Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/fKLtJhWNQAKp7QrHuoK9MDNVZhY.roa
File:                     fKLtJhWNQAKp7QrHuoK9MDNVZhY.roa (raw, json)
Hash identifier:          +KhiPiU8ZWG1n92+7xw6zEnSp4Nawvfw/0UsQtzNdQU=
Subject key identifier:   7C:A2:ED:26:15:8D:40:02:A9:ED:0A:C7:BA:82:BD:30:33:55:66:16
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       01990F55F1A9DB53B323CFEAC96438054EEC
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/fKLtJhWNQAKp7QrHuoK9MDNVZhY.roa
Signing time:             Wed 03 Sep 2025 11:28:34 +0000
ROA not before:           Wed 03 Sep 2025 11:28:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44667
IP address blocks:        92.53.160.0/20 maxlen: 24
                          158.41.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:55:f1:a9:db:53:b3:23:cf:ea:c9:64:38:05:4e:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Sep  3 11:28:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ca2ed26158d4002a9ed0ac7ba82bd3033556616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:34:fd:cc:eb:68:2e:2f:48:6b:4c:12:e2:dd:
                    f4:22:c5:f8:6e:fe:39:69:0e:06:59:ce:48:5b:50:
                    46:e8:ca:1f:77:2a:51:e5:9a:2c:88:e3:13:f2:ef:
                    1a:0e:f6:b4:13:73:4e:a2:5e:9e:4c:cb:36:7a:a0:
                    c9:85:7e:a6:f9:b6:1a:fa:12:5b:89:1b:2f:48:d0:
                    0f:46:07:e2:9c:ff:01:cf:50:a5:08:8b:3e:29:ea:
                    3a:a8:58:18:d3:9a:15:e7:c5:a5:f9:08:04:e1:a8:
                    5c:50:62:45:ce:56:91:23:5c:b3:bb:17:a3:c2:c2:
                    46:f4:c8:2f:a9:ba:59:28:ba:49:2d:b5:2f:60:53:
                    5b:5a:67:dd:5e:6b:cd:a7:8d:77:6b:18:3f:56:c7:
                    ec:bd:bf:48:07:1c:4a:f8:6b:66:4d:44:70:56:16:
                    42:13:fd:21:64:d1:d3:af:28:08:54:71:03:5c:53:
                    ef:d4:70:e1:35:24:2e:dd:fe:e5:4f:a0:00:64:5d:
                    06:3a:36:4c:4e:84:7d:b4:ed:cc:da:a0:4f:90:c2:
                    78:e5:e3:50:e0:d9:a0:6f:ad:c8:6e:8d:c2:9d:f3:
                    27:51:0b:4f:55:6f:41:b6:cc:97:05:25:50:e7:97:
                    10:3e:dd:66:c2:cf:81:f6:4e:d2:3e:89:58:30:ef:
                    28:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:A2:ED:26:15:8D:40:02:A9:ED:0A:C7:BA:82:BD:30:33:55:66:16
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/fKLtJhWNQAKp7QrHuoK9MDNVZhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.160.0/20
                  158.41.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9d:b6:5e:dc:17:69:1e:21:c1:eb:10:34:36:f3:9f:6a:65:e7:
         75:45:15:d7:44:1e:61:c2:e3:a5:a8:27:1c:6b:21:85:31:de:
         9d:30:ae:32:40:ce:ca:87:2f:ce:03:09:68:14:75:94:98:6c:
         fa:ba:76:dd:9b:df:86:e0:87:32:b7:3c:e4:2a:b0:8a:7c:db:
         e1:12:36:12:4e:23:36:3b:25:58:47:ea:73:2d:e0:94:3d:f6:
         88:36:6c:23:79:98:56:59:96:75:c6:6b:0b:76:83:91:37:e7:
         9c:25:7a:48:bf:62:93:62:fd:60:3d:6c:fa:4c:20:d8:24:d8:
         34:27:1a:05:d0:64:a3:de:93:d2:a1:69:79:62:9b:0d:ab:bb:
         f7:c3:61:9b:a3:19:11:bb:e1:d7:06:20:ad:7d:ed:6b:e6:a7:
         73:a4:52:e2:17:de:fd:8d:7f:28:ae:83:4f:33:46:a0:97:cb:
         eb:96:1a:f6:a0:a6:45:d7:d6:9b:0f:29:9e:53:fb:fc:a2:e7:
         1e:2b:f8:b1:70:11:c8:83:8f:5e:eb:9e:a2:22:5c:40:88:cf:
         ac:d6:1e:44:63:34:f7:f0:2c:63:16:1c:4c:06:56:f4:c9:ad:
         46:d3:aa:e9:c0:6d:b9:51:1d:eb:98:e0:e6:f7:11:53:ac:9e:
         00:13:50:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkPVfGp21OzI8/qyWQ4BU7sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjUwOTAzMTEyODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2EyZWQyNjE1OGQ0MDAyYTllZDBhYzdiYTgyYmQzMDMzNTU2NjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzT9zOtoLi9Ia0wS4t30IsX4bv45
aQ4GWc5IW1BG6MofdypR5ZosiOMT8u8aDva0E3NOol6eTMs2eqDJhX6m+bYa+hJb
iRsvSNAPRgfinP8Bz1ClCIs+Keo6qFgY05oV58Wl+QgE4ahcUGJFzlaRI1yzuxej
wsJG9MgvqbpZKLpJLbUvYFNbWmfdXmvNp413axg/Vsfsvb9IBxxK+GtmTURwVhZC
E/0hZNHTrygIVHEDXFPv1HDhNSQu3f7lT6AAZF0GOjZMToR9tO3M2qBPkMJ45eNQ
4Nmgb63Ibo3CnfMnUQtPVW9BtsyXBSVQ55cQPt1mws+B9k7SPolYMO8oQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHyi7SYVjUACqe0Kx7qCvTAzVWYWMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvZktMdEpoV05RQUtwN1FySHVvSzlNRE5WWmhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEXDWgAwQE
nikAMA0GCSqGSIb3DQEBCwUAA4IBAQCdtl7cF2keIcHrEDQ2859qZed1RRXXRB5h
wuOlqCccayGFMd6dMK4yQM7Khy/OAwloFHWUmGz6unbdm9+G4IcytzzkKrCKfNvh
EjYSTiM2OyVYR+pzLeCUPfaINmwjeZhWWZZ1xmsLdoORN+ecJXpIv2KTYv1gPWz6
TCDYJNg0JxoF0GSj3pPSoWl5YpsNq7v3w2GboxkRu+HXBiCtfe1r5qdzpFLiF979
jX8oroNPM0agl8vrlhr2oKZF19abDymeU/v8ouceK/ixcBHIg49e656iIlxAiM+s
1h5EYzT38CxjFhxMBlb0ya1G06rpwG25UR3rmODm9xFTrJ4AE1A+
-----END CERTIFICATE-----