Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/kxxg8INoPPm5ZymFi9ud7T01lQI.roa
File:                     kxxg8INoPPm5ZymFi9ud7T01lQI.roa (raw, json)
Hash identifier:          QM9vTjTl+v9NavUuaOjQ+5V7HHBDGkMPW3agrJBuI74=
Subject key identifier:   93:1C:60:F0:83:68:3C:F9:B9:67:29:85:8B:DB:9D:ED:3D:35:95:02
Certificate issuer:       /CN=363f09508fdf256448219b284bb09b23b2b51396
Certificate serial:       0199BDCE5C417CA70DE54BBCA58D7B79EE1E
Authority key identifier: 36:3F:09:50:8F:DF:25:64:48:21:9B:28:4B:B0:9B:23:B2:B5:13:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/kxxg8INoPPm5ZymFi9ud7T01lQI.roa
Signing time:             Tue 07 Oct 2025 08:34:01 +0000
ROA not before:           Tue 07 Oct 2025 08:34:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        2.59.22.0/24 maxlen: 24
                          2a01:e943::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Oct 2025 14:36:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bd:ce:5c:41:7c:a7:0d:e5:4b:bc:a5:8d:7b:79:ee:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363f09508fdf256448219b284bb09b23b2b51396
        Validity
            Not Before: Oct  7 08:34:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=931c60f083683cf9b96729858bdb9ded3d359502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a4:a9:1e:b5:5f:84:7b:c2:23:9c:c2:ce:03:
                    29:b0:11:7f:af:14:18:01:b3:4a:96:cb:51:a2:94:
                    b6:0f:1d:9e:20:03:bd:6b:ff:d6:39:7c:a5:4f:60:
                    f4:70:88:f1:9c:95:19:70:d2:e2:f5:32:a7:6a:e6:
                    a3:02:d6:0b:cf:97:7d:98:97:ac:5a:aa:a8:da:84:
                    d0:41:ca:b3:9f:7e:43:8c:40:db:7a:b0:0c:96:3b:
                    58:17:2d:63:01:12:65:db:1c:b3:59:d3:16:cc:d6:
                    03:69:3d:fc:40:cf:4a:70:37:fb:65:d1:2f:e2:66:
                    bb:f4:1f:ec:4f:56:de:d2:1a:9b:f7:a6:d3:12:56:
                    e2:07:5e:e1:bd:49:26:71:3e:4c:ec:9c:bc:78:88:
                    00:99:ce:fe:31:e2:29:63:63:84:3f:f0:d9:5f:8e:
                    fa:bd:ed:26:58:eb:82:25:9d:d4:60:52:54:65:3d:
                    65:1c:a3:9b:fc:b7:31:77:0a:9c:1a:f0:21:88:8b:
                    e4:15:b8:28:d0:5e:db:d3:41:5e:88:f5:02:d2:9c:
                    16:02:70:d0:68:ac:12:fc:75:41:46:64:10:af:1b:
                    3d:99:18:e5:9f:49:27:3b:03:3f:a7:e0:8c:54:52:
                    cf:28:82:1f:24:31:79:12:23:b9:ec:d1:5e:df:ad:
                    da:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:1C:60:F0:83:68:3C:F9:B9:67:29:85:8B:DB:9D:ED:3D:35:95:02
            X509v3 Authority Key Identifier:
                keyid:36:3F:09:50:8F:DF:25:64:48:21:9B:28:4B:B0:9B:23:B2:B5:13:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/kxxg8INoPPm5ZymFi9ud7T01lQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.22.0/24
                IPv6:
                  2a01:e943::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:3c:c3:c3:79:41:c4:fb:12:c5:61:4b:76:8c:3f:ea:04:05:
         f5:d2:88:0c:49:0e:58:10:79:fc:77:4d:17:9f:94:6a:d4:7b:
         71:e3:ec:4c:cc:f0:ba:92:f2:65:1b:d3:4a:8b:60:b5:3b:18:
         a6:96:a7:ad:f5:6b:b1:80:87:60:40:7f:6e:80:5e:95:0b:bd:
         78:51:5a:18:c8:c4:a8:ad:34:23:6f:04:62:7d:f6:08:96:ca:
         8f:e4:4b:37:5d:53:3e:05:f4:c8:a6:89:c6:53:0d:38:ca:e6:
         2f:db:dc:d8:10:77:10:f6:be:98:f2:5d:26:08:ef:32:f5:54:
         8e:1d:bf:06:8c:18:d7:15:3f:20:55:f2:4b:b3:32:c7:b9:d9:
         b7:ce:1d:21:68:80:bd:d3:e8:a3:ce:81:7f:d5:c7:88:73:db:
         8c:70:41:c9:ef:52:a5:49:26:aa:d2:ba:e4:9f:bb:39:86:22:
         d2:80:7a:94:fd:11:ee:3e:df:94:a3:d1:4b:8b:03:8a:f6:db:
         65:f2:d9:3c:09:99:42:f3:ca:34:fd:e9:54:59:c1:5c:90:19:
         90:af:50:c0:ca:8e:c3:82:45:97:4b:72:92:49:d9:38:1f:2e:
         a7:e6:c3:a5:1d:00:e0:5b:e7:a7:9e:be:f0:29:25:b1:c3:b7:
         eb:d7:42:d5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZm9zlxBfKcN5Uu8pY17ee4eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2M2YwOTUwOGZkZjI1NjQ0ODIxOWIyODRiYjA5YjIzYjJi
NTEzOTYwHhcNMjUxMDA3MDgzNDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzFjNjBmMDgzNjgzY2Y5Yjk2NzI5ODU4YmRiOWRlZDNkMzU5NTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6SpHrVfhHvCI5zCzgMpsBF/rxQY
AbNKlstRopS2Dx2eIAO9a//WOXylT2D0cIjxnJUZcNLi9TKnauajAtYLz5d9mJes
Wqqo2oTQQcqzn35DjEDberAMljtYFy1jARJl2xyzWdMWzNYDaT38QM9KcDf7ZdEv
4ma79B/sT1be0hqb96bTElbiB17hvUkmcT5M7Jy8eIgAmc7+MeIpY2OEP/DZX476
ve0mWOuCJZ3UYFJUZT1lHKOb/LcxdwqcGvAhiIvkFbgo0F7b00FeiPUC0pwWAnDQ
aKwS/HVBRmQQrxs9mRjln0knOwM/p+CMVFLPKIIfJDF5EiO57NFe363apwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJMcYPCDaDz5uWcphYvbne09NZUCMB8GA1UdIwQY
MBaAFDY/CVCP3yVkSCGbKEuwmyOytROWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmo4SlVJX2ZKV1JJSVpzb1M3Q2JJN0sxRTVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9hZDA1ZjItYWIzOS00MTMyLTg0OTIt
ZmQ4MTQ0NTVhODY4LzEva3h4ZzhJTm9QUG01WnltRmk5dWQ3VDAxbFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9hZDA1ZjItYWIzOS00MTMyLTg0OTItZmQ4MTQ0NTVhODY4
LzEvTmo4SlVJX2ZKV1JJSVpzb1M3Q2JJN0sxRTVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAAjsWMA8E
AgACMAkDBwAqAelDAAAwDQYJKoZIhvcNAQELBQADggEBAKA8w8N5QcT7EsVhS3aM
P+oEBfXSiAxJDlgQefx3TReflGrUe3Hj7EzM8LqS8mUb00qLYLU7GKaWp631a7GA
h2BAf26AXpULvXhRWhjIxKitNCNvBGJ99giWyo/kSzddUz4F9MimicZTDTjK5i/b
3NgQdxD2vpjyXSYI7zL1VI4dvwaMGNcVPyBV8kuzMse52bfOHSFogL3T6KPOgX/V
x4hz24xwQcnvUqVJJqrSuuSfuzmGItKAepT9Ee4+35Sj0UuLA4r222Xy2TwJmULz
yjT96VRZwVyQGZCvUMDKjsOCRZdLcpJJ2TgfLqfmw6UdAOBb56eevvApJbHDt+vX
QtU=
-----END CERTIFICATE-----