Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/xUcFEFGEADAhHwPL84qAkKexZtE.roa
File:                     xUcFEFGEADAhHwPL84qAkKexZtE.roa (raw, json)
Hash identifier:          bAzMkFin6MdA0BmQmiQLYUPWrIYlIb47kmd8m9HTQxI=
Subject key identifier:   C5:47:05:10:51:84:00:30:21:1F:03:CB:F3:8A:80:90:A7:B1:66:D1
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       0199C73FE8147CFE21B426DC8E80F4DCD38E
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/xUcFEFGEADAhHwPL84qAkKexZtE.roa
Signing time:             Thu 09 Oct 2025 04:34:38 +0000
ROA not before:           Thu 09 Oct 2025 04:34:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209375
IP address blocks:        2a12:c304::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c7:3f:e8:14:7c:fe:21:b4:26:dc:8e:80:f4:dc:d3:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Oct  9 04:34:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c547051051840030211f03cbf38a8090a7b166d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:61:1e:72:37:23:85:6c:8b:5b:84:e6:e8:ed:
                    fb:75:c1:46:75:7a:4b:65:e0:23:d2:14:49:55:6e:
                    07:88:7b:10:95:90:8e:92:fa:bf:cc:20:00:d2:06:
                    69:7c:65:f7:1e:a8:89:d0:b2:6b:07:b9:84:69:48:
                    d3:b0:81:ed:e7:5e:bd:d2:2a:fd:b4:ca:17:93:51:
                    39:bd:ed:21:ef:69:d1:4c:fb:3c:ff:e1:e5:b3:d1:
                    fe:7f:41:b1:ea:01:f7:94:71:4f:d7:f3:a1:28:4a:
                    87:f9:3b:1e:b1:8a:c5:12:73:c1:f0:61:11:18:6d:
                    12:c0:4a:6b:01:1e:d0:92:76:b0:cf:30:7a:ea:71:
                    26:6c:ff:7b:8b:2f:80:26:a8:58:98:67:dc:95:c9:
                    c9:3c:36:36:88:1d:9d:34:83:7c:79:1b:8b:c1:bc:
                    7f:a7:eb:0e:ea:9d:11:c9:fb:9c:d9:37:f4:c5:87:
                    31:72:1b:28:2e:9c:65:4c:1f:ff:09:5d:0b:dc:18:
                    4e:6d:b0:7d:84:42:5a:99:a0:45:e5:d3:8f:cb:59:
                    e5:67:46:39:e7:58:5f:01:df:c5:23:24:0c:82:74:
                    4a:33:00:17:32:e6:64:7c:eb:2d:ae:96:f6:77:66:
                    2a:11:b1:6c:19:4f:a5:78:a8:bc:e0:b6:3c:59:62:
                    00:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:47:05:10:51:84:00:30:21:1F:03:CB:F3:8A:80:90:A7:B1:66:D1
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/xUcFEFGEADAhHwPL84qAkKexZtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:c304::/30

    Signature Algorithm: sha256WithRSAEncryption
         67:49:3c:4d:d0:8d:f3:21:13:3b:fa:4a:29:5a:a4:23:a7:66:
         c9:bf:bf:a2:c2:22:f2:64:82:8a:b7:17:a3:93:5b:b2:d5:71:
         dc:db:ff:0e:d3:0d:c4:3c:3d:61:e2:21:89:01:77:2a:a4:2f:
         04:6a:38:f0:86:c1:a3:04:1d:eb:75:17:38:b3:01:44:e0:03:
         aa:aa:79:66:2b:3f:71:65:50:4f:a7:48:bd:51:0d:37:1b:a4:
         c8:d3:03:bc:7b:f5:8c:ca:d4:aa:76:49:32:c1:8c:7c:5c:e6:
         ba:f4:bd:ad:e2:66:d9:c1:e2:a3:ff:91:c3:67:5e:94:0d:c1:
         a8:7f:58:93:12:ff:58:50:36:bf:6d:10:09:20:ca:66:ab:66:
         32:09:ae:e1:eb:e7:39:5b:cc:de:09:a1:06:1f:6d:23:d1:31:
         29:b8:ce:00:0a:99:15:61:b3:04:95:44:e0:ad:51:1b:4d:f8:
         9a:5f:73:b0:1e:2a:83:6b:d4:33:6c:ac:90:d9:30:1d:e7:30:
         38:78:55:98:72:df:31:fd:8d:c4:52:2e:63:32:e3:7c:6a:2c:
         70:ab:3f:ab:5d:60:3f:16:d5:85:cd:86:3c:30:de:4f:85:70:
         d8:e9:cb:9d:c9:c8:04:fd:7c:a5:5b:83:65:3e:92:a8:89:86:
         ff:a6:0f:ef
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZnHP+gUfP4htCbcjoD03NOOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUxMDA5MDQzNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTQ3MDUxMDUxODQwMDMwMjExZjAzY2JmMzhhODA5MGE3YjE2NmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2EecjcjhWyLW4Tm6O37dcFGdXpL
ZeAj0hRJVW4HiHsQlZCOkvq/zCAA0gZpfGX3HqiJ0LJrB7mEaUjTsIHt51690ir9
tMoXk1E5ve0h72nRTPs8/+Hls9H+f0Gx6gH3lHFP1/OhKEqH+TsesYrFEnPB8GER
GG0SwEprAR7QknawzzB66nEmbP97iy+AJqhYmGfclcnJPDY2iB2dNIN8eRuLwbx/
p+sO6p0Ryfuc2Tf0xYcxchsoLpxlTB//CV0L3BhObbB9hEJamaBF5dOPy1nlZ0Y5
51hfAd/FIyQMgnRKMwAXMuZkfOstrpb2d2YqEbFsGU+leKi84LY8WWIAqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMVHBRBRhAAwIR8Dy/OKgJCnsWbRMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEveFVjRkVGR0VBREFoSHdQTDg0cUFrS2V4WnRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKhLDBDAN
BgkqhkiG9w0BAQsFAAOCAQEAZ0k8TdCN8yETO/pKKVqkI6dmyb+/osIi8mSCircX
o5NbstVx3Nv/DtMNxDw9YeIhiQF3KqQvBGo48IbBowQd63UXOLMBROADqqp5Zis/
cWVQT6dIvVENNxukyNMDvHv1jMrUqnZJMsGMfFzmuvS9reJm2cHio/+Rw2delA3B
qH9YkxL/WFA2v20QCSDKZqtmMgmu4evnOVvM3gmhBh9tI9ExKbjOAAqZFWGzBJVE
4K1RG034ml9zsB4qg2vUM2yskNkwHecwOHhVmHLfMf2NxFIuYzLjfGoscKs/q11g
PxbVhc2GPDDeT4Vw2OnLncnIBP18pVuDZT6SqImG/6YP7w==
-----END CERTIFICATE-----