Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/ogrehkPhRYBIB8kBlw0NNeumFUg.roa
File:                     ogrehkPhRYBIB8kBlw0NNeumFUg.roa (raw, json)
Hash identifier:          EbaU2xzh9VEPxkQPiv8RpsHH8ML6jMtFQNE2GPC6Bk4=
Subject key identifier:   A2:0A:DE:86:43:E1:45:80:48:07:C9:01:97:0D:0D:35:EB:A6:15:48
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       019934306ED45A7F6780FBC166093918F17F
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/ogrehkPhRYBIB8kBlw0NNeumFUg.roa
Signing time:             Wed 10 Sep 2025 15:13:33 +0000
ROA not before:           Wed 10 Sep 2025 15:13:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        195.13.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 05:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:34:30:6e:d4:5a:7f:67:80:fb:c1:66:09:39:18:f1:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: Sep 10 15:13:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a20ade8643e145804807c901970d0d35eba61548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:10:dd:4b:2a:95:e7:2b:1d:0a:12:19:8e:03:
                    63:78:64:67:97:1c:38:c0:8a:41:ee:c1:92:9b:95:
                    52:70:58:81:ca:b4:94:da:ce:24:f4:b0:67:dd:2b:
                    dc:37:05:86:5d:5d:bf:56:77:ae:1a:83:11:85:e7:
                    32:17:58:93:62:f9:91:67:48:14:25:98:89:8c:98:
                    45:16:4a:23:ea:0e:89:b3:f2:20:33:bd:84:77:25:
                    f9:d4:07:d4:50:7b:7c:28:9e:48:45:ff:a3:91:6c:
                    4c:da:2c:84:8a:5d:bc:6e:31:e6:4f:e6:3f:4a:a8:
                    e9:4e:f9:9e:c2:1a:1e:28:cb:76:0c:a7:a4:16:f9:
                    a5:2b:98:b7:1c:11:0a:b4:3b:b0:b3:16:98:ee:84:
                    d3:34:74:60:09:02:ad:62:e2:b4:85:d3:3c:a2:05:
                    77:a0:c3:d7:f1:13:b9:7e:b5:5d:2b:15:00:7e:11:
                    1d:5b:c2:40:50:7f:0a:82:cd:7d:92:79:83:25:ff:
                    26:60:5d:ec:12:37:38:54:fd:24:3c:42:9b:b7:13:
                    56:4e:c8:b5:1b:5f:6d:16:b4:66:86:56:11:53:aa:
                    b8:59:b6:d0:61:87:f9:d7:cd:7e:5d:5a:24:0e:90:
                    89:7f:48:d2:d4:1b:70:ae:21:3a:14:7e:fa:d6:55:
                    b1:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0A:DE:86:43:E1:45:80:48:07:C9:01:97:0D:0D:35:EB:A6:15:48
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/ogrehkPhRYBIB8kBlw0NNeumFUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.13.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:79:37:5d:bc:d0:cd:ad:c1:2e:08:01:f5:bc:3b:86:a2:c6:
         fd:b9:5b:44:06:f3:b2:f8:93:08:0d:67:6b:f1:a4:c6:89:4f:
         47:f6:3b:0a:00:55:21:8b:83:5b:b4:c9:a6:78:c6:23:3c:87:
         de:f6:0f:de:22:59:98:b4:78:a7:51:2a:22:37:73:ce:31:28:
         8f:64:92:6b:bc:3e:fc:bd:38:b1:33:5a:ee:f4:0a:97:39:37:
         07:ba:fc:1f:c5:20:c0:80:a8:a8:ac:5b:cd:f4:b6:ac:3f:98:
         34:af:2d:04:f0:0a:44:54:ff:40:28:69:36:02:14:55:f7:72:
         52:c3:2d:20:a4:0d:82:17:38:5b:f5:0a:60:72:7f:4a:97:e8:
         f2:33:4c:0a:c5:fc:06:ed:a0:a9:d0:75:08:4b:52:40:29:1c:
         79:40:67:7a:ad:bf:ec:09:83:7d:b3:33:16:c0:eb:d2:69:1a:
         b6:f1:a8:c5:9c:d8:5f:dd:69:db:b1:e5:ca:28:f4:ee:40:00:
         ff:c8:2f:e4:62:cc:3e:43:31:40:89:d7:34:4a:5c:cf:27:9f:
         80:b6:1a:08:65:a4:97:44:6a:fa:4b:24:e8:df:7a:41:c3:62:
         97:8b:58:93:e1:72:2a:25:79:13:bd:e9:40:ad:fd:e9:b4:81:
         68:f8:bf:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk0MG7UWn9ngPvBZgk5GPF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjUwOTEwMTUxMzMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjBhZGU4NjQzZTE0NTgwNDgwN2M5MDE5NzBkMGQzNWViYTYxNTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhDdSyqV5ysdChIZjgNjeGRnlxw4
wIpB7sGSm5VScFiByrSU2s4k9LBn3SvcNwWGXV2/VneuGoMRhecyF1iTYvmRZ0gU
JZiJjJhFFkoj6g6Js/IgM72EdyX51AfUUHt8KJ5IRf+jkWxM2iyEil28bjHmT+Y/
SqjpTvmewhoeKMt2DKekFvmlK5i3HBEKtDuwsxaY7oTTNHRgCQKtYuK0hdM8ogV3
oMPX8RO5frVdKxUAfhEdW8JAUH8Kgs19knmDJf8mYF3sEjc4VP0kPEKbtxNWTsi1
G19tFrRmhlYRU6q4WbbQYYf5181+XVokDpCJf0jS1BtwriE6FH761lWx4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIK3oZD4UWASAfJAZcNDTXrphVIMB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEvb2dyZWhrUGhSWUJJQjhrQmx3ME5OZXVtRlVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAww09MA0G
CSqGSIb3DQEBCwUAA4IBAQA0eTddvNDNrcEuCAH1vDuGosb9uVtEBvOy+JMIDWdr
8aTGiU9H9jsKAFUhi4NbtMmmeMYjPIfe9g/eIlmYtHinUSoiN3POMSiPZJJrvD78
vTixM1ru9AqXOTcHuvwfxSDAgKiorFvN9LasP5g0ry0E8ApEVP9AKGk2AhRV93JS
wy0gpA2CFzhb9Qpgcn9Kl+jyM0wKxfwG7aCp0HUIS1JAKRx5QGd6rb/sCYN9szMW
wOvSaRq28ajFnNhf3WnbseXKKPTuQAD/yC/kYsw+QzFAidc0SlzPJ5+AthoIZaSX
RGr6SyTo33pBw2KXi1iT4XIqJXkTvelArf3ptIFo+L8V
-----END CERTIFICATE-----