Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Vps6WEnFir1cxefsj2JuvyEAZjI.roa
File:                     Vps6WEnFir1cxefsj2JuvyEAZjI.roa (raw, json)
Hash identifier:          tFJObbw8nZKa6JvhXr3i58hyIcoZDFH5h5LETAALHjI=
Subject key identifier:   56:9B:3A:58:49:C5:8A:BD:5C:C5:E7:EC:8F:62:6E:BF:21:00:66:32
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       0198FC6382E2771A1B0FE52767DBD526888A
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Vps6WEnFir1cxefsj2JuvyEAZjI.roa
Signing time:             Sat 30 Aug 2025 19:10:36 +0000
ROA not before:           Sat 30 Aug 2025 19:10:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399275
IP address blocks:        79.172.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:fc:63:82:e2:77:1a:1b:0f:e5:27:67:db:d5:26:88:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Aug 30 19:10:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=569b3a5849c58abd5cc5e7ec8f626ebf21006632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:3e:21:fa:78:87:ac:84:86:36:15:cf:0d:47:
                    75:41:79:35:fb:51:72:8e:ea:b8:20:e4:d6:63:7f:
                    4b:e6:66:ac:2b:ce:82:fd:61:57:3f:73:77:29:86:
                    00:a8:23:95:c9:dc:56:89:6f:f6:de:9a:c1:5a:0c:
                    a3:50:cb:04:0c:13:a0:46:84:e7:e5:f7:71:74:6d:
                    e4:5e:e4:4b:17:e8:60:ee:8a:a8:b3:13:56:44:b7:
                    ae:da:8f:71:f4:1e:49:4b:f9:dc:75:69:17:a9:a5:
                    e9:6c:03:c5:ec:2c:8e:7b:16:b6:f5:4a:99:8c:2d:
                    64:2f:18:30:8b:4b:cf:39:57:3b:26:23:8f:ee:16:
                    b3:d4:d6:23:bd:41:7d:28:04:a1:09:b8:1b:19:4d:
                    1e:08:09:3e:ce:5b:0a:0d:ee:37:b5:07:46:37:e7:
                    a4:5b:21:41:04:90:2e:dc:6a:1b:36:0a:22:93:da:
                    b3:f9:df:dc:7f:dc:31:88:9b:7e:0f:e2:b0:26:69:
                    c4:92:cf:aa:0b:f3:77:dc:cd:c2:79:d0:ec:82:fd:
                    8e:f1:ea:10:70:90:1b:8f:65:dc:61:a6:17:3e:78:
                    0b:ba:b2:1f:81:7c:28:68:95:e4:86:7b:d6:95:bf:
                    fa:22:dd:b6:a0:38:13:ec:cb:16:6d:9d:3c:0f:0a:
                    90:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:9B:3A:58:49:C5:8A:BD:5C:C5:E7:EC:8F:62:6E:BF:21:00:66:32
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Vps6WEnFir1cxefsj2JuvyEAZjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:3d:d5:97:77:8d:e4:10:1f:03:ae:04:75:9d:6d:66:cd:8f:
         69:96:b6:7b:f3:67:c1:b9:c2:c6:31:be:1c:88:a2:5e:35:99:
         20:97:2f:b0:1a:e0:95:bd:15:dc:cc:48:b9:97:f5:c0:f8:e5:
         f0:3f:8d:3c:77:01:d1:3a:3e:5c:25:36:cb:12:82:fe:f3:12:
         0a:e7:e1:d6:29:f4:79:9b:32:50:c2:9f:ed:f1:10:8e:12:b6:
         99:c9:2b:9d:79:2d:2c:0f:13:60:59:24:eb:03:8b:d0:89:ed:
         87:95:91:ac:90:29:66:eb:eb:a2:57:e2:cc:a3:4f:c5:16:50:
         39:69:06:49:28:6f:04:5f:8f:8f:9d:42:cd:f9:5c:ec:2e:10:
         d6:82:7d:46:50:8b:81:9d:7e:be:8b:21:39:ed:9c:35:3b:6c:
         4e:8f:a5:ab:74:51:d0:06:90:90:9d:6c:ad:a4:99:cd:eb:8a:
         dc:fa:c3:0d:60:c9:7b:99:4d:d8:94:aa:4c:d7:d2:3a:35:3e:
         d2:02:9d:76:c7:38:82:f5:d3:4d:00:3a:1e:04:eb:93:df:75:
         d5:6d:18:7f:b9:ac:19:c6:17:59:c9:ab:4b:dc:01:59:96:fb:
         4c:ab:67:21:f9:fe:e1:97:ef:0e:77:4b:d7:c9:4f:b4:dd:0f:
         cf:9d:b8:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj8Y4LidxobD+UnZ9vVJoiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwODMwMTkxMDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjliM2E1ODQ5YzU4YWJkNWNjNWU3ZWM4ZjYyNmViZjIxMDA2NjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9T4h+niHrISGNhXPDUd1QXk1+1Fy
juq4IOTWY39L5masK86C/WFXP3N3KYYAqCOVydxWiW/23prBWgyjUMsEDBOgRoTn
5fdxdG3kXuRLF+hg7oqosxNWRLeu2o9x9B5JS/ncdWkXqaXpbAPF7CyOexa29UqZ
jC1kLxgwi0vPOVc7JiOP7haz1NYjvUF9KAShCbgbGU0eCAk+zlsKDe43tQdGN+ek
WyFBBJAu3GobNgoik9qz+d/cf9wxiJt+D+KwJmnEks+qC/N33M3CedDsgv2O8eoQ
cJAbj2XcYaYXPngLurIfgXwoaJXkhnvWlb/6It22oDgT7MsWbZ08DwqQiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFabOlhJxYq9XMXn7I9ibr8hAGYyMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvVnBzNldFbkZpcjFjeGVmc2oySnV2eUVBWmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6z7MA0G
CSqGSIb3DQEBCwUAA4IBAQAVPdWXd43kEB8DrgR1nW1mzY9plrZ782fBucLGMb4c
iKJeNZkgly+wGuCVvRXczEi5l/XA+OXwP408dwHROj5cJTbLEoL+8xIK5+HWKfR5
mzJQwp/t8RCOEraZySudeS0sDxNgWSTrA4vQie2HlZGskClm6+uiV+LMo0/FFlA5
aQZJKG8EX4+PnULN+VzsLhDWgn1GUIuBnX6+iyE57Zw1O2xOj6WrdFHQBpCQnWyt
pJnN64rc+sMNYMl7mU3YlKpM19I6NT7SAp12xziC9dNNADoeBOuT33XVbRh/uawZ
xhdZyatL3AFZlvtMq2ch+f7hl+8Od0vXyU+03Q/Pnbhw
-----END CERTIFICATE-----