Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/452BEA0tdKMisIOX3pR09wCEwvw.roa
File:                     452BEA0tdKMisIOX3pR09wCEwvw.roa (raw, json)
Hash identifier:          tqsO8JO/R7NIbaOuNFXRS4CxGBuBkZtyreJ5el3Hruo=
Subject key identifier:   E3:9D:81:10:0D:2D:74:A3:22:B0:83:97:DE:94:74:F7:00:84:C2:FC
Certificate issuer:       /CN=6ab7b9cee004300eafe09bf12fcb6da1dd30a4d7
Certificate serial:       01995D06B17A265783EAD19062FC75F86906
Authority key identifier: 6A:B7:B9:CE:E0:04:30:0E:AF:E0:9B:F1:2F:CB:6D:A1:DD:30:A4:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/are5zuAEMA6v4JvxL8ttod0wpNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/452BEA0tdKMisIOX3pR09wCEwvw.roa
Signing time:             Thu 18 Sep 2025 13:32:23 +0000
ROA not before:           Thu 18 Sep 2025 13:32:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214169
IP address blocks:        69.172.96.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/are5zuAEMA6v4JvxL8ttod0wpNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/are5zuAEMA6v4JvxL8ttod0wpNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/are5zuAEMA6v4JvxL8ttod0wpNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5d:06:b1:7a:26:57:83:ea:d1:90:62:fc:75:f8:69:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ab7b9cee004300eafe09bf12fcb6da1dd30a4d7
        Validity
            Not Before: Sep 18 13:32:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e39d81100d2d74a322b08397de9474f70084c2fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:40:00:b8:19:a7:13:f1:a0:f6:25:b3:36:a4:
                    d0:c6:90:85:07:c2:34:46:4e:89:37:10:f5:95:5c:
                    15:5f:52:c7:91:20:93:d2:0b:fd:9d:67:11:d7:0d:
                    e8:06:0c:73:58:32:f2:a3:0a:e2:7f:a1:aa:a2:75:
                    ce:7e:b6:7b:b1:42:0c:2c:f3:e2:02:29:e0:fe:fa:
                    75:63:77:6a:65:40:37:9f:e0:bd:61:79:98:c5:c8:
                    68:c7:55:d7:c3:5c:ff:7b:64:1c:f2:51:7b:1a:6d:
                    d4:c1:6a:f4:75:a2:6e:06:7b:19:b2:6e:d7:c9:bd:
                    3d:5e:6c:c2:1b:31:30:27:ef:33:cb:d2:bd:bf:71:
                    08:5e:ce:b7:17:c5:cc:72:2e:77:78:d0:75:21:f8:
                    e3:07:d8:e4:a7:4c:2a:4c:17:4d:10:a2:62:fe:2a:
                    47:7f:88:f9:c7:b6:85:d0:b6:29:8c:85:0f:3f:f3:
                    49:ce:71:da:ab:1d:6f:6f:07:d9:71:bc:ff:a8:45:
                    6f:a1:07:89:b0:b6:d2:61:90:21:4c:5c:fe:e9:2b:
                    de:71:96:f6:a1:31:f4:de:48:5d:55:2a:12:2e:0d:
                    19:6d:dc:73:ce:a9:a5:ac:85:85:40:9b:65:03:d0:
                    76:e6:a9:94:00:d2:92:00:4a:0f:df:5b:8d:3a:c3:
                    15:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:9D:81:10:0D:2D:74:A3:22:B0:83:97:DE:94:74:F7:00:84:C2:FC
            X509v3 Authority Key Identifier:
                keyid:6A:B7:B9:CE:E0:04:30:0E:AF:E0:9B:F1:2F:CB:6D:A1:DD:30:A4:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/are5zuAEMA6v4JvxL8ttod0wpNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/452BEA0tdKMisIOX3pR09wCEwvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/are5zuAEMA6v4JvxL8ttod0wpNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.172.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5e:99:cc:ae:d8:c3:7e:72:b8:d2:23:60:27:36:e0:b4:cc:d8:
         a5:a0:2f:10:26:f9:bb:7d:3e:b7:06:e3:a5:7d:18:0f:d3:a0:
         27:be:45:06:bb:e3:71:d0:22:b5:5a:fb:cb:dd:01:d0:2a:a5:
         df:53:0f:73:5f:02:65:35:ce:2b:21:66:fb:52:a7:05:b8:18:
         ca:f6:a5:3f:db:2f:8b:78:95:57:e4:2e:96:47:1d:4c:3d:5e:
         69:32:c7:c7:b6:ff:cf:c4:78:f8:43:c5:f1:6f:91:93:6a:a8:
         98:74:c1:f6:66:db:3c:47:c3:1c:c0:67:69:5a:f2:66:fb:b7:
         c8:e9:ad:c7:01:0a:e9:6e:0f:8a:ca:6b:62:80:4d:3a:08:21:
         01:73:29:68:07:37:b8:c4:3e:a7:95:81:55:76:27:79:eb:c7:
         83:fc:03:ae:04:19:e5:12:1f:b0:68:a1:8b:74:db:b0:f8:8b:
         3b:0e:77:1e:4c:99:56:21:6f:ee:f3:bc:e8:5e:60:9e:51:d8:
         80:ac:d7:e7:8d:f0:c9:6e:bd:9f:8a:51:ab:d9:13:34:b5:33:
         5e:24:fa:f9:6b:1a:6e:58:bf:5b:dc:86:70:41:be:9d:bd:63:
         e6:53:71:34:d3:eb:ef:36:5e:8d:ef:bd:95:50:79:5f:54:50:
         02:c9:91:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZldBrF6JleD6tGQYvx1+GkGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYjdiOWNlZTAwNDMwMGVhZmUwOWJmMTJmY2I2ZGExZGQz
MGE0ZDcwHhcNMjUwOTE4MTMzMjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzlkODExMDBkMmQ3NGEzMjJiMDgzOTdkZTk0NzRmNzAwODRjMmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUAAuBmnE/Gg9iWzNqTQxpCFB8I0
Rk6JNxD1lVwVX1LHkSCT0gv9nWcR1w3oBgxzWDLyowrif6GqonXOfrZ7sUIMLPPi
Aing/vp1Y3dqZUA3n+C9YXmYxchox1XXw1z/e2Qc8lF7Gm3UwWr0daJuBnsZsm7X
yb09XmzCGzEwJ+8zy9K9v3EIXs63F8XMci53eNB1IfjjB9jkp0wqTBdNEKJi/ipH
f4j5x7aF0LYpjIUPP/NJznHaqx1vbwfZcbz/qEVvoQeJsLbSYZAhTFz+6SvecZb2
oTH03khdVSoSLg0ZbdxzzqmlrIWFQJtlA9B25qmUANKSAEoP31uNOsMVRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOdgRANLXSjIrCDl96UdPcAhML8MB8GA1UdIwQY
MBaAFGq3uc7gBDAOr+Cb8S/LbaHdMKTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXJlNXp1QUVNQTZ2NEp2eEw4dHRvZDB3cE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83ZDExZTItNTI3NC00NDdlLTlmZTYt
ODhhYTZmZDBhYThlLzEvNDUyQkVBMHRkS01pc0lPWDNwUjA5d0NFd3Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83ZDExZTItNTI3NC00NDdlLTlmZTYtODhhYTZmZDBhYThl
LzEvYXJlNXp1QUVNQTZ2NEp2eEw4dHRvZDB3cE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQERaxgMA0G
CSqGSIb3DQEBCwUAA4IBAQBemcyu2MN+crjSI2AnNuC0zNiloC8QJvm7fT63BuOl
fRgP06AnvkUGu+Nx0CK1WvvL3QHQKqXfUw9zXwJlNc4rIWb7UqcFuBjK9qU/2y+L
eJVX5C6WRx1MPV5pMsfHtv/PxHj4Q8Xxb5GTaqiYdMH2Zts8R8McwGdpWvJm+7fI
6a3HAQrpbg+KymtigE06CCEBcyloBze4xD6nlYFVdid568eD/AOuBBnlEh+waKGL
dNuw+Is7DnceTJlWIW/u87zoXmCeUdiArNfnjfDJbr2filGr2RM0tTNeJPr5axpu
WL9b3IZwQb6dvWPmU3E00+vvNl6N772VUHlfVFACyZH6
-----END CERTIFICATE-----