Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/45cc9f-6432-41c7-b62d-10e40c586498/1/rndMlM-Kmotx4ZTMDFABZDqeWXo.roa
File:                     rndMlM-Kmotx4ZTMDFABZDqeWXo.roa (raw, json)
Hash identifier:          FbnOY8Bh8pIyTC0Uqy9f/1TBfdxIcNvVYwe7iz7GTqs=
Subject key identifier:   AE:77:4C:94:CF:8A:9A:8B:71:E1:94:CC:0C:50:01:64:3A:9E:59:7A
Certificate issuer:       /CN=bb79847a3fe8e5c78844027ccaf0bd6e9da4624a
Certificate serial:       019A5A26CE39E5FA9D37AE55E1EECC11B832
Authority key identifier: BB:79:84:7A:3F:E8:E5:C7:88:44:02:7C:CA:F0:BD:6E:9D:A4:62:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u3mEej_o5ceIRAJ8yvC9bp2kYko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/45cc9f-6432-41c7-b62d-10e40c586498/1/rndMlM-Kmotx4ZTMDFABZDqeWXo.roa
Signing time:             Thu 06 Nov 2025 17:11:23 +0000
ROA not before:           Thu 06 Nov 2025 17:11:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56648
IP address blocks:        185.20.5.0/24 maxlen: 24
                          2a13:2900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/45cc9f-6432-41c7-b62d-10e40c586498/1/u3mEej_o5ceIRAJ8yvC9bp2kYko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/45cc9f-6432-41c7-b62d-10e40c586498/1/u3mEej_o5ceIRAJ8yvC9bp2kYko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u3mEej_o5ceIRAJ8yvC9bp2kYko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 05:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5a:26:ce:39:e5:fa:9d:37:ae:55:e1:ee:cc:11:b8:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb79847a3fe8e5c78844027ccaf0bd6e9da4624a
        Validity
            Not Before: Nov  6 17:11:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae774c94cf8a9a8b71e194cc0c5001643a9e597a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fe:f0:6b:a0:7e:72:44:27:a8:3c:a0:fb:e8:
                    6c:97:eb:13:29:57:8d:da:1f:3c:37:4b:37:28:9b:
                    1a:d9:f6:82:98:04:28:a8:96:c6:db:f8:f4:93:3a:
                    0d:6d:cc:a7:9d:fb:58:3f:9d:fc:ed:7d:ce:4c:b0:
                    7a:0c:80:aa:87:bf:e5:74:28:d6:fd:f8:90:9c:39:
                    f0:ab:33:68:62:95:6f:95:90:f6:52:64:c3:c5:60:
                    14:c2:a6:a5:7e:08:9e:68:e8:19:98:ab:da:73:75:
                    88:89:61:1e:a7:c5:8a:2e:a8:46:0e:5f:81:96:ae:
                    8a:85:60:ca:0e:1f:5e:5f:54:e5:55:5d:72:18:7d:
                    d4:78:32:94:4c:cc:1a:4a:36:da:7b:ef:70:e8:df:
                    49:51:77:16:bb:d9:10:8e:90:40:fb:bd:52:3e:50:
                    ac:d1:0e:82:cb:4a:44:db:77:e3:d6:bd:25:22:84:
                    c4:ac:14:b8:99:33:6d:27:78:38:47:77:05:e9:70:
                    5b:ca:a5:8a:ad:67:f8:6d:35:c9:d9:69:7f:0b:af:
                    1d:fb:6c:c0:03:e0:35:7e:e4:a2:f2:9e:bd:34:16:
                    4f:d3:11:9a:32:68:f8:6a:89:52:c2:eb:b2:1f:ec:
                    ab:3a:aa:17:aa:2a:af:6d:30:46:49:92:f2:04:7d:
                    3d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:77:4C:94:CF:8A:9A:8B:71:E1:94:CC:0C:50:01:64:3A:9E:59:7A
            X509v3 Authority Key Identifier:
                keyid:BB:79:84:7A:3F:E8:E5:C7:88:44:02:7C:CA:F0:BD:6E:9D:A4:62:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u3mEej_o5ceIRAJ8yvC9bp2kYko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/45cc9f-6432-41c7-b62d-10e40c586498/1/rndMlM-Kmotx4ZTMDFABZDqeWXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/45cc9f-6432-41c7-b62d-10e40c586498/1/u3mEej_o5ceIRAJ8yvC9bp2kYko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.5.0/24
                IPv6:
                  2a13:2900::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:3c:71:53:26:f5:81:09:a0:c9:57:a1:8e:02:cb:fe:69:9c:
         92:bb:62:98:12:6d:0d:43:ef:78:ee:e9:42:a3:fd:ed:76:b0:
         d6:1b:12:5d:78:41:cd:ba:89:93:95:cf:b6:05:38:64:23:73:
         aa:c5:c8:46:7b:1b:a8:d2:53:af:a1:db:76:d5:ca:14:2d:88:
         dd:fb:00:6a:dd:a2:31:8a:23:fd:7d:76:b5:24:0d:2d:27:0e:
         b7:5b:62:c0:11:6a:f4:63:e7:89:4a:ae:a4:39:46:e4:5e:12:
         25:c1:f8:35:d9:37:1a:d1:97:b9:15:13:0c:80:a5:5b:06:57:
         a7:f5:91:d4:ff:7a:3c:32:60:f9:8e:cd:65:79:c9:1f:a9:b2:
         22:9a:1c:d8:16:46:52:43:e5:cf:b4:3c:c9:36:a6:c4:dd:4a:
         0e:59:6a:ee:5c:d7:1b:81:b6:27:64:28:c9:7a:8f:f2:94:3c:
         9c:ba:ae:ad:34:66:83:3f:89:95:94:17:d6:9b:52:56:23:b6:
         00:47:df:06:d6:40:8d:fa:a3:4c:58:5a:03:cb:7a:fb:37:69:
         2a:9d:70:eb:ad:40:c0:17:80:e0:bc:20:de:58:f5:18:83:60:
         00:e6:29:bf:60:fb:47:fa:5c:93:b2:9f:0d:6e:b1:24:e7:52:
         83:52:bf:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZpaJs455fqdN65V4e7MEbgyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNzk4NDdhM2ZlOGU1Yzc4ODQ0MDI3Y2NhZjBiZDZlOWRh
NDYyNGEwHhcNMjUxMTA2MTcxMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTc3NGM5NGNmOGE5YThiNzFlMTk0Y2MwYzUwMDE2NDNhOWU1OTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1f7wa6B+ckQnqDyg++hsl+sTKVeN
2h88N0s3KJsa2faCmAQoqJbG2/j0kzoNbcynnftYP5387X3OTLB6DICqh7/ldCjW
/fiQnDnwqzNoYpVvlZD2UmTDxWAUwqalfgieaOgZmKvac3WIiWEep8WKLqhGDl+B
lq6KhWDKDh9eX1TlVV1yGH3UeDKUTMwaSjbae+9w6N9JUXcWu9kQjpBA+71SPlCs
0Q6Cy0pE23fj1r0lIoTErBS4mTNtJ3g4R3cF6XBbyqWKrWf4bTXJ2Wl/C68d+2zA
A+A1fuSi8p69NBZP0xGaMmj4aolSwuuyH+yrOqoXqiqvbTBGSZLyBH09TQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK53TJTPipqLceGUzAxQAWQ6nll6MB8GA1UdIwQY
MBaAFLt5hHo/6OXHiEQCfMrwvW6dpGJKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTNtRWVqX281Y2VJUkFKOHl2QzlicDJrWWtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My80NWNjOWYtNjQzMi00MWM3LWI2MmQt
MTBlNDBjNTg2NDk4LzEvcm5kTWxNLUttb3R4NFpUTURGQUJaRHFlV1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My80NWNjOWYtNjQzMi00MWM3LWI2MmQtMTBlNDBjNTg2NDk4
LzEvdTNtRWVqX281Y2VJUkFKOHl2QzlicDJrWWtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRQFMA0E
AgACMAcDBQMqEykAMA0GCSqGSIb3DQEBCwUAA4IBAQCHPHFTJvWBCaDJV6GOAsv+
aZySu2KYEm0NQ+947ulCo/3tdrDWGxJdeEHNuomTlc+2BThkI3OqxchGexuo0lOv
odt21coULYjd+wBq3aIxiiP9fXa1JA0tJw63W2LAEWr0Y+eJSq6kOUbkXhIlwfg1
2Tca0Ze5FRMMgKVbBlen9ZHU/3o8MmD5js1leckfqbIimhzYFkZSQ+XPtDzJNqbE
3UoOWWruXNcbgbYnZCjJeo/ylDycuq6tNGaDP4mVlBfWm1JWI7YAR98G1kCN+qNM
WFoDy3r7N2kqnXDrrUDAF4DgvCDeWPUYg2AA5im/YPtH+lyTsp8NbrEk51KDUr+V
-----END CERTIFICATE-----