Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/Xz5fRm1rvrLEvX3nzQNpvfuqwdQ.roa
File:                     Xz5fRm1rvrLEvX3nzQNpvfuqwdQ.roa (raw, json)
Hash identifier:          3vZNMQRQpFvLq3O7/5316ZbW91wqqPn0EJ7/sIa76eA=
Subject key identifier:   5F:3E:5F:46:6D:6B:BE:B2:C4:BD:7D:E7:CD:03:69:BD:FB:AA:C1:D4
Certificate issuer:       /CN=2a6edf23264b43821dae97d10bd364cb6bb7f234
Certificate serial:       019928487FDCCA8E18100570121683FC47B6
Authority key identifier: 2A:6E:DF:23:26:4B:43:82:1D:AE:97:D1:0B:D3:64:CB:6B:B7:F2:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/Xz5fRm1rvrLEvX3nzQNpvfuqwdQ.roa
Signing time:             Mon 08 Sep 2025 07:44:23 +0000
ROA not before:           Mon 08 Sep 2025 07:44:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209372
IP address blocks:        82.117.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 07:44:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:48:7f:dc:ca:8e:18:10:05:70:12:16:83:fc:47:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a6edf23264b43821dae97d10bd364cb6bb7f234
        Validity
            Not Before: Sep  8 07:44:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f3e5f466d6bbeb2c4bd7de7cd0369bdfbaac1d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:72:ee:a7:08:49:c1:69:93:cc:1b:d0:2e:0a:
                    fd:21:5f:1b:01:b3:c3:80:9c:2c:d8:67:d2:b0:96:
                    2a:07:9c:d8:aa:f6:d6:b7:d9:e2:9f:00:2b:b5:eb:
                    3a:ec:a4:a5:f6:db:0a:ee:20:91:00:0a:5b:5e:14:
                    f1:c3:5d:f4:8b:f1:e2:9e:19:6d:67:68:fd:75:d3:
                    b7:ba:ff:ef:21:d3:a3:b8:1c:4f:6f:df:6c:07:64:
                    03:97:11:33:ff:fa:c5:52:6f:b6:af:28:92:10:68:
                    d9:83:ad:3a:76:f6:ad:03:17:4e:5d:34:7a:7a:c3:
                    32:99:16:7e:53:28:a6:d6:dc:21:74:58:6b:ac:90:
                    9d:2c:83:30:28:01:c6:45:44:fc:31:03:15:fb:6d:
                    07:86:37:e3:52:30:ca:a9:53:d8:9c:c9:c1:68:7c:
                    f5:aa:78:9f:91:3c:19:a3:11:cf:5e:32:c8:55:54:
                    af:a3:36:4b:cb:96:e1:f3:24:e9:25:0d:aa:b4:48:
                    5f:21:99:df:c3:88:6d:6d:92:a3:9b:3b:0d:77:b0:
                    f1:73:a7:56:d8:a7:d4:0c:1e:a5:b5:da:85:06:0e:
                    bd:47:59:03:05:ea:b6:97:99:86:42:2f:d4:d7:ce:
                    c1:60:eb:ee:95:40:cd:a7:96:44:52:32:b8:72:93:
                    de:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:3E:5F:46:6D:6B:BE:B2:C4:BD:7D:E7:CD:03:69:BD:FB:AA:C1:D4
            X509v3 Authority Key Identifier:
                keyid:2A:6E:DF:23:26:4B:43:82:1D:AE:97:D1:0B:D3:64:CB:6B:B7:F2:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/Xz5fRm1rvrLEvX3nzQNpvfuqwdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/9bb40d-3638-449e-ae25-d428f2349660/1/Km7fIyZLQ4IdrpfRC9Nky2u38jQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.117.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:26:2a:37:ef:44:54:43:b1:c4:99:32:58:73:0e:e1:63:aa:
         a6:35:a8:74:4e:70:f4:b7:84:51:04:00:f6:aa:56:8d:fc:2b:
         83:48:8d:b0:fe:7e:60:af:be:80:79:ee:a9:52:02:a9:b7:fb:
         a2:18:87:49:0a:df:b7:f6:b2:6c:01:14:3c:c0:05:e7:ea:d6:
         da:c0:b5:18:32:0d:be:b9:ef:ca:bc:40:fe:8e:ff:fa:c5:8d:
         ad:71:e6:6f:7d:e2:10:cc:21:e1:07:3d:db:7f:3d:cd:49:a5:
         0d:04:b3:2d:8b:2f:64:3d:28:5c:0a:5d:70:c8:e6:e6:5e:5f:
         4e:cb:57:86:6c:12:c2:35:2e:3d:f3:e3:fb:46:20:1e:4c:a1:
         a4:c3:74:c7:19:0e:63:ac:b3:cc:69:54:19:17:b6:de:7b:27:
         e7:91:1e:41:e2:24:74:fa:57:0a:0c:94:7f:1d:00:cd:63:14:
         29:43:d0:5e:8e:64:c0:db:ad:80:1e:67:01:5d:d1:9c:5a:cc:
         d2:31:6d:7c:5a:fc:ea:af:53:3c:7a:5c:03:06:7e:0b:2a:3f:
         77:36:a8:73:73:32:02:fb:61:49:50:45:f3:e3:98:ce:09:7c:
         a3:91:dd:3d:aa:d4:d8:fb:f0:7f:77:d8:cf:49:15:87:ba:d6:
         1c:7e:b0:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkoSH/cyo4YEAVwEhaD/Ee2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNmVkZjIzMjY0YjQzODIxZGFlOTdkMTBiZDM2NGNiNmJi
N2YyMzQwHhcNMjUwOTA4MDc0NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjNlNWY0NjZkNmJiZWIyYzRiZDdkZTdjZDAzNjliZGZiYWFjMWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3LupwhJwWmTzBvQLgr9IV8bAbPD
gJws2GfSsJYqB5zYqvbWt9ninwArtes67KSl9tsK7iCRAApbXhTxw130i/Hinhlt
Z2j9ddO3uv/vIdOjuBxPb99sB2QDlxEz//rFUm+2ryiSEGjZg606dvatAxdOXTR6
esMymRZ+Uyim1twhdFhrrJCdLIMwKAHGRUT8MQMV+20HhjfjUjDKqVPYnMnBaHz1
qnifkTwZoxHPXjLIVVSvozZLy5bh8yTpJQ2qtEhfIZnfw4htbZKjmzsNd7Dxc6dW
2KfUDB6ltdqFBg69R1kDBeq2l5mGQi/U187BYOvulUDNp5ZEUjK4cpPe8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8+X0Zta76yxL19580Dab37qsHUMB8GA1UdIwQY
MBaAFCpu3yMmS0OCHa6X0QvTZMtrt/I0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS203Zkl5WkxRNElkcnBmUkM5Tmt5MnUzOGpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS85YmI0MGQtMzYzOC00NDllLWFlMjUt
ZDQyOGYyMzQ5NjYwLzEvWHo1ZlJtMXJ2ckxFdlgzbnpRTnB2ZnVxd2RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS85YmI0MGQtMzYzOC00NDllLWFlMjUtZDQyOGYyMzQ5NjYw
LzEvS203Zkl5WkxRNElkcnBmUkM5Tmt5MnUzOGpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnVSMA0G
CSqGSIb3DQEBCwUAA4IBAQAqJio370RUQ7HEmTJYcw7hY6qmNah0TnD0t4RRBAD2
qlaN/CuDSI2w/n5gr76Aee6pUgKpt/uiGIdJCt+39rJsARQ8wAXn6tbawLUYMg2+
ue/KvED+jv/6xY2tceZvfeIQzCHhBz3bfz3NSaUNBLMtiy9kPShcCl1wyObmXl9O
y1eGbBLCNS498+P7RiAeTKGkw3THGQ5jrLPMaVQZF7beeyfnkR5B4iR0+lcKDJR/
HQDNYxQpQ9BejmTA262AHmcBXdGcWszSMW18Wvzqr1M8elwDBn4LKj93NqhzczIC
+2FJUEXz45jOCXyjkd09qtTY+/B/d9jPSRWHutYcfrBx
-----END CERTIFICATE-----