Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/EseDT4XrBGBs5m1XMkQxdKL6DRM.roa
File:                     EseDT4XrBGBs5m1XMkQxdKL6DRM.roa (raw, json)
Hash identifier:          DF5lG0tUF3zWwo6hq2iPtURspUXksF6gXOa2o6MwSeg=
Subject key identifier:   12:C7:83:4F:85:EB:04:60:6C:E6:6D:57:32:44:31:74:A2:FA:0D:13
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0199E828E7E9AD0334B3041714CA3EDB0222
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/EseDT4XrBGBs5m1XMkQxdKL6DRM.roa
Signing time:             Wed 15 Oct 2025 13:56:58 +0000
ROA not before:           Wed 15 Oct 2025 13:56:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204916
IP address blocks:        2a0e:7040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e8:28:e7:e9:ad:03:34:b3:04:17:14:ca:3e:db:02:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Oct 15 13:56:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12c7834f85eb04606ce66d5732443174a2fa0d13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:13:53:df:1a:19:d3:95:44:a2:3d:7e:b9:6f:
                    07:61:26:24:95:9d:bc:96:42:eb:1f:3d:ca:95:5c:
                    87:af:04:35:29:a7:c8:e6:ab:bf:67:55:d3:06:56:
                    7b:95:99:ca:7d:d3:eb:3b:7f:8d:26:6f:e4:47:63:
                    b3:f1:ef:01:07:0e:76:63:e1:09:e2:5a:ef:11:ef:
                    ce:a4:2f:78:e5:ad:2a:35:68:a4:48:02:8a:86:4c:
                    ab:64:f7:4a:06:b8:c5:4f:7b:63:c0:aa:3e:ed:bd:
                    a3:43:0c:75:6a:2a:e5:ae:34:75:4b:78:b4:31:b4:
                    21:43:f4:bc:7b:58:b6:fb:0d:86:a3:cc:9e:8b:1e:
                    6a:e6:54:4b:ce:9e:8e:b3:34:5f:88:66:20:48:50:
                    f3:59:03:47:84:4d:7d:5f:37:9f:58:d4:d3:7e:70:
                    44:79:a5:21:90:40:51:a9:8a:f1:89:04:df:d6:20:
                    30:c8:06:df:12:de:c2:5d:e2:b2:12:3e:00:ed:e1:
                    5e:f2:72:de:c3:0a:70:e0:6b:20:c6:6d:d4:7f:f4:
                    6c:56:3c:ff:aa:ae:e1:6f:61:9a:3b:0b:b5:2c:69:
                    5d:f3:e8:b4:2c:68:29:43:90:b9:4f:b1:59:9d:f2:
                    3a:95:90:c8:25:b3:c2:17:0d:41:65:84:22:a6:11:
                    f0:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:C7:83:4F:85:EB:04:60:6C:E6:6D:57:32:44:31:74:A2:FA:0D:13
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/EseDT4XrBGBs5m1XMkQxdKL6DRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7040::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:de:e5:26:44:17:2f:df:98:23:8b:7c:b6:b4:65:16:72:6c:
         c6:69:52:3a:b6:26:69:e6:e5:96:da:10:01:0f:f9:ee:0b:06:
         09:b1:fb:d4:bb:ee:1f:0e:55:fa:f6:b0:83:c6:a2:8e:32:bb:
         db:b1:b3:58:2a:23:96:fc:b4:57:ba:8a:10:35:63:21:1b:3f:
         93:2e:de:e6:41:84:2b:08:d7:82:6e:29:c9:73:22:fe:d8:e0:
         d1:06:5f:7a:80:1a:9e:47:cc:5f:1c:5c:f3:80:0b:c3:96:76:
         d9:ed:fa:3f:55:8b:ce:e0:bc:fe:27:a4:ee:0c:08:f7:31:59:
         9a:aa:0b:97:2d:cf:bd:d4:55:7c:f9:ca:af:89:0b:d5:62:20:
         82:64:4b:75:61:cb:57:cf:00:0c:70:da:f5:7d:db:20:b7:92:
         79:51:f1:d5:7c:9b:53:f6:49:9e:12:52:27:61:37:03:53:c4:
         6e:94:f8:5c:3d:97:51:93:16:93:98:ea:93:40:e4:f8:d1:eb:
         75:11:a8:14:18:0a:3e:d0:12:d7:59:a6:46:7a:56:92:dd:31:
         f9:5c:9f:d5:f2:a1:30:cf:fe:69:6c:da:09:70:15:62:98:d2:
         be:c6:a2:e5:52:ed:f2:5b:30:e9:1e:65:d2:52:17:b0:58:28:
         cf:93:27:9a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZnoKOfprQM0swQXFMo+2wIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUxMDE1MTM1NjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmM3ODM0Zjg1ZWIwNDYwNmNlNjZkNTczMjQ0MzE3NGEyZmEwZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRNT3xoZ05VEoj1+uW8HYSYklZ28
lkLrHz3KlVyHrwQ1KafI5qu/Z1XTBlZ7lZnKfdPrO3+NJm/kR2Oz8e8BBw52Y+EJ
4lrvEe/OpC945a0qNWikSAKKhkyrZPdKBrjFT3tjwKo+7b2jQwx1airlrjR1S3i0
MbQhQ/S8e1i2+w2Go8yeix5q5lRLzp6OszRfiGYgSFDzWQNHhE19XzefWNTTfnBE
eaUhkEBRqYrxiQTf1iAwyAbfEt7CXeKyEj4A7eFe8nLewwpw4Gsgxm3Uf/RsVjz/
qq7hb2GaOwu1LGld8+i0LGgpQ5C5T7FZnfI6lZDIJbPCFw1BZYQiphHw7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBLHg0+F6wRgbOZtVzJEMXSi+g0TMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvRXNlRFQ0WHJCR0JzNW0xWE1rUXhkS0w2RFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5wQDAN
BgkqhkiG9w0BAQsFAAOCAQEAS97lJkQXL9+YI4t8trRlFnJsxmlSOrYmaeblltoQ
AQ/57gsGCbH71LvuHw5V+vawg8aijjK727GzWCojlvy0V7qKEDVjIRs/ky7e5kGE
KwjXgm4pyXMi/tjg0QZfeoAankfMXxxc84ALw5Z22e36P1WLzuC8/iek7gwI9zFZ
mqoLly3PvdRVfPnKr4kL1WIggmRLdWHLV88ADHDa9X3bILeSeVHx1XybU/ZJnhJS
J2E3A1PEbpT4XD2XUZMWk5jqk0Dk+NHrdRGoFBgKPtAS11mmRnpWkt0x+Vyf1fKh
MM/+aWzaCXAVYpjSvsai5VLt8lsw6R5l0lIXsFgoz5Mnmg==
-----END CERTIFICATE-----