Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/Pfa8J12SK6qYlpp-JCEIEXT9ItQ.roa
File:                     Pfa8J12SK6qYlpp-JCEIEXT9ItQ.roa (raw, json)
Hash identifier:          m14RvIzc2rz/0aG6QUUC8I/FrsLRlE3a6BpD0Y3vDzU=
Subject key identifier:   3D:F6:BC:27:5D:92:2B:AA:98:96:9A:7E:24:21:08:11:74:FD:22:D4
Certificate issuer:       /CN=e0c5bb3da53435bf41e17f7dec47d4484e7f3129
Certificate serial:       0198F5869B5AE1DFC21C3AE0C6C9E9404A84
Authority key identifier: E0:C5:BB:3D:A5:34:35:BF:41:E1:7F:7D:EC:47:D4:48:4E:7F:31:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4MW7PaU0Nb9B4X997EfUSE5_MSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/Pfa8J12SK6qYlpp-JCEIEXT9ItQ.roa
Signing time:             Fri 29 Aug 2025 11:11:36 +0000
ROA not before:           Fri 29 Aug 2025 11:11:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59245
IP address blocks:        195.13.54.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/4MW7PaU0Nb9B4X997EfUSE5_MSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/4MW7PaU0Nb9B4X997EfUSE5_MSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4MW7PaU0Nb9B4X997EfUSE5_MSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 18:48:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f5:86:9b:5a:e1:df:c2:1c:3a:e0:c6:c9:e9:40:4a:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0c5bb3da53435bf41e17f7dec47d4484e7f3129
        Validity
            Not Before: Aug 29 11:11:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3df6bc275d922baa98969a7e2421081174fd22d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:46:d2:92:a5:a1:44:ee:66:94:08:42:04:81:
                    ca:56:b7:46:ed:02:9d:dc:d6:e3:98:c2:60:97:03:
                    4a:0e:69:7a:60:15:d9:4d:ad:98:89:50:4a:08:05:
                    9b:d6:4c:16:f7:ff:a3:90:c2:1e:d6:bb:62:f0:c3:
                    6f:67:ec:3c:f1:39:cb:3b:0b:68:fe:1c:24:5f:f6:
                    3c:f3:c3:aa:8b:40:a7:11:05:7d:72:22:ca:5b:63:
                    91:cd:3d:2f:19:a1:ff:db:1a:9a:04:23:d3:88:d5:
                    09:96:32:99:5c:99:b6:b7:80:6b:77:a0:43:a5:8f:
                    13:e8:0b:ee:c7:35:42:a6:bc:f4:3a:05:c7:2f:b1:
                    72:b9:53:85:70:49:9d:d4:9a:31:29:0b:c3:26:e5:
                    b4:a9:37:13:c6:82:79:36:8a:2e:dd:51:7e:3e:2d:
                    22:a3:5d:e9:d2:5b:3c:3d:14:23:fb:82:7a:9d:71:
                    8b:df:ad:cd:24:bf:e9:26:dc:61:6a:79:b8:01:1e:
                    be:fe:de:b7:cc:60:40:96:07:b1:14:0f:97:b8:1d:
                    8f:9f:36:d0:e1:71:af:cf:0d:05:2c:24:21:7f:fa:
                    ec:92:6b:a5:ba:1b:0b:ca:79:be:1d:4b:38:8a:ee:
                    d1:b4:c1:84:17:b2:af:f9:04:0d:b1:7a:56:d6:d8:
                    b6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F6:BC:27:5D:92:2B:AA:98:96:9A:7E:24:21:08:11:74:FD:22:D4
            X509v3 Authority Key Identifier:
                keyid:E0:C5:BB:3D:A5:34:35:BF:41:E1:7F:7D:EC:47:D4:48:4E:7F:31:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4MW7PaU0Nb9B4X997EfUSE5_MSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/Pfa8J12SK6qYlpp-JCEIEXT9ItQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/7f7d8f-0dc8-45a2-bc16-80add9ea3e5c/1/4MW7PaU0Nb9B4X997EfUSE5_MSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.13.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:14:5c:33:41:eb:6b:ce:a6:5f:fd:9d:d6:59:0d:f5:d8:5c:
         66:16:67:4b:58:0d:3e:75:c5:22:b3:38:d2:1a:54:a5:37:d5:
         4a:69:de:eb:07:ca:8e:f7:b1:ad:e2:5e:1b:8a:1a:55:0a:06:
         c4:66:fe:39:3e:2c:2c:16:25:ae:6f:87:a1:c7:de:8a:03:88:
         fe:15:51:95:73:b0:38:37:bf:14:43:3b:f3:ae:2b:7f:59:d3:
         1a:86:cf:ca:0a:38:46:a1:a8:dd:b8:fe:64:e9:70:48:6b:ea:
         ac:24:5e:2d:c2:57:0c:3e:32:85:28:20:7d:75:5e:68:e1:a0:
         9b:fd:31:a1:41:80:69:44:e5:6b:d4:43:2c:66:e8:cc:b9:28:
         de:7b:76:ad:95:94:c4:96:ec:11:f0:56:4e:88:0f:11:3c:74:
         8d:39:31:f3:ce:98:84:d5:37:c2:15:88:d9:49:ad:8e:14:a2:
         87:c5:de:8d:ab:cf:cf:4c:85:10:1f:c4:7e:dd:f6:cc:be:6a:
         29:fd:5f:3f:57:32:ac:2a:2a:93:ce:30:1f:25:d9:44:f0:1a:
         4b:5d:9e:48:6b:ed:73:98:f7:ab:1e:6a:ec:e0:93:1d:29:bd:
         b9:14:ba:c2:ea:f0:70:43:1c:54:05:11:7a:90:5c:0d:ed:76:
         f4:da:b4:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj1hpta4d/CHDrgxsnpQEqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYzViYjNkYTUzNDM1YmY0MWUxN2Y3ZGVjNDdkNDQ4NGU3
ZjMxMjkwHhcNMjUwODI5MTExMTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGY2YmMyNzVkOTIyYmFhOTg5NjlhN2UyNDIxMDgxMTc0ZmQyMmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0bSkqWhRO5mlAhCBIHKVrdG7QKd
3NbjmMJglwNKDml6YBXZTa2YiVBKCAWb1kwW9/+jkMIe1rti8MNvZ+w88TnLOwto
/hwkX/Y888Oqi0CnEQV9ciLKW2ORzT0vGaH/2xqaBCPTiNUJljKZXJm2t4Brd6BD
pY8T6AvuxzVCprz0OgXHL7FyuVOFcEmd1JoxKQvDJuW0qTcTxoJ5Noou3VF+Pi0i
o13p0ls8PRQj+4J6nXGL363NJL/pJtxhanm4AR6+/t63zGBAlgexFA+XuB2PnzbQ
4XGvzw0FLCQhf/rskmuluhsLynm+HUs4iu7RtMGEF7Kv+QQNsXpW1ti28wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD32vCddkiuqmJaafiQhCBF0/SLUMB8GA1UdIwQY
MBaAFODFuz2lNDW/QeF/fexH1EhOfzEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE1XN1BhVTBOYjlCNFg5OTdFZlVTRTVfTVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83ZjdkOGYtMGRjOC00NWEyLWJjMTYt
ODBhZGQ5ZWEzZTVjLzEvUGZhOEoxMlNLNnFZbHBwLUpDRUlFWFQ5SXRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83ZjdkOGYtMGRjOC00NWEyLWJjMTYtODBhZGQ5ZWEzZTVj
LzEvNE1XN1BhVTBOYjlCNFg5OTdFZlVTRTVfTVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBww02MA0G
CSqGSIb3DQEBCwUAA4IBAQCvFFwzQetrzqZf/Z3WWQ312FxmFmdLWA0+dcUiszjS
GlSlN9VKad7rB8qO97Gt4l4bihpVCgbEZv45PiwsFiWub4ehx96KA4j+FVGVc7A4
N78UQzvzrit/WdMahs/KCjhGoajduP5k6XBIa+qsJF4twlcMPjKFKCB9dV5o4aCb
/TGhQYBpROVr1EMsZujMuSjee3atlZTEluwR8FZOiA8RPHSNOTHzzpiE1TfCFYjZ
Sa2OFKKHxd6Nq8/PTIUQH8R+3fbMvmop/V8/VzKsKiqTzjAfJdlE8BpLXZ5Ia+1z
mPerHmrs4JMdKb25FLrC6vBwQxxUBRF6kFwN7Xb02rQ/
-----END CERTIFICATE-----