Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/XuxgvLAd05qq4hqx4c_u4WYR7dY.roa
File:                     XuxgvLAd05qq4hqx4c_u4WYR7dY.roa (raw, json)
Hash identifier:          zkLSNkHMYRl5bJ5dZozHFmcx3BcVtlFo0wC7SXYmwLQ=
Subject key identifier:   5E:EC:60:BC:B0:1D:D3:9A:AA:E2:1A:B1:E1:CF:EE:E1:66:11:ED:D6
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0198985688C97E00675AF3BD00AF2186E108
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/XuxgvLAd05qq4hqx4c_u4WYR7dY.roa
Signing time:             Mon 11 Aug 2025 08:54:24 +0000
ROA not before:           Mon 11 Aug 2025 08:54:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200993
IP address blocks:        2a12:4141::/32 maxlen: 32
                          2a12:4141:dead::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:56:88:c9:7e:00:67:5a:f3:bd:00:af:21:86:e1:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Aug 11 08:54:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5eec60bcb01dd39aaae21ab1e1cfeee16611edd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:90:bf:5f:14:34:6e:2e:4e:cc:6b:d5:eb:df:
                    df:45:29:bc:a3:39:76:b3:d0:f0:50:36:c7:4f:2a:
                    a0:62:18:10:c7:f3:d4:fd:04:be:b8:c1:db:1b:89:
                    0e:a2:c5:0e:e7:9e:a1:e2:82:8e:60:54:0a:94:66:
                    b4:c1:bc:e9:90:09:27:4e:5c:19:25:b2:4e:32:56:
                    b4:4f:ca:ea:a0:5b:b8:3f:5d:93:97:71:ea:1f:dc:
                    7f:de:81:eb:70:35:7c:2e:ba:30:0b:88:f2:65:c3:
                    8a:f6:52:ed:8e:95:58:68:8f:35:6d:6b:34:42:17:
                    39:d0:3f:11:79:5f:de:90:25:29:63:fe:ab:bc:4f:
                    d4:39:90:99:9b:cc:88:2f:60:dd:4f:55:75:95:55:
                    13:79:25:36:72:d8:c0:bb:d9:ab:bd:50:4b:79:a1:
                    39:87:a3:0e:56:71:a0:33:57:c8:ac:29:87:1f:c4:
                    25:4d:56:e1:eb:c0:ff:2d:1c:e9:cf:12:ab:de:93:
                    80:64:45:53:a6:58:b3:ad:14:da:ce:17:40:ab:e4:
                    13:87:2c:de:4a:c0:30:e8:7f:49:59:a7:14:a6:15:
                    9a:30:83:8e:f7:cd:52:88:05:cd:19:4a:9d:0b:da:
                    e0:f3:ae:9a:99:5a:df:8f:72:45:f8:14:e3:57:56:
                    7a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:EC:60:BC:B0:1D:D3:9A:AA:E2:1A:B1:E1:CF:EE:E1:66:11:ED:D6
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/XuxgvLAd05qq4hqx4c_u4WYR7dY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4141::/32

    Signature Algorithm: sha256WithRSAEncryption
         f1:11:08:cb:3d:c6:6d:fb:40:73:0c:74:7f:42:65:1e:2d:4b:
         9b:41:18:93:b2:fe:1c:0f:26:c4:8a:7d:bd:66:c6:37:5d:cd:
         2d:6c:14:3c:63:f1:76:e0:40:4d:ea:c3:a3:a3:6e:a2:c5:41:
         b0:87:9a:60:a1:8c:59:96:9d:72:d0:55:b7:0a:4e:65:87:3f:
         4a:53:c6:5b:b8:27:55:a5:f2:1b:5d:54:64:3d:62:d2:b5:47:
         84:b5:37:45:73:ad:78:6f:98:ad:54:0c:a4:46:9b:66:97:66:
         2b:85:69:b2:f2:cb:60:83:12:ce:f9:03:18:d6:8f:30:6a:58:
         3c:55:8d:64:b0:c6:bc:84:03:b3:da:f2:e6:70:24:60:3d:cd:
         b3:54:e4:ee:47:22:90:fe:4b:65:c9:d0:d3:23:56:0f:92:ec:
         71:0c:2d:14:0a:c3:73:f3:27:55:9a:b8:6e:b6:f6:b7:5f:37:
         18:1c:b0:ec:e6:a3:10:9e:8e:45:dd:04:fa:34:0b:3c:39:b0:
         33:79:2b:94:7c:95:74:6a:ab:9a:9d:aa:a8:79:7f:1e:12:49:
         62:72:3b:ee:6c:b8:c2:dd:a1:fc:f4:14:31:99:30:da:18:4d:
         dc:06:f8:c7:40:49:ff:2b:b2:45:f0:e3:ba:77:10:5e:7c:74:
         07:5b:56:73
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZiYVojJfgBnWvO9AK8hhuEIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwODExMDg1NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWVjNjBiY2IwMWRkMzlhYWFlMjFhYjFlMWNmZWVlMTY2MTFlZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZC/XxQ0bi5OzGvV69/fRSm8ozl2
s9DwUDbHTyqgYhgQx/PU/QS+uMHbG4kOosUO556h4oKOYFQKlGa0wbzpkAknTlwZ
JbJOMla0T8rqoFu4P12Tl3HqH9x/3oHrcDV8LrowC4jyZcOK9lLtjpVYaI81bWs0
Qhc50D8ReV/ekCUpY/6rvE/UOZCZm8yIL2DdT1V1lVUTeSU2ctjAu9mrvVBLeaE5
h6MOVnGgM1fIrCmHH8QlTVbh68D/LRzpzxKr3pOAZEVTplizrRTazhdAq+QThyze
SsAw6H9JWacUphWaMIOO981SiAXNGUqdC9rg866amVrfj3JF+BTjV1Z6FQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF7sYLywHdOaquIaseHP7uFmEe3WMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvWHV4Z3ZMQWQwNXFxNGhxeDRjX3U0V1lSN2RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJBQTAN
BgkqhkiG9w0BAQsFAAOCAQEA8REIyz3GbftAcwx0f0JlHi1Lm0EYk7L+HA8mxIp9
vWbGN13NLWwUPGPxduBATerDo6NuosVBsIeaYKGMWZadctBVtwpOZYc/SlPGW7gn
VaXyG11UZD1i0rVHhLU3RXOteG+YrVQMpEabZpdmK4VpsvLLYIMSzvkDGNaPMGpY
PFWNZLDGvIQDs9ry5nAkYD3Ns1Tk7kcikP5LZcnQ0yNWD5LscQwtFArDc/MnVZq4
brb2t183GByw7OajEJ6ORd0E+jQLPDmwM3krlHyVdGqrmp2qqHl/HhJJYnI77my4
wt2h/PQUMZkw2hhN3Ab4x0BJ/yuyRfDjuncQXnx0B1tWcw==
-----END CERTIFICATE-----