Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/HJK5hZspc0qkFXB4n4LqczlBSk4.roa
File:                     HJK5hZspc0qkFXB4n4LqczlBSk4.roa (raw, json)
Hash identifier:          jfHsrdLfsZ4SsOvCY+lXRlOQrDW18QK0+gGAJ22FE2s=
Subject key identifier:   1C:92:B9:85:9B:29:73:4A:A4:15:70:78:9F:82:EA:73:39:41:4A:4E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198DB3D040FD2F7DC963BA7ABEF2086B0A8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/HJK5hZspc0qkFXB4n4LqczlBSk4.roa
Signing time:             Sun 24 Aug 2025 08:41:05 +0000
ROA not before:           Sun 24 Aug 2025 08:41:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214537
IP address blocks:        2a0e:b107:2798::/46 maxlen: 48
                          2a0e:b107:279c::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 13:49:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:db:3d:04:0f:d2:f7:dc:96:3b:a7:ab:ef:20:86:b0:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 24 08:41:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c92b9859b29734aa41570789f82ea7339414a4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:31:7e:b4:31:89:4e:5c:fb:e1:08:38:01:a0:
                    f1:ce:72:31:64:1b:de:d6:c5:e9:e7:10:1f:36:dc:
                    c9:79:ce:80:56:24:c0:ae:a2:dc:89:b5:7a:40:9a:
                    9b:15:c2:1f:31:fb:cf:d7:73:95:29:5f:82:6f:7b:
                    3f:bf:eb:9f:4b:74:3d:57:48:d8:f3:94:2d:e7:84:
                    02:94:89:b0:4c:7c:8c:3e:85:7a:c5:31:fd:c9:54:
                    44:3d:14:c8:ad:de:fa:95:4a:0d:86:2f:82:88:41:
                    bb:17:0e:90:2d:19:a6:83:84:92:84:31:40:4d:4e:
                    33:3d:ad:c9:78:fb:83:81:ff:8b:61:a1:42:63:78:
                    c5:ce:f7:bc:f1:c1:b4:1f:ca:4f:ad:87:90:0f:2b:
                    f3:44:48:cd:64:d5:3c:58:77:32:b3:b6:53:f5:67:
                    9e:09:6d:86:2b:06:b7:66:2b:41:7e:63:64:3d:02:
                    0d:4e:75:14:eb:56:50:76:4f:1a:39:95:93:61:e0:
                    97:e9:2a:f6:fe:4c:91:22:85:55:d0:38:7b:37:51:
                    3f:89:cb:5f:65:1c:5f:7f:f2:f1:34:23:c7:29:da:
                    7c:f2:8a:92:90:f5:8a:0f:08:07:18:48:67:d3:86:
                    22:31:ac:fa:ec:6c:66:6c:f2:9e:09:3c:98:29:a1:
                    5b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:92:B9:85:9B:29:73:4A:A4:15:70:78:9F:82:EA:73:39:41:4A:4E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/HJK5hZspc0qkFXB4n4LqczlBSk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2798::/45

    Signature Algorithm: sha256WithRSAEncryption
         29:92:b0:f2:2a:99:41:ba:ed:7f:ea:2e:c6:33:ee:77:b7:7b:
         90:93:7d:ef:49:ec:a7:33:84:5c:c1:7d:05:b2:3d:3c:a3:ee:
         e5:e7:19:57:6a:47:60:db:55:c1:b3:a7:44:9c:3c:32:b1:fb:
         55:d6:00:ac:2d:d6:1c:39:f8:66:aa:24:b4:74:6f:12:51:fa:
         58:06:a9:01:80:5c:d6:83:e4:57:aa:5c:21:8b:6b:73:bc:1a:
         b6:68:b7:7f:f5:02:5a:42:ac:1d:9e:61:63:9a:85:19:78:a0:
         ef:9d:51:75:68:e7:f9:f2:9d:a9:ea:21:79:cb:a3:f1:7b:db:
         f7:20:99:c6:02:2c:7f:8e:96:68:9b:3f:4c:9f:96:ba:7f:8b:
         c3:0c:c2:35:66:6c:5c:a6:f0:35:8f:47:a2:ad:df:e2:3c:be:
         42:d7:e6:58:1a:df:99:5e:d8:f0:2a:03:ba:c2:47:5d:61:19:
         20:4e:23:99:db:56:34:99:ee:ed:da:e6:4c:13:70:18:2f:bd:
         a7:55:e6:7f:1b:19:17:5d:d7:0e:f9:25:e7:fc:ad:21:2e:6b:
         d8:db:af:46:15:9e:f1:98:86:77:85:ed:36:25:cf:fa:2d:10:
         0f:bd:10:5e:19:8a:80:c6:4a:83:e1:0c:10:b3:65:9c:81:1a:
         99:fc:1f:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZjbPQQP0vfcljunq+8ghrCoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwODI0MDg0MTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzkyYjk4NTliMjk3MzRhYTQxNTcwNzg5ZjgyZWE3MzM5NDE0YTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDF+tDGJTlz74Qg4AaDxznIxZBve
1sXp5xAfNtzJec6AViTArqLcibV6QJqbFcIfMfvP13OVKV+Cb3s/v+ufS3Q9V0jY
85Qt54QClImwTHyMPoV6xTH9yVREPRTIrd76lUoNhi+CiEG7Fw6QLRmmg4SShDFA
TU4zPa3JePuDgf+LYaFCY3jFzve88cG0H8pPrYeQDyvzREjNZNU8WHcys7ZT9Wee
CW2GKwa3ZitBfmNkPQINTnUU61ZQdk8aOZWTYeCX6Sr2/kyRIoVV0Dh7N1E/ictf
ZRxff/LxNCPHKdp88oqSkPWKDwgHGEhn04YiMaz67GxmbPKeCTyYKaFbAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBySuYWbKXNKpBVweJ+C6nM5QUpOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSEpLNWhac3BjMHFrRlhCNG40THFjemxCU2s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKg6xByeY
MA0GCSqGSIb3DQEBCwUAA4IBAQApkrDyKplBuu1/6i7GM+53t3uQk33vSeynM4Rc
wX0Fsj08o+7l5xlXakdg21XBs6dEnDwysftV1gCsLdYcOfhmqiS0dG8SUfpYBqkB
gFzWg+RXqlwhi2tzvBq2aLd/9QJaQqwdnmFjmoUZeKDvnVF1aOf58p2p6iF5y6Px
e9v3IJnGAix/jpZomz9Mn5a6f4vDDMI1ZmxcpvA1j0eird/iPL5C1+ZYGt+ZXtjw
KgO6wkddYRkgTiOZ21Y0me7t2uZME3AYL72nVeZ/GxkXXdcO+SXn/K0hLmvY269G
FZ7xmIZ3he02Jc/6LRAPvRBeGYqAxkqD4QwQs2WcgRqZ/B/C
-----END CERTIFICATE-----