Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/S1WNVPH-yhQYVBlY1oxGoA4pYB8.roa
File:                     S1WNVPH-yhQYVBlY1oxGoA4pYB8.roa (raw, json)
Hash identifier:          /KwKr2NjkF6vHZXTNqR2GuVfyY5uthmni4bhiTmH1io=
Subject key identifier:   4B:55:8D:54:F1:FE:CA:14:18:54:19:58:D6:8C:46:A0:0E:29:60:1F
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       0199A988400BB5537DEB4B87DD1194C2BD59
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/S1WNVPH-yhQYVBlY1oxGoA4pYB8.roa
Signing time:             Fri 03 Oct 2025 10:05:02 +0000
ROA not before:           Fri 03 Oct 2025 10:05:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213999
IP address blocks:        5.252.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:88:40:0b:b5:53:7d:eb:4b:87:dd:11:94:c2:bd:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Oct  3 10:05:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b558d54f1feca1418541958d68c46a00e29601f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b5:58:9e:65:27:82:82:ec:8f:77:19:93:40:
                    22:da:a9:63:ed:f7:0a:a6:6c:ac:61:a4:bc:35:dd:
                    a1:09:c8:6e:1e:2f:95:19:1b:4b:4f:35:56:7b:31:
                    ba:9c:41:15:d3:64:8d:fb:23:bf:41:e5:10:4e:b8:
                    cd:23:a2:2b:a7:24:d0:5f:0a:bf:72:7e:da:39:66:
                    3b:52:ef:94:6f:1c:7d:7e:6b:77:1c:a2:f3:6a:9b:
                    bb:b2:29:c2:78:2e:f9:92:55:ee:4b:f9:7b:5a:60:
                    a6:0b:5d:f8:25:af:ce:fb:84:c5:7e:91:6c:c5:26:
                    14:96:40:68:33:09:84:03:ff:06:e4:89:13:06:1d:
                    51:95:5b:00:c2:52:72:36:18:e0:df:c4:4d:69:ea:
                    b1:cb:8c:2e:20:97:6c:54:9c:d1:22:bf:b8:7a:ad:
                    31:62:7d:61:a4:82:f2:d5:a5:92:72:4f:66:16:f5:
                    d2:18:c8:1d:55:da:4d:e5:0a:88:b2:a5:77:6c:c8:
                    0e:da:0e:47:a7:c5:04:bd:e1:ef:51:ba:07:92:55:
                    cb:11:a5:a5:f2:fd:95:66:f8:60:e9:3c:d1:06:63:
                    8d:90:47:c1:13:2b:77:de:88:8f:b5:bd:9c:76:72:
                    dc:e1:8b:8e:3a:f5:2a:a5:39:d8:bf:83:d3:cc:d3:
                    fa:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:55:8D:54:F1:FE:CA:14:18:54:19:58:D6:8C:46:A0:0E:29:60:1F
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/S1WNVPH-yhQYVBlY1oxGoA4pYB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:c6:0b:b2:9b:a6:49:a8:b0:03:7e:25:48:52:44:5f:ec:8b:
         18:59:1a:b5:50:74:34:7a:e2:44:89:4d:9e:8f:28:10:11:58:
         ee:e4:94:64:af:bc:ac:97:ce:1e:f8:67:a8:ad:d0:a4:60:9e:
         2b:62:95:e5:28:d9:0a:ad:41:c5:05:3f:d6:da:84:f3:a9:c1:
         01:c3:10:fe:d3:05:ce:7a:6f:77:d3:d0:da:3e:38:8b:23:31:
         d4:13:26:38:28:42:51:8a:23:81:28:d5:33:31:78:fe:57:ea:
         e6:6a:92:27:94:12:ef:dc:cd:08:9f:fb:b9:1e:b5:02:da:cf:
         18:7d:b6:cd:b3:f9:d4:8a:7f:59:c9:94:d7:71:d9:53:27:27:
         47:f3:f8:d8:08:5b:38:c0:26:70:87:9a:b4:40:28:00:86:d2:
         27:f6:69:b5:f4:fe:0b:df:11:a8:5f:0e:67:00:cb:82:1a:ec:
         ea:45:62:39:0d:fe:47:da:c5:5b:58:fa:33:6a:fe:22:0c:0f:
         26:c4:aa:2c:3c:f5:96:e0:d8:9e:3f:5a:22:e3:93:e6:e3:b1:
         26:b8:34:16:57:f6:fb:82:4e:59:8d:2f:08:de:05:0f:ad:ff:
         07:22:e9:67:06:9f:12:d6:f5:22:33:03:65:bc:8d:7b:9f:eb:
         af:b1:87:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmpiEALtVN960uH3RGUwr1ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjUxMDAzMTAwNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjU1OGQ1NGYxZmVjYTE0MTg1NDE5NThkNjhjNDZhMDBlMjk2MDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrVYnmUngoLsj3cZk0Ai2qlj7fcK
pmysYaS8Nd2hCchuHi+VGRtLTzVWezG6nEEV02SN+yO/QeUQTrjNI6IrpyTQXwq/
cn7aOWY7Uu+Ubxx9fmt3HKLzapu7sinCeC75klXuS/l7WmCmC134Ja/O+4TFfpFs
xSYUlkBoMwmEA/8G5IkTBh1RlVsAwlJyNhjg38RNaeqxy4wuIJdsVJzRIr+4eq0x
Yn1hpILy1aWSck9mFvXSGMgdVdpN5QqIsqV3bMgO2g5Hp8UEveHvUboHklXLEaWl
8v2VZvhg6TzRBmONkEfBEyt33oiPtb2cdnLc4YuOOvUqpTnYv4PTzNP65QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtVjVTx/soUGFQZWNaMRqAOKWAfMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvUzFXTlZQSC15aFFZVkJsWTFveEdvQTRwWUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfwUMA0G
CSqGSIb3DQEBCwUAA4IBAQAQxguym6ZJqLADfiVIUkRf7IsYWRq1UHQ0euJEiU2e
jygQEVju5JRkr7ysl84e+GeordCkYJ4rYpXlKNkKrUHFBT/W2oTzqcEBwxD+0wXO
em9309DaPjiLIzHUEyY4KEJRiiOBKNUzMXj+V+rmapInlBLv3M0In/u5HrUC2s8Y
fbbNs/nUin9ZyZTXcdlTJydH8/jYCFs4wCZwh5q0QCgAhtIn9mm19P4L3xGoXw5n
AMuCGuzqRWI5Df5H2sVbWPozav4iDA8mxKosPPWW4NieP1oi45Pm47EmuDQWV/b7
gk5ZjS8I3gUPrf8HIulnBp8S1vUiMwNlvI17n+uvsYfl
-----END CERTIFICATE-----