Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/FdWV2F8xywrkJr_ZVSWY8qWRv_A.roa
File:                     FdWV2F8xywrkJr_ZVSWY8qWRv_A.roa (raw, json)
Hash identifier:          X0QnMJo/L6uBm6V2nWu9aN26xqXlZf++2BNldb6DVIg=
Subject key identifier:   15:D5:95:D8:5F:31:CB:0A:E4:26:BF:D9:55:25:98:F2:A5:91:BF:F0
Certificate issuer:       /CN=588cabf6f523f26e267db03b524347841aaaa465
Certificate serial:       01975ECB66CC6B18D3FA1FE033ED39A087E5
Authority key identifier: 58:8C:AB:F6:F5:23:F2:6E:26:7D:B0:3B:52:43:47:84:1A:AA:A4:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/FdWV2F8xywrkJr_ZVSWY8qWRv_A.roa
Signing time:             Wed 11 Jun 2025 11:41:17 +0000
ROA not before:           Wed 11 Jun 2025 11:41:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12859
IP address blocks:        86.109.16.0/22 maxlen: 24
                          2a0d:7980:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5e:cb:66:cc:6b:18:d3:fa:1f:e0:33:ed:39:a0:87:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588cabf6f523f26e267db03b524347841aaaa465
        Validity
            Not Before: Jun 11 11:41:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15d595d85f31cb0ae426bfd9552598f2a591bff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bd:f5:9b:e2:8c:3a:91:ee:8b:70:ae:ca:91:
                    b3:c4:2d:c1:89:72:ec:2d:f1:f6:06:c0:27:27:3c:
                    d0:cf:30:8b:a9:f7:1c:39:81:b2:3e:4c:ef:e0:63:
                    c4:01:b8:13:e9:9b:2c:55:0b:f6:64:80:49:46:3c:
                    b6:d9:fc:72:11:c6:21:d1:f2:94:13:f8:af:86:af:
                    b5:c6:09:98:85:a2:71:8b:0c:65:95:f5:b3:2e:d6:
                    af:34:38:a4:00:6d:3b:ed:87:6c:31:0d:9f:77:87:
                    e5:ab:3c:7b:15:ef:82:63:64:01:e6:7c:fa:89:17:
                    3d:8f:be:b8:75:cd:98:8a:2e:d7:e8:67:2d:4b:2f:
                    b5:1c:10:aa:dc:ef:5e:fc:41:03:d8:df:dd:6d:8b:
                    be:5b:7a:8f:67:42:a7:1b:34:e9:0b:6f:13:e7:b3:
                    42:81:67:fe:46:90:c9:4f:4b:f2:3f:74:fe:df:34:
                    cf:73:4b:49:d4:69:54:e6:fc:b8:b4:72:87:7e:a5:
                    c9:7d:81:8f:c3:63:d5:13:5a:a6:ef:ef:bc:c5:74:
                    d3:2a:cf:68:ef:c8:6a:dd:39:88:bc:71:16:7d:3f:
                    ce:23:b0:a6:9c:41:35:92:6a:80:1b:43:ae:b5:7d:
                    9f:bb:5c:50:82:c9:e8:c1:fb:77:f8:b4:01:e3:eb:
                    11:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:D5:95:D8:5F:31:CB:0A:E4:26:BF:D9:55:25:98:F2:A5:91:BF:F0
            X509v3 Authority Key Identifier:
                keyid:58:8C:AB:F6:F5:23:F2:6E:26:7D:B0:3B:52:43:47:84:1A:AA:A4:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/FdWV2F8xywrkJr_ZVSWY8qWRv_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.16.0/22
                IPv6:
                  2a0d:7980:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:55:3a:9e:d5:80:82:bb:ac:a6:d8:4d:ba:9f:d7:67:b6:c5:
         1a:79:7b:01:e4:55:f0:8e:de:3b:7d:90:59:dc:62:e7:83:4a:
         2f:84:d6:27:95:3b:26:9e:06:25:76:98:7d:31:1a:af:47:a6:
         66:df:8c:5b:fb:f5:28:58:33:96:af:8f:c7:cf:8d:6d:67:f3:
         18:d4:b6:bd:e4:06:4a:f5:15:a6:a9:4d:4c:59:ef:92:7a:40:
         ac:bd:ce:38:29:cb:ac:c7:3b:94:a5:04:35:24:25:96:f2:25:
         4e:15:72:6e:37:95:b4:ed:a1:fa:0f:45:ec:79:cc:d2:29:f9:
         95:b0:42:41:3f:37:c4:ce:3f:a9:a5:ea:dc:46:0c:4e:bf:00:
         b1:8d:07:c1:6b:23:00:94:b1:a7:69:fc:34:9a:3f:55:5d:73:
         a1:94:a7:9e:49:f3:bb:25:c4:05:7c:64:f3:60:06:8a:ea:7c:
         52:6c:c2:50:b9:9c:df:94:09:0b:2f:92:ba:55:6c:aa:7d:25:
         31:dd:17:1e:ef:00:5a:d6:a2:8b:85:85:6f:75:05:29:8d:0f:
         05:0a:59:ae:00:96:f0:51:d2:08:2e:2a:39:0d:2d:70:d8:e2:
         81:4a:92:fb:cb:d5:7d:19:36:63:91:ca:35:54:23:c9:b1:0e:
         81:a1:48:83
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZdey2bMaxjT+h/gM+05oIflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGNhYmY2ZjUyM2YyNmUyNjdkYjAzYjUyNDM0Nzg0MWFh
YWE0NjUwHhcNMjUwNjExMTE0MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWQ1OTVkODVmMzFjYjBhZTQyNmJmZDk1NTI1OThmMmE1OTFiZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsb31m+KMOpHui3CuypGzxC3BiXLs
LfH2BsAnJzzQzzCLqfccOYGyPkzv4GPEAbgT6ZssVQv2ZIBJRjy22fxyEcYh0fKU
E/ivhq+1xgmYhaJxiwxllfWzLtavNDikAG077YdsMQ2fd4flqzx7Fe+CY2QB5nz6
iRc9j764dc2Yii7X6GctSy+1HBCq3O9e/EED2N/dbYu+W3qPZ0KnGzTpC28T57NC
gWf+RpDJT0vyP3T+3zTPc0tJ1GlU5vy4tHKHfqXJfYGPw2PVE1qm7++8xXTTKs9o
78hq3TmIvHEWfT/OI7CmnEE1kmqAG0OutX2fu1xQgsnowft3+LQB4+sREQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBXVldhfMcsK5Ca/2VUlmPKlkb/wMB8GA1UdIwQY
MBaAFFiMq/b1I/JuJn2wO1JDR4QaqqRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0l5cjl2VWo4bTRtZmJBN1VrTkhoQnFxcEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMTg3ZDYtOGJmYy00YzU5LWE2YzQt
NmFkMzI1MmExNDI3LzEvRmRXVjJGOHh5d3JrSnJfWlZTV1k4cVdSdl9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMTg3ZDYtOGJmYy00YzU5LWE2YzQtNmFkMzI1MmExNDI3
LzEvV0l5cjl2VWo4bTRtZmJBN1VrTkhoQnFxcEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCVm0QMA8E
AgACMAkDBwAqDXmAAAEwDQYJKoZIhvcNAQELBQADggEBAJVVOp7VgIK7rKbYTbqf
12e2xRp5ewHkVfCO3jt9kFncYueDSi+E1ieVOyaeBiV2mH0xGq9HpmbfjFv79ShY
M5avj8fPjW1n8xjUtr3kBkr1FaapTUxZ75J6QKy9zjgpy6zHO5SlBDUkJZbyJU4V
cm43lbTtofoPRex5zNIp+ZWwQkE/N8TOP6ml6txGDE6/ALGNB8FrIwCUsadp/DSa
P1Vdc6GUp55J87slxAV8ZPNgBorqfFJswlC5nN+UCQsvkrpVbKp9JTHdFx7vAFrW
oouFhW91BSmNDwUKWa4AlvBR0gguKjkNLXDY4oFKkvvL1X0ZNmORyjVUI8mxDoGh
SIM=
-----END CERTIFICATE-----