Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/FEVLyocUc6srSgG5NKC92llAoSk.roa
File:                     FEVLyocUc6srSgG5NKC92llAoSk.roa (raw, json)
Hash identifier:          U/AT3qDQIkq6fb3oDkQi2I80nDPVQViw5CnQ12p/5Wg=
Subject key identifier:   14:45:4B:CA:87:14:73:AB:2B:4A:01:B9:34:A0:BD:DA:59:40:A1:29
Certificate issuer:       /CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Certificate serial:       01998799B9AEF8F43A8435609BB97437640A
Authority key identifier: 1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/FEVLyocUc6srSgG5NKC92llAoSk.roa
Signing time:             Fri 26 Sep 2025 19:57:02 +0000
ROA not before:           Fri 26 Sep 2025 19:57:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        45.95.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:87:99:b9:ae:f8:f4:3a:84:35:60:9b:b9:74:37:64:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
        Validity
            Not Before: Sep 26 19:57:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14454bca871473ab2b4a01b934a0bdda5940a129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:d2:6f:d4:14:2f:56:1a:c5:a9:44:fa:c2:95:
                    85:36:c4:c0:75:4c:f0:f8:3e:62:82:20:81:67:2c:
                    b8:5d:85:aa:f6:7b:70:ec:f2:66:26:b8:55:38:c1:
                    a4:74:05:4a:dd:f9:8b:80:b4:0f:2f:19:09:ed:75:
                    b2:bc:47:d5:ea:82:b2:9e:16:72:4f:c8:5a:47:53:
                    b8:cc:11:8e:a7:f6:de:f0:da:89:00:3d:10:23:66:
                    63:42:90:97:b7:41:55:00:49:b6:b4:95:66:22:9d:
                    91:7a:2f:c9:8e:5c:4f:5d:e4:e1:a2:a7:bd:ad:ae:
                    65:6e:2e:3c:44:2b:15:6a:fc:31:04:7d:68:32:68:
                    a4:19:46:8a:fe:b2:16:61:09:2e:5d:17:2d:f6:4e:
                    a9:7f:d3:4e:51:0a:d8:81:02:42:f9:1a:1c:46:35:
                    56:d7:09:c9:26:ac:ed:6e:c8:03:f3:6a:a7:ef:76:
                    48:8f:75:32:68:53:65:91:ae:7c:c8:22:3e:e7:c9:
                    f6:52:d9:1f:be:dc:fe:93:96:b9:10:88:ff:e1:86:
                    14:a4:e0:51:c8:41:71:fa:69:ce:5b:1a:f5:a1:5d:
                    2c:c3:ef:2a:94:9e:17:1f:72:2f:ef:40:23:c5:82:
                    0d:d8:70:d3:45:60:aa:f7:f6:bd:46:c6:21:df:55:
                    9c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:45:4B:CA:87:14:73:AB:2B:4A:01:B9:34:A0:BD:DA:59:40:A1:29
            X509v3 Authority Key Identifier:
                keyid:1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/FEVLyocUc6srSgG5NKC92llAoSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:38:ff:15:e1:c5:ae:76:71:02:86:81:f7:ed:ca:3a:be:f2:
         a4:40:0a:1b:e4:fc:19:26:bf:b3:28:1d:95:14:1e:9f:86:f4:
         fa:2b:62:28:b1:37:35:93:43:99:c2:1c:fa:d4:9a:a8:b2:61:
         2c:c7:56:bd:af:8f:e5:8c:65:85:ce:b8:99:42:29:38:ac:38:
         20:42:7c:d7:1e:66:66:82:ea:9e:c7:c4:02:6a:67:73:87:9e:
         e0:57:96:65:36:66:33:d8:99:a8:8a:9a:89:7d:c4:01:fc:b6:
         77:d2:e3:a0:1b:32:e5:f7:c3:f0:ed:7a:11:aa:7d:9f:8a:af:
         c7:82:74:9d:e3:84:3e:a2:28:1a:5a:76:8f:c3:0c:18:0f:c4:
         3a:be:30:f6:09:c1:0b:e0:4f:02:c7:70:b6:e0:84:e9:02:a1:
         60:63:4c:93:c2:c6:b6:c2:8c:44:af:ae:3b:86:ce:48:12:31:
         9f:f7:a7:21:91:5e:e0:26:b8:6d:d9:55:03:f4:70:0b:23:d2:
         14:11:87:e3:5e:2c:17:d2:6c:73:78:b6:8e:a6:8c:41:41:cc:
         7b:10:7d:37:ae:05:3f:97:d7:b3:b5:e8:42:b9:4c:16:51:16:
         df:7f:88:75:ae:ad:8f:47:75:8d:30:45:85:3c:07:3b:cb:f1:
         34:ad:ef:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmHmbmu+PQ6hDVgm7l0N2QKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjFhYTVkMWJlZmQ3YTBmZTNlNGRmZTNhYThkYTczZWZj
ZmJhMzQwHhcNMjUwOTI2MTk1NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDQ1NGJjYTg3MTQ3M2FiMmI0YTAxYjkzNGEwYmRkYTU5NDBhMTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+NJv1BQvVhrFqUT6wpWFNsTAdUzw
+D5igiCBZyy4XYWq9ntw7PJmJrhVOMGkdAVK3fmLgLQPLxkJ7XWyvEfV6oKynhZy
T8haR1O4zBGOp/be8NqJAD0QI2ZjQpCXt0FVAEm2tJVmIp2Rei/JjlxPXeThoqe9
ra5lbi48RCsVavwxBH1oMmikGUaK/rIWYQkuXRct9k6pf9NOUQrYgQJC+RocRjVW
1wnJJqztbsgD82qn73ZIj3UyaFNlka58yCI+58n2Utkfvtz+k5a5EIj/4YYUpOBR
yEFx+mnOWxr1oV0sw+8qlJ4XH3Iv70AjxYIN2HDTRWCq9/a9RsYh31WcVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRFS8qHFHOrK0oBuTSgvdpZQKEpMB8GA1UdIwQY
MBaAFB9hql0b79eg/j5N/jqo2nPvz7o0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUt
YzYyMWU4ZGY5NWZmLzEvRkVWTHlvY1VjNnNyU2dHNU5LQzkybGxBb1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUtYzYyMWU4ZGY5NWZm
LzEvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV/PMA0G
CSqGSIb3DQEBCwUAA4IBAQB/OP8V4cWudnEChoH37co6vvKkQAob5PwZJr+zKB2V
FB6fhvT6K2IosTc1k0OZwhz61JqosmEsx1a9r4/ljGWFzriZQik4rDggQnzXHmZm
guqex8QCamdzh57gV5ZlNmYz2JmoipqJfcQB/LZ30uOgGzLl98Pw7XoRqn2fiq/H
gnSd44Q+oigaWnaPwwwYD8Q6vjD2CcEL4E8Cx3C24ITpAqFgY0yTwsa2woxEr647
hs5IEjGf96chkV7gJrht2VUD9HALI9IUEYfjXiwX0mxzeLaOpoxBQcx7EH03rgU/
l9eztehCuUwWURbff4h1rq2PR3WNMEWFPAc7y/E0re/g
-----END CERTIFICATE-----