Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/_1s2j6LjtBDLr0sdJsB3ca9OcVM.roa
File:                     _1s2j6LjtBDLr0sdJsB3ca9OcVM.roa (raw, json)
Hash identifier:          UWrRgowS3cUkQgqQnX3t5cqizqNzowV9NvHkJieCbKQ=
Subject key identifier:   FF:5B:36:8F:A2:E3:B4:10:CB:AF:4B:1D:26:C0:77:71:AF:4E:71:53
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01985B2C57D835C5ED7A214391F277F2FB99
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/_1s2j6LjtBDLr0sdJsB3ca9OcVM.roa
Signing time:             Wed 30 Jul 2025 11:51:29 +0000
ROA not before:           Wed 30 Jul 2025 11:51:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204104
IP address blocks:        5.57.33.0/24 maxlen: 24
                          185.26.32.0/24 maxlen: 24
                          185.26.33.0/24 maxlen: 24
                          185.212.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Aug 2025 14:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5b:2c:57:d8:35:c5:ed:7a:21:43:91:f2:77:f2:fb:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jul 30 11:51:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff5b368fa2e3b410cbaf4b1d26c07771af4e7153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:46:0b:6e:5f:5c:77:a7:85:47:00:e0:eb:ed:
                    6a:50:db:d3:b0:a9:42:e2:01:89:f8:69:58:59:81:
                    bf:13:97:82:bc:4c:bb:22:f8:14:21:be:5b:a1:e5:
                    28:25:85:95:ed:0b:40:a1:65:d6:1e:db:09:b2:1b:
                    1a:5f:2a:e5:de:93:e2:8c:2b:bc:ec:5b:4d:75:9d:
                    de:54:0c:ca:8a:e6:3d:43:a1:41:83:a0:66:02:09:
                    48:22:bd:1d:78:aa:61:aa:54:ad:5a:ef:a7:ca:5f:
                    5f:f3:cf:b6:25:ea:19:7b:3c:90:cd:46:e5:4c:c5:
                    c9:b1:78:4e:23:15:95:f2:f1:d2:1d:68:9b:5d:21:
                    18:63:91:48:6c:5e:2c:3d:d3:35:98:12:f6:d1:84:
                    46:95:b1:c8:80:9f:b7:df:df:68:5d:3c:69:a5:55:
                    a1:26:d6:53:f4:04:47:8e:0f:f6:19:45:2d:75:6b:
                    32:bd:65:be:90:13:4a:8c:8b:56:b7:d0:5a:dc:50:
                    d7:4b:8e:3c:fe:ee:63:bd:33:5a:98:f0:51:ca:86:
                    95:ba:a2:1f:6c:59:91:e5:e8:0f:78:23:2d:ac:03:
                    b0:4a:4a:f0:de:95:d1:96:cb:ee:b5:03:09:99:77:
                    51:d5:a7:e5:b6:53:d2:be:65:bb:0f:3b:b1:6f:c2:
                    ad:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:5B:36:8F:A2:E3:B4:10:CB:AF:4B:1D:26:C0:77:71:AF:4E:71:53
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/_1s2j6LjtBDLr0sdJsB3ca9OcVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.33.0/24
                  185.26.32.0/23
                  185.212.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:9e:a2:bf:31:4b:3f:43:16:a8:17:8f:f4:b8:09:e2:d5:bc:
         ba:58:aa:29:e3:87:83:9e:0a:a2:ea:7e:67:7e:bd:3b:73:ed:
         18:bb:6d:cc:29:b5:1e:f4:c2:e3:97:19:15:12:94:05:68:54:
         6f:9a:de:6b:d6:1f:ce:d7:37:01:1f:7b:4d:04:6b:96:fd:36:
         a0:d7:85:9d:2b:c2:00:86:8e:04:07:32:b8:a9:59:bb:07:dd:
         d4:57:00:6f:d8:8d:44:55:52:14:68:2c:8c:29:18:85:3a:2b:
         a0:c8:7f:a1:62:76:21:9c:b4:c2:ae:f5:e5:53:a6:9e:45:b4:
         20:a8:2c:09:88:03:89:d0:87:bb:fe:9f:ed:44:8c:1c:19:83:
         9f:d1:ce:30:6e:5d:36:50:45:37:a4:12:bd:39:56:71:53:f5:
         79:1e:a3:4d:4c:59:27:82:95:85:1c:cc:da:9f:6d:de:38:54:
         30:fb:47:c8:c3:c3:db:8a:0d:3a:3d:81:2b:e0:1a:fd:35:a6:
         4c:15:dc:d9:11:b5:ea:00:2e:84:1f:dd:ab:36:ad:1e:50:68:
         36:bc:af:ac:ad:8b:62:67:e4:de:3f:b6:03:77:9d:be:51:da:
         e4:fc:dd:e5:ef:24:95:33:0e:c1:d1:88:cc:96:72:c9:ca:a8:
         02:6a:f7:d7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhbLFfYNcXteiFDkfJ38vuZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNzMwMTE1MTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjViMzY4ZmEyZTNiNDEwY2JhZjRiMWQyNmMwNzc3MWFmNGU3MTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EYLbl9cd6eFRwDg6+1qUNvTsKlC
4gGJ+GlYWYG/E5eCvEy7IvgUIb5boeUoJYWV7QtAoWXWHtsJshsaXyrl3pPijCu8
7FtNdZ3eVAzKiuY9Q6FBg6BmAglIIr0deKphqlStWu+nyl9f88+2JeoZezyQzUbl
TMXJsXhOIxWV8vHSHWibXSEYY5FIbF4sPdM1mBL20YRGlbHIgJ+3399oXTxppVWh
JtZT9ARHjg/2GUUtdWsyvWW+kBNKjItWt9Ba3FDXS448/u5jvTNamPBRyoaVuqIf
bFmR5egPeCMtrAOwSkrw3pXRlsvutQMJmXdR1afltlPSvmW7Dzuxb8KtlQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP9bNo+i47QQy69LHSbAd3GvTnFTMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvXzFzMmo2TGp0QkRMcjBzZEpzQjNjYTlPY1ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABTkhAwQB
uRogAwQAudQxMA0GCSqGSIb3DQEBCwUAA4IBAQB8nqK/MUs/QxaoF4/0uAni1by6
WKop44eDngqi6n5nfr07c+0Yu23MKbUe9MLjlxkVEpQFaFRvmt5r1h/O1zcBH3tN
BGuW/Tag14WdK8IAho4EBzK4qVm7B93UVwBv2I1EVVIUaCyMKRiFOiugyH+hYnYh
nLTCrvXlU6aeRbQgqCwJiAOJ0Ie7/p/tRIwcGYOf0c4wbl02UEU3pBK9OVZxU/V5
HqNNTFkngpWFHMzan23eOFQw+0fIw8Pbig06PYEr4Br9NaZMFdzZEbXqAC6EH92r
Nq0eUGg2vK+srYtiZ+TeP7YDd52+Udrk/N3l7ySVMw7B0YjMlnLJyqgCavfX
-----END CERTIFICATE-----