Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/FIW7fwGAyJnOAzz2Ig4OquStbIw.roa
File:                     FIW7fwGAyJnOAzz2Ig4OquStbIw.roa (raw, json)
Hash identifier:          Itn/Khoc6SXbHAI9HOvcWbsIu8OiTqhQSGekM+dshLA=
Subject key identifier:   14:85:BB:7F:01:80:C8:99:CE:03:3C:F6:22:0E:0E:AA:E4:AD:6C:8C
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       0199152584042DE9EC9A68E2FC3F89DD00F8
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/FIW7fwGAyJnOAzz2Ig4OquStbIw.roa
Signing time:             Thu 04 Sep 2025 14:33:23 +0000
ROA not before:           Thu 04 Sep 2025 14:33:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50053
IP address blocks:        195.96.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:25:84:04:2d:e9:ec:9a:68:e2:fc:3f:89:dd:00:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Sep  4 14:33:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1485bb7f0180c899ce033cf6220e0eaae4ad6c8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1c:be:96:2e:52:d8:4c:f6:bf:ed:dc:83:8e:
                    52:5b:02:59:cf:77:5d:91:0a:29:7b:a4:81:ad:18:
                    d3:36:98:71:2f:12:96:45:3b:da:44:17:0d:07:6d:
                    ea:e8:ad:6b:1b:7d:ef:a1:59:31:1a:df:b8:fd:d4:
                    61:68:1b:83:6c:01:c3:4c:2d:d5:78:b5:c3:18:59:
                    1a:78:0d:6e:a3:ab:73:1b:07:a8:eb:61:05:4b:4f:
                    68:a6:b0:1c:e1:18:ea:13:56:84:6d:8c:82:b5:62:
                    d2:11:d9:8d:e7:ab:28:f1:19:13:98:f1:75:55:15:
                    ab:32:a9:97:44:a5:fa:17:29:c5:c0:2a:04:d0:2d:
                    de:3a:66:30:3b:15:99:e6:0d:35:33:5a:f1:ef:ca:
                    d2:18:e8:66:7a:60:be:ee:c3:e1:e0:87:90:e1:15:
                    5c:eb:27:85:96:09:50:bd:a9:cc:34:63:a8:a9:34:
                    a5:c6:55:66:07:c7:b4:8b:e9:a6:8a:ed:53:a3:67:
                    b7:20:63:11:06:30:03:37:99:a6:2a:f8:b7:d3:49:
                    c6:1d:3c:1f:f7:b4:a4:41:c9:8c:5a:81:b8:dc:66:
                    8c:9a:9b:a2:57:29:bc:93:c3:d1:71:8e:32:33:19:
                    d1:0c:8f:78:90:d2:2b:f1:2f:a8:b8:9a:76:22:44:
                    d9:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:85:BB:7F:01:80:C8:99:CE:03:3C:F6:22:0E:0E:AA:E4:AD:6C:8C
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/FIW7fwGAyJnOAzz2Ig4OquStbIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:dd:84:e3:2d:1e:8d:8d:74:bd:3b:8a:3c:77:31:ef:09:12:
         87:98:24:4f:ea:3a:de:ab:15:23:85:f7:a4:ef:4e:47:13:12:
         e0:db:a4:ce:cb:c5:14:12:4c:bf:6f:35:0c:3b:30:71:bb:05:
         3c:f8:1a:22:db:52:c6:97:2c:6e:b9:85:11:bd:2a:d7:fe:e6:
         45:8a:26:31:d4:3b:31:62:c6:d5:05:a6:c9:3a:3c:9a:95:d9:
         f1:2f:e2:78:63:e7:82:c6:05:4d:59:c0:77:e8:c5:40:29:78:
         67:2b:6f:ce:78:f3:19:e5:cc:f8:5c:71:2c:96:84:3b:0c:de:
         8d:59:74:1e:d7:af:d5:b9:e3:c4:e4:63:76:60:9c:04:19:62:
         67:38:24:4f:2c:d2:00:7d:d8:fb:9b:9b:4c:35:6e:6e:f4:6c:
         5b:6a:75:59:73:22:07:08:43:7a:44:84:9f:2a:c0:18:91:17:
         5a:99:3b:75:2e:3a:f9:62:98:5c:c9:0f:8a:e7:f7:16:b6:8e:
         4f:77:7a:54:6e:11:79:69:d3:05:64:13:f9:83:60:22:9f:69:
         91:71:80:77:45:07:ad:73:d6:2b:79:52:59:43:63:16:bf:07:
         64:67:cf:24:8e:3a:b4:8d:10:ba:95:d5:b1:34:7d:aa:8d:6a:
         75:75:b8:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkVJYQELensmmji/D+J3QD4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwOTA0MTQzMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDg1YmI3ZjAxODBjODk5Y2UwMzNjZjYyMjBlMGVhYWU0YWQ2YzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRy+li5S2Ez2v+3cg45SWwJZz3dd
kQope6SBrRjTNphxLxKWRTvaRBcNB23q6K1rG33voVkxGt+4/dRhaBuDbAHDTC3V
eLXDGFkaeA1uo6tzGweo62EFS09oprAc4RjqE1aEbYyCtWLSEdmN56so8RkTmPF1
VRWrMqmXRKX6FynFwCoE0C3eOmYwOxWZ5g01M1rx78rSGOhmemC+7sPh4IeQ4RVc
6yeFlglQvanMNGOoqTSlxlVmB8e0i+mmiu1To2e3IGMRBjADN5mmKvi300nGHTwf
97SkQcmMWoG43GaMmpuiVym8k8PRcY4yMxnRDI94kNIr8S+ouJp2IkTZowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSFu38BgMiZzgM89iIODqrkrWyMMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvRklXN2Z3R0F5Sm5PQXp6MklnNE9xdVN0Ykl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CcMA0G
CSqGSIb3DQEBCwUAA4IBAQCu3YTjLR6NjXS9O4o8dzHvCRKHmCRP6jreqxUjhfek
705HExLg26TOy8UUEky/bzUMOzBxuwU8+Boi21LGlyxuuYURvSrX/uZFiiYx1Dsx
YsbVBabJOjyaldnxL+J4Y+eCxgVNWcB36MVAKXhnK2/OePMZ5cz4XHEsloQ7DN6N
WXQe16/VuePE5GN2YJwEGWJnOCRPLNIAfdj7m5tMNW5u9GxbanVZcyIHCEN6RISf
KsAYkRdamTt1Ljr5YphcyQ+K5/cWto5Pd3pUbhF5adMFZBP5g2Ain2mRcYB3RQet
c9YreVJZQ2MWvwdkZ88kjjq0jRC6ldWxNH2qjWp1dbh+
-----END CERTIFICATE-----