Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/sXhE1KTUjQ-ED3LpqJzwavjBI9Y.roa
File:                     sXhE1KTUjQ-ED3LpqJzwavjBI9Y.roa (raw, json)
Hash identifier:          WK3O+EZzoyvM8XTb1CwEVR4cw4uky79iFx7BHuNocio=
Subject key identifier:   B1:78:44:D4:A4:D4:8D:0F:84:0F:72:E9:A8:9C:F0:6A:F8:C1:23:D6
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       019A206C0BAC5E019015B1E58127B9F1DFF3
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/sXhE1KTUjQ-ED3LpqJzwavjBI9Y.roa
Signing time:             Sun 26 Oct 2025 12:09:03 +0000
ROA not before:           Sun 26 Oct 2025 12:09:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214967
IP address blocks:        37.49.148.0/24 maxlen: 24
                          94.74.182.0/24 maxlen: 24
                          94.74.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:20:6c:0b:ac:5e:01:90:15:b1:e5:81:27:b9:f1:df:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Oct 26 12:09:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b17844d4a4d48d0f840f72e9a89cf06af8c123d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:81:97:3c:b7:18:a3:e9:4e:ab:0f:cc:6e:39:
                    61:39:65:2c:08:ef:28:42:0a:68:63:9e:ed:b4:60:
                    59:88:1f:10:b6:94:4e:80:62:88:98:7c:21:38:77:
                    76:ec:ed:eb:95:9b:81:cb:cd:a0:6c:8f:cc:5f:b9:
                    31:75:18:16:1e:bc:ff:ea:33:31:0b:8e:46:62:2a:
                    dc:0f:5a:e5:d3:9b:bf:83:37:05:d3:d3:9a:ed:30:
                    69:76:c6:7c:3f:d2:a8:4d:04:5a:dd:1a:ab:f9:89:
                    a9:4c:4b:19:aa:b2:f4:7a:54:ed:20:1e:77:fd:f9:
                    6d:77:78:3a:77:7f:de:00:47:7c:21:e1:9b:c2:d6:
                    d6:6f:9d:91:93:f4:4c:fe:0d:ba:ca:7c:a5:26:95:
                    56:74:a3:05:bf:67:ce:ed:cb:a3:fb:f9:25:d9:2d:
                    e5:82:2a:6d:f9:10:72:f7:30:fe:79:08:c2:8b:9a:
                    07:51:9a:70:ca:f8:e4:32:0e:dc:e7:2b:c0:c0:74:
                    0c:32:9f:37:30:2b:89:3a:2a:28:ae:96:d0:1c:ed:
                    86:64:7b:22:fb:92:7e:38:42:1a:bd:eb:c0:a6:7b:
                    d5:bc:fb:78:08:7d:a8:d3:ab:e8:1d:4d:33:7d:0c:
                    fa:77:7d:9c:66:e1:4d:a7:b0:49:b8:72:b8:6a:30:
                    c6:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:78:44:D4:A4:D4:8D:0F:84:0F:72:E9:A8:9C:F0:6A:F8:C1:23:D6
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/sXhE1KTUjQ-ED3LpqJzwavjBI9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.148.0/24
                  94.74.182.0/24
                  94.74.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:44:32:69:35:1c:06:2c:73:21:d1:7d:ab:2d:3c:f5:fa:3d:
         bc:91:9b:c4:f6:b2:8f:f1:ad:7f:f2:9a:7f:56:bb:39:c9:8e:
         d3:1f:3c:8d:2a:81:1c:91:31:78:61:4b:6a:81:1f:5d:75:e0:
         11:6d:f7:07:29:8b:cb:36:77:d8:34:88:79:48:aa:9f:b3:5b:
         9d:dc:27:3a:d6:3a:c0:a8:57:8b:70:2b:53:1c:04:38:22:ce:
         f9:30:13:ac:de:8f:e0:69:b9:11:5b:5e:bb:ee:ec:80:1a:4b:
         8c:ca:b2:0a:3d:cd:be:24:65:91:91:f6:69:d0:b9:fb:d5:c7:
         87:67:fc:19:d4:79:43:cc:37:40:05:9d:62:99:74:ef:ee:f5:
         b6:a0:4f:6a:f2:ad:5e:10:e7:9a:79:ea:04:71:c7:4b:46:88:
         5b:e2:50:1f:ef:3f:4a:20:68:75:64:e2:2b:9b:7a:55:45:0d:
         5d:72:9b:dc:70:51:38:b8:9b:f4:41:43:fb:4a:1c:7f:67:0e:
         0f:34:f3:4e:2d:b5:91:9c:dc:b3:8a:a2:3a:b1:82:6b:0c:c4:
         60:b5:0a:a0:18:3e:f6:8a:d1:f6:91:e4:ac:5c:5c:b7:96:78:
         b6:45:da:a0:3a:b0:42:6c:9a:77:3d:93:09:55:66:23:8e:11:
         92:d4:c6:a1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZogbAusXgGQFbHlgSe58d/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUxMDI2MTIwOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTc4NDRkNGE0ZDQ4ZDBmODQwZjcyZTlhODljZjA2YWY4YzEyM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIGXPLcYo+lOqw/MbjlhOWUsCO8o
QgpoY57ttGBZiB8QtpROgGKImHwhOHd27O3rlZuBy82gbI/MX7kxdRgWHrz/6jMx
C45GYircD1rl05u/gzcF09Oa7TBpdsZ8P9KoTQRa3Rqr+YmpTEsZqrL0elTtIB53
/fltd3g6d3/eAEd8IeGbwtbWb52Rk/RM/g26ynylJpVWdKMFv2fO7cuj+/kl2S3l
gipt+RBy9zD+eQjCi5oHUZpwyvjkMg7c5yvAwHQMMp83MCuJOioorpbQHO2GZHsi
+5J+OEIavevApnvVvPt4CH2o06voHU0zfQz6d32cZuFNp7BJuHK4ajDGvwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLF4RNSk1I0PhA9y6aic8Gr4wSPWMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvc1hoRTFLVFVqUS1FRDNMcHFKendhdmpCSTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJTGUAwQA
Xkq2AwQAXkq/MA0GCSqGSIb3DQEBCwUAA4IBAQBvRDJpNRwGLHMh0X2rLTz1+j28
kZvE9rKP8a1/8pp/Vrs5yY7THzyNKoEckTF4YUtqgR9ddeARbfcHKYvLNnfYNIh5
SKqfs1ud3Cc61jrAqFeLcCtTHAQ4Is75MBOs3o/gabkRW1677uyAGkuMyrIKPc2+
JGWRkfZp0Ln71ceHZ/wZ1HlDzDdABZ1imXTv7vW2oE9q8q1eEOeaeeoEccdLRohb
4lAf7z9KIGh1ZOIrm3pVRQ1dcpvccFE4uJv0QUP7Shx/Zw4PNPNOLbWRnNyziqI6
sYJrDMRgtQqgGD72itH2keSsXFy3lni2RdqgOrBCbJp3PZMJVWYjjhGS1Mah
-----END CERTIFICATE-----