Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/X6_TjtQwmeuK02HsdtBqExL53Ns.roa
File:                     X6_TjtQwmeuK02HsdtBqExL53Ns.roa (raw, json)
Hash identifier:          iFX22eM+S+PXpdOb7LkHEMy7skJnpdQtVRXSFjP8GCY=
Subject key identifier:   5F:AF:D3:8E:D4:30:99:EB:8A:D3:61:EC:76:D0:6A:13:12:F9:DC:DB
Certificate issuer:       /CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
Certificate serial:       0199B7210D7ABFD032F29EFDC629CFB62A5A
Authority key identifier: 5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/X6_TjtQwmeuK02HsdtBqExL53Ns.roa
Signing time:             Mon 06 Oct 2025 01:27:00 +0000
ROA not before:           Mon 06 Oct 2025 01:27:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56766
IP address blocks:        31.133.38.0/23 maxlen: 24
                          31.133.38.0/24 maxlen: 24
                          31.133.39.0/24 maxlen: 24
                          31.133.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b7:21:0d:7a:bf:d0:32:f2:9e:fd:c6:29:cf:b6:2a:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
        Validity
            Not Before: Oct  6 01:27:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fafd38ed43099eb8ad361ec76d06a1312f9dcdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:41:bc:28:74:2e:4c:51:bf:36:47:05:aa:3a:
                    b9:b4:6b:d7:60:ae:26:70:e4:64:85:7f:a4:b7:ed:
                    d6:e2:5a:f8:c8:b3:84:6a:6d:0c:24:80:6a:15:70:
                    95:21:d0:d2:8f:72:51:3a:3c:b5:d9:fc:a7:4c:c8:
                    4b:8b:16:f8:bc:97:34:57:97:68:14:13:a7:88:c2:
                    1f:fa:15:89:26:f2:ca:3c:1a:ec:66:f6:b7:cd:22:
                    8e:56:c1:8b:64:6d:c1:fd:68:b2:c2:b7:04:6e:5c:
                    47:e4:31:62:65:01:21:84:03:7b:ae:8f:ab:9c:1f:
                    8b:81:0c:6e:f3:66:67:60:8e:11:f8:18:08:b0:4c:
                    54:c3:b9:ff:ab:72:89:9c:2d:e5:a3:9d:c5:fa:07:
                    61:ce:32:ed:fc:42:71:dd:08:da:16:70:7d:b8:28:
                    99:13:1b:8f:40:68:fe:04:78:fc:c6:9d:6f:e4:6b:
                    76:15:b1:c9:a9:85:85:3a:6b:4c:84:7d:9a:3a:ab:
                    83:14:39:e0:90:ff:0d:29:e2:23:e2:c6:10:cd:65:
                    73:64:c1:16:a7:d0:41:42:28:7c:ab:dd:a5:ac:42:
                    20:b4:00:a1:2e:d4:71:f9:5a:4e:79:42:74:64:a8:
                    47:de:82:bf:76:8d:db:8a:99:01:77:93:9a:d8:ac:
                    27:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:AF:D3:8E:D4:30:99:EB:8A:D3:61:EC:76:D0:6A:13:12:F9:DC:DB
            X509v3 Authority Key Identifier:
                keyid:5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/X6_TjtQwmeuK02HsdtBqExL53Ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.38.0/23
                  31.133.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:a8:fe:97:80:cd:02:47:11:a8:43:c2:a2:18:68:08:c8:8a:
         d5:bd:e0:a7:ab:a8:e7:46:51:80:41:77:4b:86:47:5c:11:09:
         59:33:32:55:99:fa:96:4b:6a:2d:b9:82:de:37:a3:7d:31:c4:
         1d:b1:ec:20:a0:16:56:89:a0:00:28:f8:7f:0b:43:bc:47:d7:
         8c:63:f9:1a:12:2d:a5:d7:cb:fa:5f:48:b3:31:1b:18:5a:5f:
         50:56:8e:03:b1:1d:5a:97:45:45:bf:44:66:15:98:df:ba:dc:
         60:44:79:9d:65:20:ea:ef:02:1d:d2:c5:fa:5a:b7:5e:40:f4:
         aa:34:70:bf:1e:f6:a2:42:b9:94:1b:99:6f:fe:8b:22:d0:04:
         2d:d5:d1:9a:8c:e6:aa:60:42:28:f6:37:f2:e7:fc:03:15:7c:
         46:97:18:0e:0e:8c:d4:4a:14:63:02:94:b8:f4:51:ad:0a:72:
         5f:72:73:a9:71:e4:73:28:6c:e3:de:12:65:35:07:68:28:11:
         bd:53:d5:ca:95:88:c2:61:d7:36:bc:fb:4c:ed:84:1f:d6:c7:
         c2:41:bb:3f:60:b5:30:c1:e3:4e:21:11:f4:81:d0:45:12:f4:
         a4:e8:79:b8:ba:20:6a:a8:72:35:42:4e:81:03:54:c8:34:33:
         f7:43:6b:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm3IQ16v9Ay8p79xinPtipaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjRmOWQwNGVmZDVhOWZjMmUyM2I0MmQ1YjUxYWVmZDlh
NTAyNTAwHhcNMjUxMDA2MDEyNzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmFmZDM4ZWQ0MzA5OWViOGFkMzYxZWM3NmQwNmExMzEyZjlkY2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUG8KHQuTFG/NkcFqjq5tGvXYK4m
cORkhX+kt+3W4lr4yLOEam0MJIBqFXCVIdDSj3JROjy12fynTMhLixb4vJc0V5do
FBOniMIf+hWJJvLKPBrsZva3zSKOVsGLZG3B/WiywrcEblxH5DFiZQEhhAN7ro+r
nB+LgQxu82ZnYI4R+BgIsExUw7n/q3KJnC3lo53F+gdhzjLt/EJx3QjaFnB9uCiZ
ExuPQGj+BHj8xp1v5Gt2FbHJqYWFOmtMhH2aOquDFDngkP8NKeIj4sYQzWVzZMEW
p9BBQih8q92lrEIgtAChLtRx+VpOeUJ0ZKhH3oK/do3bipkBd5Oa2KwnQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF+v047UMJnritNh7HbQahMS+dzbMB8GA1UdIwQY
MBaAFFxk+dBO/VqfwuI7QtW1Gu/ZpQJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUt
YjY2ZmE0ZjQ3NjNhLzEvWDZfVGp0UXdtZXVLMDJIc2R0QnFFeEw1M05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUtYjY2ZmE0ZjQ3NjNh
LzEvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBH4UmAwQA
H4UrMA0GCSqGSIb3DQEBCwUAA4IBAQBpqP6XgM0CRxGoQ8KiGGgIyIrVveCnq6jn
RlGAQXdLhkdcEQlZMzJVmfqWS2otuYLeN6N9McQdsewgoBZWiaAAKPh/C0O8R9eM
Y/kaEi2l18v6X0izMRsYWl9QVo4DsR1al0VFv0RmFZjfutxgRHmdZSDq7wId0sX6
WrdeQPSqNHC/HvaiQrmUG5lv/osi0AQt1dGajOaqYEIo9jfy5/wDFXxGlxgODozU
ShRjApS49FGtCnJfcnOpceRzKGzj3hJlNQdoKBG9U9XKlYjCYdc2vPtM7YQf1sfC
Qbs/YLUwweNOIRH0gdBFEvSk6Hm4uiBqqHI1Qk6BA1TINDP3Q2vs
-----END CERTIFICATE-----