Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/RRfbWS9gJIpkQlUHUBT_C-4iKW4.roa
File:                     RRfbWS9gJIpkQlUHUBT_C-4iKW4.roa (raw, json)
Hash identifier:          5YJMcnD8st6XyEBie4P9czS9E91f4FDnUOlRC1amfu0=
Subject key identifier:   45:17:DB:59:2F:60:24:8A:64:42:55:07:50:14:FF:0B:EE:22:29:6E
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       0197C992ADE82FC965C932FB2790596584C2
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/RRfbWS9gJIpkQlUHUBT_C-4iKW4.roa
Signing time:             Wed 02 Jul 2025 05:18:42 +0000
ROA not before:           Wed 02 Jul 2025 05:18:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33991
IP address blocks:        178.159.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:07:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c9:92:ad:e8:2f:c9:65:c9:32:fb:27:90:59:65:84:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jul  2 05:18:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4517db592f60248a644255075014ff0bee22296e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ed:15:d2:f9:cf:53:95:35:52:45:74:04:26:
                    9b:cc:87:62:77:da:ce:b1:93:49:81:e9:3a:a4:fe:
                    1d:dd:55:67:2e:67:7d:88:a8:2a:3b:ec:a9:02:c2:
                    6e:d8:ad:24:b7:e1:6c:ce:3a:01:f1:f2:fd:32:6e:
                    dd:da:48:ce:4a:40:62:7d:12:c5:6b:66:a6:5e:02:
                    ee:a4:24:9c:94:80:67:96:fe:4a:fd:d2:44:5c:a9:
                    3e:c0:4c:16:dc:68:c8:1f:f5:bd:9a:89:54:76:2e:
                    54:bf:c9:73:68:d8:87:73:3a:02:92:e6:8d:33:c5:
                    ad:cb:35:82:0b:46:ec:59:fe:27:38:80:d6:ee:d5:
                    90:ac:3a:f2:2b:94:4d:2c:6b:19:20:4e:4a:63:12:
                    ce:12:d0:05:80:d9:72:51:d9:4b:0e:a4:d9:36:ce:
                    47:3f:6d:26:f3:4d:af:e4:bc:8f:a8:83:89:0e:2d:
                    18:12:ef:39:81:82:78:14:6a:c8:1a:e3:83:47:35:
                    72:d2:75:6d:9d:ed:ae:22:7b:83:ec:d3:1c:e1:7d:
                    b2:59:f5:ca:b5:82:30:87:5a:1d:0f:31:90:19:12:
                    94:b3:1e:68:63:6a:2f:7d:06:3f:ce:64:1d:6a:52:
                    d1:49:08:08:4e:40:e8:76:70:a2:36:f8:b9:84:1c:
                    4e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:17:DB:59:2F:60:24:8A:64:42:55:07:50:14:FF:0B:EE:22:29:6E
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/RRfbWS9gJIpkQlUHUBT_C-4iKW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.159.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:42:c0:fb:4d:e1:6a:64:a6:90:ae:8b:ea:54:34:aa:4b:9f:
         41:e4:7b:1b:41:da:2e:57:27:c9:9c:79:d5:4a:5b:39:1c:45:
         b2:0e:b5:09:05:86:b3:36:27:0a:5c:c7:e0:19:7b:94:76:c7:
         6e:b0:a6:7b:9a:25:ed:88:70:4a:5c:a1:f2:85:54:b7:da:8a:
         51:03:61:4a:bf:53:af:ae:43:6f:f1:af:f8:c1:8b:c4:04:fc:
         67:b5:ac:2a:32:8d:48:13:f3:c6:9f:25:66:b4:8f:59:62:98:
         dd:81:83:5e:ca:a6:7f:6d:c3:b3:1e:52:b1:2d:34:50:a8:ea:
         1d:19:e9:e6:97:5b:1f:89:27:da:0d:92:72:89:18:02:64:14:
         a3:74:6c:a6:32:c2:28:6a:bc:ea:85:a9:5c:a2:63:e7:f6:6b:
         22:96:d4:e0:00:9e:9e:59:1e:8b:c1:cf:95:e3:cc:a9:83:f9:
         4c:93:5f:d4:21:82:7d:22:f9:7c:26:39:72:fc:6a:96:3b:cb:
         21:95:d5:34:20:3f:f4:36:01:ad:0d:bb:27:bb:a7:d1:31:81:
         9c:94:eb:ef:60:cf:fc:a2:7d:0f:b6:6f:f6:73:59:6c:76:d9:
         1d:58:6d:3c:89:33:02:ea:d9:c9:1e:1c:c5:cd:7c:9a:f1:60:
         5d:bc:7c:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfJkq3oL8llyTL7J5BZZYTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjUwNzAyMDUxODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTE3ZGI1OTJmNjAyNDhhNjQ0MjU1MDc1MDE0ZmYwYmVlMjIyOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuu0V0vnPU5U1UkV0BCabzIdid9rO
sZNJgek6pP4d3VVnLmd9iKgqO+ypAsJu2K0kt+FszjoB8fL9Mm7d2kjOSkBifRLF
a2amXgLupCSclIBnlv5K/dJEXKk+wEwW3GjIH/W9molUdi5Uv8lzaNiHczoCkuaN
M8WtyzWCC0bsWf4nOIDW7tWQrDryK5RNLGsZIE5KYxLOEtAFgNlyUdlLDqTZNs5H
P20m802v5LyPqIOJDi0YEu85gYJ4FGrIGuODRzVy0nVtne2uInuD7NMc4X2yWfXK
tYIwh1odDzGQGRKUsx5oY2ovfQY/zmQdalLRSQgITkDodnCiNvi5hBxO/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUX21kvYCSKZEJVB1AU/wvuIiluMB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvUlJmYldTOWdKSXBrUWxVSFVCVF9DLTRpS1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsp9cMA0G
CSqGSIb3DQEBCwUAA4IBAQCVQsD7TeFqZKaQrovqVDSqS59B5HsbQdouVyfJnHnV
Sls5HEWyDrUJBYazNicKXMfgGXuUdsdusKZ7miXtiHBKXKHyhVS32opRA2FKv1Ov
rkNv8a/4wYvEBPxntawqMo1IE/PGnyVmtI9ZYpjdgYNeyqZ/bcOzHlKxLTRQqOod
Genml1sfiSfaDZJyiRgCZBSjdGymMsIoarzqhalcomPn9msiltTgAJ6eWR6Lwc+V
48ypg/lMk1/UIYJ9Ivl8Jjly/GqWO8shldU0ID/0NgGtDbsnu6fRMYGclOvvYM/8
on0Ptm/2c1lsdtkdWG08iTMC6tnJHhzFzXya8WBdvHw0
-----END CERTIFICATE-----