Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/1z54-R2eueuH54PTbLjKQAuYZZc.roa
File:                     1z54-R2eueuH54PTbLjKQAuYZZc.roa (raw, json)
Hash identifier:          na8VleR3QcCgQLwEPa245cMk4lobIy28u3ve1B3bHSc=
Subject key identifier:   D7:3E:78:F9:1D:9E:B9:EB:87:E7:83:D3:6C:B8:CA:40:0B:98:65:97
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       0199BE179BE68B0E7941E4966FA9B369CB80
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/1z54-R2eueuH54PTbLjKQAuYZZc.roa
Signing time:             Tue 07 Oct 2025 09:54:02 +0000
ROA not before:           Tue 07 Oct 2025 09:54:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     147293
IP address blocks:        88.80.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:be:17:9b:e6:8b:0e:79:41:e4:96:6f:a9:b3:69:cb:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Oct  7 09:54:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d73e78f91d9eb9eb87e783d36cb8ca400b986597
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a7:f6:32:33:54:cf:03:24:56:ed:cc:e5:ed:
                    6e:00:a7:47:37:54:a9:67:c1:40:3a:79:39:08:26:
                    ec:a0:1a:7f:6f:f8:d5:9e:9a:15:ac:d1:4d:ee:8e:
                    17:6d:61:00:da:92:ee:d9:66:50:11:a3:b5:da:0c:
                    1b:39:87:03:c3:16:04:57:af:31:22:48:83:e3:e5:
                    b3:ac:f4:33:9a:3a:d4:00:30:42:5f:7c:26:c0:2a:
                    65:f4:7d:fb:6d:17:eb:7f:19:0c:61:d4:5a:1b:a9:
                    97:3d:1e:ae:1f:ef:55:9a:ae:58:60:12:f1:44:08:
                    39:c2:f6:86:32:33:eb:97:b0:7a:8c:15:99:cb:26:
                    3f:66:95:29:7e:aa:11:9b:7f:ad:cf:6a:cf:95:b7:
                    a0:47:31:c6:a2:46:19:db:4e:c8:f9:42:8c:1a:80:
                    de:a0:c4:60:cd:c2:a0:6f:e8:cf:f0:c4:0c:28:a6:
                    14:26:be:53:72:02:d4:7d:26:62:25:9f:6b:60:8a:
                    ac:c6:ec:60:cd:bd:f8:17:f8:42:e9:28:db:f5:2b:
                    bb:80:27:e1:79:4b:53:13:e8:ed:56:a5:a3:bb:a3:
                    5a:7d:c6:48:28:1f:92:73:17:f6:8d:20:2e:d5:a8:
                    ba:ba:17:95:67:24:14:a3:d6:1f:55:94:f8:c5:9d:
                    74:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:3E:78:F9:1D:9E:B9:EB:87:E7:83:D3:6C:B8:CA:40:0B:98:65:97
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/1z54-R2eueuH54PTbLjKQAuYZZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:b8:65:1f:4f:12:1b:b4:d2:4a:c4:ed:5c:2f:17:de:d4:74:
         20:c6:0f:61:40:bf:46:89:3a:69:07:da:14:f2:aa:2a:e8:d7:
         4f:ef:bb:22:85:47:7b:1b:15:f3:a0:e8:2c:55:a3:45:96:03:
         42:28:24:91:8c:e5:71:f6:1f:ce:70:25:b5:be:64:9c:85:dd:
         70:b1:0d:2d:9e:e9:7e:75:4b:bc:c0:50:f6:6a:5e:cf:19:35:
         fe:34:0c:7a:02:4a:82:ea:e1:ab:19:09:4b:d5:d2:c1:6f:56:
         90:75:16:74:13:35:e1:21:b6:8c:57:4f:54:6b:58:2e:1d:14:
         2e:15:b3:0e:82:8e:f1:bb:c8:cd:e7:ee:6b:23:7e:3b:65:37:
         0d:cd:3d:c5:60:4b:61:dd:e1:5e:af:9f:f4:d9:e1:66:72:f2:
         42:d9:e2:15:52:c6:0f:79:13:7c:0a:cc:52:44:43:af:c5:70:
         b8:60:1f:15:11:34:25:09:8c:3f:92:43:41:0d:f1:6f:6d:39:
         bd:cb:7e:5c:b6:05:62:43:15:4b:a9:97:42:61:56:b4:b8:17:
         79:b1:1d:e5:37:7e:e4:95:36:ff:08:a8:ad:3e:4b:da:35:47:
         4e:8d:28:c9:71:0d:6a:5d:b5:89:98:d0:11:b4:0d:be:aa:f0:
         2c:39:a7:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm+F5vmiw55QeSWb6mzacuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjUxMDA3MDk1NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzNlNzhmOTFkOWViOWViODdlNzgzZDM2Y2I4Y2E0MDBiOTg2NTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKf2MjNUzwMkVu3M5e1uAKdHN1Sp
Z8FAOnk5CCbsoBp/b/jVnpoVrNFN7o4XbWEA2pLu2WZQEaO12gwbOYcDwxYEV68x
IkiD4+WzrPQzmjrUADBCX3wmwCpl9H37bRfrfxkMYdRaG6mXPR6uH+9Vmq5YYBLx
RAg5wvaGMjPrl7B6jBWZyyY/ZpUpfqoRm3+tz2rPlbegRzHGokYZ207I+UKMGoDe
oMRgzcKgb+jP8MQMKKYUJr5TcgLUfSZiJZ9rYIqsxuxgzb34F/hC6Sjb9Su7gCfh
eUtTE+jtVqWju6NafcZIKB+Scxf2jSAu1ai6uheVZyQUo9YfVZT4xZ10awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNc+ePkdnrnrh+eD02y4ykALmGWXMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvMXo1NC1SMmV1ZXVINTRQVGJMaktRQXVZWlpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWFCLMA0G
CSqGSIb3DQEBCwUAA4IBAQBbuGUfTxIbtNJKxO1cLxfe1HQgxg9hQL9GiTppB9oU
8qoq6NdP77sihUd7GxXzoOgsVaNFlgNCKCSRjOVx9h/OcCW1vmSchd1wsQ0tnul+
dUu8wFD2al7PGTX+NAx6AkqC6uGrGQlL1dLBb1aQdRZ0EzXhIbaMV09Ua1guHRQu
FbMOgo7xu8jN5+5rI347ZTcNzT3FYEth3eFer5/02eFmcvJC2eIVUsYPeRN8CsxS
REOvxXC4YB8VETQlCYw/kkNBDfFvbTm9y35ctgViQxVLqZdCYVa0uBd5sR3lN37k
lTb/CKitPkvaNUdOjSjJcQ1qXbWJmNARtA2+qvAsOafQ
-----END CERTIFICATE-----