Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/tRbEYKiQNImxB5GmCAFUO_fKfvM.roa
File:                     tRbEYKiQNImxB5GmCAFUO_fKfvM.roa (raw, json)
Hash identifier:          28nPC9rlCdKzBtEXquHw5bj4n8uyFfVzNdsaYilx4dE=
Subject key identifier:   B5:16:C4:60:A8:90:34:89:B1:07:91:A6:08:01:54:3B:F7:CA:7E:F3
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       01990ED221D441048ED3B08ED30B97E3999C
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/tRbEYKiQNImxB5GmCAFUO_fKfvM.roa
Signing time:             Wed 03 Sep 2025 09:04:36 +0000
ROA not before:           Wed 03 Sep 2025 09:04:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52280
IP address blocks:        158.172.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 15:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0e:d2:21:d4:41:04:8e:d3:b0:8e:d3:0b:97:e3:99:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Sep  3 09:04:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b516c460a8903489b10791a60801543bf7ca7ef3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f0:76:37:e0:3c:46:ea:73:b6:83:b4:84:79:
                    65:80:a4:16:a5:86:37:74:01:54:bf:9d:10:11:74:
                    0d:46:8a:0a:60:a2:6a:dc:24:5f:9b:7f:5e:3a:d7:
                    65:e7:91:42:9c:97:da:62:d9:b6:e3:fd:03:3f:31:
                    40:98:45:09:ce:fd:ea:6a:2e:d4:f9:5e:6d:69:1d:
                    66:00:69:cf:f3:90:11:1c:40:11:7e:42:f9:bc:69:
                    5a:25:ed:cb:66:ce:e9:ca:38:88:ac:98:2b:10:36:
                    80:e6:0a:9b:26:74:08:ba:d5:b0:17:44:e0:73:71:
                    6a:db:da:34:cb:6b:bf:ff:3f:5a:1a:ab:35:bc:b8:
                    03:f1:f5:68:0a:c4:88:35:88:56:2d:c7:83:53:4b:
                    9c:da:df:e2:40:82:1e:a3:85:b4:5e:69:c9:23:62:
                    92:50:23:f0:75:d7:2e:50:7a:cb:04:fa:00:87:37:
                    4c:41:43:b4:d5:4a:95:a1:48:d3:f5:e7:11:d6:d7:
                    2d:2b:a5:25:9d:b9:9b:01:f9:38:11:2e:a5:49:07:
                    66:2e:bd:ce:5b:7e:07:70:de:85:a5:c0:9b:d1:2f:
                    54:ff:cf:0e:4d:a3:d2:1f:5a:b1:93:ef:a8:27:7f:
                    72:a3:49:ba:3f:21:6f:1f:76:24:f7:ca:58:24:1d:
                    3e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:16:C4:60:A8:90:34:89:B1:07:91:A6:08:01:54:3B:F7:CA:7E:F3
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/tRbEYKiQNImxB5GmCAFUO_fKfvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.172.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:35:f3:a4:e8:05:3e:fa:f7:e6:7a:f2:7e:9a:9a:d4:47:26:
         c2:52:6d:d2:81:b8:0e:1f:6d:46:de:de:91:74:2f:d3:23:f0:
         da:99:68:d5:e9:e9:3e:9f:ff:c8:7c:21:02:d5:3d:6d:5a:29:
         57:48:17:c9:b6:0f:73:81:1b:6b:f2:89:f4:3c:05:52:d5:92:
         88:27:91:ab:64:da:b9:d1:84:c6:90:f4:5c:f1:0e:24:5c:75:
         2e:11:ec:78:2a:e3:56:93:ee:d7:1b:f3:67:04:0d:bb:70:78:
         78:c3:b2:10:2d:80:bc:c6:50:1e:6a:85:81:5b:a2:8f:96:17:
         8e:23:e7:e2:2f:17:63:7d:64:9f:2f:bd:0a:57:62:77:d6:42:
         e5:1d:bf:c3:d2:7d:48:06:ef:16:1b:35:c8:7b:12:e2:5e:7f:
         47:f5:a4:b2:06:3d:83:3f:51:55:46:ce:46:40:dc:d0:02:ba:
         a2:f8:f3:3e:34:7d:c6:f2:80:9d:1b:b3:0d:7d:0e:72:63:18:
         44:cf:c9:d3:d5:6f:b4:e7:29:52:c5:cc:81:2b:c4:e7:c0:07:
         00:df:14:0a:70:72:d8:54:8e:8a:14:5b:01:b5:e6:02:6b:5c:
         5a:d0:47:06:d0:c3:fb:a9:31:83:ad:49:26:ab:cb:39:49:d8:
         85:7e:6c:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkO0iHUQQSO07CO0wuX45mcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjUwOTAzMDkwNDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTE2YzQ2MGE4OTAzNDg5YjEwNzkxYTYwODAxNTQzYmY3Y2E3ZWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPB2N+A8RupztoO0hHllgKQWpYY3
dAFUv50QEXQNRooKYKJq3CRfm39eOtdl55FCnJfaYtm24/0DPzFAmEUJzv3qai7U
+V5taR1mAGnP85ARHEARfkL5vGlaJe3LZs7pyjiIrJgrEDaA5gqbJnQIutWwF0Tg
c3Fq29o0y2u//z9aGqs1vLgD8fVoCsSINYhWLceDU0uc2t/iQIIeo4W0XmnJI2KS
UCPwddcuUHrLBPoAhzdMQUO01UqVoUjT9ecR1tctK6UlnbmbAfk4ES6lSQdmLr3O
W34HcN6FpcCb0S9U/88OTaPSH1qxk++oJ39yo0m6PyFvH3Yk98pYJB0+1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUWxGCokDSJsQeRpggBVDv3yn7zMB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvdFJiRVlLaVFOSW14QjVHbUNBRlVPX2ZLZnZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnqzbMA0G
CSqGSIb3DQEBCwUAA4IBAQAVNfOk6AU++vfmevJ+mprURybCUm3SgbgOH21G3t6R
dC/TI/DamWjV6ek+n//IfCEC1T1tWilXSBfJtg9zgRtr8on0PAVS1ZKIJ5GrZNq5
0YTGkPRc8Q4kXHUuEex4KuNWk+7XG/NnBA27cHh4w7IQLYC8xlAeaoWBW6KPlheO
I+fiLxdjfWSfL70KV2J31kLlHb/D0n1IBu8WGzXIexLiXn9H9aSyBj2DP1FVRs5G
QNzQArqi+PM+NH3G8oCdG7MNfQ5yYxhEz8nT1W+05ylSxcyBK8TnwAcA3xQKcHLY
VI6KFFsBteYCa1xa0EcG0MP7qTGDrUkmq8s5SdiFfmxu
-----END CERTIFICATE-----