Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/F5SXWyUm41-qkuOd__UBu5ZYrSY.roa
File:                     F5SXWyUm41-qkuOd__UBu5ZYrSY.roa (raw, json)
Hash identifier:          QyO2QROk1PAtQ6dNe6T6JVhZDB31OUNUyU3/EC3+J64=
Subject key identifier:   17:94:97:5B:25:26:E3:5F:AA:92:E3:9D:FF:F5:01:BB:96:58:AD:26
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019953633F6306D749ACC49FB216C8A56D81
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/F5SXWyUm41-qkuOd__UBu5ZYrSY.roa
Signing time:             Tue 16 Sep 2025 16:37:17 +0000
ROA not before:           Tue 16 Sep 2025 16:37:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212094
IP address blocks:        2a0e:97c0:480::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 19:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:53:63:3f:63:06:d7:49:ac:c4:9f:b2:16:c8:a5:6d:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 16 16:37:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1794975b2526e35faa92e39dfff501bb9658ad26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f4:88:5a:e3:1b:98:2f:26:82:3b:9f:8e:72:
                    ba:1b:8b:91:b6:f1:65:96:86:03:3f:77:1d:5f:09:
                    f7:08:3d:d2:71:b5:b7:d7:c3:3d:f5:fe:07:04:8f:
                    9e:1c:32:a3:c9:73:95:cf:d5:25:fe:12:67:7d:65:
                    30:4a:43:6d:8d:03:06:1b:40:dd:00:91:1e:d2:5a:
                    ba:78:30:7e:c1:5f:c2:1a:6f:53:09:73:60:4c:d6:
                    05:f9:ca:0e:ec:52:f2:74:73:c1:6b:10:ec:c3:65:
                    bb:b4:83:d2:b9:7b:98:5b:c5:ff:8d:ea:df:b1:a2:
                    8b:b7:ca:e6:e2:71:77:7d:fd:bc:eb:2b:28:5f:91:
                    57:19:7b:e7:19:ee:8a:c1:da:1f:05:f6:53:af:6a:
                    83:bb:7f:41:51:07:88:a3:0a:ad:14:4e:03:32:73:
                    c3:c9:85:1b:cd:45:84:bc:f7:c1:ed:af:f6:b3:68:
                    3d:95:2b:63:f9:36:86:b6:7e:9a:68:6a:31:22:69:
                    32:d7:bb:94:ae:f2:9b:42:59:8f:9c:69:52:1e:ab:
                    2f:68:f6:c2:39:86:dd:07:6e:b8:90:9f:52:7d:62:
                    1e:90:13:86:22:be:2a:96:d9:11:ea:be:6f:31:e4:
                    07:6c:47:32:0f:15:b1:1f:01:a4:6c:3c:cb:98:4b:
                    60:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:94:97:5B:25:26:E3:5F:AA:92:E3:9D:FF:F5:01:BB:96:58:AD:26
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/F5SXWyUm41-qkuOd__UBu5ZYrSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:480::/44

    Signature Algorithm: sha256WithRSAEncryption
         c8:2c:1d:6e:0c:9e:9a:0a:bd:9e:b4:b1:b4:09:b4:11:9b:46:
         1c:ea:48:68:e8:99:f3:f6:ba:7d:97:23:83:3a:11:a8:74:fd:
         74:c4:58:3d:8c:f4:d5:2c:7b:c4:a9:34:f0:4e:0c:cd:a6:c6:
         3b:46:d5:9e:54:c4:67:0c:15:70:5f:4a:ea:c3:97:38:cb:22:
         2f:fb:92:df:9b:90:29:88:6d:c4:ca:cf:8c:b0:04:38:d6:d3:
         79:e3:8b:66:40:f6:86:84:42:31:67:d1:1e:02:99:67:7f:0c:
         40:4b:cb:23:c1:b9:83:f3:a1:5f:f5:33:d6:bd:80:b8:5b:38:
         fc:62:88:d6:b4:68:9a:a9:57:29:46:05:c4:6b:a6:88:71:67:
         28:ee:6e:ff:16:da:ba:ca:3c:6e:02:66:c9:f1:54:c5:64:93:
         99:68:eb:3f:6a:ff:54:f6:d2:1c:59:4c:d7:e8:36:92:a4:9b:
         09:e0:c8:21:f4:3e:50:7d:cb:b0:1d:7a:5a:f3:88:d1:95:42:
         fa:04:e0:a0:3f:13:d4:7f:e4:42:fe:b5:5b:66:93:40:81:56:
         12:29:68:99:da:b5:20:4f:5b:13:57:26:81:2f:e9:a2:c1:c0:
         7b:30:95:ae:bc:e2:bd:47:a8:dd:ab:d1:8a:ba:1b:f3:51:3c:
         cd:cb:fa:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlTYz9jBtdJrMSfshbIpW2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwOTE2MTYzNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzk0OTc1YjI1MjZlMzVmYWE5MmUzOWRmZmY1MDFiYjk2NThhZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvSIWuMbmC8mgjufjnK6G4uRtvFl
loYDP3cdXwn3CD3ScbW318M99f4HBI+eHDKjyXOVz9Ul/hJnfWUwSkNtjQMGG0Dd
AJEe0lq6eDB+wV/CGm9TCXNgTNYF+coO7FLydHPBaxDsw2W7tIPSuXuYW8X/jerf
saKLt8rm4nF3ff286ysoX5FXGXvnGe6KwdofBfZTr2qDu39BUQeIowqtFE4DMnPD
yYUbzUWEvPfB7a/2s2g9lStj+TaGtn6aaGoxImky17uUrvKbQlmPnGlSHqsvaPbC
OYbdB264kJ9SfWIekBOGIr4qltkR6r5vMeQHbEcyDxWxHwGkbDzLmEtgFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBeUl1slJuNfqpLjnf/1AbuWWK0mMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRjVTWFd5VW00MS1xa3VPZF9fVUJ1NVpZclNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwASA
MA0GCSqGSIb3DQEBCwUAA4IBAQDILB1uDJ6aCr2etLG0CbQRm0Yc6kho6Jnz9rp9
lyODOhGodP10xFg9jPTVLHvEqTTwTgzNpsY7RtWeVMRnDBVwX0rqw5c4yyIv+5Lf
m5ApiG3Eys+MsAQ41tN544tmQPaGhEIxZ9EeAplnfwxAS8sjwbmD86Ff9TPWvYC4
Wzj8YojWtGiaqVcpRgXEa6aIcWco7m7/Ftq6yjxuAmbJ8VTFZJOZaOs/av9U9tIc
WUzX6DaSpJsJ4Mgh9D5QfcuwHXpa84jRlUL6BOCgPxPUf+RC/rVbZpNAgVYSKWiZ
2rUgT1sTVyaBL+miwcB7MJWuvOK9R6jdq9GKuhvzUTzNy/o0
-----END CERTIFICATE-----