Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/QmuvritZJB6e1r7_HknwANIT43k.roa
File:                     QmuvritZJB6e1r7_HknwANIT43k.roa (raw, json)
Hash identifier:          AQoELLOR21xhDOlEfZvz6GpoPiJb03fJOlvMYUM2Nzs=
Subject key identifier:   42:6B:AF:AE:2B:59:24:1E:9E:D6:BE:FF:1E:49:F0:00:D2:13:E3:79
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019A399A46FFAF17EC603A31BA5B6496D38A
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/QmuvritZJB6e1r7_HknwANIT43k.roa
Signing time:             Fri 31 Oct 2025 09:30:03 +0000
ROA not before:           Fri 31 Oct 2025 09:30:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58330
IP address blocks:        194.32.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:39:9a:46:ff:af:17:ec:60:3a:31:ba:5b:64:96:d3:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Oct 31 09:30:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=426bafae2b59241e9ed6beff1e49f000d213e379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:66:22:56:d5:80:90:eb:e8:5d:b7:57:4e:66:
                    b6:19:35:79:81:a7:b5:bb:b9:0e:ce:2d:ab:90:fd:
                    0e:a9:58:ee:18:6f:35:34:ea:5a:46:3d:6f:05:f7:
                    c7:1a:18:13:39:fa:46:30:52:88:a8:c8:9a:50:f0:
                    2a:20:55:79:25:66:9a:69:12:da:f5:2f:52:09:ff:
                    01:35:81:e3:9f:bc:60:fa:f9:dc:7b:f1:b2:55:f9:
                    7d:2b:c3:42:66:41:67:ce:a3:20:43:0f:0a:df:99:
                    5f:9a:74:23:17:e1:18:4d:cb:a0:44:d6:95:66:ec:
                    f3:1a:ac:6e:85:40:a1:c5:9a:cd:8b:6a:db:a2:ce:
                    7c:53:51:20:c1:6e:3e:6c:ba:ef:8a:67:77:f0:f2:
                    d4:7e:32:28:c2:52:22:48:1b:f9:9a:37:0b:7a:30:
                    7c:98:28:c4:a0:07:da:db:3c:88:7d:5f:f2:0a:97:
                    f2:61:6a:32:c6:8e:92:fe:fd:b5:8a:21:96:41:e6:
                    5a:3b:24:11:2b:8d:42:9e:59:bb:6e:35:e1:57:80:
                    a3:2a:22:71:29:f5:b5:6d:d7:19:63:d8:73:02:61:
                    1a:d0:ee:8e:ff:e9:c4:16:79:2f:bd:4f:0d:c4:11:
                    7f:62:1a:bb:6f:18:5d:d8:bd:73:28:a1:26:85:9b:
                    9d:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:6B:AF:AE:2B:59:24:1E:9E:D6:BE:FF:1E:49:F0:00:D2:13:E3:79
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/QmuvritZJB6e1r7_HknwANIT43k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:c8:2e:34:85:d5:a8:4e:7c:24:01:40:5a:f8:b5:6d:c7:9d:
         a2:c2:1a:a3:16:60:a0:fc:d5:3d:95:47:74:58:23:3a:f0:07:
         4b:f8:7d:2c:00:3f:6a:14:ba:d2:77:f3:2b:d1:b3:d6:a8:f7:
         89:c9:2d:92:68:4b:79:ae:9a:ae:a2:b5:b6:de:04:08:c3:33:
         e5:2d:d8:92:09:3d:92:95:55:96:91:76:5c:cc:d1:99:a1:63:
         68:96:92:ef:3f:5f:c3:05:32:1d:97:ae:61:09:9d:59:ea:4d:
         7a:72:a5:c7:7b:c5:e1:cd:99:5d:16:48:83:05:75:ec:80:c4:
         f7:ed:78:a6:75:44:6a:72:5b:2e:e1:54:59:e0:2f:d9:dc:6c:
         4b:9c:35:13:7a:f9:72:12:5f:3c:3a:ec:61:b0:9c:f6:44:b0:
         7a:0d:35:c2:93:6d:86:ff:26:b9:39:fd:80:0d:1e:ab:0b:70:
         e6:c6:52:3e:60:27:34:9d:5f:27:a8:9a:26:0b:04:58:32:6a:
         13:00:13:a8:a3:ee:27:c8:f6:82:7a:4d:43:e3:6b:e6:41:d8:
         6b:97:25:c6:80:a0:08:8f:e5:fa:42:ef:02:83:7d:cd:71:2b:
         b8:0a:c1:29:11:5e:6c:ab:31:ba:f2:ce:04:43:ff:e4:f4:8c:
         1f:12:e6:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo5mkb/rxfsYDoxultkltOKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUxMDMxMDkzMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjZiYWZhZTJiNTkyNDFlOWVkNmJlZmYxZTQ5ZjAwMGQyMTNlMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmYiVtWAkOvoXbdXTma2GTV5gae1
u7kOzi2rkP0OqVjuGG81NOpaRj1vBffHGhgTOfpGMFKIqMiaUPAqIFV5JWaaaRLa
9S9SCf8BNYHjn7xg+vnce/GyVfl9K8NCZkFnzqMgQw8K35lfmnQjF+EYTcugRNaV
ZuzzGqxuhUChxZrNi2rbos58U1EgwW4+bLrvimd38PLUfjIowlIiSBv5mjcLejB8
mCjEoAfa2zyIfV/yCpfyYWoyxo6S/v21iiGWQeZaOyQRK41Cnlm7bjXhV4CjKiJx
KfW1bdcZY9hzAmEa0O6O/+nEFnkvvU8NxBF/Yhq7bxhd2L1zKKEmhZud9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJrr64rWSQenta+/x5J8ADSE+N5MB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvUW11dnJpdFpKQjZlMXI3X0hrbndBTklUNDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiBjMA0G
CSqGSIb3DQEBCwUAA4IBAQCRyC40hdWoTnwkAUBa+LVtx52iwhqjFmCg/NU9lUd0
WCM68AdL+H0sAD9qFLrSd/Mr0bPWqPeJyS2SaEt5rpquorW23gQIwzPlLdiSCT2S
lVWWkXZczNGZoWNolpLvP1/DBTIdl65hCZ1Z6k16cqXHe8XhzZldFkiDBXXsgMT3
7XimdURqclsu4VRZ4C/Z3GxLnDUTevlyEl88OuxhsJz2RLB6DTXCk22G/ya5Of2A
DR6rC3DmxlI+YCc0nV8nqJomCwRYMmoTABOoo+4nyPaCek1D42vmQdhrlyXGgKAI
j+X6Qu8Cg33NcSu4CsEpEV5sqzG68s4EQ//k9IwfEuaS
-----END CERTIFICATE-----