Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/yLhKfT4WYSZkn2VNCGfPfTmwkYE.roa
File:                     yLhKfT4WYSZkn2VNCGfPfTmwkYE.roa (raw, json)
Hash identifier:          8tnnWUxQ+gmE22xkxlM/+md2moZokj3FfemqmCXdm1E=
Subject key identifier:   C8:B8:4A:7D:3E:16:61:26:64:9F:65:4D:08:67:CF:7D:39:B0:91:81
Certificate issuer:       /CN=e5da8e9cfc8b160ec59b540f39d8973d4218312a
Certificate serial:       0199C47D1E85FA913B4A6B5DEE39005BDE4C
Authority key identifier: E5:DA:8E:9C:FC:8B:16:0E:C5:9B:54:0F:39:D8:97:3D:42:18:31:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/yLhKfT4WYSZkn2VNCGfPfTmwkYE.roa
Signing time:             Wed 08 Oct 2025 15:42:38 +0000
ROA not before:           Wed 08 Oct 2025 15:42:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a10:4780:a4::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c4:7d:1e:85:fa:91:3b:4a:6b:5d:ee:39:00:5b:de:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5da8e9cfc8b160ec59b540f39d8973d4218312a
        Validity
            Not Before: Oct  8 15:42:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8b84a7d3e166126649f654d0867cf7d39b09181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c6:32:95:a0:a2:f5:a5:9f:ee:19:19:9e:1c:
                    6b:ee:a6:36:e8:71:24:39:34:9c:07:2b:c7:04:ee:
                    a9:08:87:e2:df:01:e2:00:ad:06:9d:a0:03:e4:1a:
                    fc:77:61:3e:06:88:c5:98:8d:6e:ed:a2:0c:c5:0f:
                    fc:22:80:55:c8:d9:14:af:7e:20:d3:12:95:42:f9:
                    50:3b:56:51:61:a4:59:67:cd:9d:36:bd:38:4c:e3:
                    90:b7:75:5e:a1:d5:fa:89:e4:5e:1b:2a:1e:f1:50:
                    9c:94:e5:0f:97:e2:e3:56:99:25:89:2c:73:06:f4:
                    5b:9a:b3:f4:80:ce:f6:19:8d:e5:0d:50:8f:64:16:
                    ea:10:4e:62:35:dc:86:18:df:8a:6d:e4:53:92:72:
                    0a:4d:85:c0:55:28:1f:28:34:5f:59:77:a8:7f:69:
                    4c:db:55:b8:30:40:16:cd:34:f9:21:3d:84:11:52:
                    61:eb:c4:da:94:54:be:16:13:b3:74:d2:81:fb:8d:
                    7f:1e:f4:74:a0:9c:03:4a:ee:44:07:8c:69:d6:3b:
                    da:c1:ee:9f:6c:d4:45:fe:89:d1:85:98:0d:69:c1:
                    1a:38:2b:ab:d2:96:8b:dc:0e:e1:4f:ed:2b:80:96:
                    1c:a1:80:54:99:ea:14:ed:31:60:34:1c:01:80:df:
                    04:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B8:4A:7D:3E:16:61:26:64:9F:65:4D:08:67:CF:7D:39:B0:91:81
            X509v3 Authority Key Identifier:
                keyid:E5:DA:8E:9C:FC:8B:16:0E:C5:9B:54:0F:39:D8:97:3D:42:18:31:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/yLhKfT4WYSZkn2VNCGfPfTmwkYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4780:a4::/46

    Signature Algorithm: sha256WithRSAEncryption
         3f:dd:6d:0e:1c:73:db:60:15:17:2f:39:71:73:06:8d:d2:d2:
         ec:49:d1:f0:eb:b8:f0:2e:d6:13:79:4b:0a:d4:fa:0c:aa:a3:
         90:30:09:1f:ef:23:3c:25:46:4b:8a:fb:10:7e:e9:83:63:f0:
         cf:cd:2a:1e:76:df:dd:e4:8f:cf:a4:f5:d4:18:f6:15:52:82:
         85:14:1f:fa:b6:77:61:63:9e:d5:d2:42:21:76:06:4c:6e:a4:
         dc:cc:bd:d0:a8:5c:6b:68:ea:4e:b9:e0:c9:c6:f7:25:1e:9b:
         bd:ed:7e:63:44:2f:08:e5:d1:2e:74:71:f0:fb:d9:52:89:f5:
         8f:44:bc:b7:e9:4c:01:1d:17:f1:62:db:a6:33:20:cc:8e:6b:
         b9:8c:35:9e:f6:55:83:0f:e7:79:5f:7b:10:8c:53:63:b8:4d:
         f2:dc:3e:11:d1:bb:98:74:fe:c5:bf:03:38:2e:2e:34:b1:5a:
         96:ba:34:df:03:77:15:d1:8c:3b:75:35:dc:93:0e:93:00:3a:
         87:9a:1f:72:55:99:37:26:b5:cc:8c:49:71:e7:d2:41:99:cd:
         3e:84:b1:f3:42:14:45:f4:bf:e1:c5:30:b7:07:47:c7:bd:de:
         37:99:a4:df:4e:17:ac:f6:d8:50:52:13:26:3c:08:6b:4c:9f:
         2a:0a:ff:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnEfR6F+pE7Smtd7jkAW95MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZGE4ZTljZmM4YjE2MGVjNTliNTQwZjM5ZDg5NzNkNDIx
ODMxMmEwHhcNMjUxMDA4MTU0MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGI4NGE3ZDNlMTY2MTI2NjQ5ZjY1NGQwODY3Y2Y3ZDM5YjA5MTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssYylaCi9aWf7hkZnhxr7qY26HEk
OTScByvHBO6pCIfi3wHiAK0GnaAD5Br8d2E+BojFmI1u7aIMxQ/8IoBVyNkUr34g
0xKVQvlQO1ZRYaRZZ82dNr04TOOQt3VeodX6ieReGyoe8VCclOUPl+LjVpkliSxz
BvRbmrP0gM72GY3lDVCPZBbqEE5iNdyGGN+KbeRTknIKTYXAVSgfKDRfWXeof2lM
21W4MEAWzTT5IT2EEVJh68TalFS+FhOzdNKB+41/HvR0oJwDSu5EB4xp1jvawe6f
bNRF/onRhZgNacEaOCur0paL3A7hT+0rgJYcoYBUmeoU7TFgNBwBgN8ECwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMi4Sn0+FmEmZJ9lTQhnz305sJGBMB8GA1UdIwQY
MBaAFOXajpz8ixYOxZtUDznYlz1CGDEqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRxT25QeUxGZzdGbTFRUE9kaVhQVUlZTVNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wMDNjYTktYzM5MC00Mjc0LThmYzYt
N2M1MDQ3MDNiYjAyLzEveUxoS2ZUNFdZU1prbjJWTkNHZlBmVG13a1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wMDNjYTktYzM5MC00Mjc0LThmYzYtN2M1MDQ3MDNiYjAy
LzEvNWRxT25QeUxGZzdGbTFRUE9kaVhQVUlZTVNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhBHgACk
MA0GCSqGSIb3DQEBCwUAA4IBAQA/3W0OHHPbYBUXLzlxcwaN0tLsSdHw67jwLtYT
eUsK1PoMqqOQMAkf7yM8JUZLivsQfumDY/DPzSoedt/d5I/PpPXUGPYVUoKFFB/6
tndhY57V0kIhdgZMbqTczL3QqFxraOpOueDJxvclHpu97X5jRC8I5dEudHHw+9lS
ifWPRLy36UwBHRfxYtumMyDMjmu5jDWe9lWDD+d5X3sQjFNjuE3y3D4R0buYdP7F
vwM4Li40sVqWujTfA3cV0Yw7dTXckw6TADqHmh9yVZk3JrXMjElx59JBmc0+hLHz
QhRF9L/hxTC3B0fHvd43maTfThes9thQUhMmPAhrTJ8qCv9m
-----END CERTIFICATE-----