Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/5eRHhosWaEn81OkNyusCZwVd7dE.roa
File:                     5eRHhosWaEn81OkNyusCZwVd7dE.roa (raw, json)
Hash identifier:          ocfP0fS6gnrVeOxLsKmob4730X36T0aRDwqF+FQB7po=
Subject key identifier:   E5:E4:47:86:8B:16:68:49:FC:D4:E9:0D:CA:EB:02:67:05:5D:ED:D1
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       0199379B690049BE4C16C810022DB3189035
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/5eRHhosWaEn81OkNyusCZwVd7dE.roa
Signing time:             Thu 11 Sep 2025 07:09:15 +0000
ROA not before:           Thu 11 Sep 2025 07:09:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52000
IP address blocks:        2a0b:ec82::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:37:9b:69:00:49:be:4c:16:c8:10:02:2d:b3:18:90:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Sep 11 07:09:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5e447868b166849fcd4e90dcaeb0267055dedd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:67:94:df:cb:83:e9:be:2b:64:d4:a1:54:39:
                    0d:85:40:dd:f1:d3:c7:41:6a:92:ed:15:bf:86:79:
                    5e:0b:6c:72:00:66:68:51:e7:f2:ee:95:5e:f2:56:
                    57:fc:24:7f:dc:b9:ab:0d:a1:f4:0d:71:5f:c1:fc:
                    f7:52:af:03:bb:f4:ad:f9:df:8a:56:98:c1:a1:1b:
                    ed:ea:a0:44:67:7e:4b:8c:13:db:87:34:72:f4:86:
                    b5:04:9b:2c:d5:d4:e9:98:73:a3:2f:1f:b4:5b:b3:
                    10:6c:85:83:3c:88:f8:c0:82:97:2e:19:3f:c9:94:
                    81:81:b0:68:dd:f6:1e:54:29:40:7e:be:e3:22:20:
                    cc:b3:6c:04:fd:36:73:55:04:dd:e1:e0:50:4d:60:
                    c3:72:88:60:e6:57:1c:a4:ae:d5:31:ad:89:a0:2d:
                    87:40:d3:64:df:c8:49:2e:29:27:52:e0:7a:96:c0:
                    fe:17:d2:22:99:09:be:e5:88:fd:74:e4:0e:a9:97:
                    51:df:d6:38:1e:1a:90:d6:ea:38:3f:e4:f4:bb:72:
                    cd:22:1a:be:db:e2:c8:ed:42:72:6e:bf:5f:dd:11:
                    36:01:a1:7c:9a:c3:ce:2d:e5:a0:fe:86:a3:85:51:
                    00:b8:33:b6:ba:43:6c:5f:9b:37:0c:a1:02:a6:89:
                    7b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:E4:47:86:8B:16:68:49:FC:D4:E9:0D:CA:EB:02:67:05:5D:ED:D1
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/5eRHhosWaEn81OkNyusCZwVd7dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:ec82::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:ea:e6:64:d3:e9:87:09:77:4b:dd:7e:4f:50:ed:70:c7:0c:
         36:27:62:70:fc:6b:8c:d2:cd:96:b0:15:56:f0:26:c8:b5:40:
         64:d0:ca:12:46:21:f6:b4:07:be:9f:eb:36:0d:53:5b:73:b2:
         8f:e8:95:db:b8:f7:33:6e:48:0b:f8:73:76:26:d7:c3:bc:80:
         9c:45:12:1c:c1:e4:cf:39:8a:6a:7c:ca:91:09:81:09:22:62:
         d6:27:af:2c:38:90:44:73:ed:db:58:dc:33:64:1b:5b:0c:04:
         fb:d1:b2:97:99:a1:23:55:21:fa:d8:03:6e:42:ed:d3:78:24:
         69:2f:64:80:3b:e0:a4:fe:df:67:23:5b:f5:56:4c:d1:12:8c:
         b1:29:ef:3e:28:6d:e7:82:58:5c:bf:d5:f4:97:75:bb:d0:83:
         95:bc:20:ba:cd:83:f3:56:99:fb:bd:3b:bd:58:ba:8d:f9:53:
         5b:c2:b1:3b:2f:18:c4:dd:46:71:05:4f:ef:6c:89:13:f4:3e:
         6f:b8:b4:81:6b:b4:3f:a1:62:7d:13:00:b0:72:12:69:a4:77:
         dc:42:c3:c5:f4:ab:8e:66:b7:a7:de:2d:c5:93:f6:23:11:93:
         ed:d6:ec:31:a3:de:15:47:50:4c:76:c1:23:cf:8b:a2:0d:ac:
         02:3e:61:36
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZk3m2kASb5MFsgQAi2zGJA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjUwOTExMDcwOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWU0NDc4NjhiMTY2ODQ5ZmNkNGU5MGRjYWViMDI2NzA1NWRlZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWeU38uD6b4rZNShVDkNhUDd8dPH
QWqS7RW/hnleC2xyAGZoUefy7pVe8lZX/CR/3LmrDaH0DXFfwfz3Uq8Du/St+d+K
VpjBoRvt6qBEZ35LjBPbhzRy9Ia1BJss1dTpmHOjLx+0W7MQbIWDPIj4wIKXLhk/
yZSBgbBo3fYeVClAfr7jIiDMs2wE/TZzVQTd4eBQTWDDcohg5lccpK7VMa2JoC2H
QNNk38hJLiknUuB6lsD+F9IimQm+5Yj9dOQOqZdR39Y4HhqQ1uo4P+T0u3LNIhq+
2+LI7UJybr9f3RE2AaF8msPOLeWg/oajhVEAuDO2ukNsX5s3DKECpol76wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOXkR4aLFmhJ/NTpDcrrAmcFXe3RMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvNWVSSGhvc1dhRW44MU9rTnl1c0Nad1ZkN2RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgvsgjAN
BgkqhkiG9w0BAQsFAAOCAQEAE+rmZNPphwl3S91+T1DtcMcMNidicPxrjNLNlrAV
VvAmyLVAZNDKEkYh9rQHvp/rNg1TW3Oyj+iV27j3M25IC/hzdibXw7yAnEUSHMHk
zzmKanzKkQmBCSJi1ievLDiQRHPt21jcM2QbWwwE+9Gyl5mhI1Uh+tgDbkLt03gk
aS9kgDvgpP7fZyNb9VZM0RKMsSnvPiht54JYXL/V9Jd1u9CDlbwgus2D81aZ+707
vVi6jflTW8KxOy8YxN1GcQVP72yJE/Q+b7i0gWu0P6FifRMAsHISaaR33ELDxfSr
jma3p94txZP2IxGT7dbsMaPeFUdQTHbBI8+Log2sAj5hNg==
-----END CERTIFICATE-----