Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/5Ek9QNbv_cv0O_ddXr3gRWMjn-I.roa
File:                     5Ek9QNbv_cv0O_ddXr3gRWMjn-I.roa (raw, json)
Hash identifier:          wO7omic88taABey0y1upo9MP8HlwzR5IIuq7mJeQAsQ=
Subject key identifier:   E4:49:3D:40:D6:EF:FD:CB:F4:3B:F7:5D:5E:BD:E0:45:63:23:9F:E2
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01995180BD4DC0A1FD7C7821116127C6422F
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/5Ek9QNbv_cv0O_ddXr3gRWMjn-I.roa
Signing time:             Tue 16 Sep 2025 07:50:15 +0000
ROA not before:           Tue 16 Sep 2025 07:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207713
IP address blocks:        62.60.187.0/24 maxlen: 24
                          213.176.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Oct 2025 00:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:51:80:bd:4d:c0:a1:fd:7c:78:21:11:61:27:c6:42:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Sep 16 07:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4493d40d6effdcbf43bf75d5ebde04563239fe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bd:f9:ab:45:06:d8:5c:89:c4:eb:13:b6:b3:
                    82:03:72:74:a4:12:b1:4b:0a:ce:22:2c:57:d3:69:
                    75:41:23:95:f4:10:a5:37:2e:9e:f4:72:5a:84:37:
                    73:91:44:a3:51:49:d6:f3:e0:e5:1d:93:04:71:53:
                    04:47:4a:74:05:5b:d4:c5:59:da:d0:f0:02:18:ca:
                    a1:98:0f:fa:49:a8:b3:3d:8d:d4:8f:83:56:d5:60:
                    18:b3:d4:b5:93:0c:de:8e:39:2b:0b:ba:3b:39:73:
                    78:3e:8c:a4:e1:7f:9f:0c:7f:74:ad:12:a4:c9:c8:
                    96:a8:e3:90:0a:c2:74:08:88:c2:3f:32:f8:a2:09:
                    82:99:13:05:e6:6d:6a:36:84:64:7e:6b:59:a4:72:
                    79:08:5c:36:7b:54:62:a5:f0:d8:1e:b2:d1:44:53:
                    fc:14:88:7e:4e:a7:09:e9:bd:47:a7:4e:5a:42:87:
                    1b:3c:23:c9:8d:2b:0d:eb:72:e2:75:74:76:11:35:
                    3d:be:21:28:aa:7a:bc:43:a6:5b:cf:82:01:3b:81:
                    46:89:95:0f:52:8a:6c:de:78:4f:c7:65:00:77:4a:
                    81:14:4a:3b:20:ed:5d:f1:ac:16:72:2c:3f:69:3d:
                    80:e3:7a:cf:fb:5a:a9:d1:4e:91:d2:b9:c8:e3:66:
                    54:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:49:3D:40:D6:EF:FD:CB:F4:3B:F7:5D:5E:BD:E0:45:63:23:9F:E2
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/5Ek9QNbv_cv0O_ddXr3gRWMjn-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.187.0/24
                  213.176.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:f8:e0:9f:52:72:1b:d1:37:00:42:cb:ef:02:06:c9:d7:05:
         62:d0:15:ae:67:7e:be:f4:f1:5a:c7:28:d7:a3:95:77:33:79:
         ed:5c:94:cc:83:e7:3c:fc:19:1a:d3:d7:0f:03:e2:87:1a:55:
         69:4c:62:4a:ba:3a:08:f9:99:d6:95:36:85:b9:26:cb:bd:89:
         15:4f:69:d8:40:b8:46:19:90:eb:df:08:e4:57:e8:9a:a2:d6:
         fc:29:ff:ac:1b:f3:ed:ac:e0:b3:65:ee:8e:1f:64:20:09:7f:
         28:83:08:19:10:a8:f2:58:8c:c7:9b:29:61:63:7e:48:ac:06:
         c7:0d:95:29:b5:7c:a2:e5:53:0e:c8:58:82:a9:0b:4e:84:23:
         71:7a:b4:c4:f7:5a:b0:80:89:a7:e5:18:37:14:b0:d9:0d:94:
         27:33:59:2c:6a:e1:fd:64:d7:e9:8a:e6:ae:41:e4:08:01:8c:
         9a:25:1f:8b:fc:a0:c3:ec:84:ec:f6:f3:01:70:68:a7:b8:ee:
         32:b1:67:cd:32:41:ca:ee:c7:52:23:d1:d1:32:13:41:45:fd:
         23:0f:04:fd:56:78:c0:2c:9e:81:fd:f8:a0:05:a1:f1:3f:50:
         0f:8d:9d:e8:bb:63:67:f0:0d:7e:17:12:0a:b5:a5:e3:aa:b2:
         c4:b5:93:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlRgL1NwKH9fHghEWEnxkIvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwOTE2MDc1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDQ5M2Q0MGQ2ZWZmZGNiZjQzYmY3NWQ1ZWJkZTA0NTYzMjM5ZmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkL35q0UG2FyJxOsTtrOCA3J0pBKx
SwrOIixX02l1QSOV9BClNy6e9HJahDdzkUSjUUnW8+DlHZMEcVMER0p0BVvUxVna
0PACGMqhmA/6SaizPY3Uj4NW1WAYs9S1kwzejjkrC7o7OXN4Poyk4X+fDH90rRKk
yciWqOOQCsJ0CIjCPzL4ogmCmRMF5m1qNoRkfmtZpHJ5CFw2e1RipfDYHrLRRFP8
FIh+TqcJ6b1Hp05aQocbPCPJjSsN63LidXR2ETU9viEoqnq8Q6Zbz4IBO4FGiZUP
Uops3nhPx2UAd0qBFEo7IO1d8awWciw/aT2A43rP+1qp0U6R0rnI42ZUcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFORJPUDW7/3L9Dv3XV694EVjI5/iMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvNUVrOVFOYnZfY3YwT19kZFhyM2dSV01qbi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPjy7AwQA
1bATMA0GCSqGSIb3DQEBCwUAA4IBAQC6+OCfUnIb0TcAQsvvAgbJ1wVi0BWuZ36+
9PFaxyjXo5V3M3ntXJTMg+c8/Bka09cPA+KHGlVpTGJKujoI+ZnWlTaFuSbLvYkV
T2nYQLhGGZDr3wjkV+iaotb8Kf+sG/PtrOCzZe6OH2QgCX8ogwgZEKjyWIzHmylh
Y35IrAbHDZUptXyi5VMOyFiCqQtOhCNxerTE91qwgImn5Rg3FLDZDZQnM1ksauH9
ZNfpiuauQeQIAYyaJR+L/KDD7ITs9vMBcGinuO4ysWfNMkHK7sdSI9HRMhNBRf0j
DwT9VnjALJ6B/figBaHxP1APjZ3ou2Nn8A1+FxIKtaXjqrLEtZNW
-----END CERTIFICATE-----