Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/pt0lS1m3NLfN-ZlG6LR_u92_6So.roa
File:                     pt0lS1m3NLfN-ZlG6LR_u92_6So.roa (raw, json)
Hash identifier:          5VENDpQR+7VNnLE+YBum+RFRq29jqQtAdKpAJMhSuxQ=
Subject key identifier:   A6:DD:25:4B:59:B7:34:B7:CD:F9:99:46:E8:B4:7F:BB:DD:BF:E9:2A
Certificate issuer:       /CN=de456cdb4d140345c3dcaebfc7634d4e7cdcb913
Certificate serial:       01996175075CD08A509329ED1821C7CD3916
Authority key identifier: DE:45:6C:DB:4D:14:03:45:C3:DC:AE:BF:C7:63:4D:4E:7C:DC:B9:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3kVs200UA0XD3K6_x2NNTnzcuRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/pt0lS1m3NLfN-ZlG6LR_u92_6So.roa
Signing time:             Fri 19 Sep 2025 10:11:23 +0000
ROA not before:           Fri 19 Sep 2025 10:11:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56501
IP address blocks:        128.127.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/3kVs200UA0XD3K6_x2NNTnzcuRM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/3kVs200UA0XD3K6_x2NNTnzcuRM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3kVs200UA0XD3K6_x2NNTnzcuRM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:61:75:07:5c:d0:8a:50:93:29:ed:18:21:c7:cd:39:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de456cdb4d140345c3dcaebfc7634d4e7cdcb913
        Validity
            Not Before: Sep 19 10:11:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6dd254b59b734b7cdf99946e8b47fbbddbfe92a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:12:9c:ec:5f:57:b2:57:03:18:24:8b:99:24:
                    bf:ae:89:ca:c0:92:cf:b0:30:72:b8:01:4f:d4:de:
                    c8:d1:c1:bb:42:48:38:cc:33:d8:85:a8:ba:ca:27:
                    61:c2:f9:35:6b:27:bb:e5:48:99:ca:3b:6b:b8:09:
                    1b:0b:bc:86:72:b9:10:0a:b1:79:67:79:63:65:1c:
                    7b:8f:93:18:7e:6c:c3:2f:97:17:8a:a0:86:ec:15:
                    8c:f2:e4:a0:af:62:3e:ae:5d:84:c2:ff:cf:af:f5:
                    c4:7b:e1:9f:f5:7f:51:62:b4:79:3e:96:29:c6:37:
                    4d:1a:da:d2:d1:20:40:7b:7c:fa:b6:18:78:a2:33:
                    80:df:9b:8d:2a:44:6c:2c:95:29:52:f6:b9:30:e3:
                    fd:38:9d:0d:41:d4:cb:e4:ab:59:b8:13:00:fe:e3:
                    e2:80:41:82:e5:a2:c3:27:9d:1a:c4:a4:88:30:98:
                    7e:6e:df:1c:a9:b5:5b:5b:74:a1:06:29:00:f6:25:
                    a7:97:bb:10:cc:4c:cc:cf:a2:9f:a3:76:da:23:39:
                    29:f3:45:db:60:81:39:90:13:7a:1c:9a:fa:60:dc:
                    c0:f0:a7:5b:37:01:9e:5d:42:c8:bc:ba:9a:31:2c:
                    93:69:df:82:26:81:73:43:49:db:e9:57:1f:d6:c0:
                    cc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:DD:25:4B:59:B7:34:B7:CD:F9:99:46:E8:B4:7F:BB:DD:BF:E9:2A
            X509v3 Authority Key Identifier:
                keyid:DE:45:6C:DB:4D:14:03:45:C3:DC:AE:BF:C7:63:4D:4E:7C:DC:B9:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3kVs200UA0XD3K6_x2NNTnzcuRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/pt0lS1m3NLfN-ZlG6LR_u92_6So.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/3kVs200UA0XD3K6_x2NNTnzcuRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.127.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:75:2b:b4:8b:e8:44:00:d4:09:53:6b:9e:c2:b4:63:46:df:
         39:92:68:4c:6e:0e:2a:c1:39:ec:b7:20:8c:d7:51:f1:b7:5c:
         45:e8:00:80:05:64:61:7b:7f:7e:b4:22:cc:54:61:f7:fd:da:
         b2:ed:49:ef:7f:26:fa:e5:f8:eb:11:89:d4:23:e8:00:91:1e:
         b6:91:50:00:11:59:6d:f9:32:25:15:26:db:db:99:ff:a6:58:
         8f:e3:b8:ed:36:e4:c6:18:d5:68:e7:eb:1e:18:cf:23:e7:2a:
         87:9d:36:8f:4b:c4:e3:f1:71:86:d2:98:22:fa:45:14:67:8c:
         5e:5c:48:62:e2:40:a0:48:cf:85:8f:4e:f4:f9:f6:a7:59:18:
         04:d7:19:b7:e9:fb:b3:b9:67:26:36:bb:7a:63:57:08:3f:56:
         46:75:e2:37:b0:33:f3:27:4d:69:86:79:e0:7a:f5:a0:37:3b:
         c8:fa:70:23:8d:60:7b:b2:fb:38:cb:a0:af:cc:21:dc:16:38:
         60:41:37:73:9a:26:ce:80:fc:e8:86:50:50:1f:49:38:60:c4:
         8d:fa:01:7a:67:49:8b:06:bf:a9:a0:d2:b5:43:3a:c0:c4:c9:
         71:04:85:d4:d4:19:4e:f4:a3:06:05:a4:d1:3d:6e:1f:b3:77:
         13:cc:c4:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlhdQdc0IpQkyntGCHHzTkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNDU2Y2RiNGQxNDAzNDVjM2RjYWViZmM3NjM0ZDRlN2Nk
Y2I5MTMwHhcNMjUwOTE5MTAxMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmRkMjU0YjU5YjczNGI3Y2RmOTk5NDZlOGI0N2ZiYmRkYmZlOTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxKc7F9XslcDGCSLmSS/ronKwJLP
sDByuAFP1N7I0cG7Qkg4zDPYhai6yidhwvk1aye75UiZyjtruAkbC7yGcrkQCrF5
Z3ljZRx7j5MYfmzDL5cXiqCG7BWM8uSgr2I+rl2Ewv/Pr/XEe+Gf9X9RYrR5PpYp
xjdNGtrS0SBAe3z6thh4ojOA35uNKkRsLJUpUva5MOP9OJ0NQdTL5KtZuBMA/uPi
gEGC5aLDJ50axKSIMJh+bt8cqbVbW3ShBikA9iWnl7sQzEzMz6Kfo3baIzkp80Xb
YIE5kBN6HJr6YNzA8KdbNwGeXULIvLqaMSyTad+CJoFzQ0nb6Vcf1sDMmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbdJUtZtzS3zfmZRui0f7vdv+kqMB8GA1UdIwQY
MBaAFN5FbNtNFANFw9yuv8djTU583LkTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2tWczIwMFVBMFhEM0s2X3gyTk5UbnpjdVJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8yMGNiMzMtZTJiZi00NmFhLWFiZmEt
OTI4ZTdiYzY5NTcwLzEvcHQwbFMxbTNOTGZOLVpsRzZMUl91OTJfNlNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8yMGNiMzMtZTJiZi00NmFhLWFiZmEtOTI4ZTdiYzY5NTcw
LzEvM2tWczIwMFVBMFhEM0s2X3gyTk5UbnpjdVJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgH+1MA0G
CSqGSIb3DQEBCwUAA4IBAQBcdSu0i+hEANQJU2uewrRjRt85kmhMbg4qwTnstyCM
11Hxt1xF6ACABWRhe39+tCLMVGH3/dqy7Unvfyb65fjrEYnUI+gAkR62kVAAEVlt
+TIlFSbb25n/pliP47jtNuTGGNVo5+seGM8j5yqHnTaPS8Tj8XGG0pgi+kUUZ4xe
XEhi4kCgSM+Fj070+fanWRgE1xm36fuzuWcmNrt6Y1cIP1ZGdeI3sDPzJ01phnng
evWgNzvI+nAjjWB7svs4y6CvzCHcFjhgQTdzmibOgPzohlBQH0k4YMSN+gF6Z0mL
Br+poNK1QzrAxMlxBIXU1BlO9KMGBaTRPW4fs3cTzMSa
-----END CERTIFICATE-----