Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/OX7N03gSPb4sMX_V-5X6zyQ6WaA.roa
File:                     OX7N03gSPb4sMX_V-5X6zyQ6WaA.roa (raw, json)
Hash identifier:          BlJco9f8HDqfOjHCtNduALgKgBNAz1Kj7Oy3Vc4sp3s=
Subject key identifier:   39:7E:CD:D3:78:12:3D:BE:2C:31:7F:D5:FB:95:FA:CF:24:3A:59:A0
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       019919CC9D92BF328790A0E8582946CA8882
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/OX7N03gSPb4sMX_V-5X6zyQ6WaA.roa
Signing time:             Fri 05 Sep 2025 12:14:24 +0000
ROA not before:           Fri 05 Sep 2025 12:14:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207429
IP address blocks:        95.173.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 22:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:19:cc:9d:92:bf:32:87:90:a0:e8:58:29:46:ca:88:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Sep  5 12:14:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=397ecdd378123dbe2c317fd5fb95facf243a59a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:26:ea:d8:85:a6:cb:cb:2a:82:34:d1:86:e9:
                    aa:65:23:a3:5a:f1:a5:6d:4a:fc:fa:f3:99:15:1d:
                    1e:87:92:d4:70:ca:ee:7e:ee:e4:ec:f9:d0:72:b6:
                    29:46:92:1c:6f:85:8f:38:76:e9:4c:44:2b:17:2a:
                    ca:4d:81:1e:ec:d0:4b:c8:7d:24:17:ad:7a:47:40:
                    d0:74:54:3c:8e:a6:9a:16:4b:7b:70:aa:43:74:4e:
                    89:1f:f1:8b:1e:4e:9a:9d:9d:5b:63:2e:d4:b3:66:
                    b7:7d:dc:94:b7:62:ea:00:1e:57:97:f8:a6:ec:e7:
                    4b:69:38:ae:ff:74:a5:ff:56:34:20:77:4c:00:ba:
                    db:1d:cb:26:49:c5:cc:fc:dc:bb:54:f7:26:6b:c3:
                    52:2c:ac:85:3d:ca:e7:5b:24:2b:98:7a:81:34:a6:
                    60:84:7f:4f:d9:40:84:ff:2a:9c:4a:68:28:2f:19:
                    fe:35:c1:8f:07:63:83:93:07:3c:f3:fc:c6:6e:49:
                    d4:24:0e:91:ff:55:68:71:47:b9:d4:d8:d0:c7:24:
                    75:3d:33:96:c4:83:58:56:57:ea:b2:7b:91:d1:8b:
                    9b:59:be:cf:ce:50:d5:96:dd:e3:b5:fd:c2:d7:bc:
                    13:a6:50:b7:f1:51:86:55:f7:1f:ab:11:27:f8:9d:
                    4b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:7E:CD:D3:78:12:3D:BE:2C:31:7F:D5:FB:95:FA:CF:24:3A:59:A0
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/OX7N03gSPb4sMX_V-5X6zyQ6WaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:04:78:54:e2:e8:60:f6:8b:aa:ea:71:f0:ed:4c:c5:99:75:
         0a:c4:55:97:19:33:59:d2:75:b0:26:fa:3a:54:df:89:f8:8c:
         7f:84:6d:7d:d9:ce:35:99:ee:15:04:7c:4c:55:0c:b1:8b:6a:
         04:e3:ee:53:56:b8:09:8b:6a:62:e6:82:b0:54:19:8f:1b:27:
         d9:29:36:cd:b7:ef:6b:50:7d:ff:4c:cc:49:54:fd:45:46:2e:
         fd:5e:32:c9:76:93:d5:fb:41:0c:d2:fe:e2:9e:f1:8a:c9:00:
         3c:93:02:c1:25:89:12:61:18:78:f2:43:ff:92:97:f7:bd:26:
         0f:81:47:e8:a3:cb:34:c8:70:57:19:19:42:47:64:d9:97:46:
         2b:3b:76:77:54:51:32:78:eb:00:bb:02:52:50:52:67:a9:aa:
         9b:6e:08:62:aa:ad:7e:da:bc:ab:b0:04:8c:9e:05:6c:89:dd:
         e1:1f:2b:cf:88:d7:4c:11:c3:31:56:42:5a:75:8e:ae:f9:1d:
         07:86:14:ec:ce:4b:28:59:3e:e1:8c:28:aa:93:48:b3:1f:3f:
         de:f1:03:a3:b1:d0:20:a0:2e:30:72:41:99:8a:bc:af:3e:ff:
         80:ae:fb:e4:bf:bf:4c:4c:88:72:2c:f7:04:b0:85:86:11:0f:
         1c:06:db:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkZzJ2SvzKHkKDoWClGyoiCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjUwOTA1MTIxNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTdlY2RkMzc4MTIzZGJlMmMzMTdmZDVmYjk1ZmFjZjI0M2E1OWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlibq2IWmy8sqgjTRhumqZSOjWvGl
bUr8+vOZFR0eh5LUcMrufu7k7PnQcrYpRpIcb4WPOHbpTEQrFyrKTYEe7NBLyH0k
F616R0DQdFQ8jqaaFkt7cKpDdE6JH/GLHk6anZ1bYy7Us2a3fdyUt2LqAB5Xl/im
7OdLaTiu/3Sl/1Y0IHdMALrbHcsmScXM/Ny7VPcma8NSLKyFPcrnWyQrmHqBNKZg
hH9P2UCE/yqcSmgoLxn+NcGPB2ODkwc88/zGbknUJA6R/1VocUe51NjQxyR1PTOW
xINYVlfqsnuR0YubWb7PzlDVlt3jtf3C17wTplC38VGGVfcfqxEn+J1LMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDl+zdN4Ej2+LDF/1fuV+s8kOlmgMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvT1g3TjAzZ1NQYjRzTVhfVi01WDZ6eVE2V2FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX622MA0G
CSqGSIb3DQEBCwUAA4IBAQB5BHhU4uhg9ouq6nHw7UzFmXUKxFWXGTNZ0nWwJvo6
VN+J+Ix/hG192c41me4VBHxMVQyxi2oE4+5TVrgJi2pi5oKwVBmPGyfZKTbNt+9r
UH3/TMxJVP1FRi79XjLJdpPV+0EM0v7invGKyQA8kwLBJYkSYRh48kP/kpf3vSYP
gUfoo8s0yHBXGRlCR2TZl0YrO3Z3VFEyeOsAuwJSUFJnqaqbbghiqq1+2ryrsASM
ngVsid3hHyvPiNdMEcMxVkJadY6u+R0HhhTszksoWT7hjCiqk0izHz/e8QOjsdAg
oC4wckGZiryvPv+Arvvkv79MTIhyLPcEsIWGEQ8cBtsn
-----END CERTIFICATE-----