Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/PSzX4ETQs2L8cNC3MHgmvmQQifU.roa
File:                     PSzX4ETQs2L8cNC3MHgmvmQQifU.roa (raw, json)
Hash identifier:          UakKPUPcxegOjzkx7/qLz6OeHL3ixKpktOgsps0SIHU=
Subject key identifier:   3D:2C:D7:E0:44:D0:B3:62:FC:70:D0:B7:30:78:26:BE:64:10:89:F5
Certificate issuer:       /CN=d8772aac1b62b87d6b01d57a1a00a6a72b8a7da6
Certificate serial:       0199A9E2E2B1987F1F4A83F67935F543CF21
Authority key identifier: D8:77:2A:AC:1B:62:B8:7D:6B:01:D5:7A:1A:00:A6:A7:2B:8A:7D:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/PSzX4ETQs2L8cNC3MHgmvmQQifU.roa
Signing time:             Fri 03 Oct 2025 11:44:02 +0000
ROA not before:           Fri 03 Oct 2025 11:44:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        139.123.232.0/24 maxlen: 24
                          193.24.65.0/24 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:22:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:e2:e2:b1:98:7f:1f:4a:83:f6:79:35:f5:43:cf:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8772aac1b62b87d6b01d57a1a00a6a72b8a7da6
        Validity
            Not Before: Oct  3 11:44:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d2cd7e044d0b362fc70d0b7307826be641089f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:37:a8:b6:49:ae:85:18:c1:2c:2d:b7:0d:de:
                    ca:02:9b:b8:01:d9:4c:04:50:48:db:00:b7:74:91:
                    86:43:0e:49:d4:87:87:12:7d:55:de:04:65:26:a3:
                    e8:03:03:43:2f:77:3d:20:6e:f0:5f:61:41:3b:ac:
                    30:95:79:fe:25:10:c6:a1:ee:b0:f9:f1:3e:de:11:
                    c3:5a:61:60:e8:ff:f7:93:73:bc:c5:30:c0:a1:37:
                    48:17:11:8b:2f:3d:a4:3a:40:70:2f:39:2a:0c:7d:
                    3e:94:87:c5:af:3b:23:32:f4:46:ae:1a:c0:da:27:
                    9a:37:95:65:ae:fa:4e:71:9a:de:21:a6:b3:4f:db:
                    0f:67:f4:2e:1f:bc:0a:53:69:21:8e:6d:c0:5e:ed:
                    e2:69:1f:d4:03:a5:fe:9f:b0:8a:bd:63:e1:3c:00:
                    dc:a1:93:86:3f:86:73:7c:7b:6d:c4:93:7c:aa:75:
                    08:ca:7a:03:19:8e:e6:eb:d0:3d:74:29:be:d8:c7:
                    80:63:e8:87:7f:44:fb:b6:07:0b:7b:f2:7f:5e:68:
                    f9:4c:94:0c:7c:18:78:f6:52:10:cf:8f:ff:4f:d0:
                    5a:26:59:5a:9c:3b:1e:8b:8a:43:89:0e:52:29:03:
                    1a:85:4a:bb:3b:3f:8b:df:0c:c9:1e:5b:96:11:d7:
                    5e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:2C:D7:E0:44:D0:B3:62:FC:70:D0:B7:30:78:26:BE:64:10:89:F5
            X509v3 Authority Key Identifier:
                keyid:D8:77:2A:AC:1B:62:B8:7D:6B:01:D5:7A:1A:00:A6:A7:2B:8A:7D:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/PSzX4ETQs2L8cNC3MHgmvmQQifU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.123.232.0/24
                  193.24.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:4d:8f:41:ac:d1:ad:0b:90:70:ef:ae:e7:14:ce:2b:33:b9:
         6d:94:42:12:07:4d:e9:67:21:19:26:f5:4f:b5:17:1c:21:9b:
         f4:a1:40:8b:62:7a:f8:2f:3a:79:39:eb:48:12:a9:82:44:25:
         95:f8:cf:65:cf:8a:c1:9f:86:32:91:66:ca:19:c1:e2:e5:93:
         3a:49:83:67:a9:6a:08:0e:b6:0e:94:02:ff:b7:cb:55:c9:eb:
         c6:4e:44:0d:7b:f6:1d:45:85:c2:2d:c3:92:40:8f:78:81:53:
         7b:72:51:c3:2e:7c:68:54:75:b5:0f:d7:7d:cd:cc:fc:fe:25:
         e4:f3:8a:57:6d:44:3d:6a:ca:07:89:a0:6a:2e:e8:b6:e4:ef:
         d8:d1:76:d9:7b:a1:d0:25:de:bf:f4:8e:2e:d8:36:35:bb:09:
         92:03:8a:a8:2c:96:cb:5a:06:88:9e:24:4f:8f:e4:c9:63:1d:
         61:4a:73:8c:b1:c9:75:2c:f5:81:fb:d5:ed:ae:cb:0d:12:b3:
         19:e6:c8:05:15:02:f4:23:9c:ce:16:34:ff:ff:31:96:e4:aa:
         cc:d9:7d:d1:72:5f:b1:fd:55:2b:9d:4d:60:70:f9:3d:c6:21:
         9f:f1:2a:1d:0c:4d:bc:02:08:98:00:2d:0c:16:a2:76:d7:cb:
         06:d3:87:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmp4uKxmH8fSoP2eTX1Q88hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NzcyYWFjMWI2MmI4N2Q2YjAxZDU3YTFhMDBhNmE3MmI4
YTdkYTYwHhcNMjUxMDAzMTE0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDJjZDdlMDQ0ZDBiMzYyZmM3MGQwYjczMDc4MjZiZTY0MTA4OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjeotkmuhRjBLC23Dd7KApu4AdlM
BFBI2wC3dJGGQw5J1IeHEn1V3gRlJqPoAwNDL3c9IG7wX2FBO6wwlXn+JRDGoe6w
+fE+3hHDWmFg6P/3k3O8xTDAoTdIFxGLLz2kOkBwLzkqDH0+lIfFrzsjMvRGrhrA
2ieaN5VlrvpOcZreIaazT9sPZ/QuH7wKU2khjm3AXu3iaR/UA6X+n7CKvWPhPADc
oZOGP4ZzfHttxJN8qnUIynoDGY7m69A9dCm+2MeAY+iHf0T7tgcLe/J/Xmj5TJQM
fBh49lIQz4//T9BaJllanDsei4pDiQ5SKQMahUq7Oz+L3wzJHluWEdde5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD0s1+BE0LNi/HDQtzB4Jr5kEIn1MB8GA1UdIwQY
MBaAFNh3KqwbYrh9awHVehoApqcrin2mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkhjcXJCdGl1SDFyQWRWNkdnQ21weXVLZmFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My82MTZhNTgtNTM0Mi00MzJjLWE5YzUt
MzMzYmVlY2ZmNmY0LzEvUFN6WDRFVFFzMkw4Y05DM01IZ212bVFRaWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My82MTZhNTgtNTM0Mi00MzJjLWE5YzUtMzMzYmVlY2ZmNmY0
LzEvMkhjcXJCdGl1SDFyQWRWNkdnQ21weXVLZmFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAi3voAwQA
wRhBMA0GCSqGSIb3DQEBCwUAA4IBAQBJTY9BrNGtC5Bw767nFM4rM7ltlEISB03p
ZyEZJvVPtRccIZv0oUCLYnr4Lzp5OetIEqmCRCWV+M9lz4rBn4YykWbKGcHi5ZM6
SYNnqWoIDrYOlAL/t8tVyevGTkQNe/YdRYXCLcOSQI94gVN7clHDLnxoVHW1D9d9
zcz8/iXk84pXbUQ9asoHiaBqLui25O/Y0XbZe6HQJd6/9I4u2DY1uwmSA4qoLJbL
WgaIniRPj+TJYx1hSnOMscl1LPWB+9XtrssNErMZ5sgFFQL0I5zOFjT//zGW5KrM
2X3Rcl+x/VUrnU1gcPk9xiGf8SodDE28AgiYAC0MFqJ218sG04fk
-----END CERTIFICATE-----