Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/lSE1obQ59T94JWyP17qNbBJ8Mi4.roa
File:                     lSE1obQ59T94JWyP17qNbBJ8Mi4.roa (raw, json)
Hash identifier:          //1SxIcij8D7RTJOSo9c6uRC0w9XN7/ELpwWy3gm8m8=
Subject key identifier:   95:21:35:A1:B4:39:F5:3F:78:25:6C:8F:D7:BA:8D:6C:12:7C:32:2E
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       0199CA60FE16FF864BC3B3ABEE85EA025093
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/lSE1obQ59T94JWyP17qNbBJ8Mi4.roa
Signing time:             Thu 09 Oct 2025 19:09:38 +0000
ROA not before:           Thu 09 Oct 2025 19:09:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        89.46.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ca:60:fe:16:ff:86:4b:c3:b3:ab:ee:85:ea:02:50:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Oct  9 19:09:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=952135a1b439f53f78256c8fd7ba8d6c127c322e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4c:98:2b:b4:00:2e:9d:1d:f3:1a:13:10:cb:
                    44:79:2f:9d:be:c7:7e:e9:e6:f5:d5:2d:05:27:6f:
                    1e:a1:aa:c2:b6:7e:1d:e1:f6:39:a3:43:db:22:14:
                    de:c7:9c:35:98:58:ab:74:0b:0e:12:bb:de:df:39:
                    ec:39:7e:61:36:3f:bf:5e:c3:7e:1b:7a:47:7a:71:
                    db:64:93:6e:bb:6f:97:3e:28:58:fd:5c:e1:46:f2:
                    17:73:77:1c:02:3f:b7:ea:1a:23:4b:fc:a1:3f:c1:
                    8e:13:ea:8b:bd:77:b5:b4:bc:39:81:cf:98:20:b7:
                    a5:67:68:f0:24:b8:4d:09:37:a6:a7:f1:3e:bb:e2:
                    85:22:48:7d:bf:48:e5:13:49:c2:8e:07:bb:e1:a8:
                    4f:11:5b:68:3c:6a:ba:ea:84:6f:65:7f:8f:6d:47:
                    9d:e8:d0:38:b3:55:7e:f6:53:f5:58:bb:c9:e9:05:
                    7e:75:3d:a0:d0:58:e0:b3:21:70:43:2c:73:69:1c:
                    05:25:57:34:0d:79:01:dc:85:97:26:85:9d:b9:1d:
                    8e:b1:58:76:a8:93:34:a7:bd:2f:f3:c8:28:eb:b9:
                    70:e7:ad:23:0f:0b:e5:1e:ff:24:1a:dc:d6:dc:cf:
                    9e:7d:db:db:5d:0d:73:8b:d7:a8:8f:89:dc:fd:6c:
                    af:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:21:35:A1:B4:39:F5:3F:78:25:6C:8F:D7:BA:8D:6C:12:7C:32:2E
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/lSE1obQ59T94JWyP17qNbBJ8Mi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:fe:29:bc:14:f3:12:d7:e9:69:2d:d6:b5:29:97:af:bb:81:
         ec:0b:a0:5b:23:fb:55:26:bf:11:7e:55:15:38:52:b2:f7:f8:
         7d:0e:11:e3:80:94:e7:84:be:23:37:6f:28:21:ca:0c:d7:dc:
         75:e4:07:30:22:8f:e4:db:81:d0:f6:aa:71:52:35:8c:48:cb:
         9b:3f:b2:3d:c6:0f:12:b9:6f:8c:3d:ab:9b:52:e4:45:cd:51:
         57:d2:2e:ff:2e:d3:c2:be:80:da:5e:3f:c3:a6:85:d0:5d:0e:
         ea:26:8f:74:21:58:20:e2:01:b0:f1:72:5c:fd:64:94:1a:e6:
         cb:70:e4:23:8c:cf:fe:99:9b:9b:43:be:eb:d5:e1:a6:9f:c6:
         a5:1a:6e:0f:eb:cc:3c:ab:52:7b:f6:36:3c:55:47:ac:88:b5:
         5f:e6:a2:75:83:01:15:88:97:78:fe:82:ee:33:85:7c:47:89:
         78:da:92:a1:98:2a:2f:bb:12:22:6f:c9:12:46:8f:bd:b5:a5:
         16:f8:21:ef:a9:a6:5c:81:a5:1a:3a:d8:de:7e:31:18:72:fa:
         4f:2c:8d:a5:4c:f9:ff:92:14:bb:20:28:20:34:18:4d:cf:89:
         e9:d7:ea:36:f1:1d:05:1d:69:29:fb:07:d5:7f:3c:eb:80:85:
         4c:0e:c6:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnKYP4W/4ZLw7Or7oXqAlCTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjUxMDA5MTkwOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTIxMzVhMWI0MzlmNTNmNzgyNTZjOGZkN2JhOGQ2YzEyN2MzMjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUyYK7QALp0d8xoTEMtEeS+dvsd+
6eb11S0FJ28eoarCtn4d4fY5o0PbIhTex5w1mFirdAsOErve3znsOX5hNj+/XsN+
G3pHenHbZJNuu2+XPihY/VzhRvIXc3ccAj+36hojS/yhP8GOE+qLvXe1tLw5gc+Y
ILelZ2jwJLhNCTemp/E+u+KFIkh9v0jlE0nCjge74ahPEVtoPGq66oRvZX+PbUed
6NA4s1V+9lP1WLvJ6QV+dT2g0FjgsyFwQyxzaRwFJVc0DXkB3IWXJoWduR2OsVh2
qJM0p70v88go67lw560jDwvlHv8kGtzW3M+efdvbXQ1zi9eoj4nc/WyvPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUhNaG0OfU/eCVsj9e6jWwSfDIuMB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEvbFNFMW9iUTU5VDk0Sld5UDE3cU5iQko4TWk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS77MA0G
CSqGSIb3DQEBCwUAA4IBAQAp/im8FPMS1+lpLda1KZevu4HsC6BbI/tVJr8RflUV
OFKy9/h9DhHjgJTnhL4jN28oIcoM19x15AcwIo/k24HQ9qpxUjWMSMubP7I9xg8S
uW+MPaubUuRFzVFX0i7/LtPCvoDaXj/DpoXQXQ7qJo90IVgg4gGw8XJc/WSUGubL
cOQjjM/+mZubQ77r1eGmn8alGm4P68w8q1J79jY8VUesiLVf5qJ1gwEViJd4/oLu
M4V8R4l42pKhmCovuxIib8kSRo+9taUW+CHvqaZcgaUaOtjefjEYcvpPLI2lTPn/
khS7ICggNBhNz4np1+o28R0FHWkp+wfVfzzrgIVMDsau
-----END CERTIFICATE-----