Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/fZcssnMM-oyAkfiWcEwQiIqtu5U.roa
File:                     fZcssnMM-oyAkfiWcEwQiIqtu5U.roa (raw, json)
Hash identifier:          9OgIxc3uOeDLvKMHACKvgXGx2POImcau/RInqulO5p0=
Subject key identifier:   7D:97:2C:B2:73:0C:FA:8C:80:91:F8:96:70:4C:10:88:8A:AD:BB:95
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       019A3F6AECE8625C3C5C0730743DB20AC991
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/fZcssnMM-oyAkfiWcEwQiIqtu5U.roa
Signing time:             Sat 01 Nov 2025 12:36:03 +0000
ROA not before:           Sat 01 Nov 2025 12:36:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     132335
IP address blocks:        188.209.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3f:6a:ec:e8:62:5c:3c:5c:07:30:74:3d:b2:0a:c9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Nov  1 12:36:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d972cb2730cfa8c8091f896704c10888aadbb95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:70:1c:dc:d9:1e:07:fa:17:d1:2a:d8:a3:1d:
                    93:e6:f1:95:19:de:55:69:09:14:39:a5:02:0c:bb:
                    c8:49:15:1f:cc:0f:25:57:77:dc:43:59:f8:7c:7d:
                    9b:4e:5b:8f:c6:93:45:ef:e9:3a:ed:38:53:97:29:
                    af:58:0d:ca:10:5b:be:c1:90:b4:94:49:08:76:be:
                    5e:20:c1:60:cd:8e:e2:04:2e:bd:1d:12:1a:62:cd:
                    57:1f:cb:63:70:03:ab:83:4e:85:81:5c:c5:70:d1:
                    d0:ca:05:83:d4:3b:46:5a:b8:95:b0:8b:60:51:f7:
                    bc:b3:ce:99:ba:28:a9:d7:b4:f0:96:46:d4:7d:fe:
                    ed:bc:34:7e:f0:81:9a:52:b1:a4:c5:10:ee:c1:88:
                    86:23:f8:05:97:94:32:5a:41:f5:35:68:41:17:a3:
                    0a:d1:aa:46:cc:a1:72:5d:c4:f8:59:50:4b:15:22:
                    de:2c:88:ec:b9:43:ef:cb:77:9e:d6:ab:19:0f:27:
                    2e:32:40:50:5e:76:f7:07:5c:f5:07:4c:ea:57:fc:
                    be:2d:61:5c:c5:50:cf:6e:7b:92:42:03:94:72:43:
                    e8:43:bd:09:5f:1d:95:ce:fc:de:bd:02:37:52:d4:
                    58:db:c5:6b:09:48:31:04:7d:76:99:ed:d5:03:14:
                    fd:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:97:2C:B2:73:0C:FA:8C:80:91:F8:96:70:4C:10:88:8A:AD:BB:95
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/fZcssnMM-oyAkfiWcEwQiIqtu5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:8b:28:e5:60:b0:a7:6b:fb:00:7a:73:06:65:fb:92:32:cc:
         da:c5:14:37:62:76:a6:42:5e:f7:ea:03:e6:25:51:72:f7:8b:
         8e:14:ed:d3:cd:d7:74:47:ea:7d:70:29:79:34:ff:2d:d4:be:
         84:bc:9f:f5:45:6a:29:52:c4:df:4b:1f:e3:5d:70:18:3e:51:
         cd:2c:fb:49:cc:9a:97:d3:a8:28:8f:34:53:42:66:aa:fa:f3:
         07:86:ce:a2:96:64:25:83:76:8c:86:81:e2:76:ed:00:17:97:
         d0:f5:98:7a:23:ec:e6:57:21:5b:1e:8d:71:74:d5:4a:9a:d0:
         86:b4:55:73:30:7d:af:34:5d:28:67:93:45:f9:9b:bb:27:4b:
         79:20:b7:48:a6:27:a6:57:f0:97:42:bf:45:23:93:6f:13:40:
         54:27:95:1d:84:6f:3e:8b:e5:e6:54:94:b3:7e:66:b2:db:2d:
         14:fe:24:81:e4:1b:ac:de:af:2a:41:cb:82:9c:88:ac:05:82:
         fc:89:9a:66:32:39:a6:da:b5:61:05:af:4b:39:c0:c4:45:09:
         da:6e:2a:45:38:4d:c1:46:7d:b7:a4:64:e4:ab:10:f5:0a:fa:
         d5:f3:09:2c:69:ec:f1:78:47:9c:ce:fa:94:89:cb:0b:5e:13:
         d5:46:0c:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo/auzoYlw8XAcwdD2yCsmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUxMTAxMTIzNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDk3MmNiMjczMGNmYThjODA5MWY4OTY3MDRjMTA4ODhhYWRiYjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4HAc3NkeB/oX0SrYox2T5vGVGd5V
aQkUOaUCDLvISRUfzA8lV3fcQ1n4fH2bTluPxpNF7+k67ThTlymvWA3KEFu+wZC0
lEkIdr5eIMFgzY7iBC69HRIaYs1XH8tjcAOrg06FgVzFcNHQygWD1DtGWriVsItg
Ufe8s86Zuiip17TwlkbUff7tvDR+8IGaUrGkxRDuwYiGI/gFl5QyWkH1NWhBF6MK
0apGzKFyXcT4WVBLFSLeLIjsuUPvy3ee1qsZDycuMkBQXnb3B1z1B0zqV/y+LWFc
xVDPbnuSQgOUckPoQ70JXx2VzvzevQI3UtRY28VrCUgxBH12me3VAxT90wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH2XLLJzDPqMgJH4lnBMEIiKrbuVMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvZlpjc3NuTU0tb3lBa2ZpV2NFd1FpSXF0dTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGFMA0G
CSqGSIb3DQEBCwUAA4IBAQB8iyjlYLCna/sAenMGZfuSMszaxRQ3YnamQl736gPm
JVFy94uOFO3Tzdd0R+p9cCl5NP8t1L6EvJ/1RWopUsTfSx/jXXAYPlHNLPtJzJqX
06gojzRTQmaq+vMHhs6ilmQlg3aMhoHidu0AF5fQ9Zh6I+zmVyFbHo1xdNVKmtCG
tFVzMH2vNF0oZ5NF+Zu7J0t5ILdIpiemV/CXQr9FI5NvE0BUJ5UdhG8+i+XmVJSz
fmay2y0U/iSB5Bus3q8qQcuCnIisBYL8iZpmMjmm2rVhBa9LOcDERQnabipFOE3B
Rn23pGTkqxD1CvrV8wksaezxeEeczvqUicsLXhPVRgxQ
-----END CERTIFICATE-----