Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4b4df7-d72b-474f-963f-59e6a6d4d576/1/TO80eqDFXQYl6CGIoinTDRQ723A.roa
File:                     TO80eqDFXQYl6CGIoinTDRQ723A.roa (raw, json)
Hash identifier:          s5/qxS+QcBwb4YurVep+bFST0F2tBLYaOg/4Lpz+Qgk=
Subject key identifier:   4C:EF:34:7A:A0:C5:5D:06:25:E8:21:88:A2:29:D3:0D:14:3B:DB:70
Certificate issuer:       /CN=0b1b318e5057a1c10341607cddddadb46d71abf5
Certificate serial:       0199E17977A652ADF998CF28F5E58460B124
Authority key identifier: 0B:1B:31:8E:50:57:A1:C1:03:41:60:7C:DD:DD:AD:B4:6D:71:AB:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CxsxjlBXocEDQWB83d2ttG1xq_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4b4df7-d72b-474f-963f-59e6a6d4d576/1/TO80eqDFXQYl6CGIoinTDRQ723A.roa
Signing time:             Tue 14 Oct 2025 06:47:37 +0000
ROA not before:           Tue 14 Oct 2025 06:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211683
IP address blocks:        5.253.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4b4df7-d72b-474f-963f-59e6a6d4d576/1/CxsxjlBXocEDQWB83d2ttG1xq_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4b4df7-d72b-474f-963f-59e6a6d4d576/1/CxsxjlBXocEDQWB83d2ttG1xq_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CxsxjlBXocEDQWB83d2ttG1xq_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 06:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e1:79:77:a6:52:ad:f9:98:cf:28:f5:e5:84:60:b1:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b1b318e5057a1c10341607cddddadb46d71abf5
        Validity
            Not Before: Oct 14 06:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4cef347aa0c55d0625e82188a229d30d143bdb70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f6:5f:d7:99:90:19:ee:92:51:a8:db:34:42:
                    ce:b2:28:0c:53:99:2a:26:d1:4b:2e:39:d3:48:91:
                    5b:2e:1f:d5:6c:3f:8c:b5:39:67:5d:af:c6:e8:81:
                    d1:c0:f5:20:b5:40:7f:f5:56:fa:0d:f0:08:02:18:
                    ca:e9:c6:72:df:9c:f7:e5:66:b5:30:8c:bb:9d:e9:
                    16:11:d0:91:37:97:2f:4c:e9:99:b8:73:60:c7:64:
                    f3:97:40:ba:69:cb:15:f1:36:4e:40:59:d5:e1:01:
                    9c:14:9b:97:02:bb:72:2c:2b:8b:d5:2a:24:51:cf:
                    2e:db:85:03:1b:84:49:9e:d4:13:59:b2:d4:2e:27:
                    9d:16:2b:fe:4a:cf:f6:1c:ae:8c:a5:37:68:4b:b7:
                    ca:8b:db:a4:de:39:bb:56:43:24:0a:c6:93:48:78:
                    4e:3b:19:fe:b6:66:2f:39:b1:a0:58:1a:36:ec:94:
                    c0:cf:b6:c2:e7:e1:ad:f8:70:6a:32:8a:f9:94:ad:
                    fb:be:84:71:03:55:19:55:5c:b0:78:e8:2c:10:15:
                    2c:8c:e7:fe:03:97:55:c0:a4:bd:4f:ca:29:e4:a7:
                    fd:2a:98:8f:71:4a:4e:ea:47:3a:bf:c1:80:d0:c5:
                    e3:89:f8:21:8d:67:42:ea:e4:dc:56:c4:37:d8:af:
                    02:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:EF:34:7A:A0:C5:5D:06:25:E8:21:88:A2:29:D3:0D:14:3B:DB:70
            X509v3 Authority Key Identifier:
                keyid:0B:1B:31:8E:50:57:A1:C1:03:41:60:7C:DD:DD:AD:B4:6D:71:AB:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CxsxjlBXocEDQWB83d2ttG1xq_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4b4df7-d72b-474f-963f-59e6a6d4d576/1/TO80eqDFXQYl6CGIoinTDRQ723A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4b4df7-d72b-474f-963f-59e6a6d4d576/1/CxsxjlBXocEDQWB83d2ttG1xq_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:6e:7d:05:be:c5:61:be:47:fc:a8:40:0e:a5:88:bd:d3:3c:
         97:dc:97:e0:77:48:93:84:d6:f0:f5:66:7d:fa:b6:91:20:3f:
         83:b1:60:23:e0:76:89:89:1a:85:fd:db:19:ca:78:51:ef:d1:
         c3:35:14:38:f0:61:4e:bd:7c:91:43:5c:0f:bd:7c:d6:de:fd:
         cf:1d:8f:b1:70:26:c3:b9:50:60:ee:b1:58:18:f1:9f:70:12:
         f1:d4:01:3b:54:72:4c:87:ea:ef:3f:fb:04:f9:95:10:16:3e:
         4d:63:e2:e6:35:a7:c0:d1:41:c8:71:eb:7b:1e:84:ad:d1:cc:
         1d:a1:39:7d:be:12:42:18:c1:67:53:be:51:8c:d0:a2:04:13:
         5e:78:38:38:0a:17:e1:e1:34:98:1e:3b:7f:40:00:dd:40:8e:
         a5:86:a1:39:c0:60:43:ce:69:bf:0d:e4:3a:32:f9:ba:48:8e:
         8a:c3:49:ec:09:28:99:52:16:81:ce:18:37:77:6c:45:0e:a8:
         4b:d8:0f:6e:b6:22:b5:8e:82:89:f5:4a:a4:a5:79:c1:3a:69:
         cb:b0:b4:b4:7a:2c:f4:97:91:fa:35:81:df:fb:e9:13:1f:a2:
         34:14:73:71:e5:58:03:9c:63:15:17:54:9b:50:e4:63:b8:2f:
         34:9b:6b:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnheXemUq35mM8o9eWEYLEkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWIzMThlNTA1N2ExYzEwMzQxNjA3Y2RkZGRhZGI0NmQ3
MWFiZjUwHhcNMjUxMDE0MDY0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2VmMzQ3YWEwYzU1ZDA2MjVlODIxODhhMjI5ZDMwZDE0M2JkYjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovZf15mQGe6SUajbNELOsigMU5kq
JtFLLjnTSJFbLh/VbD+MtTlnXa/G6IHRwPUgtUB/9Vb6DfAIAhjK6cZy35z35Wa1
MIy7nekWEdCRN5cvTOmZuHNgx2Tzl0C6acsV8TZOQFnV4QGcFJuXArtyLCuL1Sok
Uc8u24UDG4RJntQTWbLULiedFiv+Ss/2HK6MpTdoS7fKi9uk3jm7VkMkCsaTSHhO
Oxn+tmYvObGgWBo27JTAz7bC5+Gt+HBqMor5lK37voRxA1UZVVyweOgsEBUsjOf+
A5dVwKS9T8op5Kf9KpiPcUpO6kc6v8GA0MXjifghjWdC6uTcVsQ32K8CcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzvNHqgxV0GJeghiKIp0w0UO9twMB8GA1UdIwQY
MBaAFAsbMY5QV6HBA0FgfN3drbRtcav1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3hzeGpsQlhvY0VEUVdCODNkMnR0RzF4cV9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YjRkZjctZDcyYi00NzRmLTk2M2Yt
NTllNmE2ZDRkNTc2LzEvVE84MGVxREZYUVlsNkNHSW9pblREUlE3MjNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YjRkZjctZDcyYi00NzRmLTk2M2YtNTllNmE2ZDRkNTc2
LzEvQ3hzeGpsQlhvY0VEUVdCODNkMnR0RzF4cV9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf3nMA0G
CSqGSIb3DQEBCwUAA4IBAQCfbn0FvsVhvkf8qEAOpYi90zyX3Jfgd0iThNbw9WZ9
+raRID+DsWAj4HaJiRqF/dsZynhR79HDNRQ48GFOvXyRQ1wPvXzW3v3PHY+xcCbD
uVBg7rFYGPGfcBLx1AE7VHJMh+rvP/sE+ZUQFj5NY+LmNafA0UHIcet7HoSt0cwd
oTl9vhJCGMFnU75RjNCiBBNeeDg4Chfh4TSYHjt/QADdQI6lhqE5wGBDzmm/DeQ6
Mvm6SI6Kw0nsCSiZUhaBzhg3d2xFDqhL2A9utiK1joKJ9UqkpXnBOmnLsLS0eiz0
l5H6NYHf++kTH6I0FHNx5VgDnGMVF1SbUORjuC80m2vR
-----END CERTIFICATE-----