Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/cZuiX9iRKtcmyH-JdbpceCGrBO0.roa
File:                     cZuiX9iRKtcmyH-JdbpceCGrBO0.roa (raw, json)
Hash identifier:          0gktSn7Clpzx4fQL6j+FI+FQ2qTL7v5ucoC936LVj5g=
Subject key identifier:   71:9B:A2:5F:D8:91:2A:D7:26:C8:7F:89:75:BA:5C:78:21:AB:04:ED
Certificate issuer:       /CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
Certificate serial:       019953F5B4451FD2809E64A9A5E67BBF2091
Authority key identifier: 45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/cZuiX9iRKtcmyH-JdbpceCGrBO0.roa
Signing time:             Tue 16 Sep 2025 19:17:15 +0000
ROA not before:           Tue 16 Sep 2025 19:17:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 04:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:53:f5:b4:45:1f:d2:80:9e:64:a9:a5:e6:7b:bf:20:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
        Validity
            Not Before: Sep 16 19:17:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=719ba25fd8912ad726c87f8975ba5c7821ab04ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9f:48:32:a8:04:5f:06:ef:60:13:3b:ab:fc:
                    66:fa:17:d3:73:e9:5c:db:50:a7:ee:b2:34:c2:4b:
                    8d:80:56:96:7f:fa:7a:30:e2:00:6d:34:ab:db:3e:
                    14:d8:36:1b:a8:2e:1d:f1:de:56:e5:67:25:b4:db:
                    87:ef:b6:6f:a9:9c:06:fe:ae:b5:31:91:69:84:25:
                    10:04:d3:09:2f:cb:04:63:65:01:c4:b6:22:e6:ec:
                    9c:16:95:5b:75:79:97:09:e1:11:83:c3:65:02:71:
                    01:31:64:e7:fe:fd:34:eb:5e:d7:3f:43:ab:22:3d:
                    07:00:9f:2f:ae:8a:9b:21:16:5c:15:65:a3:4e:c8:
                    2b:72:d8:70:98:78:bb:ad:70:a3:d9:9f:b2:ba:91:
                    4e:07:22:04:85:66:eb:39:09:e4:a0:a3:1d:77:c1:
                    31:1c:91:40:8d:90:39:da:21:ef:c8:6d:27:85:a7:
                    af:c9:a4:44:1b:55:9e:14:d2:49:60:e4:33:f8:b6:
                    7c:93:0b:5d:a2:08:ed:37:1f:19:f6:01:bd:63:d7:
                    be:68:14:d1:b3:7c:00:01:f6:7d:d3:4e:17:be:1f:
                    26:2d:96:51:c9:71:dd:66:c6:44:e5:64:be:ce:62:
                    a8:f7:ed:8f:78:e1:44:a0:f4:ae:40:7a:e4:a4:87:
                    34:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9B:A2:5F:D8:91:2A:D7:26:C8:7F:89:75:BA:5C:78:21:AB:04:ED
            X509v3 Authority Key Identifier:
                keyid:45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/cZuiX9iRKtcmyH-JdbpceCGrBO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f440::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:1f:7f:fd:a0:57:c3:f5:23:ff:cf:ae:92:c4:81:25:42:a2:
         66:40:23:56:0f:00:db:ea:33:67:b5:c2:9e:26:01:7b:41:21:
         47:41:b1:11:13:99:0d:52:87:b5:cb:e2:73:4e:20:8b:c3:c0:
         93:b1:a3:9b:ff:db:66:a3:38:18:fb:d4:b2:b1:c1:88:b5:d3:
         d0:01:e8:5e:6a:9c:91:37:e9:9a:e3:b5:16:90:e4:3f:6d:09:
         93:71:39:06:26:d9:94:03:0b:68:d2:27:83:75:89:0a:8c:c2:
         2a:b4:69:89:db:3c:2a:bd:5c:bd:25:6b:91:bd:8e:fb:77:5a:
         36:13:18:ab:5e:00:89:3d:ff:ac:ba:2c:c7:8b:fe:eb:21:71:
         82:03:b8:92:f7:5f:bc:c1:35:5a:60:30:bb:0a:ed:77:90:00:
         9c:db:c7:e8:88:32:8a:12:f8:95:57:6c:58:6d:ab:46:ef:16:
         90:95:3a:41:75:8b:3c:36:38:1d:92:e4:f1:c0:29:37:44:c5:
         25:b2:5b:dd:00:30:80:b0:32:23:80:e4:83:00:44:2e:20:cc:
         45:87:6e:ea:d6:73:da:bb:3e:37:08:cd:2e:1b:d4:c5:24:db:
         9f:ac:62:ac:b9:fd:1a:13:3f:bb:6c:40:c5:bf:0f:aa:94:98:
         5e:36:06:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZlT9bRFH9KAnmSppeZ7vyCRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZWZmZTk4YzI0YzNkNmQ2MDg3YzhkMWQzZjkwMWI4Y2Nk
NDAwODgwHhcNMjUwOTE2MTkxNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTliYTI1ZmQ4OTEyYWQ3MjZjODdmODk3NWJhNWM3ODIxYWIwNGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJ9IMqgEXwbvYBM7q/xm+hfTc+lc
21Cn7rI0wkuNgFaWf/p6MOIAbTSr2z4U2DYbqC4d8d5W5WcltNuH77ZvqZwG/q61
MZFphCUQBNMJL8sEY2UBxLYi5uycFpVbdXmXCeERg8NlAnEBMWTn/v00617XP0Or
Ij0HAJ8vroqbIRZcFWWjTsgrcthwmHi7rXCj2Z+yupFOByIEhWbrOQnkoKMdd8Ex
HJFAjZA52iHvyG0nhaevyaREG1WeFNJJYOQz+LZ8kwtdogjtNx8Z9gG9Y9e+aBTR
s3wAAfZ9004Xvh8mLZZRyXHdZsZE5WS+zmKo9+2PeOFEoPSuQHrkpIc0nwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHGbol/YkSrXJsh/iXW6XHghqwTtMB8GA1UdIwQY
MBaAFEXv/pjCTD1tYIfI0dP5AbjM1ACIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAt
ZGViN2I5MTg5MTY5LzEvY1p1aVg5aVJLdGNteUgtSmRicGNlQ0dyQk8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAtZGViN2I5MTg5MTY5
LzEvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgH0QDAN
BgkqhkiG9w0BAQsFAAOCAQEABR9//aBXw/Uj/8+uksSBJUKiZkAjVg8A2+ozZ7XC
niYBe0EhR0GxEROZDVKHtcvic04gi8PAk7Gjm//bZqM4GPvUsrHBiLXT0AHoXmqc
kTfpmuO1FpDkP20Jk3E5BibZlAMLaNIng3WJCozCKrRpids8Kr1cvSVrkb2O+3da
NhMYq14AiT3/rLosx4v+6yFxggO4kvdfvME1WmAwuwrtd5AAnNvH6IgyihL4lVds
WG2rRu8WkJU6QXWLPDY4HZLk8cApN0TFJbJb3QAwgLAyI4DkgwBELiDMRYdu6tZz
2rs+NwjNLhvUxSTbn6xirLn9GhM/u2xAxb8PqpSYXjYGBA==
-----END CERTIFICATE-----