Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/b1p3AKdwPLqrkJYci2kZqlTlQrg.roa
File:                     b1p3AKdwPLqrkJYci2kZqlTlQrg.roa (raw, json)
Hash identifier:          ddzqjQY74zacp/tvyaEpj0INLXIxWWFY2MJGSJry+3Y=
Subject key identifier:   6F:5A:77:00:A7:70:3C:BA:AB:90:96:1C:8B:69:19:AA:54:E5:42:B8
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       01986073A81DC216A6C9E8C556DDCF8ADBAB
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/b1p3AKdwPLqrkJYci2kZqlTlQrg.roa
Signing time:             Thu 31 Jul 2025 12:27:29 +0000
ROA not before:           Thu 31 Jul 2025 12:27:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        86.104.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:60:73:a8:1d:c2:16:a6:c9:e8:c5:56:dd:cf:8a:db:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jul 31 12:27:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f5a7700a7703cbaab90961c8b6919aa54e542b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:91:9f:2b:45:a0:f6:95:ae:e0:fe:0b:e6:33:
                    ae:ae:c9:bb:b7:84:63:42:f9:ad:93:2e:ce:b2:a4:
                    25:88:00:77:73:60:e7:24:08:ae:b5:ae:48:a3:6c:
                    89:f6:03:fd:be:76:b1:b9:ed:4f:b0:ac:9f:5e:03:
                    31:e4:be:a1:da:61:c3:1b:26:d2:99:f1:76:5f:9e:
                    61:7e:b0:d7:4a:3e:6a:f8:e6:19:15:1a:85:84:56:
                    ac:78:b0:16:21:2c:39:26:e9:45:a8:3f:6b:70:53:
                    ca:48:99:64:b7:f6:5c:b3:da:13:d1:17:2d:df:c5:
                    71:1a:74:d9:d6:ff:30:1e:37:0c:62:f3:9b:44:dc:
                    8d:4b:37:8a:0b:8d:f4:18:1b:55:12:c6:2e:8c:c7:
                    75:60:e7:25:c9:16:7a:e1:95:56:4a:a7:e7:aa:c4:
                    40:2f:1d:1d:8a:16:8d:ce:97:32:00:0f:68:80:c4:
                    d6:fb:49:24:88:7d:0a:78:be:e6:f8:a4:00:f2:51:
                    b4:ef:14:9d:85:ef:1d:a8:44:9d:f5:a2:47:76:2f:
                    db:66:a1:36:70:b9:1c:9d:63:14:46:fc:d8:75:44:
                    65:e2:70:d7:8f:67:3c:3a:00:b0:ba:d7:1a:70:8c:
                    0b:82:1e:b3:57:d6:c4:e4:27:48:1c:d2:df:03:13:
                    fc:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:5A:77:00:A7:70:3C:BA:AB:90:96:1C:8B:69:19:AA:54:E5:42:B8
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/b1p3AKdwPLqrkJYci2kZqlTlQrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:66:cd:dd:d4:29:f0:86:2e:4a:0d:1c:97:c9:b1:ab:e6:be:
         ae:99:c0:5a:c6:79:c6:c2:8b:1c:43:e3:43:bd:48:de:54:e5:
         b6:1f:1c:b2:36:88:10:90:6b:a4:ce:dd:e6:6b:4c:1f:00:41:
         94:34:23:c9:b6:2f:49:bc:76:56:83:1b:8b:5f:57:df:ae:67:
         f9:30:6f:35:61:87:3a:45:61:70:a2:e4:b6:26:ca:2f:32:ba:
         1b:03:e0:c9:5e:b0:7f:2d:44:cb:99:58:75:64:0a:3f:89:cd:
         49:d7:f5:fb:03:40:80:bd:1c:3d:b3:c9:2e:11:a1:42:dc:53:
         46:58:9f:d0:bb:c0:20:d2:95:19:e5:59:5e:dd:a0:1d:5f:45:
         5a:66:45:c0:5d:85:ed:34:57:6b:17:43:5a:eb:2b:e3:6f:df:
         aa:a9:42:ee:69:d8:42:c9:81:01:46:d5:f7:88:9c:9e:1b:78:
         75:f4:ec:6f:06:02:d2:ff:29:91:b8:21:76:89:9f:66:83:0a:
         79:23:f4:42:bd:71:6f:82:a6:79:98:10:86:d0:b2:57:dc:7a:
         0b:e7:db:b2:a1:3b:d5:79:9e:60:a4:0c:47:8d:62:7d:43:3a:
         08:05:3e:4b:10:21:23:d6:68:84:05:e8:1d:8c:a4:b8:73:21:
         ac:ca:3d:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhgc6gdwhamyejFVt3PiturMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwNzMxMTIyNzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjVhNzcwMGE3NzAzY2JhYWI5MDk2MWM4YjY5MTlhYTU0ZTU0MmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpGfK0Wg9pWu4P4L5jOursm7t4Rj
Qvmtky7OsqQliAB3c2DnJAiuta5Io2yJ9gP9vnaxue1PsKyfXgMx5L6h2mHDGybS
mfF2X55hfrDXSj5q+OYZFRqFhFaseLAWISw5JulFqD9rcFPKSJlkt/Zcs9oT0Rct
38VxGnTZ1v8wHjcMYvObRNyNSzeKC430GBtVEsYujMd1YOclyRZ64ZVWSqfnqsRA
Lx0dihaNzpcyAA9ogMTW+0kkiH0KeL7m+KQA8lG07xSdhe8dqESd9aJHdi/bZqE2
cLkcnWMURvzYdURl4nDXj2c8OgCwutcacIwLgh6zV9bE5CdIHNLfAxP8OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9adwCncDy6q5CWHItpGapU5UK4MB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvYjFwM0FLZHdQTHFya0pZY2kya1pxbFRsUXJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmh9MA0G
CSqGSIb3DQEBCwUAA4IBAQA7Zs3d1Cnwhi5KDRyXybGr5r6umcBaxnnGwoscQ+ND
vUjeVOW2HxyyNogQkGukzt3ma0wfAEGUNCPJti9JvHZWgxuLX1ffrmf5MG81YYc6
RWFwouS2JsovMrobA+DJXrB/LUTLmVh1ZAo/ic1J1/X7A0CAvRw9s8kuEaFC3FNG
WJ/Qu8Ag0pUZ5Vle3aAdX0VaZkXAXYXtNFdrF0Na6yvjb9+qqULuadhCyYEBRtX3
iJyeG3h19OxvBgLS/ymRuCF2iZ9mgwp5I/RCvXFvgqZ5mBCG0LJX3HoL59uyoTvV
eZ5gpAxHjWJ9QzoIBT5LECEj1miEBegdjKS4cyGsyj0m
-----END CERTIFICATE-----