Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/9e1f46-802b-49d1-91b8-483fc90708d5/1/5xkSFIUM2-7hXEmjURvZ3pW_4PI.roa
File:                     5xkSFIUM2-7hXEmjURvZ3pW_4PI.roa (raw, json)
Hash identifier:          hW0i5BsgQ5UrD2S0pv3z9rff3/ny0hoS1QSzxKqmgvw=
Subject key identifier:   E7:19:12:14:85:0C:DB:EE:E1:5C:49:A3:51:1B:D9:DE:95:BF:E0:F2
Certificate issuer:       /CN=8eb2f81b8c47c2b588f451d4037c6837870b397f
Certificate serial:       019A699DC26C37FE9FA69A456DF9838F581D
Authority key identifier: 8E:B2:F8:1B:8C:47:C2:B5:88:F4:51:D4:03:7C:68:37:87:0B:39:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrL4G4xHwrWI9FHUA3xoN4cLOX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/9e1f46-802b-49d1-91b8-483fc90708d5/1/5xkSFIUM2-7hXEmjURvZ3pW_4PI.roa
Signing time:             Sun 09 Nov 2025 17:15:37 +0000
ROA not before:           Sun 09 Nov 2025 17:15:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59848
IP address blocks:        146.19.242.0/24 maxlen: 24
                          2a0c:e880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/9e1f46-802b-49d1-91b8-483fc90708d5/1/jrL4G4xHwrWI9FHUA3xoN4cLOX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/9e1f46-802b-49d1-91b8-483fc90708d5/1/jrL4G4xHwrWI9FHUA3xoN4cLOX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrL4G4xHwrWI9FHUA3xoN4cLOX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:69:9d:c2:6c:37:fe:9f:a6:9a:45:6d:f9:83:8f:58:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb2f81b8c47c2b588f451d4037c6837870b397f
        Validity
            Not Before: Nov  9 17:15:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7191214850cdbeee15c49a3511bd9de95bfe0f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:da:65:9f:3c:6d:eb:4b:ae:44:0c:c4:37:ce:
                    34:e7:9c:6e:21:9d:bd:d0:b1:29:44:9a:7d:f2:6b:
                    b0:dd:87:a4:e7:68:97:d3:e9:a9:c0:45:99:70:4d:
                    d0:c2:39:8a:f9:63:bb:21:72:61:93:06:3c:ab:30:
                    46:7e:5f:1e:90:25:5a:66:63:f4:f3:99:12:b7:63:
                    bf:13:e0:c7:0a:64:ae:e4:8c:34:5a:24:b8:f2:cc:
                    60:59:5a:ff:e8:ca:f1:c6:48:da:8e:c4:db:ff:a4:
                    d5:85:74:b6:1a:ec:5f:71:a3:3a:e6:55:fb:04:49:
                    9d:0c:5b:ef:9e:c3:04:95:fd:81:48:7d:8a:14:5b:
                    15:a2:07:4d:3b:40:6f:42:b7:1c:98:f3:65:df:9e:
                    a3:ea:15:85:41:de:ba:a7:51:7e:66:32:09:2a:48:
                    ec:2b:6e:b0:12:1e:7f:4c:d8:a4:34:52:56:13:05:
                    22:7e:4e:a0:3a:83:87:76:b0:6d:03:e6:65:05:c9:
                    22:2a:1d:e0:c6:d9:77:c4:59:d8:9a:ee:c1:ea:16:
                    64:02:3c:5e:08:63:c7:ab:78:fb:30:70:93:9c:e2:
                    5b:c3:84:54:5a:ea:a5:34:9d:2a:b9:58:0b:0a:e7:
                    27:69:55:10:37:dd:a8:a5:5c:a9:df:0d:0d:5f:04:
                    96:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:19:12:14:85:0C:DB:EE:E1:5C:49:A3:51:1B:D9:DE:95:BF:E0:F2
            X509v3 Authority Key Identifier:
                keyid:8E:B2:F8:1B:8C:47:C2:B5:88:F4:51:D4:03:7C:68:37:87:0B:39:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrL4G4xHwrWI9FHUA3xoN4cLOX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/9e1f46-802b-49d1-91b8-483fc90708d5/1/5xkSFIUM2-7hXEmjURvZ3pW_4PI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/9e1f46-802b-49d1-91b8-483fc90708d5/1/jrL4G4xHwrWI9FHUA3xoN4cLOX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.242.0/24
                IPv6:
                  2a0c:e880::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:54:f8:e7:e0:b0:3a:f4:93:2a:5f:ce:c2:b5:e6:0c:4d:a7:
         7e:42:2a:8e:40:d8:f1:5c:1c:11:09:68:31:81:78:a0:98:cf:
         2a:5e:57:ff:41:35:bd:d6:2e:ff:8a:20:e7:69:e0:58:7a:7e:
         31:d0:7c:d2:eb:39:b3:92:d2:10:d8:17:c7:8f:e2:e4:a5:2c:
         53:e2:ca:17:d3:b2:ce:f0:45:55:e1:08:04:ff:2e:8f:a7:28:
         61:bf:21:7f:dd:bb:ad:7f:38:cb:95:34:72:46:53:de:94:41:
         4b:f2:cf:19:65:44:a8:e2:11:3a:1d:be:6c:1b:3d:01:d3:3d:
         d4:06:27:39:59:64:47:2f:ac:48:76:b8:b9:2d:7e:cb:ee:03:
         57:f2:00:af:23:20:2f:ec:77:f4:45:15:5a:34:95:92:3e:ad:
         7c:02:4b:2d:34:9b:3e:cd:7e:d7:18:c9:c9:48:46:57:df:4a:
         cc:4d:02:fb:ed:4b:0f:e1:da:63:49:d9:64:1e:8d:c3:0e:36:
         61:f9:fb:65:22:ba:64:28:29:ed:f0:af:6f:1b:fa:a2:9e:69:
         da:89:b4:b2:51:17:c6:d5:b2:cd:12:d3:63:84:55:72:75:bb:
         aa:43:66:3a:d7:a6:b6:8c:ca:f6:2a:f2:39:e3:6b:33:15:b9:
         76:b2:cd:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZppncJsN/6fpppFbfmDj1gdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjJmODFiOGM0N2MyYjU4OGY0NTFkNDAzN2M2ODM3ODcw
YjM5N2YwHhcNMjUxMTA5MTcxNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzE5MTIxNDg1MGNkYmVlZTE1YzQ5YTM1MTFiZDlkZTk1YmZlMGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdplnzxt60uuRAzEN84055xuIZ29
0LEpRJp98muw3Yek52iX0+mpwEWZcE3QwjmK+WO7IXJhkwY8qzBGfl8ekCVaZmP0
85kSt2O/E+DHCmSu5Iw0WiS48sxgWVr/6MrxxkjajsTb/6TVhXS2GuxfcaM65lX7
BEmdDFvvnsMElf2BSH2KFFsVogdNO0BvQrccmPNl356j6hWFQd66p1F+ZjIJKkjs
K26wEh5/TNikNFJWEwUifk6gOoOHdrBtA+ZlBckiKh3gxtl3xFnYmu7B6hZkAjxe
CGPHq3j7MHCTnOJbw4RUWuqlNJ0quVgLCucnaVUQN92opVyp3w0NXwSWnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOcZEhSFDNvu4VxJo1Eb2d6Vv+DyMB8GA1UdIwQY
MBaAFI6y+BuMR8K1iPRR1AN8aDeHCzl/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJMNEc0eEh3cldJOUZIVUEzeG9ONGNMT1g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS85ZTFmNDYtODAyYi00OWQxLTkxYjgt
NDgzZmM5MDcwOGQ1LzEvNXhrU0ZJVU0yLTdoWEVtalVSdlozcFdfNFBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS85ZTFmNDYtODAyYi00OWQxLTkxYjgtNDgzZmM5MDcwOGQ1
LzEvanJMNEc0eEh3cldJOUZIVUEzeG9ONGNMT1g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAkhPyMA0E
AgACMAcDBQMqDOiAMA0GCSqGSIb3DQEBCwUAA4IBAQAWVPjn4LA69JMqX87CteYM
Tad+QiqOQNjxXBwRCWgxgXigmM8qXlf/QTW91i7/iiDnaeBYen4x0HzS6zmzktIQ
2BfHj+LkpSxT4soX07LO8EVV4QgE/y6PpyhhvyF/3butfzjLlTRyRlPelEFL8s8Z
ZUSo4hE6Hb5sGz0B0z3UBic5WWRHL6xIdri5LX7L7gNX8gCvIyAv7Hf0RRVaNJWS
Pq18AkstNJs+zX7XGMnJSEZX30rMTQL77UsP4dpjSdlkHo3DDjZh+ftlIrpkKCnt
8K9vG/qinmnaibSyURfG1bLNEtNjhFVydbuqQ2Y616a2jMr2KvI542szFbl2ss3B
-----END CERTIFICATE-----