Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/4_5iTitTFSTtZsOsVugnI5dSgdc.roa
File:                     4_5iTitTFSTtZsOsVugnI5dSgdc.roa (raw, json)
Hash identifier:          2abkH0EhTcz7XdhZJaoM0k/eRIc3OiOKCsk8YJnz658=
Subject key identifier:   E3:FE:62:4E:2B:53:15:24:ED:66:C3:AC:56:E8:27:23:97:52:81:D7
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019914D7B38B0BFDC00EED655A4911E925D8
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/4_5iTitTFSTtZsOsVugnI5dSgdc.roa
Signing time:             Thu 04 Sep 2025 13:08:24 +0000
ROA not before:           Thu 04 Sep 2025 13:08:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215803
IP address blocks:        194.62.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:14:d7:b3:8b:0b:fd:c0:0e:ed:65:5a:49:11:e9:25:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Sep  4 13:08:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3fe624e2b531524ed66c3ac56e82723975281d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:db:49:94:ae:18:ad:be:48:e5:a4:cc:f0:47:
                    b2:70:e2:19:4b:f8:a6:0f:f8:7b:83:5f:c1:17:49:
                    7c:a6:b8:1a:43:70:17:b7:26:ad:ec:ed:af:b2:53:
                    a3:08:10:b3:4c:1f:0f:d7:76:d4:e4:68:c1:0b:80:
                    21:e9:c7:d8:f7:91:77:da:6f:9d:96:a8:4e:70:94:
                    f2:e8:47:3b:1d:4f:d7:2e:bf:b6:7f:7e:5f:d9:3c:
                    c4:f3:a7:35:e5:e0:7b:18:07:28:93:b4:39:6c:c2:
                    e6:6f:8a:f4:4c:f8:0e:b3:3d:86:24:d8:bb:35:8a:
                    10:04:61:76:12:c2:15:70:e6:23:80:bc:59:a0:0c:
                    1d:cd:43:4c:52:63:21:de:52:68:ab:2f:b7:ea:27:
                    e8:ab:c3:89:d0:5d:32:0d:0e:d1:1c:15:62:c9:21:
                    ca:78:8f:06:2d:fe:1c:ac:5b:17:7a:40:0d:b6:cc:
                    e6:43:10:6c:2e:63:b9:08:50:3a:49:16:cb:9f:c6:
                    db:96:82:de:b1:52:92:a4:ba:e5:a4:6e:0f:bf:8a:
                    92:27:22:62:00:12:ab:0b:d2:b8:67:13:0b:c2:ac:
                    57:3f:88:ff:9b:cf:e3:cf:a9:54:e7:d0:6d:5b:65:
                    94:21:0a:96:61:cb:af:aa:f7:dd:dc:fd:6a:e2:13:
                    92:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:FE:62:4E:2B:53:15:24:ED:66:C3:AC:56:E8:27:23:97:52:81:D7
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/4_5iTitTFSTtZsOsVugnI5dSgdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:9e:55:8e:8d:12:3b:e7:97:41:c1:1c:8d:38:a0:33:b0:91:
         19:5c:23:1a:cd:a2:b7:aa:db:94:56:b2:8c:97:21:69:16:4e:
         e1:52:e6:1a:18:83:3d:e8:e4:9a:a7:2b:0c:bc:83:ed:3b:88:
         30:d9:13:d5:67:f4:37:00:ed:eb:57:be:24:af:57:c6:d5:af:
         ad:dd:ed:cb:06:64:df:6d:ed:99:0b:20:d8:67:d4:eb:47:1f:
         49:b8:4b:80:2e:9e:d2:c0:16:86:14:9f:8e:01:92:a1:81:d1:
         dd:9c:60:9d:63:2d:d0:7a:42:cc:fe:9c:cd:0b:22:a2:d3:36:
         28:f3:6b:3c:a3:c6:34:cb:8a:87:66:c0:c0:31:b8:2e:64:93:
         cb:9f:a5:63:7f:e5:e8:01:95:3f:a1:49:9a:04:d1:2a:55:98:
         27:57:5a:63:fa:9a:f5:42:82:b7:62:f7:eb:4e:03:98:a4:d6:
         5f:05:b8:fa:20:03:c4:fa:b8:70:55:e4:9b:6a:1b:06:6f:d2:
         46:b0:00:c3:a6:97:74:f5:94:f5:61:9b:36:19:bd:54:47:71:
         c4:c3:22:31:78:a8:79:04:de:0a:c9:87:3b:e1:4d:53:40:22:
         c1:0b:91:cc:f3:6e:78:a7:84:b5:11:08:21:91:67:85:86:12:
         4a:59:54:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkU17OLC/3ADu1lWkkR6SXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwOTA0MTMwODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2ZlNjI0ZTJiNTMxNTI0ZWQ2NmMzYWM1NmU4MjcyMzk3NTI4MWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNtJlK4Yrb5I5aTM8EeycOIZS/im
D/h7g1/BF0l8prgaQ3AXtyat7O2vslOjCBCzTB8P13bU5GjBC4Ah6cfY95F32m+d
lqhOcJTy6Ec7HU/XLr+2f35f2TzE86c15eB7GAcok7Q5bMLmb4r0TPgOsz2GJNi7
NYoQBGF2EsIVcOYjgLxZoAwdzUNMUmMh3lJoqy+36ifoq8OJ0F0yDQ7RHBViySHK
eI8GLf4crFsXekANtszmQxBsLmO5CFA6SRbLn8bbloLesVKSpLrlpG4Pv4qSJyJi
ABKrC9K4ZxMLwqxXP4j/m8/jz6lU59BtW2WUIQqWYcuvqvfd3P1q4hOSzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOP+Yk4rUxUk7WbDrFboJyOXUoHXMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvNF81aVRpdFRGU1R0WnNPc1Z1Z25JNWRTZ2RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj40MA0G
CSqGSIb3DQEBCwUAA4IBAQCnnlWOjRI755dBwRyNOKAzsJEZXCMazaK3qtuUVrKM
lyFpFk7hUuYaGIM96OSapysMvIPtO4gw2RPVZ/Q3AO3rV74kr1fG1a+t3e3LBmTf
be2ZCyDYZ9TrRx9JuEuALp7SwBaGFJ+OAZKhgdHdnGCdYy3QekLM/pzNCyKi0zYo
82s8o8Y0y4qHZsDAMbguZJPLn6Vjf+XoAZU/oUmaBNEqVZgnV1pj+pr1QoK3Yvfr
TgOYpNZfBbj6IAPE+rhwVeSbahsGb9JGsADDppd09ZT1YZs2Gb1UR3HEwyIxeKh5
BN4KyYc74U1TQCLBC5HM8254p4S1EQghkWeFhhJKWVSk
-----END CERTIFICATE-----