Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1-FlMZ2iVp0PK59hYohUpF1fEFpM.roa
File:                     1-FlMZ2iVp0PK59hYohUpF1fEFpM.roa (raw, json)
Hash identifier:          DLkB/oUfrkNpk54pGttQDe+l2ZtNj+9KIqbghinn9Hg=
Subject key identifier:   F8:59:4C:67:68:95:A7:43:CA:E7:D8:58:A2:15:29:17:57:C4:16:93
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0199EC2FCB4CDEF3B1C6E4B1DB3086DC72E7
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1-FlMZ2iVp0PK59hYohUpF1fEFpM.roa
Signing time:             Thu 16 Oct 2025 08:42:59 +0000
ROA not before:           Thu 16 Oct 2025 08:42:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213679
IP address blocks:        217.156.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ec:2f:cb:4c:de:f3:b1:c6:e4:b1:db:30:86:dc:72:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Oct 16 08:42:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8594c676895a743cae7d858a215291757c41693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:97:c6:56:4b:a7:7b:3d:d1:88:a5:27:60:36:
                    30:96:c7:56:20:b3:cf:45:a8:31:0a:43:d6:fd:79:
                    20:21:93:d7:29:00:67:3a:7b:4d:5e:49:9f:5f:e7:
                    05:1c:45:cb:9d:84:a8:c9:d0:18:65:e3:a6:02:0a:
                    16:33:20:36:81:a3:6b:2f:54:ef:87:b9:b9:50:66:
                    49:1f:1a:75:06:0f:9c:b3:1f:a9:cf:1a:f4:d3:54:
                    4c:50:9a:2e:9c:f5:b9:42:bd:6b:70:ff:32:a3:73:
                    26:85:6b:37:98:54:6e:f8:cd:d7:d3:dc:c7:0b:bd:
                    82:f3:0b:20:44:b8:24:45:4e:94:af:77:3a:ad:90:
                    79:74:e6:ad:92:00:d3:43:a9:3b:b0:17:c2:9b:a2:
                    05:dd:e0:48:1d:5f:f1:9f:80:82:4b:25:85:cb:1b:
                    04:1a:54:36:ab:d2:94:ed:be:08:4c:43:ea:7e:9d:
                    c1:04:53:73:ed:6f:68:35:13:3c:84:e2:df:91:11:
                    98:a9:db:2f:a6:29:87:40:a3:bb:fa:e4:87:9b:4d:
                    31:f7:54:d1:52:e1:53:f4:53:f8:ab:d9:9e:05:c6:
                    b7:ad:b1:06:15:1c:d4:53:c4:ec:f3:52:63:f7:94:
                    ab:13:94:30:6b:61:ef:a1:b8:c4:d4:27:9d:e3:e4:
                    bd:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:59:4C:67:68:95:A7:43:CA:E7:D8:58:A2:15:29:17:57:C4:16:93
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1-FlMZ2iVp0PK59hYohUpF1fEFpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.156.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:22:01:d5:b1:17:e0:e7:e8:be:31:46:9d:aa:46:2e:47:58:
         18:eb:3e:7a:21:5d:6f:0a:6c:09:1c:a7:9e:e2:75:24:84:b4:
         51:0b:8c:8c:7b:94:7e:22:5f:5e:d4:61:be:ac:a6:5a:b5:8a:
         0c:ab:c1:c3:e2:a9:d6:c1:77:08:d1:cb:1d:f2:35:b6:3c:85:
         95:0c:0c:d2:81:26:d3:d4:1f:d1:30:19:51:5e:8e:a0:c4:88:
         98:dd:ee:cc:57:21:68:75:56:18:44:3f:75:ac:ab:ad:33:66:
         54:94:e4:e2:0d:fd:4a:40:8d:72:15:4f:95:d6:ed:ea:77:19:
         09:84:94:2d:77:d6:4b:7e:2f:38:0c:0e:6d:95:5b:15:75:71:
         82:c2:8a:fd:fa:6f:47:fb:39:6e:26:04:30:96:71:55:cc:eb:
         c8:41:3c:e7:e4:1e:fd:b0:6a:ef:23:61:6e:f4:08:f0:03:7b:
         64:fd:77:cc:32:9b:ab:9b:fd:c6:e0:90:c8:73:45:c4:d3:9c:
         ce:41:42:42:cc:b7:c4:72:31:3c:90:22:e6:fd:da:f3:45:3a:
         46:6b:ce:88:cc:a6:12:47:fd:bc:21:b7:ca:88:d6:d2:f9:a3:
         23:2a:aa:c7:d3:d5:69:b7:86:d6:05:68:6a:db:e4:a3:27:a9:
         41:08:42:aa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZnsL8tM3vOxxuSx2zCG3HLnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUxMDE2MDg0MjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODU5NGM2NzY4OTVhNzQzY2FlN2Q4NThhMjE1MjkxNzU3YzQxNjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZfGVkunez3RiKUnYDYwlsdWILPP
RagxCkPW/XkgIZPXKQBnOntNXkmfX+cFHEXLnYSoydAYZeOmAgoWMyA2gaNrL1Tv
h7m5UGZJHxp1Bg+csx+pzxr001RMUJounPW5Qr1rcP8yo3MmhWs3mFRu+M3X09zH
C72C8wsgRLgkRU6Ur3c6rZB5dOatkgDTQ6k7sBfCm6IF3eBIHV/xn4CCSyWFyxsE
GlQ2q9KU7b4ITEPqfp3BBFNz7W9oNRM8hOLfkRGYqdsvpimHQKO7+uSHm00x91TR
UuFT9FP4q9meBca3rbEGFRzUU8Ts81Jj95SrE5Qwa2HvobjE1Ced4+S9dQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPhZTGdoladDyufYWKIVKRdXxBaTMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvMS1GbE1aMmlWcDBQSzU5aFlvaFVwRjFmRUZwTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTUvNzE5M2RiLTdmODUtNDJiYi1iMDlhLWY1MmM0N2MyMjVk
Yi8xL01ZTjRXUmJObU5mSGNOYUZGRlNacUtDaFZ5SS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANmcfTAN
BgkqhkiG9w0BAQsFAAOCAQEAKSIB1bEX4OfovjFGnapGLkdYGOs+eiFdbwpsCRyn
nuJ1JIS0UQuMjHuUfiJfXtRhvqymWrWKDKvBw+Kp1sF3CNHLHfI1tjyFlQwM0oEm
09Qf0TAZUV6OoMSImN3uzFchaHVWGEQ/dayrrTNmVJTk4g39SkCNchVPldbt6ncZ
CYSULXfWS34vOAwObZVbFXVxgsKK/fpvR/s5biYEMJZxVczryEE85+Qe/bBq7yNh
bvQI8AN7ZP13zDKbq5v9xuCQyHNFxNOczkFCQsy3xHIxPJAi5v3a80U6RmvOiMym
Ekf9vCG3yojW0vmjIyqqx9PVabeG1gVoatvkoyepQQhCqg==
-----END CERTIFICATE-----