Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/clHFCEb5wqBKf4a5puUxuyYMN3Y.roa
File:                     clHFCEb5wqBKf4a5puUxuyYMN3Y.roa (raw, json)
Hash identifier:          LEp8egXdAK+E9XaI71u6lIkiFCvHa5rY9QM7CEXd9Wk=
Subject key identifier:   72:51:C5:08:46:F9:C2:A0:4A:7F:86:B9:A6:E5:31:BB:26:0C:37:76
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019A698D4A020F1A686E1204F6DE46595EF0
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/clHFCEb5wqBKf4a5puUxuyYMN3Y.roa
Signing time:             Sun 09 Nov 2025 16:57:38 +0000
ROA not before:           Sun 09 Nov 2025 16:57:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209216
IP address blocks:        5.83.148.0/24 maxlen: 24
                          5.175.210.0/24 maxlen: 24
                          2a02:2fc0:16::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:69:8d:4a:02:0f:1a:68:6e:12:04:f6:de:46:59:5e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov  9 16:57:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7251c50846f9c2a04a7f86b9a6e531bb260c3776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b4:bf:07:63:57:b8:e0:12:3b:28:6f:b7:38:
                    f2:bc:ad:99:ea:97:26:59:10:0e:e2:0d:33:fa:a0:
                    ff:a3:61:a4:a3:a7:c6:29:53:39:bf:c2:f8:51:1d:
                    0a:04:a7:12:b9:51:ad:96:5b:a0:6a:56:3e:3b:c5:
                    e3:59:02:2b:48:1f:f9:5b:a3:45:6b:81:cd:26:1c:
                    02:b1:65:6b:55:f3:67:22:05:6c:92:61:3f:18:84:
                    f7:c8:c4:43:ad:77:91:f7:cb:f0:84:29:f7:0d:47:
                    f2:3e:54:9b:80:81:0d:92:4c:34:7c:63:60:47:29:
                    11:b2:e9:64:ff:b9:81:de:d8:49:15:8b:39:76:2f:
                    83:bb:15:4b:44:57:3a:fe:36:f0:99:8f:2f:e4:07:
                    d8:4e:60:e4:b5:5b:3c:fe:66:9b:ec:0a:c6:83:73:
                    f1:43:6d:cf:47:f5:3f:9e:f9:7d:3c:d3:37:5f:e8:
                    4b:8a:b7:05:a4:42:e2:b2:d3:9d:34:b2:08:d2:72:
                    f0:cd:30:45:7e:39:92:33:87:03:fc:dc:f8:65:39:
                    9e:27:eb:73:3e:1f:d5:01:10:34:6e:31:dc:cc:c1:
                    ba:ea:15:79:cb:c4:23:bd:8a:1f:0f:ef:88:02:e5:
                    54:ed:e9:e7:73:9c:c8:26:ba:92:d0:16:22:23:49:
                    d6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:51:C5:08:46:F9:C2:A0:4A:7F:86:B9:A6:E5:31:BB:26:0C:37:76
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/clHFCEb5wqBKf4a5puUxuyYMN3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.148.0/24
                  5.175.210.0/24
                IPv6:
                  2a02:2fc0:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:0f:41:e5:80:a8:66:7c:da:b1:c4:1c:dd:93:02:e3:0a:80:
         33:9e:bc:a8:df:cc:da:ce:e7:de:21:b9:d3:29:49:05:b3:d7:
         55:29:16:14:a2:5a:5b:e4:55:aa:66:d8:d7:3c:4c:b3:3b:ca:
         4a:6e:33:7c:76:73:33:21:06:4d:e7:58:b2:10:bf:00:5f:64:
         38:92:31:2d:6b:0b:d0:f4:a7:13:98:48:23:43:fa:8e:5b:b5:
         6f:4f:0d:cb:0d:e4:c3:d0:0f:1a:14:83:88:7b:a1:84:b9:06:
         ca:b4:e7:49:60:e4:c4:fc:13:fa:7d:a2:97:da:34:3f:fe:3e:
         73:53:2e:89:d0:a5:27:d1:7f:e1:e3:45:44:8e:c0:b9:63:35:
         c7:eb:68:6f:a1:ce:52:0c:4d:b9:6d:b6:c0:31:b7:70:39:db:
         f1:7b:00:68:71:15:14:91:d5:0d:3e:a1:68:e4:22:7e:86:93:
         b6:ad:bf:81:36:6a:6c:35:c2:22:6a:8f:0c:b4:a1:f8:4a:12:
         1c:91:69:f5:33:2d:76:b6:5d:da:e9:87:1f:08:6e:28:a4:f5:
         22:a6:f9:8e:f6:8c:d8:95:b9:e5:ea:19:2f:4c:83:1d:32:5e:
         a1:65:c3:8a:0e:ed:db:25:0c:aa:5a:d1:94:c0:31:e9:fa:69:
         c4:dd:a4:39
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZppjUoCDxpobhIE9t5GWV7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMTA5MTY1NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjUxYzUwODQ2ZjljMmEwNGE3Zjg2YjlhNmU1MzFiYjI2MGMzNzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLS/B2NXuOASOyhvtzjyvK2Z6pcm
WRAO4g0z+qD/o2Gko6fGKVM5v8L4UR0KBKcSuVGtllugalY+O8XjWQIrSB/5W6NF
a4HNJhwCsWVrVfNnIgVskmE/GIT3yMRDrXeR98vwhCn3DUfyPlSbgIENkkw0fGNg
RykRsulk/7mB3thJFYs5di+DuxVLRFc6/jbwmY8v5AfYTmDktVs8/mab7ArGg3Px
Q23PR/U/nvl9PNM3X+hLircFpEListOdNLII0nLwzTBFfjmSM4cD/Nz4ZTmeJ+tz
Ph/VARA0bjHczMG66hV5y8QjvYofD++IAuVU7ennc5zIJrqS0BYiI0nWCQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHJRxQhG+cKgSn+GuablMbsmDDd2MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvY2xIRkNFYjV3cUJLZjRhNXB1VXh1eVlNTjNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQABVOUAwQA
Ba/SMA8EAgACMAkDBwAqAi/AABYwDQYJKoZIhvcNAQELBQADggEBAHgPQeWAqGZ8
2rHEHN2TAuMKgDOevKjfzNrO594hudMpSQWz11UpFhSiWlvkVapm2Nc8TLM7ykpu
M3x2czMhBk3nWLIQvwBfZDiSMS1rC9D0pxOYSCND+o5btW9PDcsN5MPQDxoUg4h7
oYS5Bsq050lg5MT8E/p9opfaND/+PnNTLonQpSfRf+HjRUSOwLljNcfraG+hzlIM
TblttsAxt3A52/F7AGhxFRSR1Q0+oWjkIn6Gk7atv4E2amw1wiJqjwy0ofhKEhyR
afUzLXa2Xdrphx8Ibiik9SKm+Y72jNiVueXqGS9Mgx0yXqFlw4oO7dslDKpa0ZTA
Men6acTdpDk=
-----END CERTIFICATE-----