Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/F1_fRjsO4dTqumxtDsL76pdCtg4.roa
File:                     F1_fRjsO4dTqumxtDsL76pdCtg4.roa (raw, json)
Hash identifier:          0XgVQRPzj0PEWIzWBzMdSrLlPSlfOiNqMdtsfXPisjk=
Subject key identifier:   17:5F:DF:46:3B:0E:E1:D4:EA:BA:6C:6D:0E:C2:FB:EA:97:42:B6:0E
Certificate issuer:       /CN=724ea41878ee9137e7c93d6dcd31d020ec3fe461
Certificate serial:       0199BF2F63C960E1A917CE791A90ECBF962E
Authority key identifier: 72:4E:A4:18:78:EE:91:37:E7:C9:3D:6D:CD:31:D0:20:EC:3F:E4:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ck6kGHjukTfnyT1tzTHQIOw_5GE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/F1_fRjsO4dTqumxtDsL76pdCtg4.roa
Signing time:             Tue 07 Oct 2025 14:59:38 +0000
ROA not before:           Tue 07 Oct 2025 14:59:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3352
IP address blocks:        185.52.17.0/24 maxlen: 24
                          194.32.114.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/ck6kGHjukTfnyT1tzTHQIOw_5GE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/ck6kGHjukTfnyT1tzTHQIOw_5GE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ck6kGHjukTfnyT1tzTHQIOw_5GE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bf:2f:63:c9:60:e1:a9:17:ce:79:1a:90:ec:bf:96:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=724ea41878ee9137e7c93d6dcd31d020ec3fe461
        Validity
            Not Before: Oct  7 14:59:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=175fdf463b0ee1d4eaba6c6d0ec2fbea9742b60e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f6:fd:43:9b:fb:7e:c0:7a:19:3a:e3:a5:9f:
                    29:4e:2c:0e:63:81:cd:87:0a:4d:ca:f9:e8:aa:87:
                    55:3d:68:5e:3b:45:78:89:7a:c5:de:2a:6b:83:50:
                    f1:5f:0e:41:77:22:4b:c2:38:34:2a:3c:c0:5e:f4:
                    05:29:8d:49:50:96:fb:4c:70:4e:c2:3b:be:77:b7:
                    c9:e4:10:b0:89:45:0c:c2:b7:65:76:a1:7b:c9:1d:
                    75:71:a8:35:9f:37:97:99:72:b0:f4:cd:69:fe:21:
                    63:20:4f:8a:ee:ba:b2:1a:0c:5a:c4:64:da:dd:3d:
                    27:6b:b0:b7:fb:9b:29:fc:cb:0f:07:4c:25:9c:1a:
                    b4:1f:e4:7d:ab:6d:5f:95:a6:c0:83:b5:5a:42:c1:
                    5d:99:af:92:e2:7f:24:51:1f:28:1f:78:6e:9b:76:
                    3e:61:13:ab:24:7c:98:6f:47:c7:bd:09:37:b3:4d:
                    55:b3:a9:fb:1a:46:9b:85:ae:4c:ef:d7:cf:0e:6c:
                    3d:84:a6:ff:68:93:0a:06:47:41:d0:05:06:95:52:
                    e0:87:5c:ce:dc:4d:42:76:14:08:72:45:dc:8a:8c:
                    06:64:65:df:2d:49:6b:16:1d:62:9b:b0:65:07:5b:
                    5b:d4:e9:91:30:49:ee:b9:96:b4:1e:aa:0a:69:29:
                    a8:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:5F:DF:46:3B:0E:E1:D4:EA:BA:6C:6D:0E:C2:FB:EA:97:42:B6:0E
            X509v3 Authority Key Identifier:
                keyid:72:4E:A4:18:78:EE:91:37:E7:C9:3D:6D:CD:31:D0:20:EC:3F:E4:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ck6kGHjukTfnyT1tzTHQIOw_5GE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/F1_fRjsO4dTqumxtDsL76pdCtg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c254ef-34e6-48cd-9620-8d33b2a2fde8/1/ck6kGHjukTfnyT1tzTHQIOw_5GE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.17.0/24
                  194.32.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:80:2f:2d:bf:8e:8c:b0:77:a0:17:6b:6d:f4:f2:e2:8b:89:
         b7:18:7f:bb:dd:22:aa:06:c6:33:aa:94:13:07:b8:e7:e9:5d:
         cd:19:b8:25:27:25:de:54:b0:d4:a3:ec:da:1b:84:43:e8:f3:
         c7:6e:2b:01:b9:eb:32:e6:95:c7:3a:7e:9a:5d:72:ac:54:5e:
         55:bd:32:65:df:8d:7e:96:38:b4:56:df:fe:9c:c8:35:13:2c:
         b7:ec:0f:92:86:12:5a:7a:32:df:fc:e0:e9:f2:ae:13:b5:bd:
         fc:15:92:3b:d2:3e:8f:de:dc:b2:b5:f8:ce:df:55:8c:f4:ae:
         c8:10:7b:86:e2:41:38:a5:3e:f4:51:25:a4:ed:76:4a:45:4c:
         16:52:e0:1c:c4:28:83:51:38:54:03:48:f8:e1:a1:b9:61:de:
         a1:46:a1:f5:9a:bf:16:95:60:4f:2e:19:61:9c:64:fd:8c:50:
         bb:d6:0d:27:9e:37:75:12:61:93:c6:f9:56:b8:0d:6f:32:48:
         e3:10:54:09:f1:c7:3b:44:34:9d:5f:c7:43:59:45:7d:a5:22:
         91:1e:1f:42:e4:0e:9a:1f:ff:5c:19:cc:a5:f0:fc:a7:c0:62:
         61:43:79:4d:82:cd:d5:1f:0d:a4:ea:79:51:8f:c5:fd:ed:5d:
         2f:33:03:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm/L2PJYOGpF855GpDsv5YuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNGVhNDE4NzhlZTkxMzdlN2M5M2Q2ZGNkMzFkMDIwZWMz
ZmU0NjEwHhcNMjUxMDA3MTQ1OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzVmZGY0NjNiMGVlMWQ0ZWFiYTZjNmQwZWMyZmJlYTk3NDJiNjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfb9Q5v7fsB6GTrjpZ8pTiwOY4HN
hwpNyvnoqodVPWheO0V4iXrF3iprg1DxXw5BdyJLwjg0KjzAXvQFKY1JUJb7THBO
wju+d7fJ5BCwiUUMwrdldqF7yR11cag1nzeXmXKw9M1p/iFjIE+K7rqyGgxaxGTa
3T0na7C3+5sp/MsPB0wlnBq0H+R9q21flabAg7VaQsFdma+S4n8kUR8oH3hum3Y+
YROrJHyYb0fHvQk3s01Vs6n7Gkabha5M79fPDmw9hKb/aJMKBkdB0AUGlVLgh1zO
3E1CdhQIckXciowGZGXfLUlrFh1im7BlB1tb1OmRMEnuuZa0HqoKaSmoRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBdf30Y7DuHU6rpsbQ7C++qXQrYOMB8GA1UdIwQY
MBaAFHJOpBh47pE358k9bc0x0CDsP+RhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2s2a0dIanVrVGZueVQxdHpUSFFJT3dfNUdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jMjU0ZWYtMzRlNi00OGNkLTk2MjAt
OGQzM2IyYTJmZGU4LzEvRjFfZlJqc080ZFRxdW14dERzTDc2cGRDdGc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jMjU0ZWYtMzRlNi00OGNkLTk2MjAtOGQzM2IyYTJmZGU4
LzEvY2s2a0dIanVrVGZueVQxdHpUSFFJT3dfNUdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuTQRAwQB
wiByMA0GCSqGSIb3DQEBCwUAA4IBAQAkgC8tv46MsHegF2tt9PLii4m3GH+73SKq
BsYzqpQTB7jn6V3NGbglJyXeVLDUo+zaG4RD6PPHbisBuesy5pXHOn6aXXKsVF5V
vTJl341+lji0Vt/+nMg1Eyy37A+ShhJaejLf/ODp8q4Ttb38FZI70j6P3tyytfjO
31WM9K7IEHuG4kE4pT70USWk7XZKRUwWUuAcxCiDUThUA0j44aG5Yd6hRqH1mr8W
lWBPLhlhnGT9jFC71g0nnjd1EmGTxvlWuA1vMkjjEFQJ8cc7RDSdX8dDWUV9pSKR
Hh9C5A6aH/9cGcyl8PynwGJhQ3lNgs3VHw2k6nlRj8X97V0vMwNW
-----END CERTIFICATE-----