Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/792372-3d2a-44fd-91a0-f4272eec280d/1/9DgRjVnXujq9q_YCFn45nR0DQj4.roa
File:                     9DgRjVnXujq9q_YCFn45nR0DQj4.roa (raw, json)
Hash identifier:          O21H051OjlQDXJqDxZPxmKAH8eiXb3ghevpaFns+yA0=
Subject key identifier:   F4:38:11:8D:59:D7:BA:3A:BD:AB:F6:02:16:7E:39:9D:1D:03:42:3E
Certificate issuer:       /CN=5b3358110dadf224e719914161731df5e56c4188
Certificate serial:       019A01C5F9ABE34F2FE0D97C7EF31E7F4CFD
Authority key identifier: 5B:33:58:11:0D:AD:F2:24:E7:19:91:41:61:73:1D:F5:E5:6C:41:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WzNYEQ2t8iTnGZFBYXMd9eVsQYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/792372-3d2a-44fd-91a0-f4272eec280d/1/9DgRjVnXujq9q_YCFn45nR0DQj4.roa
Signing time:             Mon 20 Oct 2025 13:19:02 +0000
ROA not before:           Mon 20 Oct 2025 13:19:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12843
IP address blocks:        2a04:b640:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/792372-3d2a-44fd-91a0-f4272eec280d/1/WzNYEQ2t8iTnGZFBYXMd9eVsQYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/792372-3d2a-44fd-91a0-f4272eec280d/1/WzNYEQ2t8iTnGZFBYXMd9eVsQYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WzNYEQ2t8iTnGZFBYXMd9eVsQYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 22:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:c5:f9:ab:e3:4f:2f:e0:d9:7c:7e:f3:1e:7f:4c:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b3358110dadf224e719914161731df5e56c4188
        Validity
            Not Before: Oct 20 13:19:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f438118d59d7ba3abdabf602167e399d1d03423e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:32:b9:0c:2f:a0:66:5e:0d:4e:65:48:db:20:
                    7f:8a:df:b4:9a:16:59:3c:a9:34:af:af:1f:79:c5:
                    cc:7e:a9:22:0f:2d:f5:a1:95:e7:0b:d3:71:a1:25:
                    f7:5f:be:be:d3:eb:a3:a3:82:c1:b8:24:2b:e0:e0:
                    a4:62:69:f0:28:04:ea:1d:7a:0c:b0:35:f5:36:97:
                    5d:df:59:70:e5:03:f1:0b:66:f4:2b:d3:28:bd:00:
                    ca:35:cb:d2:aa:b9:92:f7:87:37:71:92:7c:94:5c:
                    b2:78:68:c8:9a:ce:cf:d5:09:3d:a5:88:66:f1:2e:
                    e8:1a:58:dd:aa:70:43:0c:73:a7:d2:e0:ca:8f:80:
                    81:d1:bc:6d:c1:b6:fc:6f:ae:3a:8a:27:77:74:77:
                    80:b3:ca:a2:f9:89:0f:46:13:75:21:5c:90:2c:f8:
                    15:97:3d:68:99:f0:65:68:05:9c:c7:9b:70:41:2e:
                    ed:8d:46:39:62:cb:61:4b:c1:53:e8:33:8d:bf:f0:
                    ac:8c:46:11:1e:ac:a9:a4:29:8c:8d:b9:52:df:a5:
                    d5:14:29:54:fb:da:0b:2e:db:35:8e:96:f3:d3:6e:
                    ee:69:4c:47:bf:27:40:c1:8d:d7:36:5f:55:b0:b4:
                    02:3f:0f:cc:d8:74:e9:47:6d:96:8a:99:24:f4:f1:
                    24:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:38:11:8D:59:D7:BA:3A:BD:AB:F6:02:16:7E:39:9D:1D:03:42:3E
            X509v3 Authority Key Identifier:
                keyid:5B:33:58:11:0D:AD:F2:24:E7:19:91:41:61:73:1D:F5:E5:6C:41:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WzNYEQ2t8iTnGZFBYXMd9eVsQYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/792372-3d2a-44fd-91a0-f4272eec280d/1/9DgRjVnXujq9q_YCFn45nR0DQj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/792372-3d2a-44fd-91a0-f4272eec280d/1/WzNYEQ2t8iTnGZFBYXMd9eVsQYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:b640:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:ba:dd:87:13:db:af:31:44:a9:32:7b:7d:e6:b0:48:62:6c:
         fe:e4:97:b1:33:36:eb:95:97:9c:8f:b4:e3:74:cb:c8:e1:7a:
         89:5b:d4:e6:c9:69:20:7d:cd:6f:88:83:87:61:56:75:b1:3d:
         f2:17:de:3b:8a:36:40:f0:e7:42:cd:54:39:bd:94:c0:65:94:
         83:75:f4:b2:6b:2a:21:1f:bf:ea:f6:0b:1f:1e:04:a2:62:3d:
         a2:b9:04:fa:5b:5b:7d:37:f6:53:b1:e2:71:1d:45:13:92:af:
         20:cf:48:cd:5e:59:4b:23:3f:b1:31:5d:08:59:42:c3:ca:21:
         27:f8:de:58:fd:9e:76:ca:5c:59:1d:52:af:19:2e:66:5c:d9:
         a8:a2:4f:82:86:f1:7d:e9:e1:5b:34:93:b0:7d:5e:fd:d3:d7:
         dc:22:9e:7b:e1:36:63:be:8c:85:f6:27:4c:72:67:75:15:a2:
         86:1e:89:85:3c:4f:19:7e:fb:12:62:66:28:a5:ac:e8:db:0b:
         dd:9b:4e:61:66:2b:26:af:ae:e0:78:fa:94:03:45:e8:99:18:
         8c:df:18:4e:cd:22:2d:d9:76:88:7e:f2:6d:2d:3b:24:c6:07:
         3e:79:c0:5f:d0:a0:1c:de:16:ba:a1:28:5b:b2:cd:02:eb:f5:
         c5:41:a5:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZoBxfmr408v4Nl8fvMef0z9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMzM1ODExMGRhZGYyMjRlNzE5OTE0MTYxNzMxZGY1ZTU2
YzQxODgwHhcNMjUxMDIwMTMxOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDM4MTE4ZDU5ZDdiYTNhYmRhYmY2MDIxNjdlMzk5ZDFkMDM0MjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTK5DC+gZl4NTmVI2yB/it+0mhZZ
PKk0r68fecXMfqkiDy31oZXnC9NxoSX3X76+0+ujo4LBuCQr4OCkYmnwKATqHXoM
sDX1Npdd31lw5QPxC2b0K9MovQDKNcvSqrmS94c3cZJ8lFyyeGjIms7P1Qk9pYhm
8S7oGljdqnBDDHOn0uDKj4CB0bxtwbb8b646iid3dHeAs8qi+YkPRhN1IVyQLPgV
lz1omfBlaAWcx5twQS7tjUY5YsthS8FT6DONv/CsjEYRHqyppCmMjblS36XVFClU
+9oLLts1jpbz027uaUxHvydAwY3XNl9VsLQCPw/M2HTpR22Wipkk9PEk8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPQ4EY1Z17o6vav2AhZ+OZ0dA0I+MB8GA1UdIwQY
MBaAFFszWBENrfIk5xmRQWFzHfXlbEGIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3pOWUVRMnQ4aVRuR1pGQllYTWQ5ZVZzUVlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83OTIzNzItM2QyYS00NGZkLTkxYTAt
ZjQyNzJlZWMyODBkLzEvOURnUmpWblh1anE5cV9ZQ0ZuNDVuUjBEUWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83OTIzNzItM2QyYS00NGZkLTkxYTAtZjQyNzJlZWMyODBk
LzEvV3pOWUVRMnQ4aVRuR1pGQllYTWQ5ZVZzUVlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgS2QAAD
MA0GCSqGSIb3DQEBCwUAA4IBAQBqut2HE9uvMUSpMnt95rBIYmz+5JexMzbrlZec
j7TjdMvI4XqJW9TmyWkgfc1viIOHYVZ1sT3yF947ijZA8OdCzVQ5vZTAZZSDdfSy
ayohH7/q9gsfHgSiYj2iuQT6W1t9N/ZTseJxHUUTkq8gz0jNXllLIz+xMV0IWULD
yiEn+N5Y/Z52ylxZHVKvGS5mXNmook+ChvF96eFbNJOwfV7909fcIp574TZjvoyF
9idMcmd1FaKGHomFPE8ZfvsSYmYopazo2wvdm05hZismr67gePqUA0XomRiM3xhO
zSIt2XaIfvJtLTskxgc+ecBf0KAc3ha6oShbss0C6/XFQaXw
-----END CERTIFICATE-----