Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Utm7sOfFVqH87cJBW7yiw4Nfe0E.roa
File:                     Utm7sOfFVqH87cJBW7yiw4Nfe0E.roa (raw, json)
Hash identifier:          1w/VKWCspZq9q2wBt8ZfIOemo4HsV2G9vSmDYShK+QQ=
Subject key identifier:   52:D9:BB:B0:E7:C5:56:A1:FC:ED:C2:41:5B:BC:A2:C3:83:5F:7B:41
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019A2D3B797411C94B5C0B6E90849A437900
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Utm7sOfFVqH87cJBW7yiw4Nfe0E.roa
Signing time:             Tue 28 Oct 2025 23:51:03 +0000
ROA not before:           Tue 28 Oct 2025 23:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215614
IP address blocks:        85.202.203.0/24 maxlen: 24
                          2a10:2f00:167::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2d:3b:79:74:11:c9:4b:5c:0b:6e:90:84:9a:43:79:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct 28 23:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52d9bbb0e7c556a1fcedc2415bbca2c3835f7b41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:92:0c:27:eb:8f:b2:fa:15:61:7a:25:31:4b:
                    f5:c7:58:53:c2:7a:67:61:ce:7f:e8:74:83:3e:af:
                    38:68:0b:64:fe:54:a4:1d:d1:09:83:b6:cf:b0:f0:
                    dc:dd:87:34:53:a2:84:10:66:39:44:c1:ab:07:de:
                    98:4f:fc:d8:19:67:bc:ce:d4:57:da:b8:df:e4:fa:
                    61:2e:7f:53:4a:53:a5:2e:0e:d3:8c:61:79:0e:34:
                    99:a4:d1:75:9f:72:83:1b:15:33:a8:2f:a0:57:f8:
                    7a:7e:f2:b1:35:81:84:a5:00:43:9d:81:ff:44:45:
                    89:db:4c:49:ad:26:04:66:04:61:f1:75:e6:f4:b2:
                    33:43:85:12:ef:85:60:57:d3:65:f1:90:dc:59:47:
                    bf:0c:54:ea:84:1f:4d:64:a9:d9:87:37:57:4e:ce:
                    68:64:a7:3a:fb:c4:43:af:da:df:be:ee:0e:d7:0e:
                    67:46:83:40:23:8f:6b:74:e4:ea:ff:54:8e:2c:2c:
                    98:9b:82:dd:6d:48:fd:a7:e1:2c:c1:41:5e:0b:a0:
                    0e:e1:8a:6f:3c:db:77:f5:ed:b8:8d:35:0b:01:ec:
                    81:0f:f2:a1:0d:92:83:34:79:73:bb:a9:78:95:fe:
                    b7:59:7c:bf:e5:61:b9:7e:92:c5:ad:45:47:e8:3c:
                    f0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D9:BB:B0:E7:C5:56:A1:FC:ED:C2:41:5B:BC:A2:C3:83:5F:7B:41
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Utm7sOfFVqH87cJBW7yiw4Nfe0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.203.0/24
                IPv6:
                  2a10:2f00:167::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:2c:16:27:1b:c4:43:f3:6b:11:cb:0d:ac:a8:85:39:9d:6b:
         59:ab:5b:6d:45:ca:79:ed:bc:4b:f8:f7:70:99:a2:3c:fa:74:
         dc:66:0c:c2:8b:79:d7:16:97:48:5e:30:53:0a:74:97:ad:a2:
         14:1f:04:6e:82:ad:7a:eb:1b:4f:a9:6e:3a:57:3c:f7:a5:6a:
         eb:72:90:b1:d4:ac:14:da:30:9f:1b:3f:7d:98:bc:e3:74:38:
         d8:51:b1:0f:67:39:29:5c:07:3a:08:0e:eb:0c:8e:33:e3:be:
         e0:f6:c8:ee:f4:ab:02:7c:49:e3:27:e9:d9:32:e8:32:9e:88:
         bc:6b:1d:40:a0:a9:ba:86:09:5b:ba:8c:f8:5f:53:20:51:70:
         4d:d9:14:06:6a:cb:14:22:cf:12:93:b3:5a:dc:ec:86:f3:38:
         70:c4:99:ea:f3:cc:0a:fb:ff:cb:4c:c6:20:8c:c6:99:fe:2b:
         5d:d5:d5:d4:31:b5:4c:14:33:93:6e:e3:0f:74:87:02:c9:ae:
         8c:1e:5b:91:ab:a2:fa:c7:80:7e:62:70:68:d4:90:3f:0a:07:
         8a:46:bf:44:83:53:21:5a:01:cd:6e:26:5f:3d:6e:cd:ac:db:
         d7:77:09:e1:f9:94:97:90:95:22:10:08:45:96:c6:a1:c9:22:
         f8:09:78:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZotO3l0EclLXAtukISaQ3kAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMDI4MjM1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmQ5YmJiMGU3YzU1NmExZmNlZGMyNDE1YmJjYTJjMzgzNWY3YjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpIMJ+uPsvoVYXolMUv1x1hTwnpn
Yc5/6HSDPq84aAtk/lSkHdEJg7bPsPDc3Yc0U6KEEGY5RMGrB96YT/zYGWe8ztRX
2rjf5PphLn9TSlOlLg7TjGF5DjSZpNF1n3KDGxUzqC+gV/h6fvKxNYGEpQBDnYH/
REWJ20xJrSYEZgRh8XXm9LIzQ4US74VgV9Nl8ZDcWUe/DFTqhB9NZKnZhzdXTs5o
ZKc6+8RDr9rfvu4O1w5nRoNAI49rdOTq/1SOLCyYm4LdbUj9p+EswUFeC6AO4Ypv
PNt39e24jTULAeyBD/KhDZKDNHlzu6l4lf63WXy/5WG5fpLFrUVH6DzwWQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFLZu7DnxVah/O3CQVu8osODX3tBMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVXRtN3NPZkZWcUg4N2NKQlc3eWl3NE5mZTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAVcrLMA8E
AgACMAkDBwAqEC8AAWcwDQYJKoZIhvcNAQELBQADggEBAHMsFicbxEPzaxHLDayo
hTmda1mrW21FynntvEv493CZojz6dNxmDMKLedcWl0heMFMKdJetohQfBG6CrXrr
G0+pbjpXPPelautykLHUrBTaMJ8bP32YvON0ONhRsQ9nOSlcBzoIDusMjjPjvuD2
yO70qwJ8SeMn6dky6DKeiLxrHUCgqbqGCVu6jPhfUyBRcE3ZFAZqyxQizxKTs1rc
7IbzOHDEmerzzAr7/8tMxiCMxpn+K13V1dQxtUwUM5Nu4w90hwLJroweW5GrovrH
gH5icGjUkD8KB4pGv0SDUyFaAc1uJl89bs2s29d3CeH5lJeQlSIQCEWWxqHJIvgJ
eFQ=
-----END CERTIFICATE-----