Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/5eOpZ_VbK_AsCtNFBwr6V5q25mA.roa
File:                     5eOpZ_VbK_AsCtNFBwr6V5q25mA.roa (raw, json)
Hash identifier:          /d2c751AjrNowXlWGm7ktfdmB8uq9hd//jNoOLsL47A=
Subject key identifier:   E5:E3:A9:67:F5:5B:2B:F0:2C:0A:D3:45:07:0A:FA:57:9A:B6:E6:60
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       0198984C76542FD07715D8B5063459E1A9B3
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/5eOpZ_VbK_AsCtNFBwr6V5q25mA.roa
Signing time:             Mon 11 Aug 2025 08:43:24 +0000
ROA not before:           Mon 11 Aug 2025 08:43:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        194.44.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 02:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:4c:76:54:2f:d0:77:15:d8:b5:06:34:59:e1:a9:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Aug 11 08:43:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5e3a967f55b2bf02c0ad345070afa579ab6e660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:06:bf:68:a1:94:09:89:a2:8e:1d:94:aa:75:
                    d4:6c:bf:0c:2b:26:86:8a:60:b1:4b:bb:86:15:1c:
                    4d:ee:10:11:c4:90:3b:57:ac:f1:c8:f8:95:ba:08:
                    dd:7c:0b:ea:45:72:bd:a5:bc:ec:c6:04:3a:01:c4:
                    6f:05:45:1b:28:31:ef:48:f0:35:d3:4f:e1:2e:6e:
                    18:30:1c:f6:5a:c3:75:25:a8:05:38:e2:d5:38:69:
                    64:16:23:13:61:7c:0c:66:b4:51:72:4c:a7:bb:88:
                    12:a1:1d:8b:c4:bf:cd:4d:7b:48:8c:79:95:ef:22:
                    fe:9d:c7:31:74:68:f1:2f:85:fc:13:01:d0:e2:c2:
                    85:b2:9b:9d:0a:c5:67:3a:16:84:c7:7d:4c:22:f6:
                    73:92:7f:90:0a:35:7a:c6:68:36:88:96:86:cc:1b:
                    33:9f:ef:58:78:a8:0c:b1:90:aa:e9:e0:8f:75:94:
                    00:30:f0:bd:28:78:eb:6b:2a:77:df:d7:a4:51:95:
                    39:a0:06:76:cc:5e:ce:bc:d7:83:75:30:8a:78:8c:
                    87:75:52:37:56:46:d4:8e:13:ba:9f:ff:b7:6e:43:
                    b7:01:7f:02:f5:3f:ab:df:b9:37:40:be:58:aa:81:
                    79:d7:d5:57:c3:cf:97:13:44:90:e2:f1:bf:ea:31:
                    62:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:E3:A9:67:F5:5B:2B:F0:2C:0A:D3:45:07:0A:FA:57:9A:B6:E6:60
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/5eOpZ_VbK_AsCtNFBwr6V5q25mA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:6e:ea:69:fe:23:c4:03:04:e9:b9:40:be:60:4b:7a:f0:7c:
         a0:05:24:00:1d:d7:64:36:9c:56:aa:09:4f:f3:03:25:5d:fa:
         0c:72:e3:c2:74:a2:ee:b8:f5:81:33:e2:e2:02:ab:db:5a:f9:
         8c:90:5e:bc:a0:4d:ee:bf:6c:da:83:51:28:27:5f:c9:bc:77:
         21:4f:fb:1b:50:43:d9:1f:e6:87:10:e3:d9:8f:e9:24:a2:17:
         d5:02:7b:ec:44:fc:97:bd:5b:69:67:75:e6:74:d8:56:8d:55:
         91:97:12:1e:50:06:3d:cb:15:ee:6f:06:b3:18:05:8e:cd:04:
         8a:5c:53:d5:3b:17:22:ec:b6:9f:a0:26:0d:f5:5d:dc:f2:05:
         aa:27:0a:d3:b5:ef:1f:25:78:48:e0:a6:b0:ce:21:76:8d:34:
         2b:76:71:03:21:5a:49:fc:90:ec:98:ee:0e:2a:ee:00:39:a3:
         c3:63:06:77:c6:cc:ca:1d:c5:71:59:ef:a6:98:97:14:0a:e6:
         98:03:40:b5:fc:12:dd:2a:d4:67:17:8e:8e:b3:dd:93:a4:f5:
         99:4d:52:bd:17:80:1c:30:70:16:c7:b9:f3:4c:4a:65:2d:25:
         31:05:97:80:08:d5:5b:ad:70:87:6a:fd:80:34:b3:46:9d:03:
         c5:6c:12:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYTHZUL9B3Fdi1BjRZ4amzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjUwODExMDg0MzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWUzYTk2N2Y1NWIyYmYwMmMwYWQzNDUwNzBhZmE1NzlhYjZlNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQa/aKGUCYmijh2UqnXUbL8MKyaG
imCxS7uGFRxN7hARxJA7V6zxyPiVugjdfAvqRXK9pbzsxgQ6AcRvBUUbKDHvSPA1
00/hLm4YMBz2WsN1JagFOOLVOGlkFiMTYXwMZrRRckynu4gSoR2LxL/NTXtIjHmV
7yL+nccxdGjxL4X8EwHQ4sKFspudCsVnOhaEx31MIvZzkn+QCjV6xmg2iJaGzBsz
n+9YeKgMsZCq6eCPdZQAMPC9KHjrayp339ekUZU5oAZ2zF7OvNeDdTCKeIyHdVI3
VkbUjhO6n/+3bkO3AX8C9T+r37k3QL5YqoF519VXw8+XE0SQ4vG/6jFihQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXjqWf1WyvwLArTRQcK+leatuZgMB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvNWVPcFpfVmJLX0FzQ3RORkJ3cjZWNXEyNW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwizrMA0G
CSqGSIb3DQEBCwUAA4IBAQBJbupp/iPEAwTpuUC+YEt68HygBSQAHddkNpxWqglP
8wMlXfoMcuPCdKLuuPWBM+LiAqvbWvmMkF68oE3uv2zag1EoJ1/JvHchT/sbUEPZ
H+aHEOPZj+kkohfVAnvsRPyXvVtpZ3XmdNhWjVWRlxIeUAY9yxXubwazGAWOzQSK
XFPVOxci7LafoCYN9V3c8gWqJwrTte8fJXhI4KawziF2jTQrdnEDIVpJ/JDsmO4O
Ku4AOaPDYwZ3xszKHcVxWe+mmJcUCuaYA0C1/BLdKtRnF46Os92TpPWZTVK9F4Ac
MHAWx7nzTEplLSUxBZeACNVbrXCHav2ANLNGnQPFbBLk
-----END CERTIFICATE-----