Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/Se8nAg0-xrQhHXIbYS2eSChavY4.roa
File:                     Se8nAg0-xrQhHXIbYS2eSChavY4.roa (raw, json)
Hash identifier:          NDhJCH+ULsr3l5nHLuoOYh5KnKuXbhQ8t+mEi5JVlO4=
Subject key identifier:   49:EF:27:02:0D:3E:C6:B4:21:1D:72:1B:61:2D:9E:48:28:5A:BD:8E
Certificate issuer:       /CN=922a1a67e2da7112d4559cd8dbd8141f8f3277e8
Certificate serial:       01996EDA988D89C478F888D2BE42650DC961
Authority key identifier: 92:2A:1A:67:E2:DA:71:12:D4:55:9C:D8:DB:D8:14:1F:8F:32:77:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/Se8nAg0-xrQhHXIbYS2eSChavY4.roa
Signing time:             Mon 22 Sep 2025 00:37:23 +0000
ROA not before:           Mon 22 Sep 2025 00:37:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51574
IP address blocks:        2a13:5a07:fe::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:6e:da:98:8d:89:c4:78:f8:88:d2:be:42:65:0d:c9:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=922a1a67e2da7112d4559cd8dbd8141f8f3277e8
        Validity
            Not Before: Sep 22 00:37:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49ef27020d3ec6b4211d721b612d9e48285abd8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:24:43:4e:19:cc:3f:cc:7c:e4:d6:c2:d2:2c:
                    16:a3:c7:ad:03:d5:4b:7a:9f:e8:bb:d0:25:f1:7e:
                    f0:2a:60:38:15:df:ca:e0:97:4b:3c:b2:5b:9e:de:
                    cc:ce:38:fa:9b:17:fe:bd:0d:7d:3e:d1:d9:01:0e:
                    f6:41:cc:57:9d:62:4c:3b:a5:f8:6a:6c:59:ba:42:
                    ae:63:a8:01:61:ea:c9:66:d6:c0:fc:b3:e3:a7:70:
                    f0:e4:93:76:60:01:eb:e2:f1:7e:4b:fa:0b:35:fc:
                    56:d2:61:bb:a9:05:a8:a8:73:58:7b:85:61:38:f5:
                    8f:99:29:4f:d2:e1:7d:9e:ca:32:d5:55:91:3f:f7:
                    a3:c6:7b:07:63:5e:57:6e:b4:94:19:dd:e8:c8:45:
                    c8:4c:6b:de:b3:bb:e3:7e:44:54:d1:6c:a2:6e:3b:
                    d0:fd:7f:55:ce:03:15:26:2e:c5:56:65:64:5d:22:
                    ef:41:1e:ab:66:70:0d:5f:cd:ee:4d:e6:83:ea:ee:
                    d4:25:30:9b:51:0c:9a:34:59:c3:84:77:37:96:b6:
                    c0:ab:f6:3f:f8:57:9d:0d:a9:e1:a3:74:98:57:a8:
                    2b:2b:35:ad:a0:b9:cd:a0:cb:2f:25:1e:0f:6c:d3:
                    94:55:72:a6:28:dd:90:ec:04:23:07:ca:0e:3e:4f:
                    62:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:EF:27:02:0D:3E:C6:B4:21:1D:72:1B:61:2D:9E:48:28:5A:BD:8E
            X509v3 Authority Key Identifier:
                keyid:92:2A:1A:67:E2:DA:71:12:D4:55:9C:D8:DB:D8:14:1F:8F:32:77:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/Se8nAg0-xrQhHXIbYS2eSChavY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5a07:fe::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:7a:05:a5:3a:00:be:0b:83:fd:13:f4:38:0c:cd:8a:cf:10:
         a5:65:e4:ef:01:d5:53:13:20:7d:a6:ab:b1:80:f4:d6:00:33:
         a9:f4:59:70:dd:e8:cb:bc:44:5e:0a:b8:8a:19:e6:b3:53:ec:
         9a:a7:e1:7c:04:09:be:5a:73:57:aa:be:f9:d9:a8:d6:6d:54:
         8c:51:82:89:6c:c4:29:04:bd:e1:90:bf:2b:a9:b7:eb:8a:6c:
         21:06:87:ea:4c:14:09:b1:d6:61:1a:d2:79:6f:ef:48:5d:d8:
         12:c7:4d:6b:08:77:b6:0c:2a:32:0b:52:72:59:fb:21:c3:cd:
         bf:65:1d:43:6e:5d:c3:d5:81:0e:e1:c1:b0:39:aa:5d:c5:34:
         89:38:ea:a9:d4:db:c6:85:8a:79:bc:8a:19:7c:55:3b:6e:05:
         6e:3a:eb:00:97:39:0b:3a:ae:e0:5b:51:9d:9b:e6:00:66:8f:
         ec:9f:a4:ff:e9:be:de:19:8d:c5:cc:19:ca:35:4c:52:76:19:
         3e:4a:79:83:cf:51:c8:6d:fb:f6:32:fb:1d:87:6e:52:52:70:
         d9:d6:71:4c:65:68:2c:0b:b5:3b:19:a7:83:82:81:a1:04:9e:
         23:9c:00:df:6c:2e:82:95:ad:ba:95:d5:2d:b9:e4:9b:98:9b:
         d8:b4:51:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlu2piNicR4+IjSvkJlDclhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMmExYTY3ZTJkYTcxMTJkNDU1OWNkOGRiZDgxNDFmOGYz
Mjc3ZTgwHhcNMjUwOTIyMDAzNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWVmMjcwMjBkM2VjNmI0MjExZDcyMWI2MTJkOWU0ODI4NWFiZDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCRDThnMP8x85NbC0iwWo8etA9VL
ep/ou9Al8X7wKmA4Fd/K4JdLPLJbnt7Mzjj6mxf+vQ19PtHZAQ72QcxXnWJMO6X4
amxZukKuY6gBYerJZtbA/LPjp3Dw5JN2YAHr4vF+S/oLNfxW0mG7qQWoqHNYe4Vh
OPWPmSlP0uF9nsoy1VWRP/ejxnsHY15XbrSUGd3oyEXITGves7vjfkRU0WyibjvQ
/X9VzgMVJi7FVmVkXSLvQR6rZnANX83uTeaD6u7UJTCbUQyaNFnDhHc3lrbAq/Y/
+FedDanho3SYV6grKzWtoLnNoMsvJR4PbNOUVXKmKN2Q7AQjB8oOPk9iVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEnvJwINPsa0IR1yG2EtnkgoWr2OMB8GA1UdIwQY
MBaAFJIqGmfi2nES1FWc2NvYFB+PMnfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lvYVotTGFjUkxVVlp6WTI5Z1VINDh5ZC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZGFjMzAtODU3MC00N2IyLWIyNmEt
N2YzYTQyODE3MWM3LzEvU2U4bkFnMC14clFoSFhJYllTMmVTQ2hhdlk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZGFjMzAtODU3MC00N2IyLWIyNmEtN2YzYTQyODE3MWM3
LzEva2lvYVotTGFjUkxVVlp6WTI5Z1VINDh5ZC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhNaBwD+
MA0GCSqGSIb3DQEBCwUAA4IBAQCCegWlOgC+C4P9E/Q4DM2KzxClZeTvAdVTEyB9
pquxgPTWADOp9Flw3ejLvEReCriKGeazU+yap+F8BAm+WnNXqr752ajWbVSMUYKJ
bMQpBL3hkL8rqbfrimwhBofqTBQJsdZhGtJ5b+9IXdgSx01rCHe2DCoyC1JyWfsh
w82/ZR1Dbl3D1YEO4cGwOapdxTSJOOqp1NvGhYp5vIoZfFU7bgVuOusAlzkLOq7g
W1Gdm+YAZo/sn6T/6b7eGY3FzBnKNUxSdhk+SnmDz1HIbfv2Mvsdh25SUnDZ1nFM
ZWgsC7U7GaeDgoGhBJ4jnADfbC6Cla26ldUtueSbmJvYtFG1
-----END CERTIFICATE-----