Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/SuxaOOlpqoGKQPSHxQ3dVD5wLBI.roa
File:                     SuxaOOlpqoGKQPSHxQ3dVD5wLBI.roa (raw, json)
Hash identifier:          09WrQpdYp3rObq3AK12JfoTomDZONhTyiyajVx2t0Zw=
Subject key identifier:   4A:EC:5A:38:E9:69:AA:81:8A:40:F4:87:C5:0D:DD:54:3E:70:2C:12
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       01984D37956043E73E0E1C299672691A98B3
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/SuxaOOlpqoGKQPSHxQ3dVD5wLBI.roa
Signing time:             Sun 27 Jul 2025 18:49:04 +0000
ROA not before:           Sun 27 Jul 2025 18:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213541
IP address blocks:        185.253.24.0/24 maxlen: 24
                          194.113.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4d:37:95:60:43:e7:3e:0e:1c:29:96:72:69:1a:98:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jul 27 18:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4aec5a38e969aa818a40f487c50ddd543e702c12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f0:bc:86:5f:79:1f:f1:c2:ed:9b:90:af:76:
                    d7:40:85:30:f9:4b:70:ad:19:1c:e1:1a:59:aa:3d:
                    26:a5:cb:b4:8b:39:f5:11:14:1d:84:eb:55:41:23:
                    a0:c6:58:ad:74:45:a6:76:bc:77:fd:59:ef:95:15:
                    87:cc:85:77:ce:ca:4b:fa:30:cf:9c:55:7e:39:79:
                    a7:0a:48:6a:bb:45:75:32:07:1f:e0:5d:a1:ad:2d:
                    c2:3c:c1:b7:09:2e:09:4f:94:66:54:47:a2:6f:03:
                    f3:9c:8c:d2:b6:44:36:fa:9a:ca:13:d1:1d:c7:b0:
                    90:54:82:d7:f9:ad:82:ed:66:3e:c0:2c:de:06:4b:
                    9a:c9:85:cf:49:9c:dc:91:57:97:26:38:f4:ad:88:
                    0f:39:fc:5c:db:b0:dc:1d:04:db:9f:64:a6:22:be:
                    c7:aa:2f:89:ee:46:1b:c9:b5:22:a8:b4:44:cc:0e:
                    f4:b7:9e:a9:46:26:dd:9b:7b:c6:a9:1c:2d:a2:e4:
                    66:4a:d1:89:ed:88:96:0c:5d:63:98:06:8f:ad:77:
                    6b:67:80:41:db:d2:e5:a8:29:c6:f0:46:e4:80:7c:
                    b0:14:88:da:7d:d3:a4:1e:6c:52:06:c2:21:b1:1e:
                    ab:cc:bc:48:65:63:d9:4e:97:a4:65:b9:a5:cc:48:
                    5f:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:EC:5A:38:E9:69:AA:81:8A:40:F4:87:C5:0D:DD:54:3E:70:2C:12
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/SuxaOOlpqoGKQPSHxQ3dVD5wLBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.24.0/24
                  194.113.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:1b:de:eb:77:b8:11:cc:25:55:66:83:72:bf:d4:c1:87:bd:
         50:c7:87:89:f1:e8:a0:21:5f:de:e5:51:9f:36:84:02:b9:d9:
         7f:4b:07:59:34:29:c8:40:72:cf:90:a1:0b:e8:8c:9e:f4:ca:
         92:87:0f:ea:f7:04:d2:0a:81:2c:3b:3b:52:f5:90:39:b4:ca:
         cf:e8:4d:3e:b7:97:0a:c5:db:6d:16:19:b5:e5:11:7e:1d:b5:
         e9:52:c6:6e:19:b6:f8:57:15:d3:c2:5b:39:56:95:c3:56:de:
         8b:e4:1e:ca:8e:ba:47:3d:b4:83:95:7d:7f:13:7a:96:9f:75:
         07:f6:1d:55:0b:da:51:54:c1:10:a3:a8:9b:66:ef:19:8c:4e:
         24:e8:3b:47:65:92:fb:49:6a:5a:81:a8:1e:b7:96:5a:85:43:
         3c:5f:68:77:60:57:bb:4f:b9:04:71:95:5d:e9:c6:8c:4f:72:
         87:72:c2:18:76:e1:63:35:e7:34:55:3a:31:85:7a:f0:e9:51:
         1b:e0:f5:16:29:4e:75:b3:40:19:9a:d1:e2:82:3c:af:52:1f:
         4a:35:26:05:91:9d:26:09:3c:d0:e6:91:24:28:3e:90:8d:40:
         de:65:1f:cd:60:78:8f:bc:cb:aa:a0:28:98:54:6c:ca:64:11:
         85:73:66:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhNN5VgQ+c+DhwplnJpGpizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjUwNzI3MTg0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWVjNWEzOGU5NjlhYTgxOGE0MGY0ODdjNTBkZGQ1NDNlNzAyYzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PC8hl95H/HC7ZuQr3bXQIUw+Utw
rRkc4RpZqj0mpcu0izn1ERQdhOtVQSOgxlitdEWmdrx3/VnvlRWHzIV3zspL+jDP
nFV+OXmnCkhqu0V1Mgcf4F2hrS3CPMG3CS4JT5RmVEeibwPznIzStkQ2+prKE9Ed
x7CQVILX+a2C7WY+wCzeBkuayYXPSZzckVeXJjj0rYgPOfxc27DcHQTbn2SmIr7H
qi+J7kYbybUiqLREzA70t56pRibdm3vGqRwtouRmStGJ7YiWDF1jmAaPrXdrZ4BB
29LlqCnG8EbkgHywFIjafdOkHmxSBsIhsR6rzLxIZWPZTpekZbmlzEhftwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFErsWjjpaaqBikD0h8UN3VQ+cCwSMB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvU3V4YU9PbHBxb0dLUVBTSHhRM2RWRDV3TEJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuf0YAwQA
wnHuMA0GCSqGSIb3DQEBCwUAA4IBAQAGG97rd7gRzCVVZoNyv9TBh71Qx4eJ8eig
IV/e5VGfNoQCudl/SwdZNCnIQHLPkKEL6Iye9MqShw/q9wTSCoEsOztS9ZA5tMrP
6E0+t5cKxdttFhm15RF+HbXpUsZuGbb4VxXTwls5VpXDVt6L5B7KjrpHPbSDlX1/
E3qWn3UH9h1VC9pRVMEQo6ibZu8ZjE4k6DtHZZL7SWpagaget5ZahUM8X2h3YFe7
T7kEcZVd6caMT3KHcsIYduFjNec0VToxhXrw6VEb4PUWKU51s0AZmtHigjyvUh9K
NSYFkZ0mCTzQ5pEkKD6QjUDeZR/NYHiPvMuqoCiYVGzKZBGFc2a6
-----END CERTIFICATE-----