Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/XpJ0Hw1gyCPVYrmlIIEra7Nw8EI.roa
File:                     XpJ0Hw1gyCPVYrmlIIEra7Nw8EI.roa (raw, json)
Hash identifier:          aXRh5KPi+vj8EjeSjurKnlGjwsMneof4a7AqrmpPiX4=
Subject key identifier:   5E:92:74:1F:0D:60:C8:23:D5:62:B9:A5:20:81:2B:6B:B3:70:F0:42
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       01982D2DB07285F09D01FDF56FF0B893C5B9
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/XpJ0Hw1gyCPVYrmlIIEra7Nw8EI.roa
Signing time:             Mon 21 Jul 2025 13:30:25 +0000
ROA not before:           Mon 21 Jul 2025 13:30:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200993
IP address blocks:        2a03:5840:121::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:2d:b0:72:85:f0:9d:01:fd:f5:6f:f0:b8:93:c5:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jul 21 13:30:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e92741f0d60c823d562b9a520812b6bb370f042
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d6:8c:33:f7:11:c9:7b:b0:a6:86:16:80:91:
                    d7:27:2c:d1:cf:aa:05:62:03:e5:dd:9d:0b:9c:14:
                    37:3a:36:4f:eb:61:cd:60:3b:73:a5:f2:f2:e9:a0:
                    cb:1d:71:58:be:c6:fd:c9:39:ac:f7:94:8e:1b:e7:
                    e9:3d:a3:be:2a:2c:a7:81:e7:ab:d0:49:76:e8:08:
                    af:90:cd:ce:ef:70:66:b8:d1:ce:4c:ab:b0:f8:bc:
                    ce:fb:68:68:9c:28:39:25:24:71:8f:12:e0:6e:74:
                    29:93:a7:22:fe:02:6d:54:ec:a6:c8:e0:91:3d:4e:
                    3b:03:f2:e5:00:b6:85:36:dd:47:95:60:d2:47:28:
                    45:36:69:93:ba:50:0e:1a:7f:13:7c:58:81:a8:e9:
                    cd:44:37:b8:30:8b:11:82:b2:b7:9d:b7:71:5b:69:
                    20:e8:6b:e5:11:89:6c:0e:c1:c9:93:5f:43:05:6b:
                    5c:4a:7b:3f:85:00:6b:20:05:2a:59:af:34:70:cc:
                    68:e5:67:02:0b:fa:96:63:ff:a5:f5:d9:15:3e:32:
                    3e:6a:ee:bb:c4:08:96:b0:ba:18:35:c9:53:02:fc:
                    92:d9:de:e9:5c:bf:76:4b:5a:08:03:67:64:0e:8e:
                    56:c1:6a:ea:d1:f9:bb:35:eb:fc:c3:26:f8:bb:50:
                    56:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:92:74:1F:0D:60:C8:23:D5:62:B9:A5:20:81:2B:6B:B3:70:F0:42
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/XpJ0Hw1gyCPVYrmlIIEra7Nw8EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:121::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:9a:1d:ed:4f:14:7a:06:4c:7a:f2:ac:45:01:0c:fb:c9:88:
         ad:d6:17:c7:7f:ea:51:9a:7b:3b:7d:04:6d:0f:92:f1:9a:28:
         d6:ae:7f:13:97:38:f8:16:fb:28:4d:94:31:cf:83:26:e2:cc:
         7e:37:fe:27:7d:8f:e7:75:c8:95:88:86:8a:c3:04:ab:55:65:
         a3:10:48:68:14:35:f4:6a:cf:11:5d:a6:e4:53:ea:8e:5a:73:
         a2:5a:22:f9:05:2a:25:62:e9:88:a0:83:d8:74:40:d9:66:84:
         71:01:b7:69:62:ce:a8:c3:02:cb:03:85:a9:a8:29:16:00:53:
         fc:b5:d7:2b:28:1b:f6:78:85:8e:6d:bf:f4:7f:07:81:0a:7d:
         43:f4:b9:34:11:09:39:8f:04:04:ad:58:40:50:11:dd:d1:d9:
         2e:ce:4b:a5:bc:91:19:c2:81:ad:a8:21:65:b2:08:dc:1b:9c:
         ab:fc:bf:75:3a:39:08:2d:f4:b1:47:a6:84:96:4f:ed:b2:42:
         6b:65:f2:67:af:29:5b:65:6c:7b:71:7c:48:c7:26:6e:09:2f:
         78:45:75:b6:d2:86:e1:0e:68:23:bf:27:dc:29:16:9b:90:f0:
         38:50:a1:1c:08:b4:ca:a9:c3:6a:77:0f:dc:db:3e:ee:ce:2f:
         36:4b:8d:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgtLbByhfCdAf31b/C4k8W5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwNzIxMTMzMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTkyNzQxZjBkNjBjODIzZDU2MmI5YTUyMDgxMmI2YmIzNzBmMDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdaMM/cRyXuwpoYWgJHXJyzRz6oF
YgPl3Z0LnBQ3OjZP62HNYDtzpfLy6aDLHXFYvsb9yTms95SOG+fpPaO+Kiyngeer
0El26AivkM3O73BmuNHOTKuw+LzO+2honCg5JSRxjxLgbnQpk6ci/gJtVOymyOCR
PU47A/LlALaFNt1HlWDSRyhFNmmTulAOGn8TfFiBqOnNRDe4MIsRgrK3nbdxW2kg
6GvlEYlsDsHJk19DBWtcSns/hQBrIAUqWa80cMxo5WcCC/qWY/+l9dkVPjI+au67
xAiWsLoYNclTAvyS2d7pXL92S1oIA2dkDo5WwWrq0fm7Nev8wyb4u1BW4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF6SdB8NYMgj1WK5pSCBK2uzcPBCMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvWHBKMEh3MWd5Q1BWWXJtbElJRXJhN053OEVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEh
MA0GCSqGSIb3DQEBCwUAA4IBAQB+mh3tTxR6Bkx68qxFAQz7yYit1hfHf+pRmns7
fQRtD5LxmijWrn8Tlzj4FvsoTZQxz4Mm4sx+N/4nfY/ndciViIaKwwSrVWWjEEho
FDX0as8RXabkU+qOWnOiWiL5BSolYumIoIPYdEDZZoRxAbdpYs6owwLLA4WpqCkW
AFP8tdcrKBv2eIWObb/0fweBCn1D9Lk0EQk5jwQErVhAUBHd0dkuzkulvJEZwoGt
qCFlsgjcG5yr/L91OjkILfSxR6aElk/tskJrZfJnrylbZWx7cXxIxyZuCS94RXW2
0obhDmgjvyfcKRabkPA4UKEcCLTKqcNqdw/c2z7uzi82S41V
-----END CERTIFICATE-----