Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/b757MQvXDSUkc0atEwpcyuKC6YI.roa
File:                     b757MQvXDSUkc0atEwpcyuKC6YI.roa (raw, json)
Hash identifier:          RFAcdsiEO0xgN3cYS1sxIjrVlqcw5hgZfBN09N0DhJg=
Subject key identifier:   6F:BE:7B:31:0B:D7:0D:25:24:73:46:AD:13:0A:5C:CA:E2:82:E9:82
Certificate issuer:       /CN=5cde8e8139f2c8f62f8482d01b0adb86b2a1d195
Certificate serial:       019B77C75CC44A54D26C94CCBC3C18137D3A
Authority key identifier: 5C:DE:8E:81:39:F2:C8:F6:2F:84:82:D0:1B:0A:DB:86:B2:A1:D1:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XN6OgTnyyPYvhILQGwrbhrKh0ZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/b757MQvXDSUkc0atEwpcyuKC6YI.roa
Signing time:             Thu 01 Jan 2026 04:18:32 +0000
ROA not before:           Thu 01 Jan 2026 04:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50415
IP address blocks:        95.215.80.0/22 maxlen: 24
                          2a0c:7840::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/XN6OgTnyyPYvhILQGwrbhrKh0ZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/XN6OgTnyyPYvhILQGwrbhrKh0ZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XN6OgTnyyPYvhILQGwrbhrKh0ZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:5c:c4:4a:54:d2:6c:94:cc:bc:3c:18:13:7d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cde8e8139f2c8f62f8482d01b0adb86b2a1d195
        Validity
            Not Before: Jan  1 04:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6fbe7b310bd70d25247346ad130a5ccae282e982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b8:6e:d7:3e:7a:16:f7:97:bb:cf:c8:95:78:
                    84:db:9f:a4:ec:21:99:7c:c7:eb:fe:60:8e:24:77:
                    d2:56:80:42:fe:33:c3:59:59:47:5b:02:cb:2d:ce:
                    bc:7d:d1:44:9c:62:1c:e4:d5:53:96:c8:2c:65:14:
                    4a:05:19:7d:af:c6:7f:44:6f:93:94:5c:92:77:9c:
                    76:88:09:11:ad:0c:0d:c3:ba:a8:e3:a3:5e:75:c5:
                    42:8e:e0:72:38:3e:be:9a:2f:bf:31:99:fc:35:62:
                    bb:95:dd:cc:4d:d3:8b:66:e8:3b:cd:04:44:8f:b1:
                    82:29:70:89:6c:12:ad:f0:2d:53:6d:1f:d8:7a:11:
                    8e:8d:50:01:bd:ac:43:ef:f9:8b:69:17:af:f6:30:
                    b6:ed:23:55:65:40:1f:e0:27:c1:a3:4c:fa:56:0d:
                    5a:ab:50:37:13:b0:8f:b5:49:87:9e:15:36:95:cc:
                    3e:21:7f:93:04:4b:c5:02:68:d0:51:95:e3:ce:d4:
                    da:dd:50:5c:ab:a0:3b:68:ec:01:56:7f:73:49:46:
                    ab:5c:ec:87:56:5a:6e:9c:ad:12:7c:1e:95:d7:ac:
                    d3:03:b4:4d:74:a1:34:df:48:9d:71:8a:79:0a:53:
                    f7:f6:fd:bc:22:f5:82:cb:84:03:35:dd:8c:f1:23:
                    d1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:BE:7B:31:0B:D7:0D:25:24:73:46:AD:13:0A:5C:CA:E2:82:E9:82
            X509v3 Authority Key Identifier:
                keyid:5C:DE:8E:81:39:F2:C8:F6:2F:84:82:D0:1B:0A:DB:86:B2:A1:D1:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XN6OgTnyyPYvhILQGwrbhrKh0ZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/b757MQvXDSUkc0atEwpcyuKC6YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/XN6OgTnyyPYvhILQGwrbhrKh0ZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.80.0/22
                IPv6:
                  2a0c:7840::/29

    Signature Algorithm: sha256WithRSAEncryption
         aa:61:4b:1e:7e:c3:4c:65:72:07:93:91:a3:eb:d8:fc:a7:86:
         30:ac:dd:1f:6d:bd:34:0f:f1:fd:85:77:9e:c7:58:64:5d:c2:
         25:70:58:8e:4c:90:c8:0a:8d:49:85:dd:ea:4a:1b:69:10:a3:
         53:9c:22:9c:fd:f4:3d:59:36:73:38:4b:e0:fb:fa:32:e3:72:
         51:5d:62:0e:6c:81:d4:f0:02:79:96:b4:00:cd:7d:8c:63:46:
         e1:6b:b8:ee:9d:8e:2e:6a:fa:cb:55:72:f6:d3:dc:e1:37:c0:
         e7:22:02:97:4b:b4:f6:98:d2:00:b5:cd:cb:1b:9a:e3:b1:be:
         62:36:3f:fe:a5:10:96:8e:a7:aa:48:3d:ca:70:2c:07:7e:2c:
         c9:5c:25:69:f6:d3:28:e7:db:85:0c:53:a1:6c:08:85:1a:e5:
         21:75:f3:2e:6d:e7:dc:35:a3:d5:57:52:0d:6e:27:ad:71:00:
         d9:0e:46:81:c0:ee:97:fd:e6:25:77:75:e4:9c:b6:76:9c:29:
         ee:b6:89:22:80:26:73:a2:e2:9a:bb:af:70:9c:ee:c7:c2:56:
         84:87:aa:8d:16:0c:ca:85:85:d6:00:b9:06:16:b6:cd:72:fe:
         17:42:4e:4f:91:ad:01:27:d9:11:99:3c:ea:ae:28:79:d1:7b:
         af:db:d5:d2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt3x1zESlTSbJTMvDwYE306MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZGU4ZTgxMzlmMmM4ZjYyZjg0ODJkMDFiMGFkYjg2YjJh
MWQxOTUwHhcNMjYwMTAxMDQxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmJlN2IzMTBiZDcwZDI1MjQ3MzQ2YWQxMzBhNWNjYWUyODJlOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLhu1z56FveXu8/IlXiE25+k7CGZ
fMfr/mCOJHfSVoBC/jPDWVlHWwLLLc68fdFEnGIc5NVTlsgsZRRKBRl9r8Z/RG+T
lFySd5x2iAkRrQwNw7qo46NedcVCjuByOD6+mi+/MZn8NWK7ld3MTdOLZug7zQRE
j7GCKXCJbBKt8C1TbR/YehGOjVABvaxD7/mLaRev9jC27SNVZUAf4CfBo0z6Vg1a
q1A3E7CPtUmHnhU2lcw+IX+TBEvFAmjQUZXjztTa3VBcq6A7aOwBVn9zSUarXOyH
VlpunK0SfB6V16zTA7RNdKE030idcYp5ClP39v28IvWCy4QDNd2M8SPRfwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG++ezEL1w0lJHNGrRMKXMrigumCMB8GA1UdIwQY
MBaAFFzejoE58sj2L4SC0BsK24ayodGVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE42T2dUbnl5UFl2aElMUUd3cmJocktoMFpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy81NjE4YTgtMGI2NC00MWU3LTliNzMt
MDM4OTE4ZWI3MjBmLzEvYjc1N01RdlhEU1VrYzBhdEV3cGN5dUtDNllJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy81NjE4YTgtMGI2NC00MWU3LTliNzMtMDM4OTE4ZWI3MjBm
LzEvWE42T2dUbnl5UFl2aElMUUd3cmJocktoMFpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCX9dQMA0E
AgACMAcDBQMqDHhAMA0GCSqGSIb3DQEBCwUAA4IBAQCqYUsefsNMZXIHk5Gj69j8
p4YwrN0fbb00D/H9hXeex1hkXcIlcFiOTJDICo1Jhd3qShtpEKNTnCKc/fQ9WTZz
OEvg+/oy43JRXWIObIHU8AJ5lrQAzX2MY0bha7junY4uavrLVXL209zhN8DnIgKX
S7T2mNIAtc3LG5rjsb5iNj/+pRCWjqeqSD3KcCwHfizJXCVp9tMo59uFDFOhbAiF
GuUhdfMubefcNaPVV1INbietcQDZDkaBwO6X/eYld3XknLZ2nCnutokigCZzouKa
u69wnO7HwlaEh6qNFgzKhYXWALkGFrbNcv4XQk5Pka0BJ9kRmTzqrih50Xuv29XS
-----END CERTIFICATE-----