Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c06536-01aa-4e39-89b6-b58704f28591/1/4BZY4KShEUmhrY8s7jFk_wJEp5k.roa
File:                     4BZY4KShEUmhrY8s7jFk_wJEp5k.roa (raw, json)
Hash identifier:          UlyxYtAIHY75kSHD+hMXhTJxJxd+/SUaiDAFT6/piUg=
Subject key identifier:   E0:16:58:E0:A4:A1:11:49:A1:AD:8F:2C:EE:31:64:FF:02:44:A7:99
Certificate issuer:       /CN=69f5115a949b2883c4cc3c495ffb8993ded9d85d
Certificate serial:       019811F8436F5E98B3CCCDB34508B0E094C1
Authority key identifier: 69:F5:11:5A:94:9B:28:83:C4:CC:3C:49:5F:FB:89:93:DE:D9:D8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/afURWpSbKIPEzDxJX_uJk97Z2F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c06536-01aa-4e39-89b6-b58704f28591/1/4BZY4KShEUmhrY8s7jFk_wJEp5k.roa
Signing time:             Wed 16 Jul 2025 06:42:19 +0000
ROA not before:           Wed 16 Jul 2025 06:42:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        185.227.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c06536-01aa-4e39-89b6-b58704f28591/1/afURWpSbKIPEzDxJX_uJk97Z2F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c06536-01aa-4e39-89b6-b58704f28591/1/afURWpSbKIPEzDxJX_uJk97Z2F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/afURWpSbKIPEzDxJX_uJk97Z2F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 18:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:11:f8:43:6f:5e:98:b3:cc:cd:b3:45:08:b0:e0:94:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69f5115a949b2883c4cc3c495ffb8993ded9d85d
        Validity
            Not Before: Jul 16 06:42:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e01658e0a4a11149a1ad8f2cee3164ff0244a799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:be:0a:9e:54:52:d3:d5:1d:5d:4f:bf:87:96:
                    b8:da:da:3c:8a:9e:08:f5:54:d2:69:50:41:c7:77:
                    0c:c9:ff:75:3b:64:3e:46:aa:7d:0e:a6:c8:d3:b4:
                    0e:43:e7:ec:a0:a4:90:81:19:d5:11:64:c9:e2:83:
                    4a:d8:dc:19:9b:18:df:ff:d6:79:91:07:b5:f7:33:
                    0e:d9:57:29:bc:13:b2:54:7e:9d:93:9a:a7:a1:c2:
                    e4:28:64:e1:69:6e:fe:83:ad:ff:01:14:c1:7b:e4:
                    6a:e3:17:7a:0e:b9:e2:a5:00:4f:b0:7a:7f:b2:8d:
                    cf:0e:a8:39:01:a3:eb:3c:f2:d2:ed:04:33:2c:e2:
                    42:10:b1:5b:17:93:48:a1:e5:8e:81:58:64:f7:71:
                    62:06:1c:6d:a5:0c:70:cf:d6:11:8a:21:8f:0d:90:
                    54:bd:b5:e8:2c:96:53:65:2c:7e:e0:c5:e7:3a:48:
                    34:9d:42:02:33:0a:0b:16:21:cc:57:7a:65:59:a8:
                    11:2e:07:53:93:c6:e4:db:b2:41:00:ae:3a:2b:be:
                    6b:93:a6:3b:d2:45:90:15:65:84:b2:28:18:cb:25:
                    a7:ed:42:7a:1d:45:19:35:44:40:ca:46:37:e0:5a:
                    59:fc:00:18:99:31:4e:c0:c7:57:c7:4c:2d:41:72:
                    45:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:16:58:E0:A4:A1:11:49:A1:AD:8F:2C:EE:31:64:FF:02:44:A7:99
            X509v3 Authority Key Identifier:
                keyid:69:F5:11:5A:94:9B:28:83:C4:CC:3C:49:5F:FB:89:93:DE:D9:D8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/afURWpSbKIPEzDxJX_uJk97Z2F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c06536-01aa-4e39-89b6-b58704f28591/1/4BZY4KShEUmhrY8s7jFk_wJEp5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c06536-01aa-4e39-89b6-b58704f28591/1/afURWpSbKIPEzDxJX_uJk97Z2F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:df:64:09:4d:92:ba:24:47:02:4f:d9:2a:87:a4:a8:2f:8c:
         6e:67:60:79:1f:c4:a5:9a:69:96:ce:25:61:ec:8f:d3:f7:6f:
         70:77:7d:1d:c2:dd:2e:a9:dd:f4:c0:70:52:6c:62:ab:be:41:
         e8:77:3d:83:bd:2d:8d:64:a8:47:d3:75:73:ab:e2:2c:c0:86:
         25:b5:95:65:b3:ba:df:76:fa:f0:d6:cd:6d:b1:54:ae:20:3e:
         6d:ba:95:30:8b:96:fc:bb:56:fe:09:aa:f8:88:31:6a:7c:db:
         05:88:38:4b:77:23:0b:b3:ca:4f:dd:80:8b:ec:ba:63:c2:99:
         cf:23:a2:52:e8:3d:86:67:70:d9:07:82:fd:ea:f2:df:bd:94:
         4c:b3:ee:43:d4:61:31:36:62:c7:66:91:e7:d0:ba:71:a7:53:
         26:0a:82:02:12:e9:18:e3:d6:c9:c1:39:18:03:de:93:9a:50:
         c2:3d:08:9d:1c:94:5e:2a:8b:dc:fb:12:3c:c2:39:ff:44:e6:
         3a:71:b5:8d:22:56:8d:f5:76:ec:ac:70:5c:84:0b:54:2a:78:
         a3:d6:74:36:45:a5:04:80:47:72:12:72:ae:ed:43:97:ab:05:
         11:46:60:b8:a7:ff:72:7f:e6:73:ba:09:69:4b:7f:8d:63:b8:
         ed:05:3b:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgR+ENvXpizzM2zRQiw4JTBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZjUxMTVhOTQ5YjI4ODNjNGNjM2M0OTVmZmI4OTkzZGVk
OWQ4NWQwHhcNMjUwNzE2MDY0MjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDE2NThlMGE0YTExMTQ5YTFhZDhmMmNlZTMxNjRmZjAyNDRhNzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuL4KnlRS09UdXU+/h5a42to8ip4I
9VTSaVBBx3cMyf91O2Q+Rqp9DqbI07QOQ+fsoKSQgRnVEWTJ4oNK2NwZmxjf/9Z5
kQe19zMO2VcpvBOyVH6dk5qnocLkKGThaW7+g63/ARTBe+Rq4xd6DrnipQBPsHp/
so3PDqg5AaPrPPLS7QQzLOJCELFbF5NIoeWOgVhk93FiBhxtpQxwz9YRiiGPDZBU
vbXoLJZTZSx+4MXnOkg0nUICMwoLFiHMV3plWagRLgdTk8bk27JBAK46K75rk6Y7
0kWQFWWEsigYyyWn7UJ6HUUZNURAykY34FpZ/AAYmTFOwMdXx0wtQXJFNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAWWOCkoRFJoa2PLO4xZP8CRKeZMB8GA1UdIwQY
MBaAFGn1EVqUmyiDxMw8SV/7iZPe2dhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWZVUldwU2JLSVBFekR4SlhfdUprOTdaMkYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jMDY1MzYtMDFhYS00ZTM5LTg5YjYt
YjU4NzA0ZjI4NTkxLzEvNEJaWTRLU2hFVW1oclk4czdqRmtfd0pFcDVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jMDY1MzYtMDFhYS00ZTM5LTg5YjYtYjU4NzA0ZjI4NTkx
LzEvYWZVUldwU2JLSVBFekR4SlhfdUprOTdaMkYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueNOMA0G
CSqGSIb3DQEBCwUAA4IBAQBu32QJTZK6JEcCT9kqh6SoL4xuZ2B5H8SlmmmWziVh
7I/T929wd30dwt0uqd30wHBSbGKrvkHodz2DvS2NZKhH03Vzq+IswIYltZVls7rf
dvrw1s1tsVSuID5tupUwi5b8u1b+Car4iDFqfNsFiDhLdyMLs8pP3YCL7LpjwpnP
I6JS6D2GZ3DZB4L96vLfvZRMs+5D1GExNmLHZpHn0Lpxp1MmCoICEukY49bJwTkY
A96TmlDCPQidHJReKovc+xI8wjn/ROY6cbWNIlaN9XbsrHBchAtUKnij1nQ2RaUE
gEdyEnKu7UOXqwURRmC4p/9yf+ZzuglpS3+NY7jtBTuO
-----END CERTIFICATE-----