Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/9eH4i0p6oCfS5Co6koOAWFXm7Jw.roa
File:                     9eH4i0p6oCfS5Co6koOAWFXm7Jw.roa (raw, json)
Hash identifier:          tsyzy52lOJrhyfRNf4yeW+R41ItQLxSE8ed3yFpy/I0=
Subject key identifier:   F5:E1:F8:8B:4A:7A:A0:27:D2:E4:2A:3A:92:83:80:58:55:E6:EC:9C
Certificate issuer:       /CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
Certificate serial:       0198E10AE6683FCE91A6EE7AB4B329EFE0F5
Authority key identifier: D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/9eH4i0p6oCfS5Co6koOAWFXm7Jw.roa
Signing time:             Mon 25 Aug 2025 11:44:04 +0000
ROA not before:           Mon 25 Aug 2025 11:44:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        2a09:c280::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 22:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e1:0a:e6:68:3f:ce:91:a6:ee:7a:b4:b3:29:ef:e0:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
        Validity
            Not Before: Aug 25 11:44:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5e1f88b4a7aa027d2e42a3a9283805855e6ec9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9c:ef:dc:06:c2:1f:2d:fe:4b:8f:c8:08:88:
                    48:9e:5e:d9:97:b8:f4:63:01:d4:e2:f7:d9:97:31:
                    96:57:8d:ec:37:62:c7:d4:60:b2:db:09:50:71:0a:
                    e2:5c:dc:f8:19:e1:60:a2:33:d3:2d:91:6d:fb:4e:
                    02:d5:b4:9d:25:98:6a:29:8b:1b:46:f7:d4:fa:88:
                    79:f0:d1:d7:a9:b4:47:70:8b:0b:b4:25:0f:26:01:
                    18:9d:ac:93:df:a1:9c:79:2f:1c:74:e1:96:c4:fe:
                    86:e6:3c:59:f8:e7:a7:b4:39:3d:3f:7d:39:aa:3f:
                    00:a2:31:37:3d:64:fa:f9:2c:53:9b:fc:36:98:d7:
                    4e:39:98:c9:d7:e4:1e:f3:a5:f2:2a:62:1d:42:36:
                    40:46:78:aa:25:b0:cf:a4:ba:8f:e0:87:8b:06:f4:
                    06:fe:1c:3c:f1:65:19:8c:5c:e2:a9:aa:9d:3b:a5:
                    7b:89:b9:63:a4:40:61:88:72:c1:ca:2c:31:6e:78:
                    94:bb:2a:21:86:f6:cb:fc:99:23:fd:5a:39:9f:bf:
                    ac:71:64:82:0a:66:22:2b:3e:8e:53:d7:97:1e:02:
                    47:96:ed:71:d5:46:c6:70:29:13:82:0e:31:da:8e:
                    8e:4a:f3:81:6c:d4:cb:10:57:dc:1f:e8:88:6b:26:
                    b8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E1:F8:8B:4A:7A:A0:27:D2:E4:2A:3A:92:83:80:58:55:E6:EC:9C
            X509v3 Authority Key Identifier:
                keyid:D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/9eH4i0p6oCfS5Co6koOAWFXm7Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:c280::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:34:f4:10:5c:4c:91:c1:5e:f3:71:b6:82:53:91:53:aa:25:
         12:b2:13:1f:cf:43:86:0b:94:87:55:04:81:29:25:76:58:50:
         c6:90:35:29:ea:59:08:23:ef:ce:8f:01:fa:57:78:84:16:d0:
         ca:22:12:05:14:3e:68:4f:d2:de:8a:cd:20:95:91:da:88:cd:
         db:5a:e5:29:95:6f:0f:24:20:30:93:50:8d:99:fb:88:fa:3b:
         a7:56:d3:f1:5a:01:0c:6e:72:a3:98:a2:e0:67:82:be:0a:ca:
         54:9b:61:60:ab:e2:96:11:7e:56:d1:3c:62:3e:83:cc:58:c0:
         67:68:2f:9a:dd:f7:74:26:d0:0c:d8:b2:9b:c4:ce:b6:1d:f5:
         9f:ca:94:73:55:10:44:1d:90:1e:35:2a:78:ad:d7:af:32:47:
         36:6f:e7:23:1d:57:c8:49:81:10:00:17:76:99:e2:c1:a0:a4:
         a9:38:d1:f1:2e:89:3d:ce:32:58:c8:8d:d5:37:e7:ed:5d:97:
         71:42:af:43:2e:f5:e6:c0:f1:64:4a:87:ec:22:6f:0e:e5:79:
         61:34:75:c0:5e:eb:99:91:1e:8f:2e:28:3e:be:a3:d9:0d:0b:
         15:6a:ee:af:83:fe:4a:a3:bf:01:02:6c:cc:23:69:90:fc:74:
         75:76:ad:38
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZjhCuZoP86Rpu56tLMp7+D1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZTY3MzNmYTIzOWM1ZmIwYzQzOGM4MmY3YzIzMGY1NWQ0
NzhjYjEwHhcNMjUwODI1MTE0NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWUxZjg4YjRhN2FhMDI3ZDJlNDJhM2E5MjgzODA1ODU1ZTZlYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJzv3AbCHy3+S4/ICIhInl7Zl7j0
YwHU4vfZlzGWV43sN2LH1GCy2wlQcQriXNz4GeFgojPTLZFt+04C1bSdJZhqKYsb
RvfU+oh58NHXqbRHcIsLtCUPJgEYnayT36GceS8cdOGWxP6G5jxZ+OentDk9P305
qj8AojE3PWT6+SxTm/w2mNdOOZjJ1+Qe86XyKmIdQjZARniqJbDPpLqP4IeLBvQG
/hw88WUZjFziqaqdO6V7ibljpEBhiHLByiwxbniUuyohhvbL/Jkj/Vo5n7+scWSC
CmYiKz6OU9eXHgJHlu1x1UbGcCkTgg4x2o6OSvOBbNTLEFfcH+iIaya4MwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPXh+ItKeqAn0uQqOpKDgFhV5uycMB8GA1UdIwQY
MBaAFNXmcz+iOcX7DEOMgvfCMPVdR4yxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQt
YTM4YjY3OTVmYjI0LzEvOWVINGkwcDZvQ2ZTNUNvNmtvT0FXRlhtN0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQtYTM4YjY3OTVmYjI0
LzEvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgnCgDAN
BgkqhkiG9w0BAQsFAAOCAQEAnzT0EFxMkcFe83G2glORU6olErITH89DhguUh1UE
gSkldlhQxpA1KepZCCPvzo8B+ld4hBbQyiISBRQ+aE/S3orNIJWR2ojN21rlKZVv
DyQgMJNQjZn7iPo7p1bT8VoBDG5yo5ii4GeCvgrKVJthYKvilhF+VtE8Yj6DzFjA
Z2gvmt33dCbQDNiym8TOth31n8qUc1UQRB2QHjUqeK3XrzJHNm/nIx1XyEmBEAAX
dpniwaCkqTjR8S6JPc4yWMiN1Tfn7V2XcUKvQy715sDxZEqH7CJvDuV5YTR1wF7r
mZEejy4oPr6j2Q0LFWrur4P+SqO/AQJszCNpkPx0dXatOA==
-----END CERTIFICATE-----