Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/CiSXDCdW3LMwjv8iJ3B2mY7zojU.roa
File:                     CiSXDCdW3LMwjv8iJ3B2mY7zojU.roa (raw, json)
Hash identifier:          xoZ4D0sXI5qWTDuig3N1rhh1l7zRYo3/rWNsiYjXVLw=
Subject key identifier:   0A:24:97:0C:27:56:DC:B3:30:8E:FF:22:27:70:76:99:8E:F3:A2:35
Certificate issuer:       /CN=5f7da568ad027b9e249c13e223d322769881a29f
Certificate serial:       0199DE217471CE892A591EE8F3F78DE6F297
Authority key identifier: 5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/CiSXDCdW3LMwjv8iJ3B2mY7zojU.roa
Signing time:             Mon 13 Oct 2025 15:12:38 +0000
ROA not before:           Mon 13 Oct 2025 15:12:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58321
IP address blocks:        2a06:1980::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:de:21:74:71:ce:89:2a:59:1e:e8:f3:f7:8d:e6:f2:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f7da568ad027b9e249c13e223d322769881a29f
        Validity
            Not Before: Oct 13 15:12:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a24970c2756dcb3308eff22277076998ef3a235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:cd:71:94:24:17:c7:96:f0:82:ed:e5:be:ab:
                    5f:63:03:7e:0e:dc:37:db:17:9b:21:14:f2:fa:35:
                    b0:40:ec:7a:3a:4f:9d:e1:55:1c:03:4b:1f:c5:b3:
                    80:e4:5a:75:55:e8:8c:9f:6d:78:9d:b1:48:94:ab:
                    2d:06:f3:6f:80:47:16:cf:df:20:71:d4:ad:9a:33:
                    6c:9f:78:b6:9e:b4:95:4e:92:37:43:7e:6a:8c:d0:
                    43:43:e8:48:9e:f4:82:69:2c:73:e2:e3:c7:c5:ce:
                    76:c2:27:78:c1:07:f8:b8:65:a0:e7:dd:b8:7a:0a:
                    58:b1:cb:48:f6:05:41:2c:55:f0:6b:ec:67:78:8f:
                    d5:b0:52:0f:94:ee:e1:e1:b0:d8:a8:91:0b:e4:9b:
                    cc:a5:a4:12:ad:ca:8f:93:b4:bf:09:8d:f9:37:58:
                    23:77:20:45:06:35:83:97:75:61:f3:58:fd:27:74:
                    0c:2a:d4:17:55:ec:fe:e2:af:5a:0e:af:9e:ea:3d:
                    cc:5b:1c:40:cc:b8:b6:a9:f3:dc:ac:2f:12:3f:bc:
                    aa:c9:ac:41:dd:12:50:0b:75:e6:5c:e9:7b:e0:5d:
                    cb:4c:95:92:3f:49:c1:ff:1d:d4:a5:02:55:f0:81:
                    98:b8:22:d5:76:ff:b7:d1:38:8a:97:f8:42:f6:f9:
                    e5:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:24:97:0C:27:56:DC:B3:30:8E:FF:22:27:70:76:99:8E:F3:A2:35
            X509v3 Authority Key Identifier:
                keyid:5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/CiSXDCdW3LMwjv8iJ3B2mY7zojU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1980::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:94:ce:6f:74:ac:4f:81:32:2b:c9:19:81:50:41:24:43:57:
         14:02:7b:2a:89:c6:c8:07:7a:76:e4:6a:73:ad:d1:fd:3a:ee:
         2e:96:ee:ae:cd:ae:eb:37:d2:aa:e8:71:68:cc:b8:9d:e7:85:
         57:3e:7a:52:8e:ee:2e:51:04:fa:30:eb:77:3e:22:16:a7:25:
         dd:01:1d:da:f1:72:7d:ae:da:20:5a:fa:7c:8e:e7:0d:da:ab:
         11:7c:44:87:88:8a:0a:8e:24:da:33:21:a6:80:fd:0a:11:24:
         59:7b:6f:d7:74:2e:3f:a2:11:b1:29:78:93:29:3c:6b:04:fd:
         a5:ba:17:ed:7d:13:8a:90:af:6a:68:79:64:7a:f4:90:ee:bd:
         cd:6a:62:f3:62:37:42:10:99:2d:ed:b4:d7:02:8c:50:25:a7:
         1e:d1:2b:2d:af:74:ce:6f:4d:b3:86:a3:dd:1a:90:07:2a:72:
         78:cb:38:23:97:0a:32:6b:70:04:b3:65:57:cb:dd:c2:58:02:
         6e:55:81:63:4d:07:0c:ff:6b:7f:d2:a5:29:fd:48:08:e1:26:
         d5:b3:5c:f5:e3:d5:f2:f4:c8:a2:e7:d0:0b:49:5e:28:5d:b3:
         0f:80:c1:f2:6c:68:cd:df:a6:68:84:86:1b:44:e6:8c:37:b2:
         4b:00:13:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZneIXRxzokqWR7o8/eN5vKXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmN2RhNTY4YWQwMjdiOWUyNDljMTNlMjIzZDMyMjc2OTg4
MWEyOWYwHhcNMjUxMDEzMTUxMjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTI0OTcwYzI3NTZkY2IzMzA4ZWZmMjIyNzcwNzY5OThlZjNhMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArs1xlCQXx5bwgu3lvqtfYwN+Dtw3
2xebIRTy+jWwQOx6Ok+d4VUcA0sfxbOA5Fp1VeiMn214nbFIlKstBvNvgEcWz98g
cdStmjNsn3i2nrSVTpI3Q35qjNBDQ+hInvSCaSxz4uPHxc52wid4wQf4uGWg5924
egpYsctI9gVBLFXwa+xneI/VsFIPlO7h4bDYqJEL5JvMpaQSrcqPk7S/CY35N1gj
dyBFBjWDl3Vh81j9J3QMKtQXVez+4q9aDq+e6j3MWxxAzLi2qfPcrC8SP7yqyaxB
3RJQC3XmXOl74F3LTJWSP0nB/x3UpQJV8IGYuCLVdv+30TiKl/hC9vnl+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAoklwwnVtyzMI7/IidwdpmO86I1MB8GA1UdIwQY
MBaAFF99pWitAnueJJwT4iPTInaYgaKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUt
Mzc1NzUzOWMyYWM5LzEvQ2lTWERDZFczTE13anY4aUozQjJtWTd6b2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUtMzc1NzUzOWMyYWM5
LzEvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgYZgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCylM5vdKxPgTIryRmBUEEkQ1cUAnsqicbIB3p2
5GpzrdH9Ou4ulu6uza7rN9Kq6HFozLid54VXPnpSju4uUQT6MOt3PiIWpyXdAR3a
8XJ9rtogWvp8jucN2qsRfESHiIoKjiTaMyGmgP0KESRZe2/XdC4/ohGxKXiTKTxr
BP2luhftfROKkK9qaHlkevSQ7r3NamLzYjdCEJkt7bTXAoxQJace0Sstr3TOb02z
hqPdGpAHKnJ4yzgjlwoya3AEs2VXy93CWAJuVYFjTQcM/2t/0qUp/UgI4SbVs1z1
49Xy9Mii59ALSV4oXbMPgMHybGjN36ZohIYbROaMN7JLABM8
-----END CERTIFICATE-----