Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/VzUVQUcd7OnmjAnSFD9XEdaKHBo.roa
File:                     VzUVQUcd7OnmjAnSFD9XEdaKHBo.roa (raw, json)
Hash identifier:          v5QHIOhAyXcKwswCFZQCXWUhqfqv61whE/aKu+RfMmg=
Subject key identifier:   57:35:15:41:47:1D:EC:E9:E6:8C:09:D2:14:3F:57:11:D6:8A:1C:1A
Certificate issuer:       /CN=495e500149ce8d71b9604b589e0c32fea07a98b8
Certificate serial:       019BA28D66268178E7F8C1AAA85749AD3EA5
Authority key identifier: 49:5E:50:01:49:CE:8D:71:B9:60:4B:58:9E:0C:32:FE:A0:7A:98:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SV5QAUnOjXG5YEtYngwy_qB6mLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/VzUVQUcd7OnmjAnSFD9XEdaKHBo.roa
Signing time:             Fri 09 Jan 2026 11:38:54 +0000
ROA not before:           Fri 09 Jan 2026 11:38:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209034
IP address blocks:        195.182.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/SV5QAUnOjXG5YEtYngwy_qB6mLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/SV5QAUnOjXG5YEtYngwy_qB6mLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SV5QAUnOjXG5YEtYngwy_qB6mLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:a2:8d:66:26:81:78:e7:f8:c1:aa:a8:57:49:ad:3e:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=495e500149ce8d71b9604b589e0c32fea07a98b8
        Validity
            Not Before: Jan  9 11:38:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=57351541471dece9e68c09d2143f5711d68a1c1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c6:fa:30:c2:b6:77:05:aa:f0:0d:2c:df:2d:
                    14:32:2e:1c:e2:29:78:98:e3:6d:53:07:aa:72:26:
                    92:30:8f:49:82:66:87:25:a5:a2:5f:17:1e:a9:b8:
                    f7:b9:08:14:96:38:ce:02:be:ca:c3:68:60:ae:f0:
                    e7:90:0f:d3:d2:ef:08:fa:58:01:55:3f:13:5e:26:
                    81:68:34:28:f4:f0:a7:04:66:fa:a6:c2:a5:cd:42:
                    7e:82:90:00:b4:e7:29:0a:e3:73:ab:ab:f8:2a:af:
                    52:d9:43:2a:ed:db:a5:42:9e:bf:2c:7d:d6:8d:89:
                    99:b4:e0:03:7d:4a:d0:39:8d:5b:13:4d:cb:e7:21:
                    88:77:50:e8:2d:9f:b5:49:47:ce:7d:24:2f:d6:fe:
                    ae:82:98:70:a0:1c:d7:43:c9:61:de:65:2e:83:d5:
                    80:e2:8a:48:85:f7:cd:5a:a4:07:70:ef:96:14:3b:
                    c7:8d:1f:33:55:17:68:de:63:d3:af:34:3b:2f:e1:
                    15:4b:ba:ef:bb:a9:de:cd:7c:09:0e:15:11:bf:2f:
                    48:8a:6f:4e:ed:04:92:28:fb:02:79:85:2f:57:0c:
                    ea:df:90:7b:cc:ad:fd:35:23:68:a2:af:36:33:cb:
                    81:99:15:fd:88:36:7c:1e:a6:3f:2b:ab:c9:39:68:
                    28:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:35:15:41:47:1D:EC:E9:E6:8C:09:D2:14:3F:57:11:D6:8A:1C:1A
            X509v3 Authority Key Identifier:
                keyid:49:5E:50:01:49:CE:8D:71:B9:60:4B:58:9E:0C:32:FE:A0:7A:98:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SV5QAUnOjXG5YEtYngwy_qB6mLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/VzUVQUcd7OnmjAnSFD9XEdaKHBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/SV5QAUnOjXG5YEtYngwy_qB6mLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:59:5f:6c:22:c3:9b:2a:76:68:1f:ff:d6:82:08:1e:d0:2d:
         01:45:d7:b2:b3:9d:ee:f8:28:ec:a2:13:3e:3d:b1:d3:7d:d6:
         c6:d3:c7:c7:8f:ff:58:1e:8f:79:88:b4:77:f4:dd:c3:b0:84:
         d7:c8:8e:45:bf:bf:5c:10:24:0a:3b:8b:68:c9:a3:5c:f3:25:
         90:07:3c:e6:4f:e3:45:f4:b1:dc:ce:17:c0:12:d2:d1:78:ca:
         81:c1:28:85:3f:d5:d2:98:5f:0f:9d:dd:16:13:0e:b9:ae:65:
         4f:d8:53:3a:a0:24:3f:88:33:9f:a7:99:72:6c:71:29:05:26:
         0f:95:82:d4:ff:d0:3e:a9:91:ab:cb:b9:5d:07:0f:9f:fa:32:
         46:31:4a:b9:ea:c5:9d:d7:a8:35:83:80:db:1f:45:8c:cf:17:
         1c:06:8d:b8:cb:1b:9e:69:83:ec:d6:05:74:c5:12:e0:17:57:
         80:5e:ac:3e:dd:cd:fd:4a:6d:10:58:4e:60:bd:82:94:18:57:
         47:12:78:02:7b:2c:3a:9d:f3:e8:34:41:32:7b:f8:ed:ef:7d:
         44:0e:2c:1e:24:b3:c8:7e:84:2b:ad:0a:c0:d4:57:7d:54:e5:
         5d:a1:cf:63:79:9e:39:36:85:ba:57:67:fd:3e:a5:65:e8:69:
         95:c3:79:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuijWYmgXjn+MGqqFdJrT6lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NWU1MDAxNDljZThkNzFiOTYwNGI1ODllMGMzMmZlYTA3
YTk4YjgwHhcNMjYwMTA5MTEzODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzM1MTU0MTQ3MWRlY2U5ZTY4YzA5ZDIxNDNmNTcxMWQ2OGExYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48b6MMK2dwWq8A0s3y0UMi4c4il4
mONtUweqciaSMI9JgmaHJaWiXxceqbj3uQgUljjOAr7Kw2hgrvDnkA/T0u8I+lgB
VT8TXiaBaDQo9PCnBGb6psKlzUJ+gpAAtOcpCuNzq6v4Kq9S2UMq7dulQp6/LH3W
jYmZtOADfUrQOY1bE03L5yGId1DoLZ+1SUfOfSQv1v6ugphwoBzXQ8lh3mUug9WA
4opIhffNWqQHcO+WFDvHjR8zVRdo3mPTrzQ7L+EVS7rvu6nezXwJDhURvy9Iim9O
7QSSKPsCeYUvVwzq35B7zK39NSNooq82M8uBmRX9iDZ8HqY/K6vJOWgoFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFc1FUFHHezp5owJ0hQ/VxHWihwaMB8GA1UdIwQY
MBaAFEleUAFJzo1xuWBLWJ4MMv6gepi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1Y1UUFVbk9qWEc1WUV0WW5nd3lfcUI2bUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9lMGNmNDMtZTRjMC00NmY3LWJkZTgt
MTZmZDViYTRmMGU0LzEvVnpVVlFVY2Q3T25takFuU0ZEOVhFZGFLSEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9lMGNmNDMtZTRjMC00NmY3LWJkZTgtMTZmZDViYTRmMGU0
LzEvU1Y1UUFVbk9qWEc1WUV0WW5nd3lfcUI2bUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YZMA0G
CSqGSIb3DQEBCwUAA4IBAQBRWV9sIsObKnZoH//Wggge0C0BRdeys53u+CjsohM+
PbHTfdbG08fHj/9YHo95iLR39N3DsITXyI5Fv79cECQKO4toyaNc8yWQBzzmT+NF
9LHczhfAEtLReMqBwSiFP9XSmF8Pnd0WEw65rmVP2FM6oCQ/iDOfp5lybHEpBSYP
lYLU/9A+qZGry7ldBw+f+jJGMUq56sWd16g1g4DbH0WMzxccBo24yxueaYPs1gV0
xRLgF1eAXqw+3c39Sm0QWE5gvYKUGFdHEngCeyw6nfPoNEEye/jt731EDiweJLPI
foQrrQrA1Fd9VOVdoc9jeZ45NoW6V2f9PqVl6GmVw3n7
-----END CERTIFICATE-----