Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lhWungYId28Z02yoSUXAPJp8p2g.roa
File:                     lhWungYId28Z02yoSUXAPJp8p2g.roa (raw, json)
Hash identifier:          jUPBG56suyYnLVkV5TXPLSzT+NXrO0Ij56UM7jfPvPQ=
Subject key identifier:   96:15:AE:9E:06:08:77:6F:19:D3:6C:A8:49:45:C0:3C:9A:7C:A7:68
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01995C77DEB0275A9CF690C58D41F280A803
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lhWungYId28Z02yoSUXAPJp8p2g.roa
Signing time:             Thu 18 Sep 2025 10:56:23 +0000
ROA not before:           Thu 18 Sep 2025 10:56:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        195.58.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:77:de:b0:27:5a:9c:f6:90:c5:8d:41:f2:80:a8:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 18 10:56:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9615ae9e0608776f19d36ca84945c03c9a7ca768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:67:8d:60:78:a1:43:32:0f:87:30:67:61:c0:
                    2d:55:fb:e9:b7:f7:c0:79:27:93:00:15:50:42:be:
                    9e:62:9f:27:3e:49:78:15:b7:ba:f3:cd:f2:56:3b:
                    1a:67:b4:7d:25:28:e6:1b:ad:0b:71:7b:8c:e2:0a:
                    14:bc:30:30:05:4a:a0:93:4f:0b:52:de:ee:63:44:
                    db:ed:57:50:e8:5e:38:f0:7c:59:a7:cc:32:41:3c:
                    ef:e5:a5:18:07:3c:01:c1:4a:6e:7a:27:e0:66:f7:
                    74:0f:dd:84:46:dd:0c:15:ff:76:23:f1:e3:a6:d1:
                    2e:ad:64:a9:03:58:aa:4a:ab:d3:8c:8c:6b:a5:da:
                    34:9b:bb:06:ac:ea:33:ef:2f:4d:59:1d:b1:cb:25:
                    20:5c:36:4c:9e:4c:06:09:07:b9:20:0e:cd:93:07:
                    8d:9d:3e:2e:97:7f:f7:a6:c9:16:00:b9:75:74:da:
                    89:64:54:5a:60:65:e2:e0:ca:c6:7d:29:bd:ce:7b:
                    c5:86:7d:17:b3:cb:55:cf:20:c9:16:0f:77:62:55:
                    b7:5d:25:f0:f7:b8:5f:20:bd:07:5a:c9:57:83:7f:
                    d3:c2:4b:67:04:30:37:84:df:81:05:28:ea:9f:5d:
                    bf:fe:cb:4c:43:57:88:33:e0:6d:a6:44:23:26:f5:
                    8a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:15:AE:9E:06:08:77:6F:19:D3:6C:A8:49:45:C0:3C:9A:7C:A7:68
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lhWungYId28Z02yoSUXAPJp8p2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:47:78:f8:99:cd:6e:59:d7:49:e4:69:e2:8b:fd:93:ce:d2:
         b2:6c:9c:62:c4:82:04:97:07:3c:16:32:ed:64:66:19:c7:2a:
         b9:ca:8b:b8:25:85:da:ce:43:5a:5b:0c:5a:24:a2:f4:49:b2:
         68:df:b4:23:bc:b8:8f:ff:0a:27:31:90:2b:8a:42:90:04:cb:
         3f:ea:cd:af:95:ab:49:40:b5:52:1b:34:34:27:74:2e:c6:67:
         8e:39:cf:67:29:6f:fe:ed:6c:ee:df:cc:ee:e4:f8:13:d4:b1:
         8b:65:ec:13:b3:30:79:91:bd:e9:26:5a:40:ac:6e:99:25:37:
         1d:56:82:33:2b:a5:2d:58:0d:5c:01:39:c2:da:c5:ae:7e:d0:
         55:0d:ab:39:02:4d:ac:6e:ac:5c:da:9e:ad:c5:12:a6:74:7e:
         93:bf:15:8b:95:da:fb:22:14:55:b5:e5:7e:e5:a0:b3:4d:c7:
         25:29:ec:44:7b:22:1e:78:34:1c:01:d7:7a:ab:31:a6:24:e3:
         58:c8:8e:12:d5:01:e2:a1:aa:6c:2d:de:b5:2c:df:44:93:6d:
         e7:a5:9f:af:b8:05:25:32:e6:ea:e8:74:94:32:81:10:99:a2:
         a6:f8:9e:a8:0a:3a:95:7f:e2:2a:37:df:b7:56:85:b9:a8:1d:
         7a:b4:5b:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlcd96wJ1qc9pDFjUHygKgDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwOTE4MTA1NjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjE1YWU5ZTA2MDg3NzZmMTlkMzZjYTg0OTQ1YzAzYzlhN2NhNzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGeNYHihQzIPhzBnYcAtVfvpt/fA
eSeTABVQQr6eYp8nPkl4Fbe6883yVjsaZ7R9JSjmG60LcXuM4goUvDAwBUqgk08L
Ut7uY0Tb7VdQ6F448HxZp8wyQTzv5aUYBzwBwUpueifgZvd0D92ERt0MFf92I/Hj
ptEurWSpA1iqSqvTjIxrpdo0m7sGrOoz7y9NWR2xyyUgXDZMnkwGCQe5IA7NkweN
nT4ul3/3pskWALl1dNqJZFRaYGXi4MrGfSm9znvFhn0Xs8tVzyDJFg93YlW3XSXw
97hfIL0HWslXg3/TwktnBDA3hN+BBSjqn12//stMQ1eIM+BtpkQjJvWKiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYVrp4GCHdvGdNsqElFwDyafKdoMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbGhXdW5nWUlkMjhaMDJ5b1NVWEFQSnA4cDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwzooMA0G
CSqGSIb3DQEBCwUAA4IBAQBdR3j4mc1uWddJ5Gnii/2TztKybJxixIIElwc8FjLt
ZGYZxyq5you4JYXazkNaWwxaJKL0SbJo37QjvLiP/wonMZArikKQBMs/6s2vlatJ
QLVSGzQ0J3QuxmeOOc9nKW/+7Wzu38zu5PgT1LGLZewTszB5kb3pJlpArG6ZJTcd
VoIzK6UtWA1cATnC2sWuftBVDas5Ak2sbqxc2p6txRKmdH6TvxWLldr7IhRVteV+
5aCzTcclKexEeyIeeDQcAdd6qzGmJONYyI4S1QHioapsLd61LN9Ek23npZ+vuAUl
Mubq6HSUMoEQmaKm+J6oCjqVf+IqN9+3VoW5qB16tFtU
-----END CERTIFICATE-----