Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/ru7w0W3lQckov7VLXi2IdFlGxc8.roa
File:                     ru7w0W3lQckov7VLXi2IdFlGxc8.roa (raw, json)
Hash identifier:          vKg9HC/GY7EtcTEA0K5g2y1Kwk8jYnfJyEo6IYPl+Z8=
Subject key identifier:   AE:EE:F0:D1:6D:E5:41:C9:28:BF:B5:4B:5E:2D:88:74:59:46:C5:CF
Certificate issuer:       /CN=05d4d49da3e14855a7b883603ff148c1bb21f690
Certificate serial:       0199352759E93D32AE8D8FD3B6BB4B6AA186
Authority key identifier: 05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/ru7w0W3lQckov7VLXi2IdFlGxc8.roa
Signing time:             Wed 10 Sep 2025 19:43:15 +0000
ROA not before:           Wed 10 Sep 2025 19:43:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        2a0e:5cc5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:35:27:59:e9:3d:32:ae:8d:8f:d3:b6:bb:4b:6a:a1:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05d4d49da3e14855a7b883603ff148c1bb21f690
        Validity
            Not Before: Sep 10 19:43:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aeeef0d16de541c928bfb54b5e2d88745946c5cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:91:06:ea:3c:22:bf:92:bc:06:b0:79:01:28:
                    27:2f:e0:d6:34:fe:c2:38:b7:e7:00:27:f5:f7:0b:
                    03:52:7d:b6:df:f3:3d:6d:bf:22:a2:3a:88:76:8b:
                    97:60:50:59:ac:62:95:e8:51:8a:7a:41:fc:26:d3:
                    ac:ca:f6:ac:26:6f:d4:05:5f:07:d2:1f:f9:fa:56:
                    64:96:c6:c4:20:d9:8c:71:db:87:d6:40:f1:2d:d0:
                    53:b6:75:4a:e4:b2:d7:25:99:5e:c7:0c:5c:97:e6:
                    04:e4:0e:05:f2:57:e5:6c:8c:2f:18:cc:d6:e2:a1:
                    aa:c8:0f:45:58:1b:0f:82:91:50:17:84:fd:fe:93:
                    11:b9:10:b3:cc:82:8f:7f:d3:3c:b7:46:a1:5a:39:
                    35:99:71:8e:f4:c1:58:65:ff:f5:d1:3d:a3:65:97:
                    96:d5:2d:b8:82:a2:9f:46:15:d9:f4:61:33:7e:18:
                    93:be:f6:fa:87:93:a6:47:5b:4f:63:03:30:bc:a3:
                    70:a6:6e:9d:7e:9f:82:e7:84:c7:2b:58:de:a0:43:
                    0e:6d:7c:fd:d9:cd:ec:50:9e:6f:d5:77:0b:ee:4d:
                    30:67:a9:e3:3e:55:c0:ff:6b:f2:0d:12:6e:ea:95:
                    ab:b4:23:6d:3a:d6:20:44:67:16:29:98:f8:0e:a0:
                    ca:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:EE:F0:D1:6D:E5:41:C9:28:BF:B5:4B:5E:2D:88:74:59:46:C5:CF
            X509v3 Authority Key Identifier:
                keyid:05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/ru7w0W3lQckov7VLXi2IdFlGxc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5cc5::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:14:b9:f7:19:63:25:2a:b2:2f:8a:17:76:f4:62:e2:a6:49:
         c3:96:5a:d6:36:37:dc:bd:26:d5:90:de:40:8e:71:7f:6a:60:
         08:bb:18:69:ae:a9:63:d3:43:67:18:dd:3d:fe:1d:c4:1c:23:
         38:d2:b3:68:ea:36:08:df:b0:b6:3c:2e:79:1e:e0:0a:69:00:
         19:df:6f:09:b7:18:4f:e5:db:d4:c2:b2:c4:ef:5b:f3:f3:07:
         a3:0a:fd:de:a4:fd:a5:b8:ea:75:7b:80:54:91:22:b1:4e:0c:
         43:63:b3:b4:38:94:15:35:ed:b7:1c:cd:f8:ef:e5:09:07:76:
         e7:be:d4:78:e3:66:93:65:c0:f5:f0:ff:0f:80:97:ab:85:1a:
         e3:e3:92:49:d7:f2:9d:3c:f4:10:e5:3f:40:25:aa:0a:4e:8b:
         4e:ee:61:1f:0e:f6:df:aa:85:53:d5:21:e3:fc:77:1b:dd:9b:
         d3:c4:b3:89:fa:24:72:36:98:9a:fa:aa:0c:f9:91:76:05:72:
         3f:4e:b8:5d:75:64:73:fb:6e:f3:cd:50:05:cd:5d:21:02:e8:
         a8:41:b3:d5:c7:37:c5:89:5e:3b:50:e9:98:6c:ad:00:79:6d:
         c6:f3:89:1c:e8:d9:05:64:5d:c2:cc:8d:ec:dd:69:d5:ee:ad:
         24:a7:f0:28
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZk1J1npPTKujY/TtrtLaqGGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZDRkNDlkYTNlMTQ4NTVhN2I4ODM2MDNmZjE0OGMxYmIy
MWY2OTAwHhcNMjUwOTEwMTk0MzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWVlZjBkMTZkZTU0MWM5MjhiZmI1NGI1ZTJkODg3NDU5NDZjNWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopEG6jwiv5K8BrB5ASgnL+DWNP7C
OLfnACf19wsDUn223/M9bb8iojqIdouXYFBZrGKV6FGKekH8JtOsyvasJm/UBV8H
0h/5+lZklsbEINmMcduH1kDxLdBTtnVK5LLXJZlexwxcl+YE5A4F8lflbIwvGMzW
4qGqyA9FWBsPgpFQF4T9/pMRuRCzzIKPf9M8t0ahWjk1mXGO9MFYZf/10T2jZZeW
1S24gqKfRhXZ9GEzfhiTvvb6h5OmR1tPYwMwvKNwpm6dfp+C54THK1jeoEMObXz9
2c3sUJ5v1XcL7k0wZ6njPlXA/2vyDRJu6pWrtCNtOtYgRGcWKZj4DqDK4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK7u8NFt5UHJKL+1S14tiHRZRsXPMB8GA1UdIwQY
MBaAFAXU1J2j4UhVp7iDYD/xSMG7IfaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQt
NThmMWNiZjNjYWMzLzEvcnU3dzBXM2xRY2tvdjdWTFhpMklkRmxHeGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQtNThmMWNiZjNjYWMz
LzEvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5cxTAN
BgkqhkiG9w0BAQsFAAOCAQEAPxS59xljJSqyL4oXdvRi4qZJw5Za1jY33L0m1ZDe
QI5xf2pgCLsYaa6pY9NDZxjdPf4dxBwjONKzaOo2CN+wtjwueR7gCmkAGd9vCbcY
T+Xb1MKyxO9b8/MHowr93qT9pbjqdXuAVJEisU4MQ2OztDiUFTXttxzN+O/lCQd2
577UeONmk2XA9fD/D4CXq4Ua4+OSSdfynTz0EOU/QCWqCk6LTu5hHw7236qFU9Uh
4/x3G92b08SzifokcjaYmvqqDPmRdgVyP064XXVkc/tu881QBc1dIQLoqEGz1cc3
xYleO1DpmGytAHltxvOJHOjZBWRdwsyN7N1p1e6tJKfwKA==
-----END CERTIFICATE-----