Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/jcrKeMwqJMTtemAMkzKWhFD2rVU.roa
File:                     jcrKeMwqJMTtemAMkzKWhFD2rVU.roa (raw, json)
Hash identifier:          n5EoukIkf9K8EQpzB4yhszT7ahKHj/TAHCMwAa0iIeQ=
Subject key identifier:   8D:CA:CA:78:CC:2A:24:C4:ED:7A:60:0C:93:32:96:84:50:F6:AD:55
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019A76CA94134CC458841B6B779E7282A8A5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/jcrKeMwqJMTtemAMkzKWhFD2rVU.roa
Signing time:             Wed 12 Nov 2025 06:39:38 +0000
ROA not before:           Wed 12 Nov 2025 06:39:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149977
IP address blocks:        2a0e:97c0:aa0::/44 maxlen: 48
                          2a0f:e404:105::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:76:ca:94:13:4c:c4:58:84:1b:6b:77:9e:72:82:a8:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 12 06:39:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8dcaca78cc2a24c4ed7a600c9332968450f6ad55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:09:b4:b3:1a:37:cb:7e:69:3c:e3:36:6a:08:
                    aa:31:79:c3:44:55:b8:16:1b:1b:48:cf:de:e8:66:
                    c6:ca:f5:6a:56:c4:54:03:2d:38:ad:d1:30:da:99:
                    48:4e:10:ad:61:25:50:11:11:cd:b3:13:be:66:cf:
                    b7:98:83:6a:58:3e:8d:65:0c:2a:ff:9a:25:99:39:
                    45:d3:d0:12:f3:05:cc:d6:33:6b:53:ca:27:ce:b7:
                    73:55:c5:d3:f0:b9:85:4f:fd:6e:e0:90:cf:93:2f:
                    d6:c8:6a:75:21:db:9a:1e:16:49:c7:91:ce:30:a1:
                    97:0e:a5:7c:04:b0:18:0b:ff:10:46:14:3f:8a:0c:
                    22:76:79:81:e5:18:95:65:5f:6e:85:4a:1e:eb:0a:
                    dd:5c:e6:c9:3a:a6:da:64:ca:d5:44:af:63:ee:2c:
                    34:b2:8c:a3:49:40:42:f8:ce:20:99:92:4c:91:00:
                    f1:33:7a:b1:cd:b6:ab:6f:b8:56:b5:ab:79:a3:bd:
                    1d:d6:45:e0:0d:1e:55:b5:bf:ce:3e:ae:29:b5:ab:
                    ac:92:e1:19:81:3b:c2:65:c9:d9:cc:7a:8d:c4:f3:
                    6a:65:64:0d:35:2e:82:ba:36:c3:73:60:28:2c:0c:
                    c7:e9:54:b6:47:07:d0:ee:34:aa:15:33:62:20:34:
                    e1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:CA:CA:78:CC:2A:24:C4:ED:7A:60:0C:93:32:96:84:50:F6:AD:55
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/jcrKeMwqJMTtemAMkzKWhFD2rVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:aa0::/44
                  2a0f:e404:105::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:29:ed:02:7f:4d:1f:f1:5d:2a:4f:84:e8:f1:d3:9a:7d:30:
         ff:c0:4c:ac:eb:7a:15:c6:52:54:aa:5a:20:2e:6d:f8:ac:e4:
         e5:c2:72:b8:85:9d:df:04:a2:15:72:4f:9c:20:0b:9c:9a:6f:
         99:cb:cf:86:7f:5f:a2:23:7b:be:80:f9:4d:a5:28:28:4a:4c:
         7b:ba:da:9d:23:f6:0e:0a:97:dd:dc:e0:b4:bb:93:23:ca:54:
         8d:0c:8a:90:61:33:da:35:f9:a1:85:2d:73:76:16:86:7a:43:
         0a:42:0b:26:8e:70:f5:96:dc:9d:6b:b5:af:0a:f5:2d:42:04:
         85:71:40:55:aa:57:bc:b6:23:95:21:08:1c:9e:af:42:fd:69:
         5e:d4:07:a3:8a:5e:99:9d:74:4f:58:10:8b:93:61:ab:18:94:
         4e:3c:1a:f9:2c:8e:e5:84:f8:70:37:27:e7:e5:38:ba:63:a1:
         7e:4d:ee:ab:fe:ae:27:83:e5:8b:d8:62:0f:2c:e6:ee:d3:ca:
         b2:bc:26:07:ff:31:df:45:98:60:69:c1:e2:61:61:ff:c9:1f:
         0a:d0:1a:93:55:ed:9f:5f:51:99:63:b0:6e:68:41:c9:ed:56:
         f6:95:b2:c6:a2:0d:ca:98:65:4d:6f:33:fc:80:1d:84:8f:5f:
         dc:24:e8:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZp2ypQTTMRYhBtrd55ygqilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMTEyMDYzOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGNhY2E3OGNjMmEyNGM0ZWQ3YTYwMGM5MzMyOTY4NDUwZjZhZDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQm0sxo3y35pPOM2agiqMXnDRFW4
FhsbSM/e6GbGyvVqVsRUAy04rdEw2plIThCtYSVQERHNsxO+Zs+3mINqWD6NZQwq
/5olmTlF09AS8wXM1jNrU8onzrdzVcXT8LmFT/1u4JDPky/WyGp1IduaHhZJx5HO
MKGXDqV8BLAYC/8QRhQ/igwidnmB5RiVZV9uhUoe6wrdXObJOqbaZMrVRK9j7iw0
soyjSUBC+M4gmZJMkQDxM3qxzbarb7hWtat5o70d1kXgDR5Vtb/OPq4ptauskuEZ
gTvCZcnZzHqNxPNqZWQNNS6CujbDc2AoLAzH6VS2RwfQ7jSqFTNiIDTh2QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI3KynjMKiTE7XpgDJMyloRQ9q1VMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvamNyS2VNd3FKTVR0ZW1BTWt6S1doRkQyclZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6XwAqg
AwcAKg/kBAEFMA0GCSqGSIb3DQEBCwUAA4IBAQA9Ke0Cf00f8V0qT4To8dOafTD/
wEys63oVxlJUqlogLm34rOTlwnK4hZ3fBKIVck+cIAucmm+Zy8+Gf1+iI3u+gPlN
pSgoSkx7utqdI/YOCpfd3OC0u5MjylSNDIqQYTPaNfmhhS1zdhaGekMKQgsmjnD1
ltyda7WvCvUtQgSFcUBVqle8tiOVIQgcnq9C/Wle1Aejil6ZnXRPWBCLk2GrGJRO
PBr5LI7lhPhwNyfn5Ti6Y6F+Te6r/q4ng+WL2GIPLObu08qyvCYH/zHfRZhgacHi
YWH/yR8K0BqTVe2fX1GZY7BuaEHJ7Vb2lbLGog3KmGVNbzP8gB2Ej1/cJOjQ
-----END CERTIFICATE-----