Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/ftQ60SsjWVubYA-VxNEHamWbBek.roa
File:                     ftQ60SsjWVubYA-VxNEHamWbBek.roa (raw, json)
Hash identifier:          jmvMdMMJCzUDXr3r5E5qmHQUJ9DFMdQTkl3lYF+bB84=
Subject key identifier:   7E:D4:3A:D1:2B:23:59:5B:9B:60:0F:95:C4:D1:07:6A:65:9B:05:E9
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       01973F2068E9E36A29FB4914C29C5B8D077C
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/ftQ60SsjWVubYA-VxNEHamWbBek.roa
Signing time:             Thu 05 Jun 2025 08:06:18 +0000
ROA not before:           Thu 05 Jun 2025 08:06:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     272105
IP address blocks:        158.172.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 13:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:20:68:e9:e3:6a:29:fb:49:14:c2:9c:5b:8d:07:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Jun  5 08:06:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ed43ad12b23595b9b600f95c4d1076a659b05e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3f:b7:2d:17:6b:5d:bb:a7:a7:ff:33:46:de:
                    17:ac:53:ed:a9:06:8a:28:be:de:b7:dc:8d:d0:c6:
                    d3:56:ec:2e:19:99:e2:45:de:37:42:a8:ff:d4:0e:
                    e1:9e:57:8f:aa:73:2c:33:92:41:1e:95:94:a2:e6:
                    31:36:3f:22:6c:63:fb:f9:f9:9d:43:c7:85:92:b1:
                    57:19:ea:ef:ea:19:95:67:a8:ab:8e:1f:10:78:82:
                    5b:4b:7a:ca:a3:7a:63:e4:01:7c:db:37:dd:72:1e:
                    ea:b9:e2:11:77:dd:b8:66:5f:45:79:d7:25:30:53:
                    1c:27:be:93:00:f2:71:88:6b:18:c1:a4:bc:68:ab:
                    54:c1:05:3c:c3:83:6b:a5:a7:99:c8:da:8d:a7:b4:
                    4a:71:f3:8a:90:9b:37:60:38:a3:62:29:e8:4e:0e:
                    1a:1f:41:43:db:0c:b1:0c:28:1b:46:c1:63:5a:74:
                    85:76:d2:b5:d4:c2:a6:ac:ac:cd:95:85:1a:0c:07:
                    72:8c:60:ca:c8:e4:75:50:25:80:fa:b4:0f:dd:a2:
                    22:36:14:54:1d:9a:5b:c6:7c:24:7c:24:d2:b6:21:
                    1f:dc:60:09:71:7b:f1:25:f7:f9:5e:ff:7c:55:c4:
                    e2:cf:42:a8:2e:6c:21:d4:59:35:05:1d:b8:b9:05:
                    2a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D4:3A:D1:2B:23:59:5B:9B:60:0F:95:C4:D1:07:6A:65:9B:05:E9
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/ftQ60SsjWVubYA-VxNEHamWbBek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.172.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:9f:fe:72:cb:97:58:38:f9:cf:9b:17:81:59:8c:d6:8f:f4:
         a0:9d:86:f4:b5:78:e2:65:1d:df:f0:bc:ef:44:1f:ff:09:40:
         47:95:27:9a:f8:d8:ff:9f:ae:f5:1e:a1:3f:58:08:72:d6:15:
         c7:9d:46:af:65:60:3a:cb:4d:d6:93:55:e6:79:98:ee:7f:70:
         6c:82:a7:be:c3:4a:3e:d0:f2:24:1a:ea:84:7a:84:59:71:1a:
         b9:1f:8f:03:07:be:d5:d9:59:83:13:15:da:88:f1:00:a0:09:
         47:7c:b9:90:8a:c8:34:2d:b3:7b:8d:1c:8a:1a:25:cf:2c:03:
         08:8b:de:02:4f:32:4e:3c:18:b3:a7:02:f7:df:52:09:ea:a3:
         e4:99:6d:24:88:51:b0:fe:16:46:cd:13:22:c1:0e:3c:91:58:
         56:63:9d:b1:86:9c:ec:d7:21:0d:9c:33:6b:fd:b6:95:f1:8a:
         c2:0a:40:f9:38:02:b0:a5:ec:34:b4:9a:de:e7:94:b7:8b:8d:
         d9:c4:50:6d:d0:a1:03:c8:89:c3:94:23:c1:5e:e8:b2:ea:ee:
         20:84:0c:b2:9b:1d:8e:d7:24:87:25:0e:4e:d5:21:71:07:3b:
         08:2c:db:80:03:85:58:a5:02:9d:ed:89:16:65:f2:10:bf:b4:
         02:50:7a:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc/IGjp42op+0kUwpxbjQd8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjUwNjA1MDgwNjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWQ0M2FkMTJiMjM1OTViOWI2MDBmOTVjNGQxMDc2YTY1OWIwNWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuj+3LRdrXbunp/8zRt4XrFPtqQaK
KL7et9yN0MbTVuwuGZniRd43Qqj/1A7hnlePqnMsM5JBHpWUouYxNj8ibGP7+fmd
Q8eFkrFXGerv6hmVZ6irjh8QeIJbS3rKo3pj5AF82zfdch7queIRd924Zl9Fedcl
MFMcJ76TAPJxiGsYwaS8aKtUwQU8w4NrpaeZyNqNp7RKcfOKkJs3YDijYinoTg4a
H0FD2wyxDCgbRsFjWnSFdtK11MKmrKzNlYUaDAdyjGDKyOR1UCWA+rQP3aIiNhRU
HZpbxnwkfCTStiEf3GAJcXvxJff5Xv98VcTiz0KoLmwh1Fk1BR24uQUqKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7UOtErI1lbm2APlcTRB2plmwXpMB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvZnRRNjBTc2pXVnViWUEtVnhORUhhbVdiQmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnqzbMA0G
CSqGSIb3DQEBCwUAA4IBAQCun/5yy5dYOPnPmxeBWYzWj/SgnYb0tXjiZR3f8Lzv
RB//CUBHlSea+Nj/n671HqE/WAhy1hXHnUavZWA6y03Wk1XmeZjuf3Bsgqe+w0o+
0PIkGuqEeoRZcRq5H48DB77V2VmDExXaiPEAoAlHfLmQisg0LbN7jRyKGiXPLAMI
i94CTzJOPBizpwL331IJ6qPkmW0kiFGw/hZGzRMiwQ48kVhWY52xhpzs1yENnDNr
/baV8YrCCkD5OAKwpew0tJre55S3i43ZxFBt0KEDyInDlCPBXuiy6u4ghAyymx2O
1ySHJQ5O1SFxBzsILNuAA4VYpQKd7YkWZfIQv7QCUHpv
-----END CERTIFICATE-----