Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/SUmNFZD8I_qHCFRJ0R0NJL-H89Q.roa
File:                     SUmNFZD8I_qHCFRJ0R0NJL-H89Q.roa (raw, json)
Hash identifier:          7VACwdKb53ImeV8ZVKwyL9R1odcZbIwcMqL0+pbbvxM=
Subject key identifier:   49:49:8D:15:90:FC:23:FA:87:08:54:49:D1:1D:0D:24:BF:87:F3:D4
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019809AB921DCB302658A673AF1C0B11CE6B
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/SUmNFZD8I_qHCFRJ0R0NJL-H89Q.roa
Signing time:             Mon 14 Jul 2025 16:01:35 +0000
ROA not before:           Mon 14 Jul 2025 16:01:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     27989
IP address blocks:        2.59.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:ab:92:1d:cb:30:26:58:a6:73:af:1c:0b:11:ce:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jul 14 16:01:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49498d1590fc23fa87085449d11d0d24bf87f3d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:aa:d8:b2:47:af:6d:03:30:cb:fa:0a:8b:b2:
                    e3:60:00:b0:2e:7b:37:d7:1c:f9:6e:62:fb:bc:43:
                    68:87:64:a9:04:3c:cc:e1:a6:97:36:8b:42:66:db:
                    e9:7b:86:1b:63:95:4f:b9:71:57:28:05:93:70:f9:
                    10:80:23:13:17:34:13:ab:19:29:d8:23:ee:e5:36:
                    be:1a:2e:e7:84:70:f6:44:4b:a1:f0:8f:cf:36:37:
                    54:15:aa:62:27:41:04:ff:1a:0d:b2:8b:e3:1e:9a:
                    cf:13:66:28:63:80:37:c6:80:04:ae:84:2d:68:df:
                    c0:9e:c2:d2:87:44:ab:20:a7:4a:50:f4:4f:4f:56:
                    eb:0d:67:81:93:be:68:09:3c:aa:d0:c4:7a:c7:75:
                    af:d6:9b:b5:73:0f:b8:70:6b:6f:d9:c8:ed:d3:bf:
                    f0:47:05:0b:22:23:fd:99:f5:39:47:ca:c1:23:52:
                    c2:e0:9d:85:4f:e0:6c:00:e2:57:ed:22:4f:86:b2:
                    86:d9:12:c5:bb:c8:6f:c4:22:78:0d:6a:0b:49:87:
                    b2:61:e7:89:93:4a:9e:2b:52:25:a9:20:2b:88:44:
                    be:15:76:df:a1:59:c7:c9:34:6e:d5:eb:6e:3a:f5:
                    07:41:fc:9d:d4:86:6f:86:d2:9b:53:f0:13:33:22:
                    98:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:49:8D:15:90:FC:23:FA:87:08:54:49:D1:1D:0D:24:BF:87:F3:D4
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/SUmNFZD8I_qHCFRJ0R0NJL-H89Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:d4:af:26:34:05:94:dd:57:96:5d:33:42:05:78:b5:6c:d3:
         58:96:ea:df:98:bf:f8:28:c3:2f:a6:cd:ce:4a:f7:0b:3b:80:
         55:05:d2:48:d1:71:07:46:74:56:69:4b:b0:96:f5:05:93:e7:
         d8:28:a2:ad:19:1a:a6:f4:9b:05:bd:de:c7:83:3b:4f:07:3e:
         1e:06:20:b7:c6:5d:ed:fc:06:8b:fb:39:4c:89:46:fa:bb:bd:
         e2:90:33:18:2a:d0:c5:c5:7b:54:a7:82:07:76:bb:6c:f6:63:
         94:62:a0:5b:4f:9e:42:0d:fc:26:f8:eb:f5:89:1a:00:a8:63:
         8d:9a:c1:29:6c:83:c1:7f:a1:8b:ac:77:63:fe:da:54:58:00:
         85:0c:8b:34:8b:35:d8:76:2f:2e:e3:f8:05:33:5f:ed:04:69:
         79:a7:0a:df:32:37:b5:74:c4:9f:10:35:db:89:a3:c1:54:f0:
         59:c6:02:40:b3:3f:55:02:58:2c:d2:74:01:3b:e4:80:ef:0d:
         53:a9:1a:28:5a:eb:54:81:05:a4:85:30:05:f3:29:42:db:f6:
         ab:22:e6:af:38:d5:e4:e6:b2:ba:dd:54:39:e7:f7:66:11:80:
         82:f8:26:65:d7:04:54:23:5c:db:07:6d:b5:20:3a:cf:00:ab:
         e2:c3:5d:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJq5IdyzAmWKZzrxwLEc5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNzE0MTYwMTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTQ5OGQxNTkwZmMyM2ZhODcwODU0NDlkMTFkMGQyNGJmODdmM2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKrYskevbQMwy/oKi7LjYACwLns3
1xz5bmL7vENoh2SpBDzM4aaXNotCZtvpe4YbY5VPuXFXKAWTcPkQgCMTFzQTqxkp
2CPu5Ta+Gi7nhHD2REuh8I/PNjdUFapiJ0EE/xoNsovjHprPE2YoY4A3xoAEroQt
aN/AnsLSh0SrIKdKUPRPT1brDWeBk75oCTyq0MR6x3Wv1pu1cw+4cGtv2cjt07/w
RwULIiP9mfU5R8rBI1LC4J2FT+BsAOJX7SJPhrKG2RLFu8hvxCJ4DWoLSYeyYeeJ
k0qeK1IlqSAriES+FXbfoVnHyTRu1etuOvUHQfyd1IZvhtKbU/ATMyKYyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFElJjRWQ/CP6hwhUSdEdDSS/h/PUMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvU1VtTkZaRDhJX3FIQ0ZSSjBSME5KTC1IODlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjvBMA0G
CSqGSIb3DQEBCwUAA4IBAQCi1K8mNAWU3VeWXTNCBXi1bNNYlurfmL/4KMMvps3O
SvcLO4BVBdJI0XEHRnRWaUuwlvUFk+fYKKKtGRqm9JsFvd7HgztPBz4eBiC3xl3t
/AaL+zlMiUb6u73ikDMYKtDFxXtUp4IHdrts9mOUYqBbT55CDfwm+Ov1iRoAqGON
msEpbIPBf6GLrHdj/tpUWACFDIs0izXYdi8u4/gFM1/tBGl5pwrfMje1dMSfEDXb
iaPBVPBZxgJAsz9VAlgs0nQBO+SA7w1TqRooWutUgQWkhTAF8ylC2/arIuavONXk
5rK63VQ55/dmEYCC+CZl1wRUI1zbB221IDrPAKviw124
-----END CERTIFICATE-----