Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/XGKVKtjzrhIqJnitbSPu8PfZ3U0.roa
File:                     XGKVKtjzrhIqJnitbSPu8PfZ3U0.roa (raw, json)
Hash identifier:          DZhN7yGkT4Q124D/acmARQUP1NDYURt0Aavi3iNxtYY=
Subject key identifier:   5C:62:95:2A:D8:F3:AE:12:2A:26:78:AD:6D:23:EE:F0:F7:D9:DD:4D
Certificate issuer:       /CN=e1584910124af776e30e5acf055d6bae1761a536
Certificate serial:       0199BF0F594256AB96A595E799C678BE2684
Authority key identifier: E1:58:49:10:12:4A:F7:76:E3:0E:5A:CF:05:5D:6B:AE:17:61:A5:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VhJEBJK93bjDlrPBV1rrhdhpTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/XGKVKtjzrhIqJnitbSPu8PfZ3U0.roa
Signing time:             Tue 07 Oct 2025 14:24:38 +0000
ROA not before:           Tue 07 Oct 2025 14:24:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        95.128.158.0/24 maxlen: 24
                          2a13:3c0:4::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/4VhJEBJK93bjDlrPBV1rrhdhpTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/4VhJEBJK93bjDlrPBV1rrhdhpTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VhJEBJK93bjDlrPBV1rrhdhpTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bf:0f:59:42:56:ab:96:a5:95:e7:99:c6:78:be:26:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1584910124af776e30e5acf055d6bae1761a536
        Validity
            Not Before: Oct  7 14:24:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c62952ad8f3ae122a2678ad6d23eef0f7d9dd4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:35:bb:66:11:93:2d:dd:ff:b9:5e:f7:5d:bc:
                    0a:34:f2:1e:9d:82:68:ba:74:2f:66:11:4e:7a:d4:
                    48:26:3b:73:9b:c2:7a:ea:66:78:5b:af:86:09:f9:
                    d3:4d:c5:03:bb:59:03:bf:17:e4:5f:f7:66:eb:95:
                    2e:36:00:39:b2:74:a9:12:90:65:57:25:37:27:72:
                    4e:17:09:93:22:24:7b:0d:b0:c9:b3:8d:54:8c:ca:
                    e6:c5:f1:32:f5:ce:d3:21:51:b8:71:5e:51:36:f1:
                    2d:d8:2a:86:0e:aa:56:ce:06:9b:41:8a:c1:a2:d1:
                    9d:49:04:0a:bc:21:45:9f:c7:ef:9b:83:0c:c9:ec:
                    6b:b0:26:67:56:be:4d:37:2d:73:19:23:29:23:ba:
                    df:e2:c5:cf:9f:a7:ab:d2:4a:b4:4a:b3:b9:14:84:
                    da:9f:54:19:fc:06:be:92:52:af:d9:1d:1a:2b:9e:
                    28:a8:0b:d2:12:16:8c:d6:40:3c:d9:b0:9a:e9:8a:
                    79:03:b8:80:f5:be:93:ab:1f:f7:b8:c6:84:e6:d5:
                    6c:17:d4:ff:0e:49:1b:75:c2:09:ea:3c:77:98:e3:
                    ad:c7:44:0b:b2:52:77:07:fe:d4:43:05:ee:6e:73:
                    df:ce:25:69:17:c7:09:83:ae:79:7b:b9:d3:e1:01:
                    3e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:62:95:2A:D8:F3:AE:12:2A:26:78:AD:6D:23:EE:F0:F7:D9:DD:4D
            X509v3 Authority Key Identifier:
                keyid:E1:58:49:10:12:4A:F7:76:E3:0E:5A:CF:05:5D:6B:AE:17:61:A5:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VhJEBJK93bjDlrPBV1rrhdhpTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/XGKVKtjzrhIqJnitbSPu8PfZ3U0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/4VhJEBJK93bjDlrPBV1rrhdhpTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.158.0/24
                IPv6:
                  2a13:3c0:4::/46

    Signature Algorithm: sha256WithRSAEncryption
         00:b9:83:34:84:64:3d:50:10:b5:f8:50:d4:a6:f3:00:e9:b6:
         66:29:f6:27:a7:f4:58:b1:55:67:6e:03:06:e5:f7:cb:c3:a4:
         7d:0b:44:bd:98:93:52:f2:e8:cf:a3:e2:e0:68:cc:34:1e:47:
         1a:fd:6c:2b:f7:4d:46:d8:17:81:89:ff:9e:a5:34:7b:26:2e:
         0f:2f:d3:b1:be:88:7f:4a:f0:a4:05:3f:a4:e0:fa:c8:fa:c9:
         b7:b8:7c:c7:bc:ca:cd:c3:11:07:20:d3:ba:70:5d:b3:c3:a8:
         38:7b:30:4a:a1:62:56:20:02:05:b0:15:04:6b:bf:11:fd:31:
         21:0c:34:70:64:c2:5e:fc:8e:e9:96:9d:ee:32:6c:6e:a2:2c:
         57:6a:30:2f:28:73:94:af:17:45:9b:d1:27:7c:33:c1:e9:a8:
         19:93:ca:9f:59:22:64:5e:0c:a3:1c:68:43:e4:79:91:c4:29:
         96:ee:db:4b:b4:39:47:43:17:7b:39:bf:19:e0:cb:b8:f8:94:
         c9:23:a6:b3:16:75:f8:29:d2:89:7e:e7:aa:6f:1c:60:24:20:
         f1:04:c1:27:3d:76:a7:c0:25:9b:a4:f3:e9:35:4a:d2:65:5c:
         26:71:6f:61:28:e3:00:b6:5b:60:14:81:f8:58:4b:2a:a3:77:
         01:40:17:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZm/D1lCVquWpZXnmcZ4viaEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTg0OTEwMTI0YWY3NzZlMzBlNWFjZjA1NWQ2YmFlMTc2
MWE1MzYwHhcNMjUxMDA3MTQyNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzYyOTUyYWQ4ZjNhZTEyMmEyNjc4YWQ2ZDIzZWVmMGY3ZDlkZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizW7ZhGTLd3/uV73XbwKNPIenYJo
unQvZhFOetRIJjtzm8J66mZ4W6+GCfnTTcUDu1kDvxfkX/dm65UuNgA5snSpEpBl
VyU3J3JOFwmTIiR7DbDJs41UjMrmxfEy9c7TIVG4cV5RNvEt2CqGDqpWzgabQYrB
otGdSQQKvCFFn8fvm4MMyexrsCZnVr5NNy1zGSMpI7rf4sXPn6er0kq0SrO5FITa
n1QZ/Aa+klKv2R0aK54oqAvSEhaM1kA82bCa6Yp5A7iA9b6Tqx/3uMaE5tVsF9T/
DkkbdcIJ6jx3mOOtx0QLslJ3B/7UQwXubnPfziVpF8cJg655e7nT4QE+RwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFxilSrY864SKiZ4rW0j7vD32d1NMB8GA1UdIwQY
MBaAFOFYSRASSvd24w5azwVda64XYaU2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZoSkVCSks5M2JqRGxyUEJWMXJyaGRocFRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83MjE1ZTAtOWFiOC00YTEzLWE2MDUt
MzFhYjMyZmY3YzY4LzEvWEdLVkt0anpyaElxSm5pdGJTUHU4UGZaM1UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83MjE1ZTAtOWFiOC00YTEzLWE2MDUtMzFhYjMyZmY3YzY4
LzEvNFZoSkVCSks5M2JqRGxyUEJWMXJyaGRocFRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAX4CeMA8E
AgACMAkDBwIqEwPAAAQwDQYJKoZIhvcNAQELBQADggEBAAC5gzSEZD1QELX4UNSm
8wDptmYp9ien9FixVWduAwbl98vDpH0LRL2Yk1Ly6M+j4uBozDQeRxr9bCv3TUbY
F4GJ/56lNHsmLg8v07G+iH9K8KQFP6Tg+sj6ybe4fMe8ys3DEQcg07pwXbPDqDh7
MEqhYlYgAgWwFQRrvxH9MSEMNHBkwl78jumWne4ybG6iLFdqMC8oc5SvF0Wb0Sd8
M8HpqBmTyp9ZImReDKMcaEPkeZHEKZbu20u0OUdDF3s5vxngy7j4lMkjprMWdfgp
0ol+56pvHGAkIPEEwSc9dqfAJZuk8+k1StJlXCZxb2Eo4wC2W2AUgfhYSyqjdwFA
Fwg=
-----END CERTIFICATE-----