Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/5AoW4lZVuJhUnMgi6tp4c7IeLyo.roa
File:                     5AoW4lZVuJhUnMgi6tp4c7IeLyo.roa (raw, json)
Hash identifier:          8cg85BaZ50YATrFMAlY6SixIiE1QlrwZ1F7ODzb51WU=
Subject key identifier:   E4:0A:16:E2:56:55:B8:98:54:9C:C8:22:EA:DA:78:73:B2:1E:2F:2A
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019A4F1403FC1BBE75B5D5E0C2AEF7B9DCFC
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/5AoW4lZVuJhUnMgi6tp4c7IeLyo.roa
Signing time:             Tue 04 Nov 2025 13:35:03 +0000
ROA not before:           Tue 04 Nov 2025 13:35:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        158.173.198.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:29:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4f:14:03:fc:1b:be:75:b5:d5:e0:c2:ae:f7:b9:dc:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Nov  4 13:35:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e40a16e25655b898549cc822eada7873b21e2f2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:24:cb:e7:26:e2:fb:4d:98:08:9d:23:ba:60:
                    a9:1c:a3:d4:27:7a:87:56:c4:2b:0a:e8:78:2e:f1:
                    35:b6:d2:09:cb:28:34:b9:ab:87:7b:68:7c:45:04:
                    ed:e9:51:bb:27:fd:01:9b:b8:0a:c1:96:2b:7d:cf:
                    ee:bf:79:06:02:03:fa:9b:96:a3:07:09:65:a9:b7:
                    0a:19:5c:92:7c:22:a2:7e:8c:10:b8:d4:34:c8:bf:
                    eb:49:ae:e0:6f:ed:a0:e5:26:0b:72:7d:56:14:5f:
                    71:48:8c:70:a3:9e:c3:44:4a:43:3e:27:3c:63:95:
                    01:c3:54:4d:5d:fe:6e:a3:63:4a:8b:f2:7f:51:1f:
                    ba:9b:a2:13:12:ab:0a:5f:27:3e:f2:26:6f:b6:8e:
                    45:5e:00:90:5d:73:d5:1f:9d:1a:4f:05:11:15:a3:
                    9a:3c:10:83:11:bc:8d:80:b9:4e:95:a2:46:6d:4f:
                    76:79:c9:d8:48:a2:55:b9:eb:9f:61:58:6f:5c:83:
                    9d:f4:26:07:11:b9:42:c0:b6:05:5d:40:b5:bb:8c:
                    f8:99:2b:a5:10:f5:9e:1c:9f:29:0a:e3:74:c0:4f:
                    b8:a9:f1:bd:7d:c3:15:bb:92:fd:14:81:72:17:ba:
                    0d:e3:1e:70:c2:f2:24:71:8f:02:21:7a:01:a9:42:
                    4a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:0A:16:E2:56:55:B8:98:54:9C:C8:22:EA:DA:78:73:B2:1E:2F:2A
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/5AoW4lZVuJhUnMgi6tp4c7IeLyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:a9:05:0e:6a:0f:43:d7:49:07:b9:57:fe:2d:b9:6f:21:21:
         8a:c9:22:58:4b:9c:2e:d7:ce:ca:59:91:03:35:2b:0c:3d:0c:
         aa:9d:6a:96:e2:0b:d1:04:8f:75:08:3d:ef:91:0b:1a:8f:9a:
         74:10:c8:66:e3:93:dd:12:25:9e:4d:e4:64:e9:97:f5:49:c7:
         3e:65:14:f2:2c:04:59:91:ab:07:07:7b:46:bb:3c:a5:30:1b:
         23:ef:a6:cb:dd:24:93:3e:a1:03:17:0b:51:04:4d:54:0c:8c:
         9d:ba:6c:5c:16:8a:6f:1b:82:e6:4e:d7:78:a2:0a:f3:f3:94:
         a9:8c:15:7d:e4:a7:71:ca:f0:12:4f:fb:bc:01:c5:27:95:de:
         04:af:60:0a:30:49:99:9e:6a:f8:70:5d:31:bb:dd:3b:49:19:
         9a:cb:47:fd:00:32:5b:a7:15:79:17:f7:69:02:ec:af:80:4e:
         80:d3:3b:1c:a3:55:5d:e9:ac:8c:2f:3d:29:13:cf:71:18:dd:
         2c:00:b2:e4:d7:6f:e7:82:9c:bc:b7:f7:f2:81:1b:05:c1:32:
         29:f0:53:8f:9b:b1:00:fc:39:92:cd:5c:6e:2a:52:b0:ae:39:
         da:ac:ad:5f:71:3b:90:4b:7f:ef:61:a8:85:23:04:86:10:41:
         7c:1f:5b:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpPFAP8G751tdXgwq73udz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUxMTA0MTMzNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDBhMTZlMjU2NTViODk4NTQ5Y2M4MjJlYWRhNzg3M2IyMWUyZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSTL5ybi+02YCJ0jumCpHKPUJ3qH
VsQrCuh4LvE1ttIJyyg0uauHe2h8RQTt6VG7J/0Bm7gKwZYrfc/uv3kGAgP6m5aj
BwllqbcKGVySfCKifowQuNQ0yL/rSa7gb+2g5SYLcn1WFF9xSIxwo57DREpDPic8
Y5UBw1RNXf5uo2NKi/J/UR+6m6ITEqsKXyc+8iZvto5FXgCQXXPVH50aTwURFaOa
PBCDEbyNgLlOlaJGbU92ecnYSKJVueufYVhvXIOd9CYHEblCwLYFXUC1u4z4mSul
EPWeHJ8pCuN0wE+4qfG9fcMVu5L9FIFyF7oN4x5wwvIkcY8CIXoBqUJKmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQKFuJWVbiYVJzIIuraeHOyHi8qMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvNUFvVzRsWlZ1SmhVbk1naTZ0cDRjN0llTHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnq3GMA0G
CSqGSIb3DQEBCwUAA4IBAQCdqQUOag9D10kHuVf+LblvISGKySJYS5wu187KWZED
NSsMPQyqnWqW4gvRBI91CD3vkQsaj5p0EMhm45PdEiWeTeRk6Zf1Scc+ZRTyLARZ
kasHB3tGuzylMBsj76bL3SSTPqEDFwtRBE1UDIydumxcFopvG4LmTtd4ogrz85Sp
jBV95KdxyvAST/u8AcUnld4Er2AKMEmZnmr4cF0xu907SRmay0f9ADJbpxV5F/dp
AuyvgE6A0zsco1Vd6ayMLz0pE89xGN0sALLk12/ngpy8t/fygRsFwTIp8FOPm7EA
/DmSzVxuKlKwrjnarK1fcTuQS3/vYaiFIwSGEEF8H1ub
-----END CERTIFICATE-----