Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Xd-kVhv1wvUCMFGkclVtFTV9N-Y.roa
File:                     Xd-kVhv1wvUCMFGkclVtFTV9N-Y.roa (raw, json)
Hash identifier:          GQJxOGAvPg3sAXcYghbtcTO+/Blw76yCa2ak8uLEs2c=
Subject key identifier:   5D:DF:A4:56:1B:F5:C2:F5:02:30:51:A4:72:55:6D:15:35:7D:37:E6
Certificate issuer:       /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial:       019913AF101A588090A9C61620B294315690
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Xd-kVhv1wvUCMFGkclVtFTV9N-Y.roa
Signing time:             Thu 04 Sep 2025 07:44:24 +0000
ROA not before:           Thu 04 Sep 2025 07:44:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201513
IP address blocks:        213.184.154.0/24 maxlen: 24
                          2a03:720:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 13:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:13:af:10:1a:58:80:90:a9:c6:16:20:b2:94:31:56:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
        Validity
            Not Before: Sep  4 07:44:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ddfa4561bf5c2f5023051a472556d15357d37e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b9:49:6b:6e:95:a1:a0:22:98:a1:a1:27:07:
                    5d:53:7c:03:f5:cd:0f:fb:c3:e1:78:73:f9:dd:46:
                    50:73:47:8d:a9:58:90:2f:94:dd:5e:0b:7d:c3:87:
                    87:09:ba:e7:ce:62:22:16:ce:7f:40:f6:14:3c:75:
                    39:ae:99:c4:ca:49:24:11:fe:da:ac:40:65:f4:0d:
                    28:c8:dd:2a:28:75:da:25:5b:1f:c9:7b:f2:dc:89:
                    02:d0:0a:f8:45:cb:01:f2:a6:d4:bb:7b:d0:c6:9a:
                    77:e6:a2:de:0d:f9:8e:fd:6e:6e:43:97:cd:74:a9:
                    49:14:9a:98:46:07:86:d3:f3:b7:03:89:f0:c8:84:
                    21:0d:65:d5:3b:7f:39:a7:82:38:3e:a2:df:63:2e:
                    35:a9:20:92:47:85:c3:91:66:b0:e5:74:f6:46:88:
                    1c:80:ca:3d:89:a0:a5:f6:9c:55:68:16:80:ba:f8:
                    6d:41:d4:b5:d2:e4:34:a7:fc:9a:00:e8:01:be:85:
                    11:0f:cd:ef:99:e5:d3:8d:b7:56:fd:85:87:f0:d1:
                    88:f4:74:d3:53:9a:b9:d6:24:ef:cf:e8:3f:94:7d:
                    a0:38:9b:94:ee:61:a6:32:4e:b8:d6:bf:04:5b:24:
                    9d:58:b9:24:88:94:f2:49:49:ba:64:f8:2b:20:2d:
                    f4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:DF:A4:56:1B:F5:C2:F5:02:30:51:A4:72:55:6D:15:35:7D:37:E6
            X509v3 Authority Key Identifier:
                keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Xd-kVhv1wvUCMFGkclVtFTV9N-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.184.154.0/24
                IPv6:
                  2a03:720:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:78:b9:a1:d1:68:ea:87:a4:78:47:06:93:f4:91:6d:bf:15:
         83:09:a5:5a:ab:32:7f:e8:18:f1:87:94:14:d2:3a:fa:38:3f:
         60:de:08:c7:db:d6:fb:42:e6:5e:88:70:cd:d3:92:a6:1d:b5:
         5f:52:2c:88:50:c6:24:04:fd:c0:d3:68:54:99:f1:0d:83:0e:
         83:d2:95:40:78:5e:72:4f:4b:1b:39:5e:87:4e:70:ca:17:4c:
         72:9a:d6:d6:c2:b9:03:82:7e:77:a5:83:23:5d:88:93:a6:d5:
         b8:01:50:c4:41:73:a8:ae:38:69:7e:56:47:5e:ef:cf:87:f2:
         fc:04:a8:7c:0f:2e:3a:fd:dd:36:4b:6c:7a:a3:db:5e:ac:33:
         fc:50:98:74:d1:d9:40:5c:df:29:b2:a5:49:aa:08:2c:28:b4:
         56:af:3b:bf:6e:44:d4:62:d7:42:76:e2:d7:bb:bf:9f:f8:51:
         93:cb:e3:cc:ba:c8:bb:5f:f7:28:ee:27:4a:e9:9e:07:43:06:
         cc:78:6f:e5:8b:9d:c6:34:e6:f2:b4:f7:84:14:a4:54:cd:0e:
         67:bc:22:20:33:25:3b:96:bc:ad:a5:5c:41:1d:cb:e8:53:d5:
         25:9b:4b:ae:af:97:40:51:41:3c:a6:3b:b0:34:29:f3:86:6c:
         62:96:a8:a2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZkTrxAaWICQqcYWILKUMVaQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjUwOTA0MDc0NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGRmYTQ1NjFiZjVjMmY1MDIzMDUxYTQ3MjU1NmQxNTM1N2QzN2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rlJa26VoaAimKGhJwddU3wD9c0P
+8PheHP53UZQc0eNqViQL5TdXgt9w4eHCbrnzmIiFs5/QPYUPHU5rpnEykkkEf7a
rEBl9A0oyN0qKHXaJVsfyXvy3IkC0Ar4RcsB8qbUu3vQxpp35qLeDfmO/W5uQ5fN
dKlJFJqYRgeG0/O3A4nwyIQhDWXVO385p4I4PqLfYy41qSCSR4XDkWaw5XT2Rogc
gMo9iaCl9pxVaBaAuvhtQdS10uQ0p/yaAOgBvoURD83vmeXTjbdW/YWH8NGI9HTT
U5q51iTvz+g/lH2gOJuU7mGmMk641r8EWySdWLkkiJTySUm6ZPgrIC30XwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF3fpFYb9cL1AjBRpHJVbRU1fTfmMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvWGQta1ZodjF3dlVDTUZHa2NsVnRGVFY5Ti1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1biaMA8E
AgACMAkDBwAqAwcgAAUwDQYJKoZIhvcNAQELBQADggEBAEt4uaHRaOqHpHhHBpP0
kW2/FYMJpVqrMn/oGPGHlBTSOvo4P2DeCMfb1vtC5l6IcM3TkqYdtV9SLIhQxiQE
/cDTaFSZ8Q2DDoPSlUB4XnJPSxs5XodOcMoXTHKa1tbCuQOCfnelgyNdiJOm1bgB
UMRBc6iuOGl+Vkde78+H8vwEqHwPLjr93TZLbHqj216sM/xQmHTR2UBc3ymypUmq
CCwotFavO79uRNRi10J24te7v5/4UZPL48y6yLtf9yjuJ0rpngdDBsx4b+WLncY0
5vK094QUpFTNDme8IiAzJTuWvK2lXEEdy+hT1SWbS66vl0BRQTymO7A0KfOGbGKW
qKI=
-----END CERTIFICATE-----