Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/r3RFE-879aQPlTAYSIzxRB7I1g4.roa
File:                     r3RFE-879aQPlTAYSIzxRB7I1g4.roa (raw, json)
Hash identifier:          HvDiU5OY5w8GPNN2r0h7VcqBDnJGg+XhKF07qtUJ66M=
Subject key identifier:   AF:74:45:13:EF:3B:F5:A4:0F:95:30:18:48:8C:F1:44:1E:C8:D6:0E
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       019A0BD4DB44C147BF8308050DEDFA17C577
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/r3RFE-879aQPlTAYSIzxRB7I1g4.roa
Signing time:             Wed 22 Oct 2025 12:11:30 +0000
ROA not before:           Wed 22 Oct 2025 12:11:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44667
IP address blocks:        158.41.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Oct 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:d4:db:44:c1:47:bf:83:08:05:0d:ed:fa:17:c5:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Oct 22 12:11:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af744513ef3bf5a40f953018488cf1441ec8d60e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:31:ff:4c:6e:00:ff:97:ec:a7:01:75:83:22:
                    4a:fd:86:5f:56:86:3f:26:0a:1a:bb:39:6a:be:d6:
                    ef:f3:24:87:ec:2f:8b:51:a4:86:aa:74:b9:02:12:
                    2b:33:ee:c9:44:f9:8b:43:1b:30:bb:96:3f:07:ad:
                    d6:6c:f6:c6:08:20:88:f2:90:eb:c8:a6:cc:22:23:
                    34:0a:5b:74:7e:e5:60:45:30:56:bb:21:01:30:88:
                    c5:53:f7:ca:02:77:e7:68:59:f8:2b:13:a7:49:45:
                    22:47:4b:5d:ad:75:bd:53:23:2b:bd:f4:69:67:62:
                    c5:f9:3b:67:e1:9c:fb:f1:f3:36:86:71:02:6b:d3:
                    77:41:46:a3:f4:e8:45:71:dc:3d:6e:8f:c3:0c:c4:
                    b9:41:ed:76:f0:09:be:8b:01:e3:80:52:fc:cb:f1:
                    be:36:35:e1:c4:13:f5:72:8a:1c:b5:a1:ea:26:09:
                    ce:bb:ea:60:1d:e5:ad:60:32:8a:14:75:96:9d:4e:
                    5b:f3:cb:f4:b9:a4:64:c8:9d:1e:d6:e5:47:19:7f:
                    62:b1:36:52:72:24:c1:9a:ba:1a:8c:a9:e7:ff:34:
                    37:f2:46:53:a7:51:0b:89:08:11:48:aa:23:dc:8a:
                    78:73:bf:ec:3e:f4:3e:5d:8f:39:92:6e:29:be:1a:
                    cc:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:74:45:13:EF:3B:F5:A4:0F:95:30:18:48:8C:F1:44:1E:C8:D6:0E
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/r3RFE-879aQPlTAYSIzxRB7I1g4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.41.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5e:a6:a7:70:d6:f0:17:ea:da:98:6f:d1:f7:71:f4:02:e4:66:
         bc:10:d8:8e:0c:66:b2:a1:97:94:80:20:1f:bd:f0:d4:96:05:
         ea:34:5f:6c:8a:fa:37:ec:bc:16:27:0d:57:db:50:d8:cc:75:
         96:7e:1a:d6:b0:1e:d2:2a:68:96:06:97:45:fe:8b:b2:e3:e8:
         9e:42:a2:51:e3:53:8c:78:76:4c:95:a4:47:9c:54:4c:e3:f8:
         3e:0b:f3:ff:72:5c:f7:70:c9:02:ca:27:6e:28:5d:7f:ea:50:
         73:c1:00:40:bc:41:0a:19:a5:cb:fb:60:4e:6b:be:56:01:d5:
         b6:7d:9d:7f:86:65:b1:a6:98:a2:c8:30:35:61:28:d7:7a:d0:
         14:59:7a:a3:9d:57:39:42:50:81:3f:ad:2a:36:6e:1a:95:86:
         2b:e9:20:c4:02:3e:f8:a6:3a:c9:00:a7:bf:13:26:27:35:aa:
         a7:3f:f0:60:ee:0c:c1:8f:34:16:53:82:70:bc:72:55:58:f0:
         2d:a8:08:39:49:d3:5f:67:08:50:a4:97:1a:95:83:31:21:54:
         8b:8f:2b:cf:75:ea:d4:5e:82:90:52:d7:47:18:bd:d3:ec:ee:
         0a:07:be:00:33:18:be:a9:e2:b4:db:34:18:fc:b4:b2:85:f3:
         e5:45:53:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoL1NtEwUe/gwgFDe36F8V3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjUxMDIyMTIxMTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjc0NDUxM2VmM2JmNWE0MGY5NTMwMTg0ODhjZjE0NDFlYzhkNjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzH/TG4A/5fspwF1gyJK/YZfVoY/
Jgoauzlqvtbv8ySH7C+LUaSGqnS5AhIrM+7JRPmLQxswu5Y/B63WbPbGCCCI8pDr
yKbMIiM0Clt0fuVgRTBWuyEBMIjFU/fKAnfnaFn4KxOnSUUiR0tdrXW9UyMrvfRp
Z2LF+Ttn4Zz78fM2hnECa9N3QUaj9OhFcdw9bo/DDMS5Qe128Am+iwHjgFL8y/G+
NjXhxBP1cooctaHqJgnOu+pgHeWtYDKKFHWWnU5b88v0uaRkyJ0e1uVHGX9isTZS
ciTBmroajKnn/zQ38kZTp1ELiQgRSKoj3Ip4c7/sPvQ+XY85km4pvhrM9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK90RRPvO/WkD5UwGEiM8UQeyNYOMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvcjNSRkUtODc5YVFQbFRBWVNJenhSQjdJMWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEnikAMA0G
CSqGSIb3DQEBCwUAA4IBAQBepqdw1vAX6tqYb9H3cfQC5Ga8ENiODGayoZeUgCAf
vfDUlgXqNF9sivo37LwWJw1X21DYzHWWfhrWsB7SKmiWBpdF/ouy4+ieQqJR41OM
eHZMlaRHnFRM4/g+C/P/clz3cMkCyiduKF1/6lBzwQBAvEEKGaXL+2BOa75WAdW2
fZ1/hmWxppiiyDA1YSjXetAUWXqjnVc5QlCBP60qNm4alYYr6SDEAj74pjrJAKe/
EyYnNaqnP/Bg7gzBjzQWU4JwvHJVWPAtqAg5SdNfZwhQpJcalYMxIVSLjyvPderU
XoKQUtdHGL3T7O4KB74AMxi+qeK02zQY/LSyhfPlRVMr
-----END CERTIFICATE-----