Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/1-4n255q-GmhvWguY8knOSWxwWOE.roa
File:                     1-4n255q-GmhvWguY8knOSWxwWOE.roa (raw, json)
Hash identifier:          SpMPf2vIKuvnbl4s5E51poi38FquEwM10w09zg2yecI=
Subject key identifier:   FB:89:F6:E7:9A:BE:1A:68:6F:5A:0B:98:F2:49:CE:49:6C:70:58:E1
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0199438F18A6F832479418FC29827D56FB8F
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/1-4n255q-GmhvWguY8knOSWxwWOE.roa
Signing time:             Sat 13 Sep 2025 14:51:15 +0000
ROA not before:           Sat 13 Sep 2025 14:51:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214940
IP address blocks:        213.209.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 22:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:43:8f:18:a6:f8:32:47:94:18:fc:29:82:7d:56:fb:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Sep 13 14:51:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb89f6e79abe1a686f5a0b98f249ce496c7058e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:21:f9:3d:f8:bd:a6:0b:16:b2:dc:d7:20:f3:
                    9a:58:62:30:60:7a:76:c3:5e:f6:51:e4:32:de:01:
                    cf:e1:7e:c4:bb:49:84:3e:34:6a:f5:de:cf:2c:9a:
                    19:08:3b:a6:80:23:56:b1:3e:69:70:86:bc:7f:1f:
                    3f:b1:82:34:a1:c1:72:8b:bd:f2:25:49:73:bd:43:
                    05:92:dd:78:d9:8a:1d:8b:e5:ae:0a:eb:02:c1:f4:
                    38:5d:a2:1f:9c:e4:5f:ef:26:2a:33:74:2e:3a:fd:
                    9c:ee:d5:a3:eb:d7:47:36:23:aa:e8:41:0e:e2:5d:
                    b7:11:d1:c6:db:a1:5f:8f:7d:dd:4b:ea:31:6c:9c:
                    fd:ca:7c:fc:82:1f:1b:61:12:99:0d:ff:47:69:d2:
                    13:9c:83:0e:4a:f7:e6:00:13:8d:cc:ee:33:a8:69:
                    d8:15:1e:54:66:5b:67:9b:e5:88:a9:24:53:47:94:
                    84:19:45:f5:10:87:05:26:e1:77:02:c1:4d:b8:e8:
                    7c:7e:e4:95:83:d0:32:d2:c1:21:06:fa:a2:01:d3:
                    18:c8:78:ce:0a:69:82:73:6c:31:1b:77:40:e3:32:
                    f4:3b:6a:52:9c:99:97:87:1e:53:10:6f:38:ee:cc:
                    9e:80:17:2d:da:b1:08:80:e1:d5:4b:ac:8d:e7:3f:
                    05:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:89:F6:E7:9A:BE:1A:68:6F:5A:0B:98:F2:49:CE:49:6C:70:58:E1
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/1-4n255q-GmhvWguY8knOSWxwWOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:a5:4f:aa:03:11:d8:27:9f:56:77:cf:11:b6:b6:1a:48:eb:
         7f:35:34:4d:97:62:d8:15:1a:f2:41:ae:a5:ae:60:64:91:4a:
         ac:c8:7f:94:c1:95:dd:49:64:ca:66:64:f0:1b:82:a1:54:83:
         28:a0:6b:ca:94:e9:ae:bf:f4:0b:95:6b:29:af:df:c9:69:c6:
         66:be:8c:44:4a:b9:98:da:3a:8f:51:db:0d:38:d8:de:86:ab:
         39:54:47:79:65:30:24:79:8a:20:65:ca:27:e3:4b:b7:9a:45:
         f7:44:5e:d7:1d:4d:f8:68:b9:02:5f:3c:e7:80:67:fd:9b:2e:
         be:ed:64:71:f3:59:82:ed:ed:c5:77:61:fe:47:e1:a2:a9:43:
         38:ec:25:40:e6:eb:6d:d9:39:9a:32:20:9b:ec:e5:a1:ac:75:
         b1:76:f9:24:9f:58:66:21:e6:68:d0:56:84:2f:b0:e2:c6:47:
         45:a6:4a:de:d0:1d:0b:da:43:4e:cf:44:77:03:ac:19:db:7c:
         0d:a5:49:73:d5:43:21:36:a4:ec:df:c5:77:1b:43:fa:a1:46:
         59:2a:08:75:b4:aa:91:ae:34:fb:8d:0f:5a:87:44:6c:ee:b5:
         c3:1e:a6:c9:ce:8b:b2:77:d5:a4:df:c9:f6:4e:77:df:2e:e7:
         c6:3a:28:72
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZlDjxim+DJHlBj8KYJ9VvuPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUwOTEzMTQ1MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjg5ZjZlNzlhYmUxYTY4NmY1YTBiOThmMjQ5Y2U0OTZjNzA1OGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiH5Pfi9pgsWstzXIPOaWGIwYHp2
w172UeQy3gHP4X7Eu0mEPjRq9d7PLJoZCDumgCNWsT5pcIa8fx8/sYI0ocFyi73y
JUlzvUMFkt142Yodi+WuCusCwfQ4XaIfnORf7yYqM3QuOv2c7tWj69dHNiOq6EEO
4l23EdHG26Ffj33dS+oxbJz9ynz8gh8bYRKZDf9HadITnIMOSvfmABONzO4zqGnY
FR5UZltnm+WIqSRTR5SEGUX1EIcFJuF3AsFNuOh8fuSVg9Ay0sEhBvqiAdMYyHjO
CmmCc2wxG3dA4zL0O2pSnJmXhx5TEG847syegBct2rEIgOHVS6yN5z8FTQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPuJ9ueavhpob1oLmPJJzklscFjhMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvMS00bjI1NXEtR21odldndVk4a25PU1d4d1dPRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEw
MS8xL08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANXRnTAN
BgkqhkiG9w0BAQsFAAOCAQEAaqVPqgMR2CefVnfPEba2GkjrfzU0TZdi2BUa8kGu
pa5gZJFKrMh/lMGV3UlkymZk8BuCoVSDKKBrypTprr/0C5VrKa/fyWnGZr6MREq5
mNo6j1HbDTjY3oarOVRHeWUwJHmKIGXKJ+NLt5pF90Re1x1N+Gi5Al8854Bn/Zsu
vu1kcfNZgu3txXdh/kfhoqlDOOwlQObrbdk5mjIgm+zloax1sXb5JJ9YZiHmaNBW
hC+w4sZHRaZK3tAdC9pDTs9EdwOsGdt8DaVJc9VDITak7N/FdxtD+qFGWSoIdbSq
ka40+40PWodEbO61wx6myc6LsnfVpN/J9k533y7nxjoocg==
-----END CERTIFICATE-----