Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/IRmudDJx5_EjLt-XvxRGImz-Y1k.roa
File:                     IRmudDJx5_EjLt-XvxRGImz-Y1k.roa (raw, json)
Hash identifier:          dZcoV0hfAf7VrIFBLVBxvxCGxczM5zquuDSQUk9FAwg=
Subject key identifier:   21:19:AE:74:32:71:E7:F1:23:2E:DF:97:BF:14:46:22:6C:FE:63:59
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019A00DA2E20429C1C297F8E7BABF405D15C
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/IRmudDJx5_EjLt-XvxRGImz-Y1k.roa
Signing time:             Mon 20 Oct 2025 09:01:29 +0000
ROA not before:           Mon 20 Oct 2025 09:01:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0b:b86:ffc0::/48 maxlen: 48
                          2a0b:b87:ffef::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 21:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:00:da:2e:20:42:9c:1c:29:7f:8e:7b:ab:f4:05:d1:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Oct 20 09:01:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2119ae743271e7f1232edf97bf1446226cfe6359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:da:e8:0d:db:ac:f4:f2:b7:7b:58:28:c8:ce:
                    72:6a:7d:22:04:4e:ca:fb:34:53:b1:74:b2:08:3a:
                    22:0f:2e:0d:59:74:34:db:51:32:46:4f:9b:74:90:
                    f5:3b:92:c9:f8:48:d3:8c:2b:f1:04:f9:1b:63:ec:
                    59:7e:c8:b4:2f:b1:53:d6:4f:b8:a0:f3:a7:6f:48:
                    d2:26:16:6c:dc:f8:b9:74:fe:d0:c9:16:00:45:21:
                    24:10:9c:90:a1:e9:69:61:b8:e7:be:de:2a:ee:83:
                    4d:ae:ce:5b:af:f8:18:fc:0d:c5:53:59:de:14:bc:
                    d5:89:26:09:da:1d:15:e8:8f:ab:0e:7c:b5:01:16:
                    b0:90:43:85:1c:11:6f:f3:dd:aa:54:23:11:7a:f2:
                    2c:75:c0:80:47:ea:64:8d:bb:a4:96:e2:76:12:52:
                    7c:69:c4:49:f8:c4:78:11:48:c6:60:fd:84:85:87:
                    01:7a:7d:d8:a2:55:30:06:f9:c0:34:cf:a9:f2:f1:
                    6d:8a:7b:63:8a:5a:14:fd:e1:56:8d:d9:66:39:c8:
                    5b:0b:66:45:87:e3:7f:07:57:04:41:4c:9e:9c:7a:
                    be:5f:25:26:1e:40:45:25:ea:92:f2:bb:ea:ee:c2:
                    c5:71:79:76:4e:63:1e:74:e8:46:d3:4a:e3:28:c5:
                    df:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:19:AE:74:32:71:E7:F1:23:2E:DF:97:BF:14:46:22:6C:FE:63:59
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/IRmudDJx5_EjLt-XvxRGImz-Y1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b86:ffc0::/48
                  2a0b:b87:ffef::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:51:f8:94:60:14:4e:db:02:a8:bf:2e:89:e6:7e:1b:18:8c:
         b5:19:7f:aa:23:3c:82:e0:ff:68:12:3a:97:bf:de:30:b1:67:
         82:f6:da:68:5c:25:9d:5b:3c:85:55:c8:59:a2:60:99:71:f0:
         eb:b9:05:40:9e:7c:0f:c4:4f:b4:bc:02:86:a3:d0:4b:a9:b3:
         af:6e:18:e7:b2:6b:20:b3:28:ff:ad:ca:75:d0:4c:6e:b2:e6:
         d7:10:ae:41:6c:70:d3:3f:f6:5f:71:0e:74:50:c1:72:17:63:
         da:b1:22:73:a1:6f:63:83:d4:56:5d:9a:4e:09:61:d2:db:8f:
         e0:3d:fe:41:b5:a8:e5:a4:7b:f7:01:78:f2:00:80:5a:df:64:
         f1:18:18:07:ec:f7:a7:5c:33:f4:17:ee:51:76:25:a6:2f:32:
         47:a6:ce:9a:13:f9:c4:b3:76:30:27:08:89:7c:8f:d0:92:fe:
         fc:76:75:79:e8:f0:f4:77:a1:5d:e0:90:f1:02:68:0d:7b:ef:
         36:29:90:7c:c5:c1:50:3f:af:b5:d9:49:0c:51:ba:b7:83:1d:
         fb:2c:67:f8:5b:31:af:b0:c3:b2:1b:e5:f8:94:d2:f7:fc:78:
         77:8c:fb:56:c1:89:c9:d0:8e:e0:46:44:38:b0:bd:6d:08:6a:
         51:4a:c5:77
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoA2i4gQpwcKX+Oe6v0BdFcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUxMDIwMDkwMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTE5YWU3NDMyNzFlN2YxMjMyZWRmOTdiZjE0NDYyMjZjZmU2MzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9roDdus9PK3e1goyM5yan0iBE7K
+zRTsXSyCDoiDy4NWXQ021EyRk+bdJD1O5LJ+EjTjCvxBPkbY+xZfsi0L7FT1k+4
oPOnb0jSJhZs3Pi5dP7QyRYARSEkEJyQoelpYbjnvt4q7oNNrs5br/gY/A3FU1ne
FLzViSYJ2h0V6I+rDny1ARawkEOFHBFv892qVCMRevIsdcCAR+pkjbukluJ2ElJ8
acRJ+MR4EUjGYP2EhYcBen3YolUwBvnANM+p8vFtintjiloU/eFWjdlmOchbC2ZF
h+N/B1cEQUyenHq+XyUmHkBFJeqS8rvq7sLFcXl2TmMedOhG00rjKMXf3QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCEZrnQycefxIy7fl78URiJs/mNZMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvSVJtdWRESng1X0VqTHQtWHZ4UkdJbXotWTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgsLhv/A
AwcAKgsLh//vMA0GCSqGSIb3DQEBCwUAA4IBAQDGUfiUYBRO2wKovy6J5n4bGIy1
GX+qIzyC4P9oEjqXv94wsWeC9tpoXCWdWzyFVchZomCZcfDruQVAnnwPxE+0vAKG
o9BLqbOvbhjnsmsgsyj/rcp10ExusubXEK5BbHDTP/ZfcQ50UMFyF2PasSJzoW9j
g9RWXZpOCWHS24/gPf5BtajlpHv3AXjyAIBa32TxGBgH7PenXDP0F+5RdiWmLzJH
ps6aE/nEs3YwJwiJfI/Qkv78dnV56PD0d6Fd4JDxAmgNe+82KZB8xcFQP6+12UkM
Ubq3gx37LGf4WzGvsMOyG+X4lNL3/Hh3jPtWwYnJ0I7gRkQ4sL1tCGpRSsV3
-----END CERTIFICATE-----