Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/XfeVybS-JJmUst6aHDqcoct7XK0.roa
File:                     XfeVybS-JJmUst6aHDqcoct7XK0.roa (raw, json)
Hash identifier:          nYNNvQT6vs/H7ho6wlD5EX5eXnEUV3YAmuK8qzDOCmA=
Subject key identifier:   5D:F7:95:C9:B4:BE:24:99:94:B2:DE:9A:1C:3A:9C:A1:CB:7B:5C:AD
Certificate issuer:       /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial:       01994DD65259A080C0D16ED6926F4DE2509B
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/XfeVybS-JJmUst6aHDqcoct7XK0.roa
Signing time:             Mon 15 Sep 2025 14:45:15 +0000
ROA not before:           Mon 15 Sep 2025 14:45:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215453
IP address blocks:        2a10:4744::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4d:d6:52:59:a0:80:c0:d1:6e:d6:92:6f:4d:e2:50:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
        Validity
            Not Before: Sep 15 14:45:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5df795c9b4be249994b2de9a1c3a9ca1cb7b5cad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:50:88:29:d2:bb:a1:b9:19:a9:cb:fe:8d:ab:
                    f1:6d:31:90:7d:eb:dc:23:53:a7:e0:a1:2b:1d:96:
                    c9:f3:86:76:ce:f0:d2:61:75:d4:11:42:bf:3a:c6:
                    f6:19:55:c1:b7:f7:53:02:92:26:2e:1a:bb:78:04:
                    45:65:73:4e:16:59:2b:d8:d6:92:6a:5d:49:ac:13:
                    c4:3b:04:38:96:1b:13:db:84:ca:f5:49:a4:4f:c9:
                    ad:97:3d:c8:0c:00:a1:61:6c:40:dd:98:ce:64:b9:
                    6e:a2:e0:b2:52:22:95:1d:d0:77:42:f1:a0:d6:bc:
                    0d:3f:de:c3:aa:24:6e:3d:72:73:c6:7d:90:11:32:
                    dc:e2:50:91:f9:58:5d:fc:cd:0f:82:25:9f:92:1f:
                    10:3a:06:bb:4f:2f:bb:b4:bf:70:f6:d3:3f:fb:59:
                    c3:db:5f:c7:a2:94:37:6f:e3:8f:80:89:7e:86:fd:
                    4f:44:1c:6b:f2:6f:e9:fd:b0:3b:05:18:1e:d1:fd:
                    5d:05:16:49:f1:59:d9:5c:22:38:24:9b:ce:26:d6:
                    8c:5f:ef:cc:46:bb:75:86:eb:6f:73:68:e7:df:a8:
                    70:df:cc:9f:09:f1:eb:c3:46:4e:40:73:65:60:ef:
                    75:d9:cd:94:a4:37:e4:46:6d:bb:97:7a:ee:c6:d6:
                    45:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:F7:95:C9:B4:BE:24:99:94:B2:DE:9A:1C:3A:9C:A1:CB:7B:5C:AD
            X509v3 Authority Key Identifier:
                keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/XfeVybS-JJmUst6aHDqcoct7XK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4744::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:26:63:c3:76:30:65:85:58:a0:1e:b9:42:40:70:46:14:8e:
         12:25:81:1c:15:ed:30:a9:c2:90:8c:4e:aa:78:7a:fa:62:da:
         c5:99:d9:c6:51:b5:ef:7f:b6:7b:a4:d6:a6:5d:b7:8c:d9:7c:
         1d:9b:30:b0:02:7c:fc:a3:88:bf:cc:c2:25:58:b8:be:ee:43:
         e7:73:9d:b4:1e:44:4a:c8:b9:af:b1:a1:63:8b:7d:26:0f:c2:
         7d:0c:f2:66:8c:92:29:66:c4:ee:d3:7d:44:70:37:4f:84:e7:
         cc:04:51:8b:06:69:66:f6:05:b0:2e:64:99:c4:e8:e0:93:5f:
         ca:16:45:30:2c:5a:b7:13:6a:64:e9:d4:ab:5e:34:1d:54:9b:
         ba:b7:3f:18:15:60:77:07:5e:73:d7:4f:c6:55:51:94:cd:f7:
         c7:e0:83:a1:4e:b4:a4:59:ee:3e:dd:7d:76:52:65:a2:2b:07:
         9a:0b:a7:24:90:fe:62:29:9e:f5:5e:ff:48:fb:48:0a:b9:5d:
         fc:e7:21:0e:cc:0a:5b:75:96:91:c2:d0:62:fe:75:42:3e:bd:
         04:a0:95:d0:1d:e9:ff:92:92:e9:d3:6e:fb:6b:55:dd:6b:96:
         14:76:09:a3:87:b0:f9:8b:fd:d3:ec:4b:43:e9:b6:ce:01:86:
         45:58:61:1a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZlN1lJZoIDA0W7Wkm9N4lCbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjUwOTE1MTQ0NTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGY3OTVjOWI0YmUyNDk5OTRiMmRlOWExYzNhOWNhMWNiN2I1Y2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlCIKdK7obkZqcv+javxbTGQfevc
I1On4KErHZbJ84Z2zvDSYXXUEUK/Osb2GVXBt/dTApImLhq7eARFZXNOFlkr2NaS
al1JrBPEOwQ4lhsT24TK9UmkT8mtlz3IDAChYWxA3ZjOZLluouCyUiKVHdB3QvGg
1rwNP97DqiRuPXJzxn2QETLc4lCR+Vhd/M0PgiWfkh8QOga7Ty+7tL9w9tM/+1nD
21/HopQ3b+OPgIl+hv1PRBxr8m/p/bA7BRge0f1dBRZJ8VnZXCI4JJvOJtaMX+/M
Rrt1hutvc2jn36hw38yfCfHrw0ZOQHNlYO912c2UpDfkRm27l3ruxtZF2QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF33lcm0viSZlLLemhw6nKHLe1ytMB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvWGZlVnliUy1KSm1Vc3Q2YUhEcWNvY3Q3WEswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhBHRDAN
BgkqhkiG9w0BAQsFAAOCAQEAOyZjw3YwZYVYoB65QkBwRhSOEiWBHBXtMKnCkIxO
qnh6+mLaxZnZxlG173+2e6TWpl23jNl8HZswsAJ8/KOIv8zCJVi4vu5D53OdtB5E
Ssi5r7GhY4t9Jg/CfQzyZoySKWbE7tN9RHA3T4TnzARRiwZpZvYFsC5kmcTo4JNf
yhZFMCxatxNqZOnUq140HVSburc/GBVgdwdec9dPxlVRlM33x+CDoU60pFnuPt19
dlJloisHmgunJJD+Yime9V7/SPtICrld/OchDswKW3WWkcLQYv51Qj69BKCV0B3p
/5KS6dNu+2tV3WuWFHYJo4ew+Yv90+xLQ+m2zgGGRVhhGg==
-----END CERTIFICATE-----