Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/9HEZa5qCfE-i-viyFzuLFjDXw2A.roa
File:                     9HEZa5qCfE-i-viyFzuLFjDXw2A.roa (raw, json)
Hash identifier:          EpNMwEon27kK973TfZZ8kBFg9KuenuIkIxjrgr3/5HU=
Subject key identifier:   F4:71:19:6B:9A:82:7C:4F:A2:FA:F8:B2:17:3B:8B:16:30:D7:C3:60
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019870616AC9CA851C53716066E7C2EAA729
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/9HEZa5qCfE-i-viyFzuLFjDXw2A.roa
Signing time:             Sun 03 Aug 2025 14:41:28 +0000
ROA not before:           Sun 03 Aug 2025 14:41:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41745
IP address blocks:        5.39.249.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.144.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:52:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:70:61:6a:c9:ca:85:1c:53:71:60:66:e7:c2:ea:a7:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Aug  3 14:41:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f471196b9a827c4fa2faf8b2173b8b1630d7c360
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:48:9d:ff:5b:fc:21:9d:73:76:65:c8:35:ec:
                    a9:88:b4:71:e2:c0:41:c2:b3:3b:ab:d9:36:4a:f9:
                    5c:f1:a5:0e:95:2d:01:6a:41:1b:1f:f4:7b:f8:31:
                    fc:86:13:7e:13:bc:7a:16:e2:1b:eb:78:d8:65:55:
                    2a:fe:1f:f8:49:c6:d2:d9:83:2c:86:98:b8:16:7d:
                    fa:53:56:a1:99:8d:5b:b6:3f:79:7e:f6:a0:5d:29:
                    fd:91:6e:87:53:13:1d:39:0b:cd:dc:30:0d:fc:c4:
                    3f:18:3a:f7:18:25:1e:3e:1f:89:3b:ae:c0:c3:21:
                    f0:e1:40:e5:58:95:32:ac:f9:c8:ab:9c:89:99:42:
                    fb:96:66:4b:d8:8c:5d:69:1d:ff:27:01:63:a3:e4:
                    f4:c6:93:d3:bb:f7:5d:30:f4:de:ac:dd:28:4f:89:
                    7c:d0:58:06:12:bf:ed:d5:ea:b4:d3:52:f2:3c:fb:
                    24:00:43:c9:60:35:90:a3:ad:6c:8a:23:7a:de:5a:
                    95:aa:df:86:f2:f1:f1:0b:aa:bf:7d:dc:f8:71:bd:
                    a3:f8:20:e7:4d:3b:69:6d:a8:1f:1a:fd:34:96:32:
                    d8:ce:02:ab:d5:ce:b7:55:5a:1f:27:4a:4f:e5:0d:
                    49:69:4b:df:43:ad:53:77:ba:64:29:a8:dd:32:2a:
                    c4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:71:19:6B:9A:82:7C:4F:A2:FA:F8:B2:17:3B:8B:16:30:D7:C3:60
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/9HEZa5qCfE-i-viyFzuLFjDXw2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.249.0-5.39.250.255
                  5.144.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:54:09:c1:a0:12:1e:63:17:85:a9:1a:e8:4f:37:fe:f2:24:
         81:81:ce:8d:31:7f:bc:64:5a:55:ad:16:df:dc:9c:13:46:fe:
         41:d4:18:5e:52:28:7e:a1:12:91:fe:bf:a8:ee:3f:91:98:59:
         25:52:da:52:e8:f2:fc:9a:46:80:8f:65:57:37:c3:2b:2a:f8:
         74:cd:96:51:db:21:08:a7:0f:e4:a2:b7:f3:76:7c:16:9f:21:
         e9:fe:a3:88:b8:4c:00:81:c4:ea:e3:49:ea:4b:e4:8b:cc:c4:
         d1:7c:f5:ef:77:f4:52:12:8f:0d:fc:78:0b:b8:65:c9:0c:81:
         b9:6e:e1:1a:4b:8b:d3:bf:24:d5:bc:5c:45:cc:84:c2:10:86:
         fe:5c:b0:0f:86:51:5c:35:ef:28:e4:50:d8:6c:ca:c5:8a:9f:
         a6:76:41:a7:10:eb:e6:52:bf:77:20:0f:0e:cf:b1:b7:94:50:
         02:c5:47:3a:1f:28:0b:56:74:ae:de:d9:5c:b3:91:e0:2a:36:
         c8:e2:28:8d:e1:70:f7:5b:33:2a:9e:d3:a0:5a:5f:d7:f4:58:
         9c:74:39:89:17:0b:01:05:d5:3d:60:61:d3:8b:06:89:b6:94:
         b3:a4:56:03:69:9a:17:9e:c3:6c:29:a2:53:a6:5b:8c:47:40:
         0d:52:7d:41
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZhwYWrJyoUcU3FgZufC6qcpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwODAzMTQ0MTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDcxMTk2YjlhODI3YzRmYTJmYWY4YjIxNzNiOGIxNjMwZDdjMzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkid/1v8IZ1zdmXINeypiLRx4sBB
wrM7q9k2Svlc8aUOlS0BakEbH/R7+DH8hhN+E7x6FuIb63jYZVUq/h/4ScbS2YMs
hpi4Fn36U1ahmY1btj95fvagXSn9kW6HUxMdOQvN3DAN/MQ/GDr3GCUePh+JO67A
wyHw4UDlWJUyrPnIq5yJmUL7lmZL2IxdaR3/JwFjo+T0xpPTu/ddMPTerN0oT4l8
0FgGEr/t1eq001LyPPskAEPJYDWQo61siiN63lqVqt+G8vHxC6q/fdz4cb2j+CDn
TTtpbagfGv00ljLYzgKr1c63VVofJ0pP5Q1JaUvfQ61Td7pkKajdMirExQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFPRxGWuagnxPovr4shc7ixYw18NgMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvOUhFWmE1cUNmRS1pLXZpeUZ6dUxGakRYdzJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAFJ/kD
BAAFJ/oDBAAFkLUwDQYJKoZIhvcNAQELBQADggEBAI5UCcGgEh5jF4WpGuhPN/7y
JIGBzo0xf7xkWlWtFt/cnBNG/kHUGF5SKH6hEpH+v6juP5GYWSVS2lLo8vyaRoCP
ZVc3wysq+HTNllHbIQinD+Sit/N2fBafIen+o4i4TACBxOrjSepL5IvMxNF89e93
9FISjw38eAu4ZckMgblu4RpLi9O/JNW8XEXMhMIQhv5csA+GUVw17yjkUNhsysWK
n6Z2QacQ6+ZSv3cgDw7PsbeUUALFRzofKAtWdK7e2VyzkeAqNsjiKI3hcPdbMyqe
06BaX9f0WJx0OYkXCwEF1T1gYdOLBom2lLOkVgNpmheew2wpolOmW4xHQA1SfUE=
-----END CERTIFICATE-----