Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/5PdCG1sOft9Jagc_1QYu8NZd16w.roa
File:                     5PdCG1sOft9Jagc_1QYu8NZd16w.roa (raw, json)
Hash identifier:          vAZUAmAWHCkSGohtr9IS5VARTsSm2JG/jqasLoZZMZ8=
Subject key identifier:   E4:F7:42:1B:5B:0E:7E:DF:49:6A:07:3F:D5:06:2E:F0:D6:5D:D7:AC
Certificate issuer:       /CN=9e56b51edf39ebf0662b2c834d65d1bd1de82522
Certificate serial:       019A1FF2485F36A4B1206B1260E1AF7BBC14
Authority key identifier: 9E:56:B5:1E:DF:39:EB:F0:66:2B:2C:83:4D:65:D1:BD:1D:E8:25:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nla1Ht856_BmKyyDTWXRvR3oJSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/5PdCG1sOft9Jagc_1QYu8NZd16w.roa
Signing time:             Sun 26 Oct 2025 09:56:03 +0000
ROA not before:           Sun 26 Oct 2025 09:56:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1004
IP address blocks:        195.18.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/nla1Ht856_BmKyyDTWXRvR3oJSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/nla1Ht856_BmKyyDTWXRvR3oJSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nla1Ht856_BmKyyDTWXRvR3oJSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:1f:f2:48:5f:36:a4:b1:20:6b:12:60:e1:af:7b:bc:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e56b51edf39ebf0662b2c834d65d1bd1de82522
        Validity
            Not Before: Oct 26 09:56:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4f7421b5b0e7edf496a073fd5062ef0d65dd7ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c3:dc:f3:4e:64:30:c9:c7:40:5b:fa:83:96:
                    07:e9:5b:d7:97:2d:ea:af:9c:a9:11:0b:1a:e8:78:
                    8b:86:81:e6:dc:16:6f:95:38:e3:42:24:14:58:c0:
                    dd:78:2f:c8:bf:7c:5c:5f:76:e7:3a:83:4d:0c:35:
                    7f:6b:53:06:c8:48:55:1a:f7:a0:89:21:1a:58:7e:
                    08:b4:f4:92:be:fb:b8:c9:2b:de:a3:99:02:88:d0:
                    a6:e8:44:69:bc:ff:14:14:c2:7d:f7:03:32:9a:6d:
                    c1:cc:99:e6:94:9d:f2:c8:01:e5:39:f4:ef:8e:0e:
                    d3:18:09:88:5a:34:c5:ad:05:9d:30:72:5d:d9:61:
                    08:c7:c5:cf:85:98:ff:3e:66:46:40:a2:27:28:ff:
                    f2:47:6f:83:49:63:73:85:d9:68:65:f9:eb:54:2f:
                    33:5e:f8:3f:39:84:74:d2:40:46:ea:c4:7b:6c:f7:
                    34:05:b8:52:27:34:46:8e:b8:28:ee:89:5f:e5:8f:
                    88:87:85:73:27:57:ba:78:f4:8c:20:bd:10:04:b0:
                    00:60:f0:87:35:76:c1:d4:b1:a9:08:c1:c1:4d:65:
                    10:0f:ee:9b:45:ba:9c:02:78:31:ce:f0:db:fc:89:
                    bc:35:df:03:30:92:9f:9f:dd:af:a3:8a:38:da:4c:
                    73:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F7:42:1B:5B:0E:7E:DF:49:6A:07:3F:D5:06:2E:F0:D6:5D:D7:AC
            X509v3 Authority Key Identifier:
                keyid:9E:56:B5:1E:DF:39:EB:F0:66:2B:2C:83:4D:65:D1:BD:1D:E8:25:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nla1Ht856_BmKyyDTWXRvR3oJSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/5PdCG1sOft9Jagc_1QYu8NZd16w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e63f2e-97b0-4de8-87ed-563a14e86d60/1/nla1Ht856_BmKyyDTWXRvR3oJSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.18.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:68:cc:05:32:c4:35:88:95:62:ce:9c:f3:99:77:b1:bf:c1:
         36:8a:ff:42:1e:72:bd:e2:70:29:e5:74:1a:78:c2:46:d3:94:
         91:f5:cc:92:1b:bb:79:11:53:49:eb:05:fc:d6:95:33:04:fc:
         2c:e9:d2:e9:02:62:9e:48:ab:dc:cd:ff:60:93:27:4e:79:9f:
         f8:f1:2e:2a:47:a0:10:8d:91:9c:54:35:85:f9:7d:2b:97:4d:
         99:18:b6:b7:7a:a8:fc:b8:f2:a9:e3:84:df:51:58:4d:fd:47:
         9c:f5:5b:dc:dc:ba:0d:6b:ae:10:0c:ab:4d:f2:93:ea:90:e7:
         c4:13:1c:12:98:3f:0b:1f:aa:4e:40:10:a0:e5:04:06:40:fe:
         ff:13:78:40:c8:f7:ea:a5:0e:90:fb:bd:59:cf:fe:a6:47:82:
         64:39:47:36:d3:09:d5:cd:00:f1:b2:ef:76:bb:10:9b:29:e2:
         71:ce:8f:13:7a:3c:4c:f6:65:74:f1:03:9e:01:ce:ee:d6:85:
         af:e9:b7:a3:ee:b4:0c:89:40:b7:a0:93:cb:5c:67:85:48:78:
         29:13:9b:79:82:81:6e:e9:1e:32:b9:45:e8:19:d0:be:21:72:
         39:87:85:7b:16:b2:c8:23:2f:0b:b8:1a:72:aa:44:2f:3f:48:
         aa:86:33:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZof8khfNqSxIGsSYOGve7wUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTZiNTFlZGYzOWViZjA2NjJiMmM4MzRkNjVkMWJkMWRl
ODI1MjIwHhcNMjUxMDI2MDk1NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGY3NDIxYjViMGU3ZWRmNDk2YTA3M2ZkNTA2MmVmMGQ2NWRkN2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MPc805kMMnHQFv6g5YH6VvXly3q
r5ypEQsa6HiLhoHm3BZvlTjjQiQUWMDdeC/Iv3xcX3bnOoNNDDV/a1MGyEhVGveg
iSEaWH4ItPSSvvu4ySveo5kCiNCm6ERpvP8UFMJ99wMymm3BzJnmlJ3yyAHlOfTv
jg7TGAmIWjTFrQWdMHJd2WEIx8XPhZj/PmZGQKInKP/yR2+DSWNzhdloZfnrVC8z
Xvg/OYR00kBG6sR7bPc0BbhSJzRGjrgo7olf5Y+Ih4VzJ1e6ePSMIL0QBLAAYPCH
NXbB1LGpCMHBTWUQD+6bRbqcAngxzvDb/Im8Nd8DMJKfn92vo4o42kxzHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOT3QhtbDn7fSWoHP9UGLvDWXdesMB8GA1UdIwQY
MBaAFJ5WtR7fOevwZissg01l0b0d6CUiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxhMUh0ODU2X0JtS3l5RFRXWFJ2UjNvSlNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lNjNmMmUtOTdiMC00ZGU4LTg3ZWQt
NTYzYTE0ZTg2ZDYwLzEvNVBkQ0cxc09mdDlKYWdjXzFRWXU4TlpkMTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lNjNmMmUtOTdiMC00ZGU4LTg3ZWQtNTYzYTE0ZTg2ZDYw
LzEvbmxhMUh0ODU2X0JtS3l5RFRXWFJ2UjNvSlNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxIKMA0G
CSqGSIb3DQEBCwUAA4IBAQBeaMwFMsQ1iJVizpzzmXexv8E2iv9CHnK94nAp5XQa
eMJG05SR9cySG7t5EVNJ6wX81pUzBPws6dLpAmKeSKvczf9gkydOeZ/48S4qR6AQ
jZGcVDWF+X0rl02ZGLa3eqj8uPKp44TfUVhN/Uec9Vvc3LoNa64QDKtN8pPqkOfE
ExwSmD8LH6pOQBCg5QQGQP7/E3hAyPfqpQ6Q+71Zz/6mR4JkOUc20wnVzQDxsu92
uxCbKeJxzo8TejxM9mV08QOeAc7u1oWv6bej7rQMiUC3oJPLXGeFSHgpE5t5goFu
6R4yuUXoGdC+IXI5h4V7FrLIIy8LuBpyqkQvP0iqhjML
-----END CERTIFICATE-----