Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/XD9exolZuPQ40dkfdus25Vf9rII.roa
File:                     XD9exolZuPQ40dkfdus25Vf9rII.roa (raw, json)
Hash identifier:          FmLN+c/lhCwCKONje2+AaEBWa+VnuluALCFAOq2/rro=
Subject key identifier:   5C:3F:5E:C6:89:59:B8:F4:38:D1:D9:1F:76:EB:36:E5:57:FD:AC:82
Certificate issuer:       /CN=37689eaacbaf68af35d3fafb9674de48a6fc0978
Certificate serial:       01993F2381607752D2F1CD3DF3AB93F47276
Authority key identifier: 37:68:9E:AA:CB:AF:68:AF:35:D3:FA:FB:96:74:DE:48:A6:FC:09:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N2ieqsuvaK810_r7lnTeSKb8CXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/XD9exolZuPQ40dkfdus25Vf9rII.roa
Signing time:             Fri 12 Sep 2025 18:15:15 +0000
ROA not before:           Fri 12 Sep 2025 18:15:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210482
IP address blocks:        141.80.0.0/16 maxlen: 24
                          2001:678:480::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/N2ieqsuvaK810_r7lnTeSKb8CXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/N2ieqsuvaK810_r7lnTeSKb8CXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N2ieqsuvaK810_r7lnTeSKb8CXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3f:23:81:60:77:52:d2:f1:cd:3d:f3:ab:93:f4:72:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37689eaacbaf68af35d3fafb9674de48a6fc0978
        Validity
            Not Before: Sep 12 18:15:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c3f5ec68959b8f438d1d91f76eb36e557fdac82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0b:1f:1e:05:f0:18:3e:d6:07:51:46:05:36:
                    33:45:81:6c:06:c2:1e:d2:95:11:de:66:eb:db:ef:
                    09:67:f9:7f:20:f3:08:71:4b:53:bb:75:7f:6b:05:
                    0c:3c:ad:d7:fb:02:b3:12:72:83:4f:a3:27:38:c8:
                    6d:fb:ad:ff:da:1f:87:42:19:b4:f9:e9:e8:8f:0f:
                    58:20:c0:28:62:f6:ec:55:a6:64:63:e8:28:b2:d0:
                    b5:06:07:bf:a1:18:1b:f8:44:2e:35:3c:d0:63:df:
                    9f:fc:c0:e3:5b:72:21:46:70:fd:6e:ec:11:b5:29:
                    c0:7f:b6:ae:a6:22:b9:00:8a:d1:a3:52:93:a4:42:
                    56:ed:da:5b:44:1f:56:86:eb:d3:c3:70:e7:92:2b:
                    61:80:ba:52:25:7c:ec:2c:a8:37:e1:cd:cd:14:5a:
                    9f:f4:64:cf:e4:90:21:e4:e2:27:c5:3b:2a:3b:0e:
                    41:e4:f6:c4:3f:06:25:c7:36:09:28:89:c5:24:bb:
                    75:4f:1e:97:06:5b:30:35:93:26:e8:8e:d9:58:31:
                    bb:d9:e7:76:f2:62:06:ac:5e:78:8d:55:cc:a0:1c:
                    dc:1d:11:12:92:dc:94:74:5e:a5:69:68:9b:0f:08:
                    c1:31:3b:b8:4d:d6:97:10:49:61:fb:25:1b:98:6a:
                    67:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:3F:5E:C6:89:59:B8:F4:38:D1:D9:1F:76:EB:36:E5:57:FD:AC:82
            X509v3 Authority Key Identifier:
                keyid:37:68:9E:AA:CB:AF:68:AF:35:D3:FA:FB:96:74:DE:48:A6:FC:09:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N2ieqsuvaK810_r7lnTeSKb8CXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/XD9exolZuPQ40dkfdus25Vf9rII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/84179d-4c65-44b8-b30b-5dabb4e47abb/1/N2ieqsuvaK810_r7lnTeSKb8CXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.80.0.0/16
                IPv6:
                  2001:678:480::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:e2:97:4e:3e:5c:2a:2f:6a:e4:db:81:29:4b:e4:0c:13:57:
         5b:18:a8:b7:ea:09:f2:b5:15:e8:dc:68:7d:9b:b9:49:d3:d2:
         7b:59:0d:e1:2c:ff:1f:6b:31:aa:e2:28:2e:94:c0:d6:58:17:
         8c:61:88:20:d2:e7:c0:65:e3:9f:af:8a:26:ed:dc:53:59:79:
         b1:83:c0:30:40:81:6c:7e:4e:a4:3d:d0:d4:12:e7:f2:13:1f:
         77:f8:96:7a:02:9f:ad:81:21:fd:3b:41:3f:6f:c2:cb:d3:6c:
         fb:bc:e2:c7:55:fe:05:b2:8d:12:8a:71:b5:26:31:fd:fd:9a:
         ae:6d:7f:e4:d8:69:d3:23:c1:41:0c:79:fc:01:df:62:34:85:
         36:d9:40:5f:71:ab:9e:52:49:d4:5e:15:93:cf:47:69:f3:ec:
         f2:74:38:3e:de:75:63:b9:9f:54:4f:c5:f5:72:a6:09:70:2d:
         59:64:ee:40:ab:39:3b:09:7f:a4:36:7c:9f:d4:67:f2:02:7a:
         56:33:36:aa:61:fe:cc:c9:9f:32:d7:34:59:a0:da:6b:75:34:
         f1:80:45:c1:9e:b4:f4:e8:21:5b:d0:7c:19:e7:6f:5c:b5:88:
         6f:d0:fc:ed:89:89:c2:f2:64:59:9c:b8:fc:f0:b2:1a:56:e9:
         4c:0d:65:0c
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZk/I4Fgd1LS8c0986uT9HJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3Njg5ZWFhY2JhZjY4YWYzNWQzZmFmYjk2NzRkZTQ4YTZm
YzA5NzgwHhcNMjUwOTEyMTgxNTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzNmNWVjNjg5NTliOGY0MzhkMWQ5MWY3NmViMzZlNTU3ZmRhYzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQsfHgXwGD7WB1FGBTYzRYFsBsIe
0pUR3mbr2+8JZ/l/IPMIcUtTu3V/awUMPK3X+wKzEnKDT6MnOMht+63/2h+HQhm0
+enojw9YIMAoYvbsVaZkY+gostC1Bge/oRgb+EQuNTzQY9+f/MDjW3IhRnD9buwR
tSnAf7aupiK5AIrRo1KTpEJW7dpbRB9WhuvTw3DnkithgLpSJXzsLKg34c3NFFqf
9GTP5JAh5OInxTsqOw5B5PbEPwYlxzYJKInFJLt1Tx6XBlswNZMm6I7ZWDG72ed2
8mIGrF54jVXMoBzcHRESktyUdF6laWibDwjBMTu4TdaXEElh+yUbmGpn0wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFFw/XsaJWbj0ONHZH3brNuVX/ayCMB8GA1UdIwQY
MBaAFDdonqrLr2ivNdP6+5Z03kim/Al4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjJpZXFzdXZhSzgxMF9yN2xuVGVTS2I4Q1hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS84NDE3OWQtNGM2NS00NGI4LWIzMGIt
NWRhYmI0ZTQ3YWJiLzEvWEQ5ZXhvbFp1UFE0MGRrZmR1czI1VmY5cklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS84NDE3OWQtNGM2NS00NGI4LWIzMGItNWRhYmI0ZTQ3YWJi
LzEvTjJpZXFzdXZhSzgxMF9yN2xuVGVTS2I4Q1hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjALBAIAATAFAwMAjVAwDwQC
AAIwCQMHACABBngEgDANBgkqhkiG9w0BAQsFAAOCAQEAT+KXTj5cKi9q5NuBKUvk
DBNXWxiot+oJ8rUV6NxofZu5SdPSe1kN4Sz/H2sxquIoLpTA1lgXjGGIINLnwGXj
n6+KJu3cU1l5sYPAMECBbH5OpD3Q1BLn8hMfd/iWegKfrYEh/TtBP2/Cy9Ns+7zi
x1X+BbKNEopxtSYx/f2arm1/5Nhp0yPBQQx5/AHfYjSFNtlAX3GrnlJJ1F4Vk89H
afPs8nQ4Pt51Y7mfVE/F9XKmCXAtWWTuQKs5Owl/pDZ8n9Rn8gJ6VjM2qmH+zMmf
Mtc0WaDaa3U08YBFwZ609OghW9B8GedvXLWIb9D87YmJwvJkWZy4/PCyGlbpTA1l
DA==
-----END CERTIFICATE-----