Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/1Q5iHdzKxf8MNemcT1RBOOzIIJ0.roa
File:                     1Q5iHdzKxf8MNemcT1RBOOzIIJ0.roa (raw, json)
Hash identifier:          dhLNFKd+PfuuwcD6QJZQdI1MnPf4yhnne4cWUKHT2mc=
Subject key identifier:   D5:0E:62:1D:DC:CA:C5:FF:0C:35:E9:9C:4F:54:41:38:EC:C8:20:9D
Certificate issuer:       /CN=94962e2afa7748f45265d89fd15624b584e72466
Certificate serial:       0199A42CCA3C4906307FC53F5145EB9CF59F
Authority key identifier: 94:96:2E:2A:FA:77:48:F4:52:65:D8:9F:D1:56:24:B5:84:E7:24:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/1Q5iHdzKxf8MNemcT1RBOOzIIJ0.roa
Signing time:             Thu 02 Oct 2025 09:07:02 +0000
ROA not before:           Thu 02 Oct 2025 09:07:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        131.220.0.0/16 maxlen: 17
                          193.23.254.0/24 maxlen: 32
                          2a00:5ba0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a4:2c:ca:3c:49:06:30:7f:c5:3f:51:45:eb:9c:f5:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94962e2afa7748f45265d89fd15624b584e72466
        Validity
            Not Before: Oct  2 09:07:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d50e621ddccac5ff0c35e99c4f544138ecc8209d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:dc:08:7e:e6:7e:ad:7b:58:d1:df:2f:a0:3c:
                    d0:44:6d:99:0d:b5:6f:47:53:bd:13:a8:04:53:3e:
                    6f:cc:3d:54:cc:3b:0c:9e:28:8a:cf:26:20:b7:8a:
                    41:76:7d:4b:e8:2d:ab:60:62:4e:fd:56:88:0b:38:
                    e7:0c:82:e2:ae:bc:57:a7:75:07:e2:d1:64:f2:39:
                    50:5c:9f:f8:cf:74:2e:75:d1:f2:27:69:54:17:c2:
                    06:3f:c3:c0:2d:5b:02:51:f0:b7:52:08:70:16:a8:
                    62:9a:2a:d2:ac:a6:76:6f:d7:a9:71:a2:fc:63:d3:
                    43:b2:78:97:81:d6:81:85:eb:05:dd:f8:c8:18:43:
                    3d:bf:4e:b1:48:3b:36:8e:db:39:09:f7:1b:fe:ed:
                    21:ab:d1:81:2d:d4:b1:c7:95:fa:8b:f6:ea:28:e5:
                    c7:4b:7a:c9:25:b6:2d:b4:db:cd:4d:7d:82:49:50:
                    ae:d5:b0:c3:82:d3:32:d7:bb:fd:17:c9:4a:45:a6:
                    fe:39:50:4a:27:8e:07:6d:69:fe:a1:8e:df:79:fe:
                    9d:3b:df:8b:1b:b2:8c:65:b4:32:d7:6a:26:d7:87:
                    b3:09:75:77:5f:8d:b7:af:4c:c4:15:fe:0f:f3:97:
                    3a:74:68:6a:05:5e:9b:94:3f:2c:2f:cc:eb:da:99:
                    01:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:0E:62:1D:DC:CA:C5:FF:0C:35:E9:9C:4F:54:41:38:EC:C8:20:9D
            X509v3 Authority Key Identifier:
                keyid:94:96:2E:2A:FA:77:48:F4:52:65:D8:9F:D1:56:24:B5:84:E7:24:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/1Q5iHdzKxf8MNemcT1RBOOzIIJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.220.0.0/16
                  193.23.254.0/24
                IPv6:
                  2a00:5ba0::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:68:35:47:37:73:7e:95:22:9f:10:e8:4c:77:66:1d:dc:81:
         9f:14:74:ed:93:d9:7b:9f:01:fa:32:46:3c:bb:9a:48:3e:86:
         fd:12:ec:b1:05:66:56:c8:27:3f:47:ae:c9:6a:3f:ac:85:0d:
         1e:b7:ab:8e:0b:d1:b3:dd:99:df:3c:54:21:27:e9:35:40:e6:
         9e:e5:a4:3f:cb:2b:e5:7a:23:d2:2f:d9:ec:c9:7b:e3:1d:c0:
         f3:b1:6d:c5:22:00:20:1b:f2:d9:bb:10:af:3d:d7:ef:a6:fa:
         1f:9d:6a:e2:9b:28:79:de:6a:36:59:da:37:0f:d4:08:47:87:
         32:0b:a1:8e:41:a8:4e:b5:fb:b7:93:a5:0a:f4:df:3b:d0:42:
         4b:b6:dd:e5:2f:33:8a:fd:1b:7e:50:35:48:99:b4:3c:a2:9c:
         f8:20:de:85:4d:96:45:94:36:a1:f1:d9:31:fe:04:89:04:2a:
         6d:d3:fe:8b:f2:a9:d8:6f:92:df:57:c8:2d:a6:a1:ec:5c:a9:
         1e:43:ec:4b:bc:76:78:b5:26:89:8c:f7:cd:f2:62:10:45:01:
         52:82:dc:7e:fa:3b:34:68:43:83:bc:ed:e8:bf:02:f5:a2:a4:
         27:03:4c:76:f5:09:65:c0:01:60:d5:7a:e0:97:a6:48:7b:a4:
         b9:b8:a6:0f
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZmkLMo8SQYwf8U/UUXrnPWfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OTYyZTJhZmE3NzQ4ZjQ1MjY1ZDg5ZmQxNTYyNGI1ODRl
NzI0NjYwHhcNMjUxMDAyMDkwNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTBlNjIxZGRjY2FjNWZmMGMzNWU5OWM0ZjU0NDEzOGVjYzgyMDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstwIfuZ+rXtY0d8voDzQRG2ZDbVv
R1O9E6gEUz5vzD1UzDsMniiKzyYgt4pBdn1L6C2rYGJO/VaICzjnDILirrxXp3UH
4tFk8jlQXJ/4z3QuddHyJ2lUF8IGP8PALVsCUfC3UghwFqhimirSrKZ2b9epcaL8
Y9NDsniXgdaBhesF3fjIGEM9v06xSDs2jts5Cfcb/u0hq9GBLdSxx5X6i/bqKOXH
S3rJJbYttNvNTX2CSVCu1bDDgtMy17v9F8lKRab+OVBKJ44HbWn+oY7fef6dO9+L
G7KMZbQy12om14ezCXV3X423r0zEFf4P85c6dGhqBV6blD8sL8zr2pkBMQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNUOYh3cysX/DDXpnE9UQTjsyCCdMB8GA1UdIwQY
MBaAFJSWLir6d0j0UmXYn9FWJLWE5yRmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEpZdUt2cDNTUFJTWmRpZjBWWWt0WVRuSkdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8yZGI2ODMtYzllOS00NjQ3LTgyM2It
Y2Q0MDNiZGVlNGRmLzEvMVE1aUhkekt4ZjhNTmVtY1QxUkJPT3pJSUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8yZGI2ODMtYzllOS00NjQ3LTgyM2ItY2Q0MDNiZGVlNGRm
LzEvbEpZdUt2cDNTUFJTWmRpZjBWWWt0WVRuSkdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAg9wDBADB
F/4wDQQCAAIwBwMFAyoAW6AwDQYJKoZIhvcNAQELBQADggEBAGhoNUc3c36VIp8Q
6Ex3Zh3cgZ8UdO2T2XufAfoyRjy7mkg+hv0S7LEFZlbIJz9HrslqP6yFDR63q44L
0bPdmd88VCEn6TVA5p7lpD/LK+V6I9Iv2ezJe+MdwPOxbcUiACAb8tm7EK891++m
+h+dauKbKHneajZZ2jcP1AhHhzILoY5BqE61+7eTpQr03zvQQku23eUvM4r9G35Q
NUiZtDyinPgg3oVNlkWUNqHx2TH+BIkEKm3T/ovyqdhvkt9XyC2moexcqR5D7Eu8
dni1JomM983yYhBFAVKC3H76OzRoQ4O87ei/AvWipCcDTHb1CWXAAWDVeuCXpkh7
pLm4pg8=
-----END CERTIFICATE-----