Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/Vx78BtYZth8fkOAc3-R4JCOAWDQ.roa
File:                     Vx78BtYZth8fkOAc3-R4JCOAWDQ.roa (raw, json)
Hash identifier:          bCA21gOWhnMn30bvClWd1qAWHLtWkJnH/m+zGg0euus=
Subject key identifier:   57:1E:FC:06:D6:19:B6:1F:1F:90:E0:1C:DF:E4:78:24:23:80:58:34
Certificate issuer:       /CN=6f9e9696dccf6c1a432090408514aecdc3f60739
Certificate serial:       019A16622914A4AC3E38CB9057DE78DE43C3
Authority key identifier: 6F:9E:96:96:DC:CF:6C:1A:43:20:90:40:85:14:AE:CD:C3:F6:07:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/Vx78BtYZth8fkOAc3-R4JCOAWDQ.roa
Signing time:             Fri 24 Oct 2025 13:22:03 +0000
ROA not before:           Fri 24 Oct 2025 13:22:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210271
IP address blocks:        194.92.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Oct 2025 04:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:16:62:29:14:a4:ac:3e:38:cb:90:57:de:78:de:43:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f9e9696dccf6c1a432090408514aecdc3f60739
        Validity
            Not Before: Oct 24 13:22:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=571efc06d619b61f1f90e01cdfe4782423805834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:24:a9:bb:bf:00:8d:04:6a:c7:93:53:19:9b:
                    56:e3:0e:62:fa:8d:4c:fd:73:e1:97:b2:df:e1:98:
                    81:75:7b:88:e3:e7:53:ec:30:9c:1d:b3:e1:a4:a7:
                    1b:a5:35:77:03:08:99:bf:1d:50:49:64:02:54:a7:
                    ab:a6:34:65:37:2b:2e:4e:10:23:60:40:21:7c:00:
                    bd:13:e3:5b:ec:fe:79:65:71:5b:c9:0c:ba:51:7d:
                    f8:46:a3:d1:cc:de:e1:f1:c3:44:15:91:80:d5:40:
                    2e:ad:b5:3f:78:a4:79:7f:89:f7:fa:9c:15:92:27:
                    2b:7e:4f:61:78:c9:10:d9:c3:63:be:3c:1e:8d:c8:
                    1b:48:15:1b:5e:79:17:1e:5a:cf:3a:c6:18:42:ba:
                    67:fe:a7:19:2a:ec:35:0a:01:b3:1b:a7:63:0b:18:
                    e3:a0:c8:69:90:72:52:38:bf:71:d1:e4:a3:1b:1f:
                    52:15:a4:7d:b4:2b:ca:72:08:a3:23:89:ee:f5:4f:
                    82:2a:a9:e3:85:3b:d5:f9:d7:06:b5:4f:1c:43:b4:
                    df:9b:51:4e:f8:9d:db:db:09:f2:01:60:14:0a:98:
                    72:c1:b8:24:34:ac:c5:94:95:20:d6:2d:89:67:27:
                    a8:45:7c:3f:92:dd:9c:84:0f:95:bd:2f:04:e0:fc:
                    46:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:1E:FC:06:D6:19:B6:1F:1F:90:E0:1C:DF:E4:78:24:23:80:58:34
            X509v3 Authority Key Identifier:
                keyid:6F:9E:96:96:DC:CF:6C:1A:43:20:90:40:85:14:AE:CD:C3:F6:07:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/Vx78BtYZth8fkOAc3-R4JCOAWDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.92.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:df:1b:6f:f0:09:07:75:d8:80:2e:c0:0f:70:5e:d1:76:3f:
         26:1f:00:78:a3:36:26:00:7b:32:d7:2f:92:32:a2:02:ab:90:
         5c:99:3c:38:54:5b:ea:d8:f4:03:18:b2:63:31:c2:6d:81:94:
         f7:7e:f7:ec:7b:ec:c0:00:70:e4:d4:bd:20:03:71:bc:15:51:
         f5:51:2f:ce:c8:1f:09:e8:01:98:fb:c1:f3:2d:0f:c7:f7:e1:
         68:31:85:de:62:d0:63:26:83:8f:70:a1:7e:a9:62:f9:61:09:
         ff:0d:5c:0b:d0:54:06:c4:8e:fc:22:15:40:3d:e2:e5:61:4e:
         42:50:a5:0f:c0:c2:a3:3a:34:f6:b1:28:0b:a6:c2:11:57:95:
         4e:6c:75:51:5f:15:01:a1:84:11:7c:12:83:2a:f4:c5:5c:61:
         7a:35:d7:82:1a:bf:d1:79:46:7f:57:83:53:f5:5d:54:0f:40:
         cc:95:06:1c:3d:1e:96:2d:af:3b:86:9e:3d:14:ff:3f:4d:0f:
         e0:62:88:a4:a9:f2:23:a8:ce:14:3d:81:91:31:e6:98:14:65:
         83:7a:78:33:a3:6e:68:71:7f:d9:93:9a:98:62:0e:ff:0f:fb:
         25:e1:9b:c1:c8:09:a5:53:f1:13:9f:17:7e:d1:0c:21:6d:86:
         c9:34:65:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoWYikUpKw+OMuQV9543kPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmOWU5Njk2ZGNjZjZjMWE0MzIwOTA0MDg1MTRhZWNkYzNm
NjA3MzkwHhcNMjUxMDI0MTMyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzFlZmMwNmQ2MTliNjFmMWY5MGUwMWNkZmU0NzgyNDIzODA1ODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCSpu78AjQRqx5NTGZtW4w5i+o1M
/XPhl7Lf4ZiBdXuI4+dT7DCcHbPhpKcbpTV3AwiZvx1QSWQCVKerpjRlNysuThAj
YEAhfAC9E+Nb7P55ZXFbyQy6UX34RqPRzN7h8cNEFZGA1UAurbU/eKR5f4n3+pwV
kicrfk9heMkQ2cNjvjwejcgbSBUbXnkXHlrPOsYYQrpn/qcZKuw1CgGzG6djCxjj
oMhpkHJSOL9x0eSjGx9SFaR9tCvKcgijI4nu9U+CKqnjhTvV+dcGtU8cQ7Tfm1FO
+J3b2wnyAWAUCphywbgkNKzFlJUg1i2JZyeoRXw/kt2chA+VvS8E4PxGgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFce/AbWGbYfH5DgHN/keCQjgFg0MB8GA1UdIwQY
MBaAFG+elpbcz2waQyCQQIUUrs3D9gc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjU2V2x0elBiQnBESUpCQWhSU3V6Y1AyQnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS81N2NkNzItMzNlNC00MmRkLTlmMjIt
YmFmNGUwYjRhNjllLzEvVng3OEJ0WVp0aDhma09BYzMtUjRKQ09BV0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS81N2NkNzItMzNlNC00MmRkLTlmMjItYmFmNGUwYjRhNjll
LzEvYjU2V2x0elBiQnBESUpCQWhSU3V6Y1AyQnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlxoMA0G
CSqGSIb3DQEBCwUAA4IBAQCl3xtv8AkHddiALsAPcF7Rdj8mHwB4ozYmAHsy1y+S
MqICq5BcmTw4VFvq2PQDGLJjMcJtgZT3fvfse+zAAHDk1L0gA3G8FVH1US/OyB8J
6AGY+8HzLQ/H9+FoMYXeYtBjJoOPcKF+qWL5YQn/DVwL0FQGxI78IhVAPeLlYU5C
UKUPwMKjOjT2sSgLpsIRV5VObHVRXxUBoYQRfBKDKvTFXGF6NdeCGr/ReUZ/V4NT
9V1UD0DMlQYcPR6WLa87hp49FP8/TQ/gYoikqfIjqM4UPYGRMeaYFGWDengzo25o
cX/Zk5qYYg7/D/sl4ZvByAmlU/ETnxd+0QwhbYbJNGXb
-----END CERTIFICATE-----