Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/3f72d7-b5b5-4dc2-9f02-1554f1d3b9b6/1/XboEdK3xIDFvJjunJFetI7wr7Xs.roa
File:                     XboEdK3xIDFvJjunJFetI7wr7Xs.roa (raw, json)
Hash identifier:          DUjE1oXn69cTox8Qm8z0w4X18Z6oVVbesmMEJc9r5hI=
Subject key identifier:   5D:BA:04:74:AD:F1:20:31:6F:26:3B:A7:24:57:AD:23:BC:2B:ED:7B
Certificate issuer:       /CN=7c99016af748a48fce84f63f5e3a89331427dd8c
Certificate serial:       019A6AD6DE25D433EC158A1295A2FDA1104D
Authority key identifier: 7C:99:01:6A:F7:48:A4:8F:CE:84:F6:3F:5E:3A:89:33:14:27:DD:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fJkBavdIpI_OhPY_XjqJMxQn3Yw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/3f72d7-b5b5-4dc2-9f02-1554f1d3b9b6/1/XboEdK3xIDFvJjunJFetI7wr7Xs.roa
Signing time:             Sun 09 Nov 2025 22:57:37 +0000
ROA not before:           Sun 09 Nov 2025 22:57:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209894
IP address blocks:        217.70.1.0/24 maxlen: 24
                          2a14:440::/30 maxlen: 30
                          2a14:440:1000::/36 maxlen: 36
                          2a14:440:2000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/3f72d7-b5b5-4dc2-9f02-1554f1d3b9b6/1/fJkBavdIpI_OhPY_XjqJMxQn3Yw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/3f72d7-b5b5-4dc2-9f02-1554f1d3b9b6/1/fJkBavdIpI_OhPY_XjqJMxQn3Yw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fJkBavdIpI_OhPY_XjqJMxQn3Yw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6a:d6:de:25:d4:33:ec:15:8a:12:95:a2:fd:a1:10:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c99016af748a48fce84f63f5e3a89331427dd8c
        Validity
            Not Before: Nov  9 22:57:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dba0474adf120316f263ba72457ad23bc2bed7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:13:ce:83:db:02:8e:ee:76:76:55:8a:04:ac:
                    f4:c6:71:71:4b:d8:f4:43:16:03:a6:ee:f1:4d:f7:
                    13:8b:91:7f:86:05:e7:98:e7:47:18:1a:41:bf:4a:
                    3e:8e:de:25:12:9c:94:41:c5:17:6d:58:b7:89:fb:
                    a1:ea:9d:86:6e:77:fb:1b:cc:06:24:6e:23:33:bc:
                    0e:05:bf:69:e7:9a:5e:18:3d:0a:45:2b:19:1e:67:
                    65:e2:12:b1:dc:80:ec:73:63:94:97:66:d7:04:46:
                    1f:a8:cd:2e:59:01:31:39:20:55:fe:3e:f9:69:68:
                    39:00:7b:94:98:e5:05:f9:d5:03:f2:87:0f:cc:72:
                    bc:ea:6a:0a:b3:54:ec:7c:de:06:84:05:35:ac:47:
                    8a:f7:7a:b6:29:0d:21:39:22:7d:d2:cc:93:4e:2f:
                    36:1a:f7:42:0e:32:b0:fe:38:a0:48:01:86:e4:ed:
                    8c:53:a6:db:fd:27:d2:85:2c:ff:f3:90:b4:11:25:
                    ae:8d:31:67:aa:aa:d0:ad:db:a1:56:14:26:63:8c:
                    15:d8:b1:a2:47:c8:b1:85:cc:c7:30:f1:76:e7:c0:
                    e5:f4:a5:29:cd:18:fc:d8:27:c9:af:b4:4a:ac:cc:
                    4c:b2:9c:ba:df:b5:f9:97:ee:2c:63:ca:90:30:f3:
                    e5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:BA:04:74:AD:F1:20:31:6F:26:3B:A7:24:57:AD:23:BC:2B:ED:7B
            X509v3 Authority Key Identifier:
                keyid:7C:99:01:6A:F7:48:A4:8F:CE:84:F6:3F:5E:3A:89:33:14:27:DD:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fJkBavdIpI_OhPY_XjqJMxQn3Yw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/3f72d7-b5b5-4dc2-9f02-1554f1d3b9b6/1/XboEdK3xIDFvJjunJFetI7wr7Xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/3f72d7-b5b5-4dc2-9f02-1554f1d3b9b6/1/fJkBavdIpI_OhPY_XjqJMxQn3Yw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.70.1.0/24
                IPv6:
                  2a14:440::/30

    Signature Algorithm: sha256WithRSAEncryption
         96:d4:24:51:f1:c7:3a:d8:ea:f3:80:3d:dd:b6:9f:2f:5b:00:
         0a:14:70:c2:a8:10:b3:f6:47:06:48:96:21:b9:c1:c0:c7:ae:
         d7:e1:87:bb:e7:fd:9b:98:31:a3:f6:8c:f8:05:03:ee:15:ba:
         fb:fe:61:8f:bb:fb:2c:10:b2:98:2c:a1:ff:aa:66:cb:20:a0:
         4d:44:77:86:2a:1d:22:13:d0:26:4c:25:3b:60:34:05:aa:79:
         61:ab:da:a7:2b:cb:9a:17:c2:b9:6d:8e:e8:aa:3d:e6:35:a5:
         f2:81:80:a1:9d:bb:d0:fb:2c:07:c2:8f:5c:c9:7d:17:96:c5:
         aa:e3:0a:93:14:54:93:89:42:c9:a7:86:9e:5c:64:bb:e0:d2:
         fa:8e:00:15:2a:d9:b4:f2:fb:bc:6a:a9:24:2b:0d:1e:89:16:
         90:63:70:2b:a5:22:1c:02:7d:2f:2f:8c:c9:74:af:44:3f:c8:
         19:14:57:05:bf:e7:96:f7:cb:15:9b:b2:20:a3:43:01:e9:e0:
         fd:5c:e2:33:a7:4d:cc:0b:04:20:aa:3d:b1:9a:64:58:b6:e4:
         86:ec:d9:b7:db:a5:94:4a:d4:80:ce:38:e6:79:df:98:5d:96:
         9c:45:24:c7:0e:dd:14:a2:a4:85:a7:43:0e:c4:11:10:47:eb:
         fd:93:2b:bb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZpq1t4l1DPsFYoSlaL9oRBNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjOTkwMTZhZjc0OGE0OGZjZTg0ZjYzZjVlM2E4OTMzMTQy
N2RkOGMwHhcNMjUxMTA5MjI1NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGJhMDQ3NGFkZjEyMDMxNmYyNjNiYTcyNDU3YWQyM2JjMmJlZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRPOg9sCju52dlWKBKz0xnFxS9j0
QxYDpu7xTfcTi5F/hgXnmOdHGBpBv0o+jt4lEpyUQcUXbVi3ifuh6p2Gbnf7G8wG
JG4jM7wOBb9p55peGD0KRSsZHmdl4hKx3IDsc2OUl2bXBEYfqM0uWQExOSBV/j75
aWg5AHuUmOUF+dUD8ocPzHK86moKs1TsfN4GhAU1rEeK93q2KQ0hOSJ90syTTi82
GvdCDjKw/jigSAGG5O2MU6bb/SfShSz/85C0ESWujTFnqqrQrduhVhQmY4wV2LGi
R8ixhczHMPF258Dl9KUpzRj82CfJr7RKrMxMspy637X5l+4sY8qQMPPlaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF26BHSt8SAxbyY7pyRXrSO8K+17MB8GA1UdIwQY
MBaAFHyZAWr3SKSPzoT2P146iTMUJ92MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkprQmF2ZElwSV9PaFBZX1hqcUpNeFFuM1l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8zZjcyZDctYjViNS00ZGMyLTlmMDIt
MTU1NGYxZDNiOWI2LzEvWGJvRWRLM3hJREZ2Smp1bkpGZXRJN3dyN1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8zZjcyZDctYjViNS00ZGMyLTlmMDItMTU1NGYxZDNiOWI2
LzEvZkprQmF2ZElwSV9PaFBZX1hqcUpNeFFuM1l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2UYBMA0E
AgACMAcDBQIqFARAMA0GCSqGSIb3DQEBCwUAA4IBAQCW1CRR8cc62OrzgD3dtp8v
WwAKFHDCqBCz9kcGSJYhucHAx67X4Ye75/2bmDGj9oz4BQPuFbr7/mGPu/ssELKY
LKH/qmbLIKBNRHeGKh0iE9AmTCU7YDQFqnlhq9qnK8uaF8K5bY7oqj3mNaXygYCh
nbvQ+ywHwo9cyX0XlsWq4wqTFFSTiULJp4aeXGS74NL6jgAVKtm08vu8aqkkKw0e
iRaQY3ArpSIcAn0vL4zJdK9EP8gZFFcFv+eW98sVm7Igo0MB6eD9XOIzp03MCwQg
qj2xmmRYtuSG7Nm326WUStSAzjjmed+YXZacRSTHDt0UoqSFp0MOxBEQR+v9kyu7
-----END CERTIFICATE-----