Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/f54f3a-6b8a-48c3-b2de-77a9c529777c/1/4zImklvcYAVPCVi7B7vGd1c4iRU.roa
File:                     4zImklvcYAVPCVi7B7vGd1c4iRU.roa (raw, json)
Hash identifier:          nvTLIvIJofO2R9HrAaQpvAKjEbVKJcVlnQNjC2GDKUY=
Subject key identifier:   E3:32:26:92:5B:DC:60:05:4F:09:58:BB:07:BB:C6:77:57:38:89:15
Certificate issuer:       /CN=3719f19b0add8d0c2877c8ba7fe0a589309bb144
Certificate serial:       0199BEF89C1EC0F89CDA2BE6076617D79101
Authority key identifier: 37:19:F1:9B:0A:DD:8D:0C:28:77:C8:BA:7F:E0:A5:89:30:9B:B1:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NxnxmwrdjQwod8i6f-CliTCbsUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/f54f3a-6b8a-48c3-b2de-77a9c529777c/1/4zImklvcYAVPCVi7B7vGd1c4iRU.roa
Signing time:             Tue 07 Oct 2025 13:59:47 +0000
ROA not before:           Tue 07 Oct 2025 13:59:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57455
IP address blocks:        193.222.52.0/22 maxlen: 22
                          193.222.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/f54f3a-6b8a-48c3-b2de-77a9c529777c/1/NxnxmwrdjQwod8i6f-CliTCbsUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/f54f3a-6b8a-48c3-b2de-77a9c529777c/1/NxnxmwrdjQwod8i6f-CliTCbsUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NxnxmwrdjQwod8i6f-CliTCbsUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:be:f8:9c:1e:c0:f8:9c:da:2b:e6:07:66:17:d7:91:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3719f19b0add8d0c2877c8ba7fe0a589309bb144
        Validity
            Not Before: Oct  7 13:59:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e33226925bdc60054f0958bb07bbc67757388915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:dd:66:8d:da:1d:93:5c:ad:94:87:89:ff:d4:
                    a7:0d:64:13:5e:6d:aa:3a:55:2d:94:48:6d:75:05:
                    78:43:86:f7:25:8c:98:83:50:8a:77:42:b5:37:d9:
                    29:96:6c:5b:12:4a:38:41:26:42:8a:89:36:be:df:
                    64:dd:82:d5:14:32:8d:2a:3f:16:2e:34:52:24:33:
                    a4:f5:9e:c3:f1:14:d4:f7:36:59:ef:0c:28:68:38:
                    61:27:95:ad:2b:b4:48:4e:88:bb:fc:05:32:a5:51:
                    c4:35:f3:44:f7:30:7d:cd:63:8e:9d:e7:6d:d2:38:
                    79:4a:18:57:78:2c:34:c5:3c:07:a1:26:36:29:12:
                    fb:c7:db:b1:9d:db:3b:26:c4:b6:67:1c:38:b4:3e:
                    75:88:30:90:17:09:be:15:a1:a4:23:ae:4a:95:a1:
                    b3:73:1e:ac:d7:98:5c:c9:6c:e6:6f:41:32:05:5e:
                    28:a3:3f:07:b0:8b:54:39:1d:ac:43:4c:59:08:b9:
                    c2:08:22:64:54:7a:6d:26:06:a9:26:e9:ef:c4:1d:
                    f4:1f:18:99:41:6c:c3:58:a8:29:07:cc:26:23:4c:
                    8a:26:a5:ff:7e:0c:29:6d:b2:6c:5d:7b:6f:38:5e:
                    79:6c:3a:23:6f:8c:0d:6d:7e:41:22:66:9c:80:ac:
                    6a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:32:26:92:5B:DC:60:05:4F:09:58:BB:07:BB:C6:77:57:38:89:15
            X509v3 Authority Key Identifier:
                keyid:37:19:F1:9B:0A:DD:8D:0C:28:77:C8:BA:7F:E0:A5:89:30:9B:B1:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NxnxmwrdjQwod8i6f-CliTCbsUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/f54f3a-6b8a-48c3-b2de-77a9c529777c/1/4zImklvcYAVPCVi7B7vGd1c4iRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/f54f3a-6b8a-48c3-b2de-77a9c529777c/1/NxnxmwrdjQwod8i6f-CliTCbsUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:41:db:43:b0:6a:ab:ae:08:57:9b:dd:ec:eb:2f:54:75:b6:
         b1:07:e2:f8:d2:c2:95:ea:8c:cb:91:22:fd:3a:e4:bd:50:25:
         c9:9e:b2:81:58:4b:bb:9c:bd:14:7e:db:28:14:dd:34:b9:9e:
         03:ab:b1:48:40:1d:3d:ac:85:77:0d:ec:61:2d:b3:04:9e:18:
         32:38:aa:a6:39:ee:22:97:da:0f:11:e5:f8:53:ea:aa:6f:d1:
         5a:20:89:aa:9b:02:3c:80:d5:9c:bf:bc:6f:e6:45:5a:06:aa:
         10:d5:f5:d1:e2:44:93:63:ff:3c:dd:31:27:d4:14:28:c0:f6:
         ca:3e:67:3c:12:93:68:e8:0b:95:0f:0c:b7:85:1e:b1:d3:f9:
         2f:41:83:cc:af:31:97:e4:5d:77:e0:12:ca:b3:f4:6b:74:f1:
         c8:4b:11:b6:92:75:b3:21:80:d6:ad:6a:a0:6d:f6:00:8f:4b:
         f7:1f:fd:18:e6:4a:45:8a:c7:c5:e2:eb:0e:94:a2:d8:58:09:
         4c:41:af:8f:41:91:34:70:97:a3:4f:c2:1c:b5:6a:be:a6:ca:
         76:29:d5:73:c7:9a:40:66:1a:7b:08:19:3c:38:a2:71:34:36:
         6d:de:24:20:e2:32:79:b7:75:19:d2:cc:65:0e:51:74:ce:6c:
         94:a2:d8:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm++JwewPic2ivmB2YX15EBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MTlmMTliMGFkZDhkMGMyODc3YzhiYTdmZTBhNTg5MzA5
YmIxNDQwHhcNMjUxMDA3MTM1OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzMyMjY5MjViZGM2MDA1NGYwOTU4YmIwN2JiYzY3NzU3Mzg4OTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm91mjdodk1ytlIeJ/9SnDWQTXm2q
OlUtlEhtdQV4Q4b3JYyYg1CKd0K1N9kplmxbEko4QSZCiok2vt9k3YLVFDKNKj8W
LjRSJDOk9Z7D8RTU9zZZ7wwoaDhhJ5WtK7RIToi7/AUypVHENfNE9zB9zWOOnedt
0jh5ShhXeCw0xTwHoSY2KRL7x9uxnds7JsS2Zxw4tD51iDCQFwm+FaGkI65KlaGz
cx6s15hcyWzmb0EyBV4ooz8HsItUOR2sQ0xZCLnCCCJkVHptJgapJunvxB30HxiZ
QWzDWKgpB8wmI0yKJqX/fgwpbbJsXXtvOF55bDojb4wNbX5BImacgKxqiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMyJpJb3GAFTwlYuwe7xndXOIkVMB8GA1UdIwQY
MBaAFDcZ8ZsK3Y0MKHfIun/gpYkwm7FEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnhueG13cmRqUXdvZDhpNmYtQ2xpVENic1VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mNTRmM2EtNmI4YS00OGMzLWIyZGUt
NzdhOWM1Mjk3NzdjLzEvNHpJbWtsdmNZQVZQQ1ZpN0I3dkdkMWM0aVJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mNTRmM2EtNmI4YS00OGMzLWIyZGUtNzdhOWM1Mjk3Nzdj
LzEvTnhueG13cmRqUXdvZDhpNmYtQ2xpVENic1VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwd40MA0G
CSqGSIb3DQEBCwUAA4IBAQCnQdtDsGqrrghXm93s6y9UdbaxB+L40sKV6ozLkSL9
OuS9UCXJnrKBWEu7nL0UftsoFN00uZ4Dq7FIQB09rIV3DexhLbMEnhgyOKqmOe4i
l9oPEeX4U+qqb9FaIImqmwI8gNWcv7xv5kVaBqoQ1fXR4kSTY/883TEn1BQowPbK
Pmc8EpNo6AuVDwy3hR6x0/kvQYPMrzGX5F134BLKs/RrdPHISxG2knWzIYDWrWqg
bfYAj0v3H/0Y5kpFisfF4usOlKLYWAlMQa+PQZE0cJejT8IctWq+psp2KdVzx5pA
Zhp7CBk8OKJxNDZt3iQg4jJ5t3UZ0sxlDlF0zmyUotiq
-----END CERTIFICATE-----