Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/JUrgcpIbkD2s0Xwl5MPFsKClBSA.roa
File:                     JUrgcpIbkD2s0Xwl5MPFsKClBSA.roa (raw, json)
Hash identifier:          h68v76M+ZVUfqYetcYYdqqWMVphcDkEUG23cxVpEUw4=
Subject key identifier:   25:4A:E0:72:92:1B:90:3D:AC:D1:7C:25:E4:C3:C5:B0:A0:A5:05:20
Certificate issuer:       /CN=320ad0cb1c8fabd2a7172723f2eb53ea02e84a69
Certificate serial:       019A1630B980E65D9374568DF4114F0C8356
Authority key identifier: 32:0A:D0:CB:1C:8F:AB:D2:A7:17:27:23:F2:EB:53:EA:02:E8:4A:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MgrQyxyPq9KnFycj8utT6gLoSmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/JUrgcpIbkD2s0Xwl5MPFsKClBSA.roa
Signing time:             Fri 24 Oct 2025 12:28:03 +0000
ROA not before:           Fri 24 Oct 2025 12:28:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213757
IP address blocks:        37.72.111.0/24 maxlen: 24
                          217.119.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/MgrQyxyPq9KnFycj8utT6gLoSmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/MgrQyxyPq9KnFycj8utT6gLoSmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MgrQyxyPq9KnFycj8utT6gLoSmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:16:30:b9:80:e6:5d:93:74:56:8d:f4:11:4f:0c:83:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=320ad0cb1c8fabd2a7172723f2eb53ea02e84a69
        Validity
            Not Before: Oct 24 12:28:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=254ae072921b903dacd17c25e4c3c5b0a0a50520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:28:45:ee:2d:3a:7e:f7:66:ca:8e:be:9b:79:
                    f1:62:0d:03:49:9e:27:94:d6:cc:b2:d3:04:5d:55:
                    3b:ef:fb:c3:fe:f4:58:d1:2f:d0:5d:b8:11:6b:16:
                    d6:1a:db:89:c7:7f:77:3b:08:59:68:5f:a7:5d:c1:
                    f7:c7:4b:c5:a8:3f:d2:98:87:88:52:79:af:db:2c:
                    66:ae:97:58:cf:89:55:8d:80:64:f8:de:59:b1:1d:
                    cf:4e:65:8d:35:fd:6f:e0:d5:7c:0b:71:a3:2c:a6:
                    0b:0b:3d:d1:eb:22:fb:92:e4:16:9a:9b:18:a5:31:
                    83:dd:fc:39:f8:64:ec:ff:de:9e:26:c3:22:a9:f9:
                    29:c3:84:55:7a:e7:2a:16:d6:d7:cd:a1:77:cd:17:
                    0c:25:6a:90:b1:1b:13:38:07:d8:79:91:57:87:da:
                    ad:3b:05:97:d9:0a:86:fa:7e:73:98:4e:6a:c3:22:
                    c7:ed:1e:36:77:3d:4f:41:69:03:a4:99:00:61:57:
                    4f:65:77:35:bc:db:e5:01:4b:25:b1:6b:57:e2:ca:
                    e5:8f:02:b8:f5:d2:e1:65:95:5c:b2:26:73:9b:78:
                    ec:4d:55:33:9b:3e:8b:a4:d4:5b:5e:23:fa:1d:96:
                    ad:4a:ab:7d:af:46:98:68:1f:9d:e7:39:c4:d5:6e:
                    f2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:4A:E0:72:92:1B:90:3D:AC:D1:7C:25:E4:C3:C5:B0:A0:A5:05:20
            X509v3 Authority Key Identifier:
                keyid:32:0A:D0:CB:1C:8F:AB:D2:A7:17:27:23:F2:EB:53:EA:02:E8:4A:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MgrQyxyPq9KnFycj8utT6gLoSmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/JUrgcpIbkD2s0Xwl5MPFsKClBSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/MgrQyxyPq9KnFycj8utT6gLoSmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.111.0/24
                  217.119.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:77:67:f2:e9:9b:5a:48:36:62:0e:3f:0b:16:30:59:c6:05:
         a2:a9:ea:46:72:e7:f2:3a:91:b0:05:97:f2:8d:ea:60:31:73:
         fb:70:b0:d3:15:b3:a7:f8:9a:e8:96:db:3e:15:ea:ba:08:3f:
         a5:00:cd:2d:e5:b4:b8:10:4d:a3:08:02:50:ba:d7:3e:eb:d9:
         3e:a8:f7:de:bb:48:a6:20:a1:9e:72:d5:9d:98:f5:b5:76:28:
         3e:d6:f9:05:08:c8:98:9c:59:1a:40:cc:3c:50:60:18:1f:dc:
         da:27:53:9f:f8:f2:ac:7f:9c:34:13:97:44:fe:4c:d0:6c:df:
         8e:41:fd:52:f9:9e:7e:47:d4:20:87:01:3a:e1:21:61:78:35:
         17:0c:87:a4:b3:7d:93:5c:67:82:77:d3:8f:9b:a0:41:82:37:
         8b:6e:89:53:98:c3:f7:75:78:40:82:b3:bf:6c:16:c8:f9:99:
         9b:b6:2d:16:b9:ab:f3:6c:32:97:09:e8:42:c4:27:6e:f5:90:
         a8:6c:52:34:97:6e:8b:fb:11:79:9e:97:70:b0:e6:26:1c:1b:
         5e:2c:8d:f9:e7:f6:cb:9d:81:b8:cc:b4:4f:29:79:01:b6:8f:
         5b:64:f0:fe:11:00:75:ed:14:9a:f6:ec:83:c6:2e:97:2f:49:
         78:f1:76:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoWMLmA5l2TdFaN9BFPDINWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMGFkMGNiMWM4ZmFiZDJhNzE3MjcyM2YyZWI1M2VhMDJl
ODRhNjkwHhcNMjUxMDI0MTIyODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTRhZTA3MjkyMWI5MDNkYWNkMTdjMjVlNGMzYzViMGEwYTUwNTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ihF7i06fvdmyo6+m3nxYg0DSZ4n
lNbMstMEXVU77/vD/vRY0S/QXbgRaxbWGtuJx393OwhZaF+nXcH3x0vFqD/SmIeI
Unmv2yxmrpdYz4lVjYBk+N5ZsR3PTmWNNf1v4NV8C3GjLKYLCz3R6yL7kuQWmpsY
pTGD3fw5+GTs/96eJsMiqfkpw4RVeucqFtbXzaF3zRcMJWqQsRsTOAfYeZFXh9qt
OwWX2QqG+n5zmE5qwyLH7R42dz1PQWkDpJkAYVdPZXc1vNvlAUslsWtX4srljwK4
9dLhZZVcsiZzm3jsTVUzmz6LpNRbXiP6HZatSqt9r0aYaB+d5znE1W7ySQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCVK4HKSG5A9rNF8JeTDxbCgpQUgMB8GA1UdIwQY
MBaAFDIK0Mscj6vSpxcnI/LrU+oC6EppMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWdyUXl4eVBxOUtuRnljajh1dFQ2Z0xvU21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jMjYxOTktMzMwMy00MjIzLTlmMGYt
NWRhZmM2MzRjY2Q2LzEvSlVyZ2NwSWJrRDJzMFh3bDVNUEZzS0NsQlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jMjYxOTktMzMwMy00MjIzLTlmMGYtNWRhZmM2MzRjY2Q2
LzEvTWdyUXl4eVBxOUtuRnljajh1dFQ2Z0xvU21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJUhvAwQA
2XeKMA0GCSqGSIb3DQEBCwUAA4IBAQCXd2fy6ZtaSDZiDj8LFjBZxgWiqepGcufy
OpGwBZfyjepgMXP7cLDTFbOn+Jrolts+Feq6CD+lAM0t5bS4EE2jCAJQutc+69k+
qPfeu0imIKGectWdmPW1dig+1vkFCMiYnFkaQMw8UGAYH9zaJ1Of+PKsf5w0E5dE
/kzQbN+OQf1S+Z5+R9QghwE64SFheDUXDIeks32TXGeCd9OPm6BBgjeLbolTmMP3
dXhAgrO/bBbI+Zmbti0WuavzbDKXCehCxCdu9ZCobFI0l26L+xF5npdwsOYmHBte
LI355/bLnYG4zLRPKXkBto9bZPD+EQB17RSa9uyDxi6XL0l48XYp
-----END CERTIFICATE-----