Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/X8PV8unmNWcdK3hXGDqI_EKcFNM.roa
File:                     X8PV8unmNWcdK3hXGDqI_EKcFNM.roa (raw, json)
Hash identifier:          T9bTTmYFVXuUpFtnNeeZVS9LOU1qqZ9Al2/wST4Wgdg=
Subject key identifier:   5F:C3:D5:F2:E9:E6:35:67:1D:2B:78:57:18:3A:88:FC:42:9C:14:D3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019976DC7798B16CCB8BFC33D1068F93F344
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/X8PV8unmNWcdK3hXGDqI_EKcFNM.roa
Signing time:             Tue 23 Sep 2025 13:56:23 +0000
ROA not before:           Tue 23 Sep 2025 13:56:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208068
IP address blocks:        2a0e:97c0:520::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:dc:77:98:b1:6c:cb:8b:fc:33:d1:06:8f:93:f3:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 23 13:56:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fc3d5f2e9e635671d2b7857183a88fc429c14d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fc:b7:53:0e:15:aa:6c:62:a8:71:79:85:38:
                    d6:1f:c6:80:3f:04:56:72:37:e9:2c:6d:e8:43:a0:
                    36:3c:54:fc:7b:8c:c4:0e:4f:b0:8f:7e:e5:be:5c:
                    03:c9:95:cd:7e:e5:f7:f3:8b:21:fa:9b:94:1d:59:
                    1c:1c:4c:63:60:02:cd:bd:93:8d:ae:39:a8:23:78:
                    6e:ef:ec:69:2c:21:a6:e8:46:59:e5:cf:26:a2:09:
                    14:0d:18:c4:91:f1:df:46:4b:ec:d5:de:57:b9:3e:
                    80:38:2e:08:c0:94:17:5c:14:1d:5d:ca:44:4c:a3:
                    6f:c9:93:47:97:a6:41:76:e1:0b:22:e6:d8:09:47:
                    1b:58:a7:f5:e1:fb:06:c9:5f:69:1b:a2:13:a9:0d:
                    15:d2:92:4f:ea:99:32:4f:8a:f3:d1:e2:76:e4:b8:
                    41:3e:94:e9:2a:2a:6e:0a:57:6e:0d:a3:5c:b4:9e:
                    b4:e6:4c:f8:2e:2f:c1:f0:93:a7:62:fc:b1:fa:07:
                    79:a8:bb:79:c4:40:41:1c:6c:cd:aa:7e:fc:a1:6e:
                    30:26:e0:d0:06:1c:59:a6:b2:6d:1d:ba:67:de:ad:
                    28:89:26:8e:06:57:0b:29:8b:74:7d:51:99:07:3d:
                    94:e3:af:82:1e:ba:4c:9f:c5:53:72:d4:ee:4f:0a:
                    2d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C3:D5:F2:E9:E6:35:67:1D:2B:78:57:18:3A:88:FC:42:9C:14:D3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/X8PV8unmNWcdK3hXGDqI_EKcFNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:520::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:44:e0:79:70:2d:13:10:5f:42:74:0f:af:0d:7a:6e:da:2d:
         87:0a:b6:09:71:b2:f2:d8:ee:1f:dd:06:c7:26:86:57:86:87:
         e1:33:a9:96:5c:3f:36:49:c0:a2:c5:4a:31:98:a0:e7:d0:8f:
         2b:1a:6c:a5:c6:22:e3:13:db:69:82:92:16:27:be:d5:db:bf:
         d7:43:b7:41:5f:4a:69:ff:3f:ac:ad:35:01:7c:20:74:7f:06:
         36:72:48:c8:92:77:60:e5:2b:f1:85:d5:0d:e5:43:99:d6:ea:
         cf:59:f3:dd:bc:9b:f0:46:8c:16:13:3e:2c:44:db:a2:78:4b:
         9e:12:44:39:2d:5a:74:04:fc:93:6b:81:bb:ce:e9:49:3c:30:
         a8:20:87:ad:80:25:47:a1:65:13:ff:d0:db:ce:ed:dd:d8:8e:
         d6:80:ab:25:f3:77:8a:ab:ab:23:29:ad:e6:da:58:e8:16:4b:
         7c:02:85:93:1f:db:b6:ce:4c:a1:99:42:e1:65:6b:df:43:d8:
         db:ba:88:30:91:8f:f8:d7:a4:01:ab:c8:aa:e3:b8:79:6d:e3:
         c0:12:d3:8b:02:93:fc:e0:f5:9f:5d:fa:44:29:31:bc:e9:0f:
         bd:38:f6:e8:19:93:d9:c2:67:f6:23:1a:36:73:dc:61:51:1f:
         cf:3d:62:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZl23HeYsWzLi/wz0QaPk/NEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwOTIzMTM1NjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmMzZDVmMmU5ZTYzNTY3MWQyYjc4NTcxODNhODhmYzQyOWMxNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fy3Uw4VqmxiqHF5hTjWH8aAPwRW
cjfpLG3oQ6A2PFT8e4zEDk+wj37lvlwDyZXNfuX384sh+puUHVkcHExjYALNvZON
rjmoI3hu7+xpLCGm6EZZ5c8mogkUDRjEkfHfRkvs1d5XuT6AOC4IwJQXXBQdXcpE
TKNvyZNHl6ZBduELIubYCUcbWKf14fsGyV9pG6ITqQ0V0pJP6pkyT4rz0eJ25LhB
PpTpKipuClduDaNctJ605kz4Li/B8JOnYvyx+gd5qLt5xEBBHGzNqn78oW4wJuDQ
BhxZprJtHbpn3q0oiSaOBlcLKYt0fVGZBz2U46+CHrpMn8VTctTuTwot1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF/D1fLp5jVnHSt4Vxg6iPxCnBTTMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWDhQVjh1bm1OV2NkSzNoWEdEcUlfRUtjRk5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6XwAUg
MA0GCSqGSIb3DQEBCwUAA4IBAQCrROB5cC0TEF9CdA+vDXpu2i2HCrYJcbLy2O4f
3QbHJoZXhofhM6mWXD82ScCixUoxmKDn0I8rGmylxiLjE9tpgpIWJ77V27/XQ7dB
X0pp/z+srTUBfCB0fwY2ckjIkndg5SvxhdUN5UOZ1urPWfPdvJvwRowWEz4sRNui
eEueEkQ5LVp0BPyTa4G7zulJPDCoIIetgCVHoWUT/9Dbzu3d2I7WgKsl83eKq6sj
Ka3m2ljoFkt8AoWTH9u2zkyhmULhZWvfQ9jbuogwkY/416QBq8iq47h5bePAEtOL
ApP84PWfXfpEKTG86Q+9OPboGZPZwmf2Ixo2c9xhUR/PPWJe
-----END CERTIFICATE-----