Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/sX2NFKVgC5loh95KyForDMylV5g.roa
File:                     sX2NFKVgC5loh95KyForDMylV5g.roa (raw, json)
Hash identifier:          O2fEOHckA8rHqZog87+9DPJTfn69UGMLX9CcUwIXDnk=
Subject key identifier:   B1:7D:8D:14:A5:60:0B:99:68:87:DE:4A:C8:5A:2B:0C:CC:A5:57:98
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       01994A2F92AFB98C4115860F358F958207CD
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/sX2NFKVgC5loh95KyForDMylV5g.roa
Signing time:             Sun 14 Sep 2025 21:44:15 +0000
ROA not before:           Sun 14 Sep 2025 21:44:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        86.110.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 06:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4a:2f:92:af:b9:8c:41:15:86:0f:35:8f:95:82:07:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Sep 14 21:44:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b17d8d14a5600b996887de4ac85a2b0ccca55798
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0c:03:a3:2a:8c:bf:fb:07:01:ea:af:8b:b4:
                    27:3c:a2:f1:f5:eb:2e:3a:52:a0:a2:2c:4f:e1:b2:
                    03:80:3d:1b:d6:70:00:20:fe:be:10:4b:0c:06:a7:
                    fd:bf:0b:b0:8c:1d:52:be:5e:f1:1f:f1:37:c2:fc:
                    eb:33:ed:c9:39:8c:d7:51:37:9a:32:73:53:27:de:
                    04:10:0b:4e:c2:31:5d:2a:4d:ff:dd:55:dd:82:8d:
                    67:33:13:61:55:87:d1:7f:86:cf:83:9d:36:ae:71:
                    60:37:99:9b:d4:64:94:f1:09:9b:bd:2c:bb:aa:da:
                    ae:6c:b2:15:02:44:24:ff:03:ad:34:4c:18:f9:74:
                    91:24:5d:58:71:59:9b:e4:58:53:84:1b:55:dd:07:
                    e2:3f:b8:1d:e4:88:0d:0f:84:ab:c7:6f:6d:96:1a:
                    df:ae:9b:c6:ba:e3:13:77:ba:b4:ce:94:cc:c9:ff:
                    d3:b0:db:2f:a2:f9:3f:a2:26:e6:e5:3e:f1:2d:e8:
                    0a:5f:8b:3f:f8:40:6c:02:7c:8f:41:8c:1f:bf:1a:
                    5c:f3:a0:7d:da:b3:3e:ec:45:01:28:d9:f7:e1:e9:
                    5f:df:5c:90:9f:e7:94:b9:3f:fb:26:24:cf:3a:a4:
                    d7:75:65:dd:ec:0d:8e:35:a5:62:cf:72:5a:05:52:
                    51:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:7D:8D:14:A5:60:0B:99:68:87:DE:4A:C8:5A:2B:0C:CC:A5:57:98
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/sX2NFKVgC5loh95KyForDMylV5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:ab:ee:75:05:37:59:3b:bb:d9:bb:ab:07:54:1c:98:43:bf:
         ca:8b:b8:bd:06:ab:d9:d1:40:42:a2:be:2a:24:20:f2:10:52:
         41:98:2d:bd:b2:71:84:70:b3:b7:01:c9:9a:5c:92:e9:a9:f4:
         99:44:b6:6c:fe:a6:7f:2c:db:2f:56:03:bb:d2:cd:7e:7f:28:
         fb:ef:44:55:52:52:91:c1:02:7d:b6:5a:6a:52:6a:01:87:e9:
         df:cb:fa:f8:41:49:d6:9b:b6:72:26:4e:a0:f2:76:3d:da:bc:
         1a:49:57:4e:4a:84:c9:ad:aa:64:15:f0:4f:9d:25:e0:4e:f3:
         bd:f1:ee:11:e1:f5:15:bf:7f:f0:4e:48:ce:1e:5a:26:89:17:
         9c:66:7d:a3:b5:8e:af:31:a4:23:54:2f:14:96:93:64:5c:58:
         b3:fc:d7:c0:8d:ed:f5:60:2e:a6:6b:8e:ca:a2:8a:1b:f6:e2:
         49:5a:96:62:b5:f2:04:3a:bd:70:f4:6b:12:5c:7a:f1:be:21:
         af:47:35:43:2e:59:56:d7:8d:29:da:29:df:76:ae:f6:72:ac:
         83:fd:d9:8e:11:08:c3:b6:68:91:15:ed:f8:3b:40:37:a9:90:
         70:a2:1b:69:58:65:b0:34:f4:f9:6a:eb:2a:5e:cc:d0:16:cb:
         29:93:75:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlKL5KvuYxBFYYPNY+VggfNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwOTE0MjE0NDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTdkOGQxNGE1NjAwYjk5Njg4N2RlNGFjODVhMmIwY2NjYTU1Nzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgwDoyqMv/sHAeqvi7QnPKLx9esu
OlKgoixP4bIDgD0b1nAAIP6+EEsMBqf9vwuwjB1Svl7xH/E3wvzrM+3JOYzXUTea
MnNTJ94EEAtOwjFdKk3/3VXdgo1nMxNhVYfRf4bPg502rnFgN5mb1GSU8QmbvSy7
qtqubLIVAkQk/wOtNEwY+XSRJF1YcVmb5FhThBtV3QfiP7gd5IgND4Srx29tlhrf
rpvGuuMTd7q0zpTMyf/TsNsvovk/oibm5T7xLegKX4s/+EBsAnyPQYwfvxpc86B9
2rM+7EUBKNn34elf31yQn+eUuT/7JiTPOqTXdWXd7A2ONaViz3JaBVJRlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLF9jRSlYAuZaIfeSshaKwzMpVeYMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvc1gyTkZLVmdDNWxvaDk1S3lGb3JETXlsVjVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm46MA0G
CSqGSIb3DQEBCwUAA4IBAQCzq+51BTdZO7vZu6sHVByYQ7/Ki7i9BqvZ0UBCor4q
JCDyEFJBmC29snGEcLO3AcmaXJLpqfSZRLZs/qZ/LNsvVgO70s1+fyj770RVUlKR
wQJ9tlpqUmoBh+nfy/r4QUnWm7ZyJk6g8nY92rwaSVdOSoTJrapkFfBPnSXgTvO9
8e4R4fUVv3/wTkjOHlomiRecZn2jtY6vMaQjVC8UlpNkXFiz/NfAje31YC6ma47K
ooob9uJJWpZitfIEOr1w9GsSXHrxviGvRzVDLllW140p2infdq72cqyD/dmOEQjD
tmiRFe34O0A3qZBwohtpWGWwNPT5ausqXszQFsspk3Wp
-----END CERTIFICATE-----