Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/RpFEf2i-KdvJWns5f60QFIiul8A.roa
File:                     RpFEf2i-KdvJWns5f60QFIiul8A.roa (raw, json)
Hash identifier:          IhnLzk7nknFDNbFcmh5KMyW66l5exCsFA25jgANhkOU=
Subject key identifier:   46:91:44:7F:68:BE:29:DB:C9:5A:7B:39:7F:AD:10:14:88:AE:97:C0
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       01999B1B038511080F4876EDA3FC68BA644F
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/RpFEf2i-KdvJWns5f60QFIiul8A.roa
Signing time:             Tue 30 Sep 2025 14:51:02 +0000
ROA not before:           Tue 30 Sep 2025 14:51:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209847
IP address blocks:        5.252.21.0/24 maxlen: 24
                          5.252.22.0/24 maxlen: 24
                          5.252.23.0/24 maxlen: 24
                          146.19.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9b:1b:03:85:11:08:0f:48:76:ed:a3:fc:68:ba:64:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Sep 30 14:51:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4691447f68be29dbc95a7b397fad101488ae97c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c1:d4:5c:27:b1:89:80:93:f3:5b:64:24:e5:
                    b0:b9:9d:91:1e:30:17:30:1a:55:e5:65:a8:46:7b:
                    a8:d6:57:4c:0f:d6:ce:ae:34:79:ed:73:2b:d7:cf:
                    45:b3:35:8c:0f:a4:c0:3c:93:2d:db:05:30:b0:78:
                    8c:81:e8:9e:a1:1b:7f:bd:6b:c5:2f:24:f9:9f:ed:
                    90:2c:4d:63:64:4c:70:e4:1a:b8:4e:4a:ae:42:d8:
                    cd:ab:15:d8:59:a3:dd:db:16:35:25:6c:89:b2:d7:
                    61:cd:98:44:2c:20:d1:d9:86:c6:b9:20:1e:70:e6:
                    d9:0e:c9:96:c6:e7:9b:76:89:d6:46:3c:bb:cf:bc:
                    b3:36:25:ef:28:18:15:f4:a3:53:41:e8:e1:1d:da:
                    37:2f:b0:df:30:b1:b1:81:8e:07:68:1e:fa:ae:d5:
                    9b:c7:3c:de:ca:9d:ea:f4:6e:b0:f8:f5:e5:27:37:
                    d5:24:5e:b2:21:c1:f6:e4:05:a5:f2:f0:62:c5:7b:
                    ff:57:89:1e:64:b7:ad:9b:1b:6a:59:f2:3c:03:c9:
                    c4:fa:e2:ab:8d:1f:4a:08:4e:2e:41:55:88:6f:b9:
                    47:70:d4:2f:10:1f:ce:08:7c:68:f2:73:51:e5:8a:
                    2a:0c:ca:48:ca:2e:9b:2c:51:1f:37:b2:03:e2:40:
                    36:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:91:44:7F:68:BE:29:DB:C9:5A:7B:39:7F:AD:10:14:88:AE:97:C0
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/RpFEf2i-KdvJWns5f60QFIiul8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.21.0-5.252.23.255
                  146.19.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:63:7a:b7:b4:6d:27:9f:c3:a5:f9:39:81:ca:bf:6d:d8:4d:
         ae:80:20:7d:0d:d3:81:50:c7:f2:d4:1d:e2:a0:82:cc:44:d2:
         55:36:23:a0:8a:7e:34:ed:82:11:6b:e9:70:63:f4:3e:19:52:
         48:4e:7f:5a:c3:72:33:63:b3:35:21:6e:c0:31:cb:20:5a:81:
         b5:4e:5b:08:eb:06:38:c2:6e:04:45:2e:56:5d:15:e9:19:b6:
         dc:81:32:a3:ac:ff:b5:ae:92:ee:13:43:bb:4a:ad:43:b3:3c:
         8c:be:01:df:48:40:08:32:31:96:03:19:a6:58:00:43:68:42:
         29:c9:7e:64:c5:c1:3f:85:99:ad:2e:c6:ff:40:bc:55:99:6b:
         b3:e1:f5:67:6b:31:20:e2:ca:f1:db:bf:0d:a9:49:8e:18:aa:
         e7:bc:e0:46:8f:76:a8:80:41:af:da:04:25:fe:05:15:cd:b4:
         a0:83:6e:2a:6a:72:f3:35:bc:80:9a:8c:08:eb:2d:69:40:51:
         21:a3:1c:c7:a9:9a:ec:8d:a8:7a:e3:13:7a:ba:f5:59:4d:a2:
         98:d3:73:53:9d:4f:7a:a2:64:09:39:65:a8:40:45:e2:51:1b:
         65:44:00:bf:be:8a:3c:92:e8:ed:58:46:f6:1f:d4:4c:b3:5c:
         be:f0:04:e9
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZmbGwOFEQgPSHbto/xoumRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjUwOTMwMTQ1MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjkxNDQ3ZjY4YmUyOWRiYzk1YTdiMzk3ZmFkMTAxNDg4YWU5N2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8HUXCexiYCT81tkJOWwuZ2RHjAX
MBpV5WWoRnuo1ldMD9bOrjR57XMr189FszWMD6TAPJMt2wUwsHiMgeieoRt/vWvF
LyT5n+2QLE1jZExw5Bq4TkquQtjNqxXYWaPd2xY1JWyJstdhzZhELCDR2YbGuSAe
cObZDsmWxuebdonWRjy7z7yzNiXvKBgV9KNTQejhHdo3L7DfMLGxgY4HaB76rtWb
xzzeyp3q9G6w+PXlJzfVJF6yIcH25AWl8vBixXv/V4keZLetmxtqWfI8A8nE+uKr
jR9KCE4uQVWIb7lHcNQvEB/OCHxo8nNR5YoqDMpIyi6bLFEfN7ID4kA2iwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEaRRH9ovinbyVp7OX+tEBSIrpfAMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvUnBGRWYyaS1LZHZKV25zNWY2MFFGSWl1bDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAF/BUD
BAMF/BADBACSE+kwDQYJKoZIhvcNAQELBQADggEBAHVjere0bSefw6X5OYHKv23Y
Ta6AIH0N04FQx/LUHeKggsxE0lU2I6CKfjTtghFr6XBj9D4ZUkhOf1rDcjNjszUh
bsAxyyBagbVOWwjrBjjCbgRFLlZdFekZttyBMqOs/7Wuku4TQ7tKrUOzPIy+Ad9I
QAgyMZYDGaZYAENoQinJfmTFwT+Fma0uxv9AvFWZa7Ph9WdrMSDiyvHbvw2pSY4Y
que84EaPdqiAQa/aBCX+BRXNtKCDbipqcvM1vICajAjrLWlAUSGjHMepmuyNqHrj
E3q69VlNopjTc1OdT3qiZAk5ZahAReJRG2VEAL++ijyS6O1YRvYf1EyzXL7wBOk=
-----END CERTIFICATE-----