Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/6bde9e-6ed8-47d5-9d9c-54d784efbb7a/1/IxKO1sckpqS-dgvNPKRBcb8eshM.roa
File:                     IxKO1sckpqS-dgvNPKRBcb8eshM.roa (raw, json)
Hash identifier:          uEU07qhrl+Za2wGXi4sRKxgBjhrxWB1aBaC5IFmE9YY=
Subject key identifier:   23:12:8E:D6:C7:24:A6:A4:BE:76:0B:CD:3C:A4:41:71:BF:1E:B2:13
Certificate issuer:       /CN=19cc63f3b34f170189d073c88b7d652f7033a1fc
Certificate serial:       019A4A4DC9F6013E5D4E4E2994D6EF9FF516
Authority key identifier: 19:CC:63:F3:B3:4F:17:01:89:D0:73:C8:8B:7D:65:2F:70:33:A1:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gcxj87NPFwGJ0HPIi31lL3Azofw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/6bde9e-6ed8-47d5-9d9c-54d784efbb7a/1/IxKO1sckpqS-dgvNPKRBcb8eshM.roa
Signing time:             Mon 03 Nov 2025 15:20:03 +0000
ROA not before:           Mon 03 Nov 2025 15:20:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62161
IP address blocks:        2a00:f5a0::/29 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/6bde9e-6ed8-47d5-9d9c-54d784efbb7a/1/Gcxj87NPFwGJ0HPIi31lL3Azofw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/6bde9e-6ed8-47d5-9d9c-54d784efbb7a/1/Gcxj87NPFwGJ0HPIi31lL3Azofw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gcxj87NPFwGJ0HPIi31lL3Azofw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4a:4d:c9:f6:01:3e:5d:4e:4e:29:94:d6:ef:9f:f5:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19cc63f3b34f170189d073c88b7d652f7033a1fc
        Validity
            Not Before: Nov  3 15:20:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23128ed6c724a6a4be760bcd3ca44171bf1eb213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:95:56:3a:85:4e:de:9c:f2:07:83:7a:dc:4a:
                    07:15:93:4b:f2:54:b0:54:3b:f1:53:5e:c9:a1:57:
                    69:23:72:75:4c:b6:03:3b:75:b4:51:9d:70:a5:50:
                    df:15:24:c0:9c:26:30:98:23:64:b5:2c:ef:36:7d:
                    f5:f7:50:a8:62:9b:54:7d:4b:65:14:5c:ba:72:c6:
                    34:b6:f6:9c:42:17:8c:0b:b5:a3:5a:ab:2f:1c:2f:
                    31:8f:65:cb:92:e4:75:83:ed:5a:a4:e2:ce:52:af:
                    09:a0:a4:11:8f:b6:23:54:f2:06:c3:28:f2:c9:3d:
                    66:22:0b:f9:62:e7:d8:6d:4b:8b:b4:ab:ae:6f:74:
                    4b:c1:1d:68:cd:44:63:93:20:eb:db:36:a3:e0:87:
                    9b:2e:9c:15:7e:72:5a:d6:7f:ad:bd:e3:63:a6:1e:
                    ed:df:a0:05:0d:56:cd:82:11:1b:1d:1d:28:c8:3a:
                    f6:c5:af:18:56:b2:22:75:d9:31:d2:fb:cf:37:5a:
                    3f:f9:72:23:7c:55:f6:2e:03:05:02:a1:71:73:c2:
                    d8:f4:1e:5f:60:f1:90:bc:d5:b6:47:95:76:25:58:
                    cb:32:8c:2b:67:07:92:2b:53:31:a2:17:45:50:43:
                    43:79:b0:2b:41:af:af:ae:2c:bf:cb:1a:17:e8:33:
                    a7:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:12:8E:D6:C7:24:A6:A4:BE:76:0B:CD:3C:A4:41:71:BF:1E:B2:13
            X509v3 Authority Key Identifier:
                keyid:19:CC:63:F3:B3:4F:17:01:89:D0:73:C8:8B:7D:65:2F:70:33:A1:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gcxj87NPFwGJ0HPIi31lL3Azofw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/6bde9e-6ed8-47d5-9d9c-54d784efbb7a/1/IxKO1sckpqS-dgvNPKRBcb8eshM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/6bde9e-6ed8-47d5-9d9c-54d784efbb7a/1/Gcxj87NPFwGJ0HPIi31lL3Azofw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:f5a0::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:d7:55:30:81:49:b6:72:dd:24:1a:cb:66:fa:a5:25:08:a3:
         64:46:83:65:d2:7a:7b:3c:2c:72:1d:46:9f:bd:7d:19:7d:e1:
         18:89:11:8b:0e:5a:4b:48:61:5b:3a:9d:33:b7:21:2d:ec:82:
         8e:d3:c5:87:bd:11:5e:3c:c6:97:0d:a1:6b:a5:ac:28:f6:74:
         7d:4d:0d:76:bb:6f:1c:6a:ba:4a:19:29:b6:57:d5:c6:f4:6d:
         52:30:aa:3c:b0:81:f8:17:71:f5:31:92:21:34:20:e3:48:67:
         17:3f:ff:e6:3c:d7:bd:05:01:5f:ae:09:38:cd:dd:df:c5:2b:
         86:65:f0:4f:b2:07:53:ac:34:79:91:be:46:a1:41:78:01:19:
         3c:19:38:85:4b:32:e4:c5:2d:c6:32:82:08:ee:b8:fc:9d:16:
         b0:20:7f:65:01:ef:8a:d1:a2:f9:80:42:9f:0d:44:a6:d0:2a:
         ea:7a:1b:2a:f3:c4:b9:54:e0:84:f2:99:82:0d:13:09:1e:6d:
         c0:be:2b:f6:11:dc:a6:0b:94:de:3f:bf:47:30:15:a8:8c:7f:
         80:2a:1f:19:78:9e:7b:48:38:35:ad:4a:f2:fc:7c:fc:13:2b:
         c3:6f:3f:2b:a2:3c:a4:bc:a2:35:2b:2d:db:0b:eb:d6:b5:df:
         c3:dc:8f:59
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZpKTcn2AT5dTk4plNbvn/UWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5Y2M2M2YzYjM0ZjE3MDE4OWQwNzNjODhiN2Q2NTJmNzAz
M2ExZmMwHhcNMjUxMTAzMTUyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzEyOGVkNmM3MjRhNmE0YmU3NjBiY2QzY2E0NDE3MWJmMWViMjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpVWOoVO3pzyB4N63EoHFZNL8lSw
VDvxU17JoVdpI3J1TLYDO3W0UZ1wpVDfFSTAnCYwmCNktSzvNn3191CoYptUfUtl
FFy6csY0tvacQheMC7WjWqsvHC8xj2XLkuR1g+1apOLOUq8JoKQRj7YjVPIGwyjy
yT1mIgv5YufYbUuLtKuub3RLwR1ozURjkyDr2zaj4IebLpwVfnJa1n+tveNjph7t
36AFDVbNghEbHR0oyDr2xa8YVrIiddkx0vvPN1o/+XIjfFX2LgMFAqFxc8LY9B5f
YPGQvNW2R5V2JVjLMowrZweSK1MxohdFUENDebArQa+vriy/yxoX6DOnPQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCMSjtbHJKakvnYLzTykQXG/HrITMB8GA1UdIwQY
MBaAFBnMY/OzTxcBidBzyIt9ZS9wM6H8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2N4ajg3TlBGd0dKMEhQSWkzMWxMM0F6b2Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS82YmRlOWUtNmVkOC00N2Q1LTlkOWMt
NTRkNzg0ZWZiYjdhLzEvSXhLTzFzY2twcVMtZGd2TlBLUkJjYjhlc2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS82YmRlOWUtNmVkOC00N2Q1LTlkOWMtNTRkNzg0ZWZiYjdh
LzEvR2N4ajg3TlBGd0dKMEhQSWkzMWxMM0F6b2Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgD1oDAN
BgkqhkiG9w0BAQsFAAOCAQEAkddVMIFJtnLdJBrLZvqlJQijZEaDZdJ6ezwsch1G
n719GX3hGIkRiw5aS0hhWzqdM7chLeyCjtPFh70RXjzGlw2ha6WsKPZ0fU0Ndrtv
HGq6ShkptlfVxvRtUjCqPLCB+Bdx9TGSITQg40hnFz//5jzXvQUBX64JOM3d38Ur
hmXwT7IHU6w0eZG+RqFBeAEZPBk4hUsy5MUtxjKCCO64/J0WsCB/ZQHvitGi+YBC
nw1EptAq6nobKvPEuVTghPKZgg0TCR5twL4r9hHcpguU3j+/RzAVqIx/gCofGXie
e0g4Na1K8vx8/BMrw28/K6I8pLyiNSst2wvr1rXfw9yPWQ==
-----END CERTIFICATE-----