Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/ZTuZG35aq-_FRZAbaGaaD5vcMwI.roa
File:                     ZTuZG35aq-_FRZAbaGaaD5vcMwI.roa (raw, json)
Hash identifier:          ulXglv5m+ng8W6iFQKnfH2V7n7R22IWQlAJ1C+Bod0g=
Subject key identifier:   65:3B:99:1B:7E:5A:AB:EF:C5:45:90:1B:68:66:9A:0F:9B:DC:33:02
Certificate issuer:       /CN=beb12ce6a91030e27d5abad146df27bc2880652b
Certificate serial:       0199A49613588682F1EBE32A637E04C0D530
Authority key identifier: BE:B1:2C:E6:A9:10:30:E2:7D:5A:BA:D1:46:DF:27:BC:28:80:65:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/ZTuZG35aq-_FRZAbaGaaD5vcMwI.roa
Signing time:             Thu 02 Oct 2025 11:02:02 +0000
ROA not before:           Thu 02 Oct 2025 11:02:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42705
IP address blocks:        5.11.20.0/24 maxlen: 24
                          5.11.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a4:96:13:58:86:82:f1:eb:e3:2a:63:7e:04:c0:d5:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beb12ce6a91030e27d5abad146df27bc2880652b
        Validity
            Not Before: Oct  2 11:02:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=653b991b7e5aabefc545901b68669a0f9bdc3302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:10:aa:a6:6e:63:a9:57:48:13:96:ef:ba:c3:
                    d2:7a:ab:6c:b3:75:bc:e2:e6:8d:a0:39:92:24:b6:
                    33:e7:eb:a0:62:f1:3e:21:ab:5f:dc:c7:5d:ba:42:
                    bd:3b:7d:de:ee:38:d4:58:7d:c1:9b:b0:4b:d3:27:
                    7b:eb:29:c9:49:a6:18:45:e7:81:33:9d:e9:75:88:
                    18:0d:4b:e9:23:ef:a6:4d:03:5b:de:c6:2f:08:a3:
                    99:4b:a9:7a:72:57:54:d0:07:5b:09:67:d7:34:b1:
                    c1:36:68:89:9e:71:89:84:22:65:e3:d6:d7:b8:13:
                    02:cb:f8:42:3f:eb:78:01:3c:c0:47:06:b6:2e:75:
                    33:e9:3c:60:5c:d8:16:29:54:f3:2d:bb:59:66:c7:
                    3b:24:43:e4:cd:34:1e:75:ed:10:e0:6c:80:ee:f1:
                    1c:03:10:b2:91:8f:da:24:43:51:c3:61:a6:ab:73:
                    28:43:11:57:13:7f:9c:7b:44:cc:2a:c6:01:5f:2f:
                    32:9c:89:f2:a7:9b:08:d6:4c:cb:6f:c3:a9:d1:84:
                    c1:ff:67:a9:6d:e4:58:3e:bc:0b:c6:94:89:82:13:
                    3d:ce:77:b7:2a:53:e7:5a:4d:07:65:c9:8c:f1:54:
                    84:04:84:66:73:25:e5:69:8e:df:1a:0a:8b:fd:a2:
                    2c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:3B:99:1B:7E:5A:AB:EF:C5:45:90:1B:68:66:9A:0F:9B:DC:33:02
            X509v3 Authority Key Identifier:
                keyid:BE:B1:2C:E6:A9:10:30:E2:7D:5A:BA:D1:46:DF:27:BC:28:80:65:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/ZTuZG35aq-_FRZAbaGaaD5vcMwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.20.0/24
                  5.11.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:35:1b:ae:09:d1:aa:fb:33:24:de:65:82:62:52:2a:bc:3f:
         f0:c2:33:54:cf:0f:ed:e4:c2:2b:c1:1b:d5:76:d3:5d:de:07:
         d1:8b:33:45:3d:07:ed:3a:33:e7:6e:cc:05:60:05:87:d0:18:
         b0:89:20:1d:ec:57:27:73:e0:da:7e:24:8f:08:41:e2:ff:c1:
         09:54:0d:df:cc:2a:0b:8d:e6:e8:49:f6:19:e1:31:9c:4a:d7:
         34:80:5b:4d:e5:ef:7c:70:a2:ed:9b:1a:b8:05:f9:86:69:11:
         61:a5:0c:5a:43:fe:63:4e:e1:17:3c:91:ba:79:f2:e3:a2:a8:
         33:ef:5d:bc:90:be:27:8c:2d:0a:73:1c:98:b8:b0:97:a7:6a:
         10:cc:91:9d:ba:8f:25:4a:3c:11:9e:90:f8:47:db:fe:64:75:
         82:0b:d4:8b:60:1d:7c:ea:b5:7b:5e:6c:9a:65:67:47:be:bc:
         50:75:56:cd:a4:e4:30:0c:a6:50:0c:ad:ec:6c:9a:f6:40:66:
         49:6a:da:59:91:28:9c:87:ef:e4:49:ef:66:a6:92:ee:48:90:
         de:9b:3a:60:f8:8e:2c:c6:89:f7:98:c9:8f:e4:d5:49:a4:f1:
         af:5a:86:48:d9:7e:58:99:10:a0:ec:07:5c:55:f4:7e:f5:29:
         e1:11:8c:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmklhNYhoLx6+MqY34EwNUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYjEyY2U2YTkxMDMwZTI3ZDVhYmFkMTQ2ZGYyN2JjMjg4
MDY1MmIwHhcNMjUxMDAyMTEwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTNiOTkxYjdlNWFhYmVmYzU0NTkwMWI2ODY2OWEwZjliZGMzMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9xCqpm5jqVdIE5bvusPSeqtss3W8
4uaNoDmSJLYz5+ugYvE+Iatf3MddukK9O33e7jjUWH3Bm7BL0yd76ynJSaYYReeB
M53pdYgYDUvpI++mTQNb3sYvCKOZS6l6cldU0AdbCWfXNLHBNmiJnnGJhCJl49bX
uBMCy/hCP+t4ATzARwa2LnUz6TxgXNgWKVTzLbtZZsc7JEPkzTQede0Q4GyA7vEc
AxCykY/aJENRw2Gmq3MoQxFXE3+ce0TMKsYBXy8ynInyp5sI1kzLb8Op0YTB/2ep
beRYPrwLxpSJghM9zne3KlPnWk0HZcmM8VSEBIRmcyXlaY7fGgqL/aIs9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGU7mRt+WqvvxUWQG2hmmg+b3DMCMB8GA1UdIwQY
MBaAFL6xLOapEDDifVq60UbfJ7wogGUrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJFczVxa1FNT0o5V3JyUlJ0OG52Q2lBWlNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC83NDk0MGEtZDlmYS00NTUyLWJlNWMt
YTdhZGU0MzRkNDUxLzEvWlR1WkczNWFxLV9GUlpBYmFHYWFENXZjTXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC83NDk0MGEtZDlmYS00NTUyLWJlNWMtYTdhZGU0MzRkNDUx
LzEvdnJFczVxa1FNT0o5V3JyUlJ0OG52Q2lBWlNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABQsUAwQA
BQsXMA0GCSqGSIb3DQEBCwUAA4IBAQCWNRuuCdGq+zMk3mWCYlIqvD/wwjNUzw/t
5MIrwRvVdtNd3gfRizNFPQftOjPnbswFYAWH0BiwiSAd7Fcnc+DafiSPCEHi/8EJ
VA3fzCoLjeboSfYZ4TGcStc0gFtN5e98cKLtmxq4BfmGaRFhpQxaQ/5jTuEXPJG6
efLjoqgz7128kL4njC0KcxyYuLCXp2oQzJGduo8lSjwRnpD4R9v+ZHWCC9SLYB18
6rV7XmyaZWdHvrxQdVbNpOQwDKZQDK3sbJr2QGZJatpZkSich+/kSe9mppLuSJDe
mzpg+I4sxon3mMmP5NVJpPGvWoZI2X5YmRCg7AdcVfR+9SnhEYx+
-----END CERTIFICATE-----