Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/VzLJPBrd7heSEcMsdzzKNKX-FYk.roa
File:                     VzLJPBrd7heSEcMsdzzKNKX-FYk.roa (raw, json)
Hash identifier:          oDPSIRQ1GTVS07X70gSYgWfqQz6MI5Mo+WgxhZbNFpQ=
Subject key identifier:   57:32:C9:3C:1A:DD:EE:17:92:11:C3:2C:77:3C:CA:34:A5:FE:15:89
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       019A301091866B35829BA651C4CA114AFB49
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/VzLJPBrd7heSEcMsdzzKNKX-FYk.roa
Signing time:             Wed 29 Oct 2025 13:03:03 +0000
ROA not before:           Wed 29 Oct 2025 13:03:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        37.49.145.0/24 maxlen: 24
                          37.49.151.0/24 maxlen: 24
                          109.203.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:30:10:91:86:6b:35:82:9b:a6:51:c4:ca:11:4a:fb:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Oct 29 13:03:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5732c93c1addee179211c32c773cca34a5fe1589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:32:03:0d:ea:eb:66:b2:30:f8:99:10:c1:c3:
                    27:98:9c:5f:30:c7:15:47:f0:ca:72:af:af:ca:88:
                    5a:30:a8:46:06:2a:59:3f:f5:fb:cb:23:6f:bb:0e:
                    af:23:b7:1b:80:66:6b:c0:a5:64:e4:c1:2d:b3:d2:
                    65:38:a4:5f:77:4e:77:6f:13:8f:1c:04:69:de:2d:
                    98:27:af:19:86:6e:fd:73:32:dc:6e:66:26:a1:e6:
                    ca:dc:ba:ad:2e:1a:2b:c7:14:b8:91:00:49:51:57:
                    fb:88:29:71:a0:6a:38:48:9e:07:e2:6f:89:11:aa:
                    c8:d5:7c:59:77:c2:26:d4:94:97:6f:f4:2e:5b:ff:
                    6a:ab:80:cb:0b:8d:2c:87:0f:e0:91:ee:2b:3e:f9:
                    ef:50:d9:ae:7c:57:e0:7c:56:01:b4:7f:1e:5c:ed:
                    2c:97:1f:aa:a2:ed:e4:68:a9:1b:60:d1:2d:a8:df:
                    5b:1d:a9:b2:ae:7e:cc:fd:b1:f2:af:2a:c0:9d:25:
                    7b:63:d1:bb:a5:9c:cd:af:f2:fd:d9:8c:e6:3d:f0:
                    64:c3:13:7e:fa:0c:b9:0c:dd:0d:93:6f:a1:25:cb:
                    63:bb:48:ed:54:0e:3d:d6:6b:37:4e:a9:14:c3:79:
                    7e:0b:48:09:f7:39:9e:b2:44:44:6c:a2:e2:f2:ff:
                    da:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:32:C9:3C:1A:DD:EE:17:92:11:C3:2C:77:3C:CA:34:A5:FE:15:89
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/VzLJPBrd7heSEcMsdzzKNKX-FYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.145.0/24
                  37.49.151.0/24
                  109.203.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:18:a1:2e:97:82:a1:c7:e4:65:af:7a:d4:58:c9:26:3c:e5:
         9a:a9:2f:bd:f4:5f:a6:97:c1:ec:82:90:c6:ca:d9:ed:c9:98:
         f5:33:03:5f:7c:7f:8e:3e:d3:11:25:39:a2:5a:ff:ac:60:fe:
         1c:f4:3a:82:f5:6c:01:f1:7b:bc:73:da:6a:12:99:cf:d4:c6:
         81:18:cc:be:0d:b9:28:32:0b:78:a0:6f:4b:af:6f:f7:26:03:
         6b:0d:1f:13:db:d0:ba:90:5d:34:ea:6f:9b:a4:43:ea:d0:4a:
         44:89:8f:57:82:3d:68:c4:26:9d:b3:b6:9d:b4:65:8a:33:74:
         41:92:0d:5d:67:11:4d:03:15:ec:4d:ea:ae:a0:e2:e1:25:96:
         6b:c3:a3:d2:08:82:e6:ec:f8:d7:0c:9d:8e:7f:d9:dc:20:d1:
         58:08:4e:bc:1d:1d:24:45:ae:13:61:35:16:f5:ab:0b:3c:81:
         99:5a:26:fd:49:30:66:71:9f:52:70:49:b0:d2:79:2f:64:ba:
         2d:5b:9d:e3:02:38:c5:18:a8:13:7d:c5:a1:03:41:a8:b0:5f:
         ad:91:f9:1c:c9:f9:97:89:ff:95:5e:a1:48:d5:d7:57:f9:10:
         85:d0:fa:09:60:e2:49:36:e1:3c:1b:d1:f3:f1:3e:b9:9b:cb:
         77:e8:00:0f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZowEJGGazWCm6ZRxMoRSvtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUxMDI5MTMwMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzMyYzkzYzFhZGRlZTE3OTIxMWMzMmM3NzNjY2EzNGE1ZmUxNTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDIDDerrZrIw+JkQwcMnmJxfMMcV
R/DKcq+vyohaMKhGBipZP/X7yyNvuw6vI7cbgGZrwKVk5MEts9JlOKRfd053bxOP
HARp3i2YJ68Zhm79czLcbmYmoebK3LqtLhorxxS4kQBJUVf7iClxoGo4SJ4H4m+J
EarI1XxZd8Im1JSXb/QuW/9qq4DLC40shw/gke4rPvnvUNmufFfgfFYBtH8eXO0s
lx+qou3kaKkbYNEtqN9bHamyrn7M/bHyryrAnSV7Y9G7pZzNr/L92YzmPfBkwxN+
+gy5DN0Nk2+hJctju0jtVA491ms3TqkUw3l+C0gJ9zmeskREbKLi8v/afQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFcyyTwa3e4XkhHDLHc8yjSl/hWJMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvVnpMSlBCcmQ3aGVTRWNNc2R6ektOS1gtRllrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJTGRAwQA
JTGXAwQAbcugMA0GCSqGSIb3DQEBCwUAA4IBAQCWGKEul4Khx+Rlr3rUWMkmPOWa
qS+99F+ml8HsgpDGytntyZj1MwNffH+OPtMRJTmiWv+sYP4c9DqC9WwB8Xu8c9pq
EpnP1MaBGMy+DbkoMgt4oG9Lr2/3JgNrDR8T29C6kF006m+bpEPq0EpEiY9Xgj1o
xCads7adtGWKM3RBkg1dZxFNAxXsTequoOLhJZZrw6PSCILm7PjXDJ2Of9ncINFY
CE68HR0kRa4TYTUW9asLPIGZWib9STBmcZ9ScEmw0nkvZLotW53jAjjFGKgTfcWh
A0GosF+tkfkcyfmXif+VXqFI1ddX+RCF0PoJYOJJNuE8G9Hz8T65m8t36AAP
-----END CERTIFICATE-----