Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/EWTxX8xHCQ-y0eC-O4N3o3QoyvM.roa
File:                     EWTxX8xHCQ-y0eC-O4N3o3QoyvM.roa (raw, json)
Hash identifier:          dVuWzw7AA4Zse8atqpUG5cLLbJKhbiKvMBsraKeVoHo=
Subject key identifier:   11:64:F1:5F:CC:47:09:0F:B2:D1:E0:BE:3B:83:77:A3:74:28:CA:F3
Certificate issuer:       /CN=0b1c6d0de70cc51805b63a5e2327622525d075b1
Certificate serial:       01999A4144F657166DA23EDA1D6327DEE1AA
Authority key identifier: 0B:1C:6D:0D:E7:0C:C5:18:05:B6:3A:5E:23:27:62:25:25:D0:75:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/EWTxX8xHCQ-y0eC-O4N3o3QoyvM.roa
Signing time:             Tue 30 Sep 2025 10:53:12 +0000
ROA not before:           Tue 30 Sep 2025 10:53:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19637
IP address blocks:        2a02:ce8:54c::/48 maxlen: 48
                          2a02:ce8:5ba::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:41:44:f6:57:16:6d:a2:3e:da:1d:63:27:de:e1:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b1c6d0de70cc51805b63a5e2327622525d075b1
        Validity
            Not Before: Sep 30 10:53:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1164f15fcc47090fb2d1e0be3b8377a37428caf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0f:4b:99:1d:53:45:a3:5d:4d:31:5f:d6:5c:
                    6d:b8:93:22:a6:d2:cd:9c:40:8c:3d:a4:62:36:66:
                    60:08:e0:38:9f:55:20:25:a9:28:fe:b6:b1:e9:bc:
                    34:1c:2a:7b:03:63:2c:34:09:a0:e4:4f:ce:67:f9:
                    18:58:8a:e2:96:a6:27:e6:d7:18:b8:57:9a:71:33:
                    32:80:35:10:9d:89:57:1d:60:6f:d1:e9:88:a2:11:
                    fc:b9:5a:a9:cf:2d:fe:75:bd:40:59:8e:95:36:45:
                    e7:91:e9:33:e3:e7:1b:72:1f:bd:dd:57:37:04:b9:
                    ff:7e:c8:1e:34:11:06:c0:ec:7f:1d:df:1a:7f:d1:
                    52:8b:bd:d1:50:94:0c:02:a6:53:ea:ea:63:cc:80:
                    bf:59:ff:16:a5:6f:89:c8:c9:6c:c2:af:29:f2:5d:
                    e5:64:c1:f4:65:26:0d:8c:cf:ef:f5:d9:dd:2b:20:
                    17:00:75:a4:82:81:84:88:2e:f5:a5:3f:66:8c:d3:
                    79:2d:37:09:29:a3:9a:b4:3a:47:86:16:a4:f5:60:
                    7d:77:01:d7:96:5b:4d:8c:2d:a9:44:77:f0:3d:76:
                    3d:eb:82:4d:e8:35:e9:f7:93:47:42:ba:21:af:48:
                    56:26:22:09:f2:a1:de:07:91:0b:49:7b:eb:45:dd:
                    f1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:64:F1:5F:CC:47:09:0F:B2:D1:E0:BE:3B:83:77:A3:74:28:CA:F3
            X509v3 Authority Key Identifier:
                keyid:0B:1C:6D:0D:E7:0C:C5:18:05:B6:3A:5E:23:27:62:25:25:D0:75:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/EWTxX8xHCQ-y0eC-O4N3o3QoyvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:ce8:54c::/48
                  2a02:ce8:5ba::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:b8:79:a0:f4:d3:8d:92:a4:a2:88:b9:49:4e:25:ac:c9:b0:
         17:18:dd:c6:b1:ee:29:82:0d:a7:97:5d:c9:00:60:50:8a:c4:
         ca:91:dc:8e:c1:3a:22:c3:ef:61:68:bb:dc:29:bf:69:fc:ef:
         b3:28:5b:86:7b:b3:7c:36:74:a8:05:87:e5:6c:1a:ea:f8:52:
         0c:3d:84:c3:a3:63:3c:c6:08:15:02:ce:ef:39:d8:4f:22:e1:
         d3:bb:18:00:4e:82:df:ea:c2:05:dc:47:aa:70:21:a0:2d:d2:
         f1:b5:f5:78:1e:5a:ad:a2:1d:25:da:f1:b2:d9:73:4c:11:ad:
         68:0d:b5:f3:bc:7a:68:44:79:08:8d:41:a0:71:83:45:56:84:
         b6:50:ab:8e:2f:96:af:dc:19:b1:a7:80:bd:22:eb:19:fe:f6:
         f3:9e:0d:f7:d1:70:50:9a:af:ac:b9:99:9f:44:46:2c:01:59:
         0a:77:ca:29:e3:53:36:75:5f:f9:5d:a5:ab:55:fb:5c:a8:b8:
         bf:27:e5:62:01:a7:f5:b6:42:b1:2e:52:78:17:67:fc:09:0d:
         ad:b2:f6:6e:8c:21:af:ab:9a:86:71:34:61:cc:76:75:28:37:
         7c:31:9a:7c:e7:d2:a5:ee:10:1c:1f:69:10:86:3b:bd:ca:e0:
         83:c5:57:06
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmaQUT2VxZtoj7aHWMn3uGqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWM2ZDBkZTcwY2M1MTgwNWI2M2E1ZTIzMjc2MjI1MjVk
MDc1YjEwHhcNMjUwOTMwMTA1MzEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTY0ZjE1ZmNjNDcwOTBmYjJkMWUwYmUzYjgzNzdhMzc0MjhjYWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApg9LmR1TRaNdTTFf1lxtuJMiptLN
nECMPaRiNmZgCOA4n1UgJako/rax6bw0HCp7A2MsNAmg5E/OZ/kYWIrilqYn5tcY
uFeacTMygDUQnYlXHWBv0emIohH8uVqpzy3+db1AWY6VNkXnkekz4+cbch+93Vc3
BLn/fsgeNBEGwOx/Hd8af9FSi73RUJQMAqZT6upjzIC/Wf8WpW+JyMlswq8p8l3l
ZMH0ZSYNjM/v9dndKyAXAHWkgoGEiC71pT9mjNN5LTcJKaOatDpHhhak9WB9dwHX
lltNjC2pRHfwPXY964JN6DXp95NHQrohr0hWJiIJ8qHeB5ELSXvrRd3xLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBFk8V/MRwkPstHgvjuDd6N0KMrzMB8GA1UdIwQY
MBaAFAscbQ3nDMUYBbY6XiMnYiUl0HWxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3h4dERlY014UmdGdGpwZUl5ZGlKU1hRZGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMTk3MmEtOWUxOC00NzkxLTg1MzAt
Zjc3NGYxZWFmYmZmLzEvRVdUeFg4eEhDUS15MGVDLU80TjNvM1FveXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMTk3MmEtOWUxOC00NzkxLTg1MzAtZjc3NGYxZWFmYmZm
LzEvQ3h4dERlY014UmdGdGpwZUl5ZGlKU1hRZGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgIM6AVM
AwcAKgIM6AW6MA0GCSqGSIb3DQEBCwUAA4IBAQCduHmg9NONkqSiiLlJTiWsybAX
GN3Gse4pgg2nl13JAGBQisTKkdyOwToiw+9haLvcKb9p/O+zKFuGe7N8NnSoBYfl
bBrq+FIMPYTDo2M8xggVAs7vOdhPIuHTuxgAToLf6sIF3EeqcCGgLdLxtfV4Hlqt
oh0l2vGy2XNMEa1oDbXzvHpoRHkIjUGgcYNFVoS2UKuOL5av3Bmxp4C9IusZ/vbz
ng330XBQmq+suZmfREYsAVkKd8op41M2dV/5XaWrVftcqLi/J+ViAaf1tkKxLlJ4
F2f8CQ2tsvZujCGvq5qGcTRhzHZ1KDd8MZp859Kl7hAcH2kQhju9yuCDxVcG
-----END CERTIFICATE-----