Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/R0deOvVJcJLvnrvTkFv0qUuLOeE.roa
File:                     R0deOvVJcJLvnrvTkFv0qUuLOeE.roa (raw, json)
Hash identifier:          PT3AZWYCq0/QfH2k+dN8cKjPuvcfYidJfRZzM4fhNGU=
Subject key identifier:   47:47:5E:3A:F5:49:70:92:EF:9E:BB:D3:90:5B:F4:A9:4B:8B:39:E1
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01997614E170C13C98850616A4E07BF272CB
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/R0deOvVJcJLvnrvTkFv0qUuLOeE.roa
Signing time:             Tue 23 Sep 2025 10:18:23 +0000
ROA not before:           Tue 23 Sep 2025 10:18:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211001
IP address blocks:        104.222.179.0/24 maxlen: 24
                          104.239.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 Oct 2025 11:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:14:e1:70:c1:3c:98:85:06:16:a4:e0:7b:f2:72:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Sep 23 10:18:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47475e3af5497092ef9ebbd3905bf4a94b8b39e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e0:3e:36:b5:8e:83:c1:fe:bb:82:65:64:9e:
                    12:5d:97:95:9d:63:33:43:96:a4:95:d2:07:ac:51:
                    22:4b:97:3a:1f:f6:ea:58:9b:9d:8a:6b:69:96:02:
                    a4:3b:28:f4:55:98:3f:02:8c:38:69:c2:2b:93:f6:
                    8d:d8:7a:91:cc:5f:b8:c3:5b:f1:93:01:cd:0d:5b:
                    a3:00:11:65:49:88:21:b2:62:01:d0:02:5e:a1:85:
                    bb:a9:50:2b:43:0c:5a:85:9b:46:bc:35:1a:31:07:
                    4b:2d:0a:0a:76:e4:94:f0:0c:c6:10:14:9b:ff:27:
                    3a:98:6c:5d:f9:fb:88:37:18:ac:2a:7e:71:1a:9f:
                    20:40:30:05:3c:e8:d7:d0:57:01:cd:37:dc:25:90:
                    dd:8b:b9:5d:5e:5d:a8:87:d9:9c:15:1f:8d:2c:44:
                    62:ac:48:2c:2d:aa:a9:5e:29:81:77:90:01:25:50:
                    98:9e:4f:e3:15:3f:07:a1:8b:de:fb:fc:ae:82:60:
                    2a:c9:8b:5b:3c:33:3b:cf:c1:b3:21:5a:7a:19:04:
                    90:af:29:6d:56:c8:83:fe:7a:7b:71:8b:22:e3:00:
                    cd:48:7c:25:ee:92:c1:26:a2:1b:37:90:a9:e5:eb:
                    a7:b5:e7:17:75:6f:13:05:b6:5c:26:f4:9a:5f:d8:
                    43:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:47:5E:3A:F5:49:70:92:EF:9E:BB:D3:90:5B:F4:A9:4B:8B:39:E1
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/R0deOvVJcJLvnrvTkFv0qUuLOeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.222.179.0/24
                  104.239.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:35:99:73:f9:63:d8:94:d5:81:20:0d:23:2f:dc:b3:e5:6a:
         37:50:e9:c7:79:d0:58:05:44:68:c8:70:8f:be:1f:60:ab:18:
         4e:3f:18:55:ef:bf:44:63:6c:49:9f:1f:5b:61:00:82:99:55:
         5d:fa:13:ba:58:1e:e7:79:0b:6b:1c:a0:4b:74:e7:74:7b:9f:
         1f:13:a3:b0:0e:ca:cb:aa:c1:67:90:cf:eb:dd:f9:fa:1b:3e:
         25:4d:29:0b:c1:80:1c:2b:d8:a8:8c:d1:83:49:fc:ec:d2:81:
         08:ad:48:5e:28:9a:33:b1:64:5e:e3:5e:30:75:ff:ad:fd:57:
         d4:a8:b9:55:a9:1a:f9:c2:f4:ec:37:44:45:78:99:4a:fd:10:
         64:35:26:f4:8e:9c:7a:24:b6:b2:42:8e:95:5d:d1:e6:0d:e8:
         7c:bb:9f:d2:a2:c2:5e:4c:c0:c3:15:3f:96:ba:1a:a2:51:3a:
         59:80:49:08:a1:b3:d6:24:17:a8:60:30:80:35:d5:23:7f:85:
         db:03:56:ad:25:e9:05:3d:ae:1f:f8:0b:ef:31:f0:3c:9a:59:
         6b:48:98:f7:a8:df:19:af:8c:91:ba:a5:6e:5f:39:7c:56:aa:
         3d:42:41:9a:de:b4:f4:c3:64:42:61:5a:de:8e:a0:ad:cc:2d:
         28:25:58:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl2FOFwwTyYhQYWpOB78nLLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwOTIzMTAxODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQ3NWUzYWY1NDk3MDkyZWY5ZWJiZDM5MDViZjRhOTRiOGIzOWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOA+NrWOg8H+u4JlZJ4SXZeVnWMz
Q5akldIHrFEiS5c6H/bqWJudimtplgKkOyj0VZg/Aow4acIrk/aN2HqRzF+4w1vx
kwHNDVujABFlSYghsmIB0AJeoYW7qVArQwxahZtGvDUaMQdLLQoKduSU8AzGEBSb
/yc6mGxd+fuINxisKn5xGp8gQDAFPOjX0FcBzTfcJZDdi7ldXl2oh9mcFR+NLERi
rEgsLaqpXimBd5ABJVCYnk/jFT8HoYve+/yugmAqyYtbPDM7z8GzIVp6GQSQrylt
VsiD/np7cYsi4wDNSHwl7pLBJqIbN5Cp5euntecXdW8TBbZcJvSaX9hD3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEdHXjr1SXCS756705Bb9KlLiznhMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvUjBkZU92VkpjSkx2bnJ2VGtGdjBxVXVMT2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAaN6zAwQA
aO8vMA0GCSqGSIb3DQEBCwUAA4IBAQBANZlz+WPYlNWBIA0jL9yz5Wo3UOnHedBY
BURoyHCPvh9gqxhOPxhV779EY2xJnx9bYQCCmVVd+hO6WB7neQtrHKBLdOd0e58f
E6OwDsrLqsFnkM/r3fn6Gz4lTSkLwYAcK9iojNGDSfzs0oEIrUheKJozsWRe414w
df+t/VfUqLlVqRr5wvTsN0RFeJlK/RBkNSb0jpx6JLayQo6VXdHmDeh8u5/SosJe
TMDDFT+WuhqiUTpZgEkIobPWJBeoYDCANdUjf4XbA1atJekFPa4f+AvvMfA8mllr
SJj3qN8Zr4yRuqVuXzl8Vqo9QkGa3rT0w2RCYVrejqCtzC0oJVgN
-----END CERTIFICATE-----