Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tFsjzTCkjyW-zOHJMwc7xHj5ymo.roa
File:                     tFsjzTCkjyW-zOHJMwc7xHj5ymo.roa (raw, json)
Hash identifier:          w0tlCSDMV6zhklSRHaPcIJvP7bLK+gbbecurjRmOIFw=
Subject key identifier:   B4:5B:23:CD:30:A4:8F:25:BE:CC:E1:C9:33:07:3B:C4:78:F9:CA:6A
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019809336AB7C19A707AE57A9C8CD5601FDD
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tFsjzTCkjyW-zOHJMwc7xHj5ymo.roa
Signing time:             Mon 14 Jul 2025 13:50:21 +0000
ROA not before:           Mon 14 Jul 2025 13:50:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205090
IP address blocks:        2a09:5302::/32 maxlen: 32
                          2a09:5302:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:33:6a:b7:c1:9a:70:7a:e5:7a:9c:8c:d5:60:1f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 14 13:50:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b45b23cd30a48f25becce1c933073bc478f9ca6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1a:20:c8:bd:09:ff:a6:7f:03:4a:d5:55:b0:
                    83:a8:9d:dc:91:7d:1b:5e:51:58:3b:15:9b:e5:7e:
                    2a:2f:f6:1d:bf:f8:d2:3d:00:12:77:aa:9a:00:29:
                    bc:92:7b:0b:32:9a:95:c0:f1:80:9a:7f:44:34:ca:
                    3f:f9:ea:39:3f:41:57:b5:63:9e:d3:29:d4:12:71:
                    40:7b:8a:d5:b1:ca:93:86:d8:3b:b6:f9:39:c5:54:
                    c7:13:b1:d5:3a:6a:f3:5f:ac:6b:d2:1f:14:63:ff:
                    4b:e1:b8:c3:99:ee:09:c1:30:2d:17:d8:08:3c:15:
                    d4:a9:af:0d:7b:46:f4:df:a4:b6:be:92:5b:5f:33:
                    ff:a5:5a:4c:c8:14:19:84:86:d5:ca:9d:93:1b:c7:
                    42:7f:57:4c:13:4b:63:10:84:ea:94:0d:67:ea:54:
                    35:bc:0b:b5:5a:39:9c:c1:2a:c7:2e:3f:74:c8:f7:
                    07:f2:8c:f8:9b:cd:d4:24:dd:68:ed:65:45:52:86:
                    f0:9e:7e:22:4f:f2:2d:00:60:3b:1f:8b:86:cb:ff:
                    b2:19:7e:dd:18:af:22:f2:43:83:3e:2c:cc:22:29:
                    fc:8c:97:05:89:ca:01:8e:31:94:e6:1c:fb:6c:de:
                    58:4a:17:03:dd:f7:e0:00:7a:dc:f2:a3:81:60:15:
                    4c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5B:23:CD:30:A4:8F:25:BE:CC:E1:C9:33:07:3B:C4:78:F9:CA:6A
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tFsjzTCkjyW-zOHJMwc7xHj5ymo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:5302::/32

    Signature Algorithm: sha256WithRSAEncryption
         98:e0:55:98:3d:13:a4:7e:19:89:a9:f0:a0:e4:ee:21:18:5b:
         b4:c1:a4:66:2e:52:40:5a:43:5f:3c:20:5b:11:9d:a4:4a:1c:
         28:07:cf:48:8b:d8:ea:eb:e9:a2:c2:c6:b8:2b:8a:e5:2b:33:
         2a:e1:6b:7c:d4:66:4a:63:82:08:1d:3a:40:79:db:45:05:39:
         09:c1:09:1b:4f:8e:29:30:e5:88:fe:3f:e5:ac:14:f7:9f:b9:
         28:94:f6:a3:c8:e9:fa:de:fc:2f:c1:06:b6:0d:05:f1:39:db:
         65:d1:a9:03:5f:1d:0d:49:aa:17:05:8d:c8:1f:28:96:48:80:
         1c:87:3e:da:9b:cc:5e:c4:74:f2:e2:1c:e9:23:40:a3:14:af:
         b5:60:01:80:d5:d5:f1:3f:7b:96:39:57:ab:c6:e3:04:c6:8d:
         5f:ea:ad:b1:a3:a2:c9:37:04:0f:ac:cf:44:69:7f:d6:57:1e:
         c2:d7:f8:20:82:dc:98:03:38:b7:6f:e9:b7:c8:9e:3e:b4:15:
         ae:44:7d:d1:3a:76:a1:94:de:7b:ba:6e:c5:24:65:86:92:65:
         00:ed:31:0e:94:74:dd:f6:31:9b:c8:2c:8b:0e:41:b1:cc:53:
         2e:9c:9e:14:b0:66:84:8a:9e:31:88:6b:11:bf:22:8a:66:f7:
         6e:0b:b9:4f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgJM2q3wZpweuV6nIzVYB/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNzE0MTM1MDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDViMjNjZDMwYTQ4ZjI1YmVjY2UxYzkzMzA3M2JjNDc4ZjljYTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxogyL0J/6Z/A0rVVbCDqJ3ckX0b
XlFYOxWb5X4qL/Ydv/jSPQASd6qaACm8knsLMpqVwPGAmn9ENMo/+eo5P0FXtWOe
0ynUEnFAe4rVscqThtg7tvk5xVTHE7HVOmrzX6xr0h8UY/9L4bjDme4JwTAtF9gI
PBXUqa8Ne0b036S2vpJbXzP/pVpMyBQZhIbVyp2TG8dCf1dME0tjEITqlA1n6lQ1
vAu1WjmcwSrHLj90yPcH8oz4m83UJN1o7WVFUobwnn4iT/ItAGA7H4uGy/+yGX7d
GK8i8kODPizMIin8jJcFicoBjjGU5hz7bN5YShcD3ffgAHrc8qOBYBVMmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLRbI80wpI8lvszhyTMHO8R4+cpqMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvdEZzanpUQ2tqeVctek9ISk13Yzd4SGo1eW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKglTAjAN
BgkqhkiG9w0BAQsFAAOCAQEAmOBVmD0TpH4ZianwoOTuIRhbtMGkZi5SQFpDXzwg
WxGdpEocKAfPSIvY6uvposLGuCuK5SszKuFrfNRmSmOCCB06QHnbRQU5CcEJG0+O
KTDliP4/5awU95+5KJT2o8jp+t78L8EGtg0F8TnbZdGpA18dDUmqFwWNyB8olkiA
HIc+2pvMXsR08uIc6SNAoxSvtWABgNXV8T97ljlXq8bjBMaNX+qtsaOiyTcED6zP
RGl/1lcewtf4IILcmAM4t2/pt8iePrQVrkR90Tp2oZTee7puxSRlhpJlAO0xDpR0
3fYxm8gsiw5BscxTLpyeFLBmhIqeMYhrEb8iimb3bgu5Tw==
-----END CERTIFICATE-----