Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/PfuePBqyE9oSuvuOqPl2yYw0_nM.roa
File:                     PfuePBqyE9oSuvuOqPl2yYw0_nM.roa (raw, json)
Hash identifier:          I912gPvDq9Xcn/nApuI3hIUcz4zJdPzL8TmlGrNFHYI=
Subject key identifier:   3D:FB:9E:3C:1A:B2:13:DA:12:BA:FB:8E:A8:F9:76:C9:8C:34:FE:73
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       0198DF9471AD46281A5109B77232B6643E0B
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/PfuePBqyE9oSuvuOqPl2yYw0_nM.roa
Signing time:             Mon 25 Aug 2025 04:55:04 +0000
ROA not before:           Mon 25 Aug 2025 04:55:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64161
IP address blocks:        195.88.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 08:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:df:94:71:ad:46:28:1a:51:09:b7:72:32:b6:64:3e:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Aug 25 04:55:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3dfb9e3c1ab213da12bafb8ea8f976c98c34fe73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:25:86:43:3c:74:56:42:66:40:b4:aa:01:c5:
                    a7:8e:45:d5:3a:48:50:20:67:0a:58:da:b6:aa:49:
                    78:5f:df:b0:4f:fb:94:73:bd:56:48:e9:7c:ef:9b:
                    f5:e6:96:5f:d6:79:d9:73:5d:aa:69:2f:c9:31:f0:
                    05:75:f9:72:d0:4d:2b:c9:99:2b:22:f7:9e:c1:5b:
                    cd:35:00:15:2f:8e:4d:7e:67:a9:2f:92:33:30:58:
                    e3:fb:e5:83:b4:e2:52:ca:df:58:5a:58:ec:bb:b0:
                    31:8c:98:aa:a2:b0:d4:3e:bd:03:5f:6e:4e:8c:be:
                    9b:f6:9c:82:30:98:36:6b:ea:4c:46:34:ce:f2:de:
                    93:c7:77:64:b8:ca:6a:b9:a3:56:db:0e:f4:33:f3:
                    f3:03:af:e0:e9:d8:9f:78:f9:b1:49:b3:4c:80:c8:
                    48:0c:1a:cf:e1:6a:69:55:e6:a7:18:9a:c5:d2:26:
                    41:2e:80:09:57:28:b3:c8:f3:8a:df:13:40:ae:be:
                    2f:eb:04:e7:fb:d6:1e:7d:36:65:34:c0:b2:49:a2:
                    98:ed:22:85:35:b8:49:3d:e0:c0:aa:fa:0d:b4:e4:
                    3d:6b:5f:1c:10:55:22:45:86:8e:fc:ff:6e:d7:f0:
                    5e:5d:99:8e:6f:c6:12:cc:c0:17:bf:a6:a7:03:eb:
                    17:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:FB:9E:3C:1A:B2:13:DA:12:BA:FB:8E:A8:F9:76:C9:8C:34:FE:73
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/PfuePBqyE9oSuvuOqPl2yYw0_nM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a9:42:49:24:cf:9e:9a:5a:dc:3f:e3:3f:fa:b9:e9:e0:6e:
         b6:a4:44:78:fc:29:0b:f4:3c:1f:2e:8b:bc:81:9a:27:f4:cd:
         5e:c8:1f:88:ff:25:01:aa:bf:70:39:23:82:ce:61:64:dc:1f:
         5e:d6:50:9f:e0:bc:3a:2d:a0:59:12:1f:34:f4:de:cd:34:3f:
         bf:92:4b:25:50:52:e7:41:2b:d5:19:7b:14:ec:c9:a3:0a:a2:
         e5:d1:2f:ce:00:62:eb:15:6b:b3:35:44:dd:d2:94:80:2e:65:
         e9:cc:57:86:ab:dc:37:d3:87:a1:1b:72:1d:84:e4:b3:4a:75:
         29:c6:d9:29:fc:34:58:90:de:f9:0d:2e:4c:46:91:f8:f6:ba:
         e4:47:12:9e:b0:8a:cd:54:32:ef:85:b6:e3:d2:42:3c:60:4d:
         e3:d0:db:a3:29:57:07:f1:b1:21:25:b3:94:c2:c5:74:7c:f3:
         8e:39:24:6c:56:79:6f:85:67:fa:e4:88:34:bc:89:11:73:1a:
         c3:3b:35:86:50:e0:04:98:99:f9:99:c6:6b:be:30:6b:d7:6e:
         8e:f2:87:ab:1e:f8:9e:cc:15:ec:2e:5b:15:4a:a1:98:7b:35:
         78:23:c1:a4:d2:b8:f4:0a:f6:31:69:76:d1:5d:ae:f2:8f:21:
         53:4a:29:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjflHGtRigaUQm3cjK2ZD4LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwODI1MDQ1NTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGZiOWUzYzFhYjIxM2RhMTJiYWZiOGVhOGY5NzZjOThjMzRmZTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCWGQzx0VkJmQLSqAcWnjkXVOkhQ
IGcKWNq2qkl4X9+wT/uUc71WSOl875v15pZf1nnZc12qaS/JMfAFdfly0E0ryZkr
IveewVvNNQAVL45NfmepL5IzMFjj++WDtOJSyt9YWljsu7AxjJiqorDUPr0DX25O
jL6b9pyCMJg2a+pMRjTO8t6Tx3dkuMpquaNW2w70M/PzA6/g6difePmxSbNMgMhI
DBrP4WppVeanGJrF0iZBLoAJVyizyPOK3xNArr4v6wTn+9YefTZlNMCySaKY7SKF
NbhJPeDAqvoNtOQ9a18cEFUiRYaO/P9u1/BeXZmOb8YSzMAXv6anA+sXpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD37njwashPaErr7jqj5dsmMNP5zMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvUGZ1ZVBCcXlFOW9TdXZ1T3FQbDJ5WXcwX25NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1jVMA0G
CSqGSIb3DQEBCwUAA4IBAQADqUJJJM+emlrcP+M/+rnp4G62pER4/CkL9DwfLou8
gZon9M1eyB+I/yUBqr9wOSOCzmFk3B9e1lCf4Lw6LaBZEh809N7NND+/kkslUFLn
QSvVGXsU7MmjCqLl0S/OAGLrFWuzNUTd0pSALmXpzFeGq9w304ehG3IdhOSzSnUp
xtkp/DRYkN75DS5MRpH49rrkRxKesIrNVDLvhbbj0kI8YE3j0NujKVcH8bEhJbOU
wsV0fPOOOSRsVnlvhWf65Ig0vIkRcxrDOzWGUOAEmJn5mcZrvjBr126O8oerHvie
zBXsLlsVSqGYezV4I8Gk0rj0CvYxaXbRXa7yjyFTSilc
-----END CERTIFICATE-----