Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/5bec72-0f1e-4208-b124-ec578e1cceed/1/HZihVFJ3txZ3OW6s1qo-blP1Efk.roa
File:                     HZihVFJ3txZ3OW6s1qo-blP1Efk.roa (raw, json)
Hash identifier:          N+ZzWONseQF5HNODvYH9OIzGzY5Yo+h2JcqNwXkMfQE=
Subject key identifier:   1D:98:A1:54:52:77:B7:16:77:39:6E:AC:D6:AA:3E:6E:53:F5:11:F9
Certificate issuer:       /CN=c086e72d6882aba20424c8c8277a7e23c0772cd2
Certificate serial:       0199109E9C5916707FF05D8F16ED4F5C2862
Authority key identifier: C0:86:E7:2D:68:82:AB:A2:04:24:C8:C8:27:7A:7E:23:C0:77:2C:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIbnLWiCq6IEJMjIJ3p-I8B3LNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/5bec72-0f1e-4208-b124-ec578e1cceed/1/HZihVFJ3txZ3OW6s1qo-blP1Efk.roa
Signing time:             Wed 03 Sep 2025 17:27:34 +0000
ROA not before:           Wed 03 Sep 2025 17:27:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44066
IP address blocks:        2a0d:3c0::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/5bec72-0f1e-4208-b124-ec578e1cceed/1/wIbnLWiCq6IEJMjIJ3p-I8B3LNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/5bec72-0f1e-4208-b124-ec578e1cceed/1/wIbnLWiCq6IEJMjIJ3p-I8B3LNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIbnLWiCq6IEJMjIJ3p-I8B3LNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 08:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:10:9e:9c:59:16:70:7f:f0:5d:8f:16:ed:4f:5c:28:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c086e72d6882aba20424c8c8277a7e23c0772cd2
        Validity
            Not Before: Sep  3 17:27:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d98a1545277b71677396eacd6aa3e6e53f511f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:0f:a6:84:2a:55:1f:d9:04:13:f8:45:63:59:
                    78:f8:90:86:93:22:25:84:a8:a8:bb:e3:78:67:a3:
                    5e:0f:73:be:af:ef:fa:a5:31:5d:f7:af:aa:4d:38:
                    50:68:e2:4a:c9:65:6c:fe:3e:d9:c3:85:cb:8e:f1:
                    ec:6a:e8:3a:d2:32:82:76:47:c9:c6:ce:e7:50:5b:
                    89:08:58:b0:d9:4e:32:9f:90:7b:ac:5f:77:30:f3:
                    c7:0b:98:1f:70:fb:ee:32:ed:83:2d:e6:c3:e7:c9:
                    f5:c8:94:d8:d8:13:3e:53:0f:0a:63:55:52:4d:52:
                    f4:96:02:d5:9e:c2:8f:0c:39:ae:8c:e3:bc:40:d2:
                    6f:cf:9c:6f:a8:a2:75:22:ae:af:c4:73:2a:a9:89:
                    20:19:04:15:ff:8a:f9:cb:45:75:18:49:52:61:2e:
                    32:4f:24:46:4a:7c:8d:e8:ed:e5:48:31:bf:9e:93:
                    ec:e5:03:98:95:af:e8:3b:9f:5d:51:1f:c3:df:80:
                    5b:60:53:6d:f3:89:1b:6a:8f:3b:0a:d6:56:44:5c:
                    14:cd:db:27:3d:c5:69:33:41:24:1b:4c:26:62:09:
                    37:46:db:b0:4b:8c:25:04:f6:63:24:5d:23:b8:da:
                    60:05:3d:7e:01:9d:af:4a:fb:ab:1f:f6:7c:49:1e:
                    4d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:98:A1:54:52:77:B7:16:77:39:6E:AC:D6:AA:3E:6E:53:F5:11:F9
            X509v3 Authority Key Identifier:
                keyid:C0:86:E7:2D:68:82:AB:A2:04:24:C8:C8:27:7A:7E:23:C0:77:2C:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIbnLWiCq6IEJMjIJ3p-I8B3LNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/5bec72-0f1e-4208-b124-ec578e1cceed/1/HZihVFJ3txZ3OW6s1qo-blP1Efk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/5bec72-0f1e-4208-b124-ec578e1cceed/1/wIbnLWiCq6IEJMjIJ3p-I8B3LNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:3c0::/40

    Signature Algorithm: sha256WithRSAEncryption
         5f:8e:c3:3f:df:94:6f:9e:69:cd:3a:f0:62:ab:97:12:cd:90:
         30:54:a1:05:98:9c:86:de:9c:46:74:93:54:be:47:c4:a0:9e:
         81:f3:a0:48:6b:98:39:18:75:3e:c3:af:d5:25:ec:8c:c6:58:
         30:f1:e3:50:8e:c9:62:aa:71:55:18:d7:f0:a4:33:ff:57:78:
         af:1f:bc:9a:3f:df:b0:9c:dc:03:56:d5:c5:4b:b1:b2:70:1d:
         ea:7d:4c:47:36:a7:38:01:d1:ce:43:60:c2:e4:a5:41:93:c9:
         16:4e:7d:1e:40:0b:2d:7a:a3:dd:79:aa:2d:a6:ba:d2:da:de:
         76:46:ce:83:f8:f1:f9:6a:5e:66:3f:92:70:ac:07:59:70:b2:
         68:3d:68:4e:d5:70:1d:8f:88:be:c9:3d:77:6d:f9:92:ec:5a:
         b6:6d:d5:11:e3:6d:21:5c:ca:5b:28:75:33:5b:52:21:18:cc:
         74:06:cf:20:2e:0d:54:c9:77:11:54:80:2a:d2:dc:21:41:1c:
         ab:ac:38:20:8b:0d:2e:b1:12:18:e0:b5:8f:e4:85:d1:13:ee:
         f2:23:ef:98:2b:43:55:94:e1:e6:60:ae:8b:4b:ae:fa:49:98:
         b8:19:32:4a:a7:a6:46:5c:51:3e:73:11:66:05:2d:bf:44:99:
         06:01:df:8b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZkQnpxZFnB/8F2PFu1PXChiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODZlNzJkNjg4MmFiYTIwNDI0YzhjODI3N2E3ZTIzYzA3
NzJjZDIwHhcNMjUwOTAzMTcyNzM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk4YTE1NDUyNzdiNzE2NzczOTZlYWNkNmFhM2U2ZTUzZjUxMWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4w+mhCpVH9kEE/hFY1l4+JCGkyIl
hKiou+N4Z6NeD3O+r+/6pTFd96+qTThQaOJKyWVs/j7Zw4XLjvHsaug60jKCdkfJ
xs7nUFuJCFiw2U4yn5B7rF93MPPHC5gfcPvuMu2DLebD58n1yJTY2BM+Uw8KY1VS
TVL0lgLVnsKPDDmujOO8QNJvz5xvqKJ1Iq6vxHMqqYkgGQQV/4r5y0V1GElSYS4y
TyRGSnyN6O3lSDG/npPs5QOYla/oO59dUR/D34BbYFNt84kbao87CtZWRFwUzdsn
PcVpM0EkG0wmYgk3RtuwS4wlBPZjJF0juNpgBT1+AZ2vSvurH/Z8SR5N1wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFB2YoVRSd7cWdzlurNaqPm5T9RH5MB8GA1UdIwQY
MBaAFMCG5y1ogquiBCTIyCd6fiPAdyzSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0libkxXaUNxNklFSk1qSUozcC1JOEIzTE5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS81YmVjNzItMGYxZS00MjA4LWIxMjQt
ZWM1NzhlMWNjZWVkLzEvSFppaFZGSjN0eFozT1c2czFxby1ibFAxRWZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS81YmVjNzItMGYxZS00MjA4LWIxMjQtZWM1NzhlMWNjZWVk
LzEvd0libkxXaUNxNklFSk1qSUozcC1JOEIzTE5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg0DwAAw
DQYJKoZIhvcNAQELBQADggEBAF+Owz/flG+eac068GKrlxLNkDBUoQWYnIbenEZ0
k1S+R8SgnoHzoEhrmDkYdT7Dr9Ul7IzGWDDx41COyWKqcVUY1/CkM/9XeK8fvJo/
37Cc3ANW1cVLsbJwHep9TEc2pzgB0c5DYMLkpUGTyRZOfR5ACy16o915qi2mutLa
3nZGzoP48flqXmY/knCsB1lwsmg9aE7VcB2PiL7JPXdt+ZLsWrZt1RHjbSFcylso
dTNbUiEYzHQGzyAuDVTJdxFUgCrS3CFBHKusOCCLDS6xEhjgtY/khdET7vIj75gr
Q1WU4eZgrotLrvpJmLgZMkqnpkZcUT5zEWYFLb9EmQYB34s=
-----END CERTIFICATE-----