Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/C4zD2LB2HYvudXB6y5ujwZ3KfSk.roa
File:                     C4zD2LB2HYvudXB6y5ujwZ3KfSk.roa (raw, json)
Hash identifier:          lffjfv03fof5Sib+b0ByhUa/5zJJv5nhDxlpHJp0oiM=
Subject key identifier:   0B:8C:C3:D8:B0:76:1D:8B:EE:75:70:7A:CB:9B:A3:C1:9D:CA:7D:29
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       019A4C08E6D85B7AA6DF3985F47365F4E0CD
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/C4zD2LB2HYvudXB6y5ujwZ3KfSk.roa
Signing time:             Mon 03 Nov 2025 23:24:03 +0000
ROA not before:           Mon 03 Nov 2025 23:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        130.49.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4c:08:e6:d8:5b:7a:a6:df:39:85:f4:73:65:f4:e0:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Nov  3 23:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b8cc3d8b0761d8bee75707acb9ba3c19dca7d29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ce:ce:bc:ae:74:ca:bc:11:2c:3f:96:2b:5f:
                    84:23:0d:97:d1:9c:1f:58:50:bb:98:02:ae:f8:a9:
                    45:1a:3c:a1:cc:ea:18:42:17:1c:91:71:c7:82:75:
                    62:fa:0f:91:d8:2a:f9:ec:3d:39:a1:98:0c:53:98:
                    a2:65:86:f8:a1:df:da:53:5e:36:9d:ff:be:89:d5:
                    63:a6:6e:fe:fd:02:73:62:2c:d1:e5:f8:78:25:4c:
                    2f:1e:98:f7:f8:92:6d:1e:47:55:50:c2:1d:0b:c7:
                    25:a3:e5:ce:b8:ba:64:b2:9e:cb:aa:21:73:ac:6e:
                    8b:fb:cc:01:6d:b8:dd:11:b3:07:96:68:9c:5a:d2:
                    2c:35:cf:4e:fb:f3:b7:c2:0c:59:3c:0a:fa:e6:27:
                    03:46:8e:b5:82:b8:22:28:18:51:39:97:f0:05:43:
                    f5:66:a7:4d:e3:e6:da:a9:40:43:9b:e9:0b:98:3f:
                    ad:ce:4d:c3:e7:14:e1:31:90:56:63:2b:98:94:e5:
                    a2:8b:86:79:e6:66:11:e1:74:4a:a9:33:d0:e0:33:
                    1b:0f:35:aa:a9:2c:21:5f:ff:de:9b:86:6e:9d:2d:
                    86:98:d0:33:76:ca:76:09:df:e5:89:82:ff:4d:12:
                    51:19:f1:08:e5:8f:ab:19:98:95:09:c3:de:bc:6c:
                    46:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:8C:C3:D8:B0:76:1D:8B:EE:75:70:7A:CB:9B:A3:C1:9D:CA:7D:29
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/C4zD2LB2HYvudXB6y5ujwZ3KfSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.49.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:d3:4e:63:6d:4e:24:2c:80:50:4a:30:ee:f3:57:69:54:e3:
         c1:a0:ec:1b:3d:26:90:93:9a:06:dc:c1:ad:48:27:9e:06:f7:
         d5:c0:6f:d3:9d:1e:f8:e1:07:54:40:36:97:c2:63:c2:ab:71:
         6a:31:aa:5f:c7:db:0e:fb:02:3b:b1:ee:a5:39:64:fe:13:0d:
         bf:1e:e4:68:b5:7d:f4:9d:f5:26:b2:a7:b6:da:3d:dd:12:ee:
         80:7a:90:89:8e:37:cf:45:25:3c:de:55:5d:16:41:6d:d7:f2:
         01:a8:f5:dc:49:55:fd:a4:d8:a0:9c:b7:49:09:a5:a5:31:dc:
         5f:79:cb:36:40:87:ac:f1:b5:bd:f8:bb:c8:07:66:3e:86:6f:
         0c:b1:7b:da:bc:35:35:84:18:a3:60:58:ac:cc:5a:95:17:e2:
         ba:07:03:b8:ca:53:82:5d:1a:29:19:83:56:59:21:7e:a7:fb:
         02:00:d0:0e:f8:fc:c1:20:d9:a6:42:1c:84:80:44:ca:09:cb:
         f9:91:4c:c8:ca:43:3d:4d:12:ec:ff:92:cc:25:14:ce:fd:81:
         70:07:70:db:57:7b:a4:61:1d:97:ed:f3:67:bf:9b:5c:30:15:
         69:53:2d:a7:16:35:cb:d0:be:d9:aa:49:d5:63:20:a8:40:cc:
         76:19:e3:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpMCObYW3qm3zmF9HNl9ODNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUxMTAzMjMyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjhjYzNkOGIwNzYxZDhiZWU3NTcwN2FjYjliYTNjMTlkY2E3ZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApc7OvK50yrwRLD+WK1+EIw2X0Zwf
WFC7mAKu+KlFGjyhzOoYQhcckXHHgnVi+g+R2Cr57D05oZgMU5iiZYb4od/aU142
nf++idVjpm7+/QJzYizR5fh4JUwvHpj3+JJtHkdVUMIdC8clo+XOuLpksp7LqiFz
rG6L+8wBbbjdEbMHlmicWtIsNc9O+/O3wgxZPAr65icDRo61grgiKBhROZfwBUP1
ZqdN4+baqUBDm+kLmD+tzk3D5xThMZBWYyuYlOWii4Z55mYR4XRKqTPQ4DMbDzWq
qSwhX//em4ZunS2GmNAzdsp2Cd/liYL/TRJRGfEI5Y+rGZiVCcPevGxGSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAuMw9iwdh2L7nVwesubo8Gdyn0pMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvQzR6RDJMQjJIWXZ1ZFhCNnk1dWp3WjNLZlNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgjHYMA0G
CSqGSIb3DQEBCwUAA4IBAQAG005jbU4kLIBQSjDu81dpVOPBoOwbPSaQk5oG3MGt
SCeeBvfVwG/TnR744QdUQDaXwmPCq3FqMapfx9sO+wI7se6lOWT+Ew2/HuRotX30
nfUmsqe22j3dEu6AepCJjjfPRSU83lVdFkFt1/IBqPXcSVX9pNignLdJCaWlMdxf
ecs2QIes8bW9+LvIB2Y+hm8MsXvavDU1hBijYFiszFqVF+K6BwO4ylOCXRopGYNW
WSF+p/sCANAO+PzBINmmQhyEgETKCcv5kUzIykM9TRLs/5LMJRTO/YFwB3DbV3uk
YR2X7fNnv5tcMBVpUy2nFjXL0L7ZqknVYyCoQMx2GeOU
-----END CERTIFICATE-----