Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/SSv7sPU00OpwoTazL-VWQl8uwA4.roa
File:                     SSv7sPU00OpwoTazL-VWQl8uwA4.roa (raw, json)
Hash identifier:          shrdKjgBhDFPYV8nOdWCDdc3okwuQUEPNO8kDzUJErs=
Subject key identifier:   49:2B:FB:B0:F5:34:D0:EA:70:A1:36:B3:2F:E5:56:42:5F:2E:C0:0E
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019A0F3DDBFF4530DCCF87A2C5DA31EA1D4D
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/SSv7sPU00OpwoTazL-VWQl8uwA4.roa
Signing time:             Thu 23 Oct 2025 04:05:03 +0000
ROA not before:           Thu 23 Oct 2025 04:05:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215685
IP address blocks:        5.175.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0f:3d:db:ff:45:30:dc:cf:87:a2:c5:da:31:ea:1d:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Oct 23 04:05:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=492bfbb0f534d0ea70a136b32fe556425f2ec00e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:08:86:3c:f9:f8:a6:87:54:a2:9f:5c:e7:da:
                    a0:d8:90:73:0b:be:02:9b:44:af:fc:85:be:61:a9:
                    91:f7:c1:2d:cc:e1:88:cd:c0:4b:34:d7:96:b2:61:
                    00:df:32:8a:26:39:c5:8c:e2:5a:6f:36:79:6d:0f:
                    0d:de:ef:92:aa:13:08:b3:fb:88:09:63:45:f4:32:
                    6c:c2:ae:f7:62:06:2a:0a:0c:08:fe:47:62:5b:72:
                    d7:a2:34:0f:e2:ab:e5:e5:aa:aa:3e:30:d4:08:b9:
                    22:d0:46:7f:02:09:73:af:b0:b6:d8:d5:59:99:dd:
                    34:1d:3e:a6:43:eb:97:74:9a:e9:29:e8:e5:fa:0d:
                    31:d9:4a:86:ac:52:9c:7f:dd:e4:de:46:66:c4:e2:
                    35:4c:fc:e4:bf:b4:46:5d:00:56:92:89:3a:55:df:
                    4d:80:4a:77:1c:15:66:55:f9:28:11:88:46:ae:9e:
                    d0:c4:19:90:f7:3a:90:5a:ae:42:7e:06:9f:39:73:
                    89:e3:a6:d0:50:14:80:e8:f6:7d:57:bf:70:ca:eb:
                    cc:07:23:46:63:9a:29:32:68:74:01:42:ca:8c:51:
                    46:1e:e8:b8:b6:ed:b2:4a:10:75:17:39:e0:5f:d6:
                    47:ae:5b:88:bc:5c:6e:ec:e1:47:09:94:74:55:3c:
                    65:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:2B:FB:B0:F5:34:D0:EA:70:A1:36:B3:2F:E5:56:42:5F:2E:C0:0E
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/SSv7sPU00OpwoTazL-VWQl8uwA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:bd:b2:24:86:2a:12:11:a5:2f:ea:a9:28:d1:8e:ac:3e:3e:
         19:90:30:13:02:46:12:5b:1f:37:a7:4d:ac:fb:59:89:1f:62:
         3c:75:8e:37:2c:4b:16:13:f2:7a:a3:6a:47:21:78:6d:f4:4a:
         c6:5c:c3:96:f0:c5:93:9d:82:cf:ee:0d:50:80:75:de:f8:41:
         fe:2f:d1:16:23:aa:d9:5b:dc:bc:63:73:8e:e3:6b:10:e7:e3:
         a3:9c:7e:a2:81:fd:ac:7a:f2:77:8e:0b:b0:32:b4:c8:0f:5d:
         09:91:de:af:3d:bf:8b:98:a2:d0:ca:cf:a4:da:42:55:38:db:
         53:78:f0:ad:27:17:dc:9f:63:6a:f2:b6:9f:94:3d:43:24:9c:
         0f:68:6d:ce:2c:f8:e0:35:e3:04:05:a1:38:40:5e:f0:22:42:
         9b:11:2e:e7:7e:3e:a4:a3:fc:38:77:50:53:39:dd:94:3c:ca:
         b0:20:e4:74:97:12:f3:76:84:69:64:40:ec:38:43:84:a8:28:
         0e:e6:73:91:f8:29:14:8c:0e:50:7f:76:dd:e8:c9:e1:79:89:
         b4:c2:92:14:ea:39:ed:6f:8e:3e:dd:45:44:68:f9:d3:a8:a8:
         6c:c4:9a:9f:1d:6e:e0:14:6c:bc:9c:f9:98:a1:ab:b8:37:55:
         67:78:c8:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoPPdv/RTDcz4eixdox6h1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMDIzMDQwNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTJiZmJiMGY1MzRkMGVhNzBhMTM2YjMyZmU1NTY0MjVmMmVjMDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAiGPPn4podUop9c59qg2JBzC74C
m0Sv/IW+YamR98EtzOGIzcBLNNeWsmEA3zKKJjnFjOJabzZ5bQ8N3u+SqhMIs/uI
CWNF9DJswq73YgYqCgwI/kdiW3LXojQP4qvl5aqqPjDUCLki0EZ/Aglzr7C22NVZ
md00HT6mQ+uXdJrpKejl+g0x2UqGrFKcf93k3kZmxOI1TPzkv7RGXQBWkok6Vd9N
gEp3HBVmVfkoEYhGrp7QxBmQ9zqQWq5CfgafOXOJ46bQUBSA6PZ9V79wyuvMByNG
Y5opMmh0AULKjFFGHui4tu2yShB1FzngX9ZHrluIvFxu7OFHCZR0VTxlRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkr+7D1NNDqcKE2sy/lVkJfLsAOMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvU1N2N3NQVTAwT3B3b1RhekwtVldRbDh1d0E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/vMA0G
CSqGSIb3DQEBCwUAA4IBAQAPvbIkhioSEaUv6qko0Y6sPj4ZkDATAkYSWx83p02s
+1mJH2I8dY43LEsWE/J6o2pHIXht9ErGXMOW8MWTnYLP7g1QgHXe+EH+L9EWI6rZ
W9y8Y3OO42sQ5+OjnH6igf2sevJ3jguwMrTID10Jkd6vPb+LmKLQys+k2kJVONtT
ePCtJxfcn2Nq8raflD1DJJwPaG3OLPjgNeMEBaE4QF7wIkKbES7nfj6ko/w4d1BT
Od2UPMqwIOR0lxLzdoRpZEDsOEOEqCgO5nOR+CkUjA5Qf3bd6MnheYm0wpIU6jnt
b44+3UVEaPnTqKhsxJqfHW7gFGy8nPmYoau4N1VneMgq
-----END CERTIFICATE-----