a506ebe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:65:73:d7:1e:7a:88:37:28:35:27:10:e8:95:
                    a6:1c:ec:3d:cf:1f:7f:9d:59:5e:26:b6:8c:f9:fb:
                    57:10:2a:73:3e:97:8e:39:27:c3:1d:8b:f2:52:ec:
                    f1:cb:d4:ca:b0:52:35:91:dd:4b:ff:2a:c0:63:d4:
                    6d:5a:7c:bc:56:f3:e0:a0:53:0c:db:d2:e4:9f:9f:
                    8d:5f:f0:db:0f:49:32:e5:aa:11:80:56:1d:04:39:
                    cc:83:a2:51:99:00:0b:5e:26:71:98:0b:9c:7f:fd:
                    1d:06:9b:53:be:92:5e:18:80:47:45:e6:2a:30:f8:
                    c2:e7:3d:9b:c0:73:52:5d:0e:84:bf:92:77:42:6b:
                    93:58:bf:36:ac:62:c0:75:19:53:23:4f:b8:1a:b5:
                    d7:65:8a:34:82:81:f5:a4:83:bf:c6:1a:fa:d1:15:
                    d7:9c:2b:89:d5:88:01:22:bf:60:9b:ba:75:98:a4:
                    2e:56:7c:2c:22:b9:2f:11:9f:d6:be:3c:ba:dd:a4:
                    1b:15:a0:e7:c7:a6:a9:f1:e2:ef:f4:61:25:2c:96:
                    b1:cc:68:dc:5c:ce:79:a5:3c:17:fd:93:e7:30:b2:
                    66:e9:6f:22:19:da:f4:a1:e0:1e:ec:81:de:80:41:
                    67:f6:da:d0:9b:69:6c:78:89:12:cc:ef:77:59:14:
                    e1:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:31:39:C9:61:F2:9B:60:39:6A:4E:96:40:48:64:87:A5:06:EB:E1
            X509v3 Authority Key Identifier:
                keyid:F8:F7:3C:5C:0F:3A:10:6A:8B:A7:DF:F3:E3:5C:81:6D:10:78:DC:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/XDE5yWHym2A5ak6WQEhkh6UG6-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:64:e1:98:b8:05:00:36:41:30:a2:7e:78:d4:5d:0e:7f:a1:
         d4:91:ee:62:9b:38:14:18:5b:f8:bd:8e:9a:3a:6a:36:fc:4a:
         80:68:f5:fb:cb:05:08:7d:ef:4f:49:f7:7d:8d:a6:82:b6:04:
         c4:99:73:82:95:22:2b:af:3d:31:ed:6a:5a:e0:4e:8f:fc:05:
         ce:27:b3:dd:ad:ec:da:c6:67:08:f3:b5:f4:2f:ea:55:e9:75:
         b9:1d:2b:50:ac:75:8a:29:96:91:1c:69:0f:7a:fe:aa:e2:e5:
         a5:42:02:41:a4:70:15:fa:f8:ca:bd:80:09:9e:08:37:51:d7:
         d1:a6:6b:5d:17:aa:6d:17:1e:6f:65:45:09:14:bf:c7:3d:bb:
         e0:49:bb:8d:71:82:a5:67:c9:35:40:b6:0e:9c:4b:7f:4f:8d:
         8e:96:49:1e:18:03:1f:5f:2d:68:5c:9d:54:99:88:a0:2b:e7:
         99:f0:b1:87:34:42:87:b2:79:0c:ab:29:4f:98:8c:97:ee:12:
         a8:6b:54:01:08:72:4a:12:9a:b3:d7:69:d6:18:fb:16:67:0a:
         67:1b:ed:df:d7:c1:cb:04:fa:08:96:25:9f:58:7f:75:e8:b7:
         51:d9:28:42:bd:48:ec:ab:2f:01:4e:47:25:a5:20:dc:0a:fb:
         75:71:d0:18
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZniGMS77bYwBdH3cmtNjZ7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZjczYzVjMGYzYTEwNmE4YmE3ZGZmM2UzNWM4MTZkMTA3
OGRjNzEwHhcNMjUxMDE0MDk0MTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzMxMzljOTYxZjI5YjYwMzk2YTRlOTY0MDQ4NjQ4N2E1MDZlYmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2Vz1x56iDcoNScQ6JWmHOw9zx9/
nVleJraM+ftXECpzPpeOOSfDHYvyUuzxy9TKsFI1kd1L/yrAY9RtWny8VvPgoFMM
29Lkn5+NX/DbD0ky5aoRgFYdBDnMg6JRmQALXiZxmAucf/0dBptTvpJeGIBHReYq
MPjC5z2bwHNSXQ6Ev5J3QmuTWL82rGLAdRlTI0+4GrXXZYo0goH1pIO/xhr60RXX
nCuJ1YgBIr9gm7p1mKQuVnwsIrkvEZ/Wvjy63aQbFaDnx6ap8eLv9GElLJaxzGjc
XM55pTwX/ZPnMLJm6W8iGdr0oeAe7IHegEFn9trQm2lseIkSzO93WRThLwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFwxOclh8ptgOWpOlkBIZIelBuvhMB8GA1UdIwQY
MBaAFPj3PFwPOhBqi6ff8+NcgW0QeNxxMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1QYzhYQTg2RUdxTHA5X3o0MXlCYlJCNDNIRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjYvMDNjY2UzLWU2MjAtNDQ4My1iMDhi
LTZkOGZkMzMwZTlhYS8xL1hERTV5V0h5bTJBNWFrNldRRWhraDZVRzYtRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjYvMDNjY2UzLWU2MjAtNDQ4My1iMDhiLTZkOGZkMzMwZTlh
YS8xLzEtUGM4WEE4NkVHcUxwOV96NDF5QmJSQjQzSEUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfDkgw
DQYJKoZIhvcNAQELBQADggEBADJk4Zi4BQA2QTCifnjUXQ5/odSR7mKbOBQYW/i9
jpo6ajb8SoBo9fvLBQh9709J932NpoK2BMSZc4KVIiuvPTHtalrgTo/8Bc4ns92t
7NrGZwjztfQv6lXpdbkdK1CsdYoplpEcaQ96/qri5aVCAkGkcBX6+Mq9gAmeCDdR
19Gma10Xqm0XHm9lRQkUv8c9u+BJu41xgqVnyTVAtg6cS39PjY6WSR4YAx9fLWhc
nVSZiKAr55nwsYc0QoeyeQyrKU+YjJfuEqhrVAEIckoSmrPXadYY+xZnCmcb7d/X
wcsE+giWJZ9Yf3Xot1HZKEK9SOyrLwFORyWlINwK+3Vx0Bg=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:54 2025 by rpki-client