Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/XhQY9hyPREGDCSgWs6eW6Jppsao.roa
File:                     XhQY9hyPREGDCSgWs6eW6Jppsao.roa (raw, json)
Hash identifier:          ca/ekx68IMwPfSgexGMEHEHhNkApldFANhExlq1LBvE=
Subject key identifier:   5E:14:18:F6:1C:8F:44:41:83:09:28:16:B3:A7:96:E8:9A:69:B1:AA
Certificate issuer:       /CN=5b0329066138bb5564571fc3c29ee953e5c1c7a3
Certificate serial:       01982E7AF02FE94151FB31CBBD63766065CB
Authority key identifier: 5B:03:29:06:61:38:BB:55:64:57:1F:C3:C2:9E:E9:53:E5:C1:C7:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/XhQY9hyPREGDCSgWs6eW6Jppsao.roa
Signing time:             Mon 21 Jul 2025 19:34:25 +0000
ROA not before:           Mon 21 Jul 2025 19:34:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        2a0a:7747::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2e:7a:f0:2f:e9:41:51:fb:31:cb:bd:63:76:60:65:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b0329066138bb5564571fc3c29ee953e5c1c7a3
        Validity
            Not Before: Jul 21 19:34:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e1418f61c8f444183092816b3a796e89a69b1aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:12:a3:eb:10:0d:61:20:1a:70:48:1a:94:22:
                    bf:78:13:b4:38:f7:f7:57:a1:0c:d2:76:a1:a3:ff:
                    b9:d5:2f:0a:6e:55:ac:7d:a1:e3:da:01:c8:b6:fb:
                    62:84:0e:27:e5:50:da:00:16:8a:29:0c:07:42:15:
                    4b:c4:04:3a:91:b5:78:7a:72:40:b7:b6:cd:fb:ec:
                    1c:69:9c:82:9a:f3:4b:44:3f:ec:a5:a9:d9:b7:56:
                    8e:2a:06:8f:f7:ee:ae:4b:7b:bf:45:97:b9:ef:35:
                    64:ce:fe:43:82:22:81:3e:e9:e9:c8:80:4d:25:55:
                    2e:a1:94:1f:fc:78:05:6f:d4:44:1c:b3:ae:53:e8:
                    78:91:6b:8d:df:1e:75:e6:72:39:48:6f:75:85:17:
                    16:7a:f4:78:81:43:b3:04:0f:b4:1b:9f:88:06:37:
                    82:ee:dc:a4:ed:6f:af:b4:da:08:71:17:3d:e7:66:
                    e0:4c:6a:a6:b5:ad:f6:86:e3:e9:66:3c:14:d1:0b:
                    f3:ee:7c:36:59:68:66:a9:38:a9:5f:cd:b5:85:65:
                    de:b7:3a:7c:2e:ad:db:1b:31:93:50:d2:51:bf:e4:
                    c7:a5:14:5e:7c:c2:a6:fa:ec:19:98:bd:73:77:d6:
                    0d:b5:bb:f2:e7:7c:2b:6b:fa:a3:d0:6a:40:9a:03:
                    6d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:14:18:F6:1C:8F:44:41:83:09:28:16:B3:A7:96:E8:9A:69:B1:AA
            X509v3 Authority Key Identifier:
                keyid:5B:03:29:06:61:38:BB:55:64:57:1F:C3:C2:9E:E9:53:E5:C1:C7:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/XhQY9hyPREGDCSgWs6eW6Jppsao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:7747::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:0b:73:80:5a:9f:1b:87:19:7c:aa:c3:a9:9b:a9:ae:63:b6:
         19:91:82:31:8b:b3:de:2c:0b:38:11:5b:87:0c:1c:2b:aa:91:
         9e:43:37:1e:52:dd:a5:67:a8:bc:f1:fd:1e:fa:55:e1:4d:03:
         22:86:c1:ec:79:73:c6:be:4c:e2:ff:e0:d8:89:84:ae:c4:06:
         09:eb:cf:1c:77:6c:47:14:e4:e5:86:51:7f:6e:27:29:5e:62:
         42:43:c1:2e:40:35:94:f0:9f:8b:fe:46:60:4c:f8:74:03:c4:
         42:aa:bd:1f:4c:88:67:78:d6:f0:71:1e:69:d6:5a:71:4e:e0:
         87:cf:1d:ca:01:bd:11:f0:fa:67:0b:e7:c2:70:4d:71:6f:c4:
         b4:1e:d6:12:42:62:1d:74:8d:71:3e:46:95:93:2d:51:49:99:
         16:21:b4:30:fa:34:a2:f7:e4:c2:76:6c:21:09:02:5f:f3:82:
         8d:c2:30:32:4d:7c:14:59:1c:2f:01:d3:56:e1:58:28:93:07:
         77:d7:61:74:62:4e:89:93:59:1d:15:82:8e:da:9b:c1:09:b4:
         6d:17:6f:c8:69:59:e1:d4:2e:11:b1:5c:4c:72:51:27:56:2d:
         c9:c7:68:f6:c1:9b:34:30:30:57:57:e4:12:9b:f7:02:44:d3:
         79:7e:dd:88
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZguevAv6UFR+zHLvWN2YGXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMDMyOTA2NjEzOGJiNTU2NDU3MWZjM2MyOWVlOTUzZTVj
MWM3YTMwHhcNMjUwNzIxMTkzNDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTE0MThmNjFjOGY0NDQxODMwOTI4MTZiM2E3OTZlODlhNjliMWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphKj6xANYSAacEgalCK/eBO0OPf3
V6EM0naho/+51S8KblWsfaHj2gHItvtihA4n5VDaABaKKQwHQhVLxAQ6kbV4enJA
t7bN++wcaZyCmvNLRD/spanZt1aOKgaP9+6uS3u/RZe57zVkzv5DgiKBPunpyIBN
JVUuoZQf/HgFb9REHLOuU+h4kWuN3x515nI5SG91hRcWevR4gUOzBA+0G5+IBjeC
7tyk7W+vtNoIcRc952bgTGqmta32huPpZjwU0Qvz7nw2WWhmqTipX821hWXetzp8
Lq3bGzGTUNJRv+THpRRefMKm+uwZmL1zd9YNtbvy53wra/qj0GpAmgNtwQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF4UGPYcj0RBgwkoFrOnluiaabGqMB8GA1UdIwQY
MBaAFFsDKQZhOLtVZFcfw8Ke6VPlwcejMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3dNcEJtRTR1MVZrVnhfRHdwN3BVLVhCeDZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC83NzA5NmYtYmI4OS00MTFlLTkwZTAt
MzBjN2YzOWQ4ZTFjLzEvWGhRWTloeVBSRUdEQ1NnV3M2ZVc2SnBwc2FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC83NzA5NmYtYmI4OS00MTFlLTkwZTAtMzBjN2YzOWQ4ZTFj
LzEvV3dNcEJtRTR1MVZrVnhfRHdwN3BVLVhCeDZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgp3RzAN
BgkqhkiG9w0BAQsFAAOCAQEAGwtzgFqfG4cZfKrDqZuprmO2GZGCMYuz3iwLOBFb
hwwcK6qRnkM3HlLdpWeovPH9HvpV4U0DIobB7Hlzxr5M4v/g2ImErsQGCevPHHds
RxTk5YZRf24nKV5iQkPBLkA1lPCfi/5GYEz4dAPEQqq9H0yIZ3jW8HEeadZacU7g
h88dygG9EfD6ZwvnwnBNcW/EtB7WEkJiHXSNcT5GlZMtUUmZFiG0MPo0ovfkwnZs
IQkCX/OCjcIwMk18FFkcLwHTVuFYKJMHd9dhdGJOiZNZHRWCjtqbwQm0bRdvyGlZ
4dQuEbFcTHJRJ1Ytycdo9sGbNDAwV1fkEpv3AkTTeX7diA==
-----END CERTIFICATE-----