Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/4GXSUy5TrZUXqV9vXoEB3vS0Rdg.roa
File:                     4GXSUy5TrZUXqV9vXoEB3vS0Rdg.roa (raw, json)
Hash identifier:          YfGq6OGZB8pZO+y5U9EdNREUEtE6NVaaP1uk9eccwEo=
Subject key identifier:   E0:65:D2:53:2E:53:AD:95:17:A9:5F:6F:5E:81:01:DE:F4:B4:45:D8
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01997A68AA56E1A80E1DDEF71401C82A1629
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/4GXSUy5TrZUXqV9vXoEB3vS0Rdg.roa
Signing time:             Wed 24 Sep 2025 06:28:23 +0000
ROA not before:           Wed 24 Sep 2025 06:28:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56380
IP address blocks:        5.101.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7a:68:aa:56:e1:a8:0e:1d:de:f7:14:01:c8:2a:16:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Sep 24 06:28:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e065d2532e53ad9517a95f6f5e8101def4b445d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b7:d7:71:04:b9:65:09:52:ee:6a:e2:96:c4:
                    05:ad:9e:fd:e5:11:40:e9:59:9b:56:85:8c:9b:ba:
                    5f:7c:28:f4:81:e0:70:b3:8b:49:61:a0:45:d5:a0:
                    19:a3:d2:81:b0:e8:a5:22:f8:51:31:ff:e4:ad:af:
                    ac:db:f3:23:08:06:87:51:8a:7b:2f:ec:48:df:99:
                    17:d6:9d:2a:cd:de:a5:fc:e8:01:6b:50:0a:fd:e1:
                    a6:54:78:77:1b:21:60:9d:2f:e7:d8:72:69:13:d8:
                    d4:1d:83:6f:c9:4c:87:50:f6:24:db:3c:82:e3:fd:
                    bf:1d:13:09:a3:15:b2:8d:9f:50:6f:55:22:9e:db:
                    bf:d0:23:55:af:57:a3:61:9c:be:b2:12:49:70:dc:
                    78:96:9c:28:4b:38:fd:c8:8d:17:86:08:d2:6a:9a:
                    72:23:c0:ae:80:13:90:18:45:9e:66:63:ee:92:66:
                    f6:b4:27:fb:2a:c0:6d:9f:4b:75:d1:86:46:e5:96:
                    03:7f:93:ea:f1:2b:13:63:86:f4:77:7b:bc:01:c7:
                    a0:3b:8c:1c:00:91:73:c4:c5:f8:63:43:5c:de:10:
                    7e:ac:1c:47:f7:9e:20:98:80:7e:30:4b:12:cd:8b:
                    0f:d2:2b:3a:8e:81:90:48:9c:4f:23:ae:a8:c1:3b:
                    ef:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:65:D2:53:2E:53:AD:95:17:A9:5F:6F:5E:81:01:DE:F4:B4:45:D8
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/4GXSUy5TrZUXqV9vXoEB3vS0Rdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:74:83:2d:ae:89:d4:7d:a8:4d:fe:f6:db:68:bc:e9:c1:96:
         c2:4a:f6:82:28:d6:20:01:26:46:78:c0:b8:d4:cc:f7:d3:1c:
         c1:dc:b6:e3:b5:9d:fa:47:4b:68:0e:e5:3c:c1:f0:10:2f:ef:
         a2:ca:4f:0d:72:1c:91:9f:55:db:49:8f:fd:65:b0:c9:a5:05:
         c9:e4:34:cb:cf:5c:4b:ff:67:cc:c8:10:b8:16:21:0f:75:9f:
         b9:4c:ae:42:e3:05:6e:c4:14:d0:ef:31:eb:38:4c:69:64:35:
         e5:33:31:64:7a:43:16:02:ca:f8:0e:76:21:93:13:eb:bb:fb:
         1a:f0:bc:fc:11:32:47:7c:48:69:72:f9:87:08:22:7a:5d:5d:
         b9:68:3a:f4:e3:1a:79:18:e9:ba:e0:d6:d5:b1:45:96:4f:d9:
         fd:1e:bf:b1:81:64:67:8c:3d:12:03:2e:34:33:da:80:91:d9:
         6e:26:67:27:e7:27:9c:75:3c:04:0a:28:0f:79:ff:c7:7b:c9:
         b1:7a:93:cd:1d:0a:dd:7b:e0:02:6d:9b:a1:08:34:0b:fa:e2:
         b4:52:b5:e5:ac:87:bd:66:ff:1d:ac:bd:e9:c6:88:c3:81:26:
         27:27:b2:ad:cb:b3:69:3d:d7:cf:d4:66:06:ff:40:31:1b:dc:
         a2:c6:86:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl6aKpW4agOHd73FAHIKhYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwOTI0MDYyODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDY1ZDI1MzJlNTNhZDk1MTdhOTVmNmY1ZTgxMDFkZWY0YjQ0NWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7fXcQS5ZQlS7mrilsQFrZ795RFA
6VmbVoWMm7pffCj0geBws4tJYaBF1aAZo9KBsOilIvhRMf/kra+s2/MjCAaHUYp7
L+xI35kX1p0qzd6l/OgBa1AK/eGmVHh3GyFgnS/n2HJpE9jUHYNvyUyHUPYk2zyC
4/2/HRMJoxWyjZ9Qb1Uintu/0CNVr1ejYZy+shJJcNx4lpwoSzj9yI0XhgjSappy
I8CugBOQGEWeZmPukmb2tCf7KsBtn0t10YZG5ZYDf5Pq8SsTY4b0d3u8AcegO4wc
AJFzxMX4Y0Nc3hB+rBxH954gmIB+MEsSzYsP0is6joGQSJxPI66owTvvqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBl0lMuU62VF6lfb16BAd70tEXYMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvNEdYU1V5NVRyWlVYcVY5dlhvRUIzdlMwUmRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWVXMA0G
CSqGSIb3DQEBCwUAA4IBAQB0dIMtronUfahN/vbbaLzpwZbCSvaCKNYgASZGeMC4
1Mz30xzB3LbjtZ36R0toDuU8wfAQL++iyk8NchyRn1XbSY/9ZbDJpQXJ5DTLz1xL
/2fMyBC4FiEPdZ+5TK5C4wVuxBTQ7zHrOExpZDXlMzFkekMWAsr4DnYhkxPru/sa
8Lz8ETJHfEhpcvmHCCJ6XV25aDr04xp5GOm64NbVsUWWT9n9Hr+xgWRnjD0SAy40
M9qAkdluJmcn5yecdTwECigPef/He8mxepPNHQrde+ACbZuhCDQL+uK0UrXlrIe9
Zv8drL3pxojDgSYnJ7Kty7NpPdfP1GYG/0AxG9yixoZ9
-----END CERTIFICATE-----