Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vpqLn9Yby-6V_EpuoCX1GyWzX2w.roa
File:                     vpqLn9Yby-6V_EpuoCX1GyWzX2w.roa (raw, json)
Hash identifier:          wXEzOMqO0rnDNfTWnO0yo+qk5FQ9O7ZEFdg1xkFOO3s=
Subject key identifier:   BE:9A:8B:9F:D6:1B:CB:EE:95:FC:4A:6E:A0:25:F5:1B:25:B3:5F:6C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019A5AD51E735338DA037B95A4782A8FEDE0
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vpqLn9Yby-6V_EpuoCX1GyWzX2w.roa
Signing time:             Thu 06 Nov 2025 20:21:47 +0000
ROA not before:           Thu 06 Nov 2025 20:21:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204134
IP address blocks:        2a0e:97c0:750::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5a:d5:1e:73:53:38:da:03:7b:95:a4:78:2a:8f:ed:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov  6 20:21:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be9a8b9fd61bcbee95fc4a6ea025f51b25b35f6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:35:3f:87:5d:f4:81:8b:ea:c4:6a:1b:87:d4:
                    ea:a0:76:79:b9:13:f5:f5:da:35:39:3d:e3:21:01:
                    95:ff:c7:c6:2f:f7:6c:b3:2b:cf:b1:b6:d1:80:d3:
                    8f:10:9a:5f:0b:1b:31:fe:e4:37:81:d7:24:1c:97:
                    9b:8b:a5:f6:54:a6:dd:9c:a6:93:d4:13:dd:ac:74:
                    e9:d0:02:11:f5:18:a2:d9:56:c6:93:9a:fe:19:eb:
                    98:c4:71:bc:48:58:59:8b:b2:9e:56:7e:d4:27:12:
                    6c:87:45:bd:3c:3c:bc:e4:7d:96:59:3c:96:9e:ae:
                    c2:86:d7:94:b2:f6:6b:bd:8b:40:a9:fe:83:05:6d:
                    79:be:37:f9:08:af:ba:c7:1b:4a:58:e1:97:a5:9b:
                    8e:f9:e6:fc:f5:d2:04:5d:b2:28:5d:3b:79:e8:92:
                    81:56:15:96:be:31:23:d7:2a:6d:c6:e3:2e:c9:49:
                    72:15:d7:cb:a5:78:ec:5a:ef:38:3a:50:af:92:83:
                    2b:ec:57:a7:77:4b:5f:43:64:39:33:18:d2:56:04:
                    51:c8:c9:4c:c3:c2:a1:0e:80:7c:31:b1:2a:9c:4e:
                    82:a2:93:1e:a0:52:d3:4b:37:5b:a1:76:bc:c8:60:
                    e6:e5:6f:51:49:34:74:a8:5d:11:85:69:1d:75:96:
                    1b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:9A:8B:9F:D6:1B:CB:EE:95:FC:4A:6E:A0:25:F5:1B:25:B3:5F:6C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vpqLn9Yby-6V_EpuoCX1GyWzX2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:750::/44

    Signature Algorithm: sha256WithRSAEncryption
         a4:35:3e:af:5b:02:58:d5:83:9f:23:54:b8:cd:97:9b:64:3d:
         f7:43:67:0f:01:66:bc:bb:4e:47:92:5f:ca:76:5b:5f:c0:7d:
         9e:d7:e0:2e:37:29:42:79:6f:ef:64:2f:54:ef:9c:8c:64:cd:
         32:81:c8:20:1b:7d:dc:d7:a3:32:f5:8a:8c:7d:cf:fe:1b:35:
         31:50:1f:5f:b3:69:3e:31:6d:49:b8:1a:bf:3d:9f:40:17:64:
         8e:93:b9:5b:de:c3:2b:2e:6f:5a:4a:15:ea:bb:78:85:4c:59:
         e0:40:be:6d:56:f1:2a:9a:00:fe:ec:59:69:9b:b0:16:42:26:
         77:e8:e3:8f:6a:fd:e3:83:85:ea:48:c3:11:a0:17:e8:6d:e2:
         2b:3f:05:b3:8f:aa:14:2d:c5:2a:74:a4:9f:43:36:93:ad:f0:
         b8:50:71:cb:29:b2:1c:40:32:d7:fe:f3:2b:dd:e7:9b:a6:51:
         d1:6b:5b:2c:98:63:12:da:c6:80:c6:c8:4e:2b:ca:66:a8:ad:
         23:85:0a:d4:af:61:d3:89:16:94:5f:1f:d8:99:94:5d:d6:0f:
         a0:12:de:22:9f:05:42:2c:f6:f1:8d:90:36:0e:08:6d:e8:af:
         2b:93:85:c0:6f:45:8d:dd:cc:b6:72:a2:81:99:17:85:c7:78:
         fb:91:47:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZpa1R5zUzjaA3uVpHgqj+3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMTA2MjAyMTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTlhOGI5ZmQ2MWJjYmVlOTVmYzRhNmVhMDI1ZjUxYjI1YjM1ZjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+DU/h130gYvqxGobh9TqoHZ5uRP1
9do1OT3jIQGV/8fGL/dssyvPsbbRgNOPEJpfCxsx/uQ3gdckHJebi6X2VKbdnKaT
1BPdrHTp0AIR9Rii2VbGk5r+GeuYxHG8SFhZi7KeVn7UJxJsh0W9PDy85H2WWTyW
nq7ChteUsvZrvYtAqf6DBW15vjf5CK+6xxtKWOGXpZuO+eb89dIEXbIoXTt56JKB
VhWWvjEj1yptxuMuyUlyFdfLpXjsWu84OlCvkoMr7Fend0tfQ2Q5MxjSVgRRyMlM
w8KhDoB8MbEqnE6CopMeoFLTSzdboXa8yGDm5W9RSTR0qF0RhWkddZYbJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL6ai5/WG8vulfxKbqAl9Rsls19sMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdnBxTG45WWJ5LTZWX0VwdW9DWDFHeVd6WDJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAdQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCkNT6vWwJY1YOfI1S4zZebZD33Q2cPAWa8u05H
kl/KdltfwH2e1+AuNylCeW/vZC9U75yMZM0ygcggG33c16My9YqMfc/+GzUxUB9f
s2k+MW1JuBq/PZ9AF2SOk7lb3sMrLm9aShXqu3iFTFngQL5tVvEqmgD+7Flpm7AW
QiZ36OOPav3jg4XqSMMRoBfobeIrPwWzj6oULcUqdKSfQzaTrfC4UHHLKbIcQDLX
/vMr3eebplHRa1ssmGMS2saAxshOK8pmqK0jhQrUr2HTiRaUXx/YmZRd1g+gEt4i
nwVCLPbxjZA2Dght6K8rk4XAb0WN3cy2cqKBmReFx3j7kUco
-----END CERTIFICATE-----