Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/7SHjb3To_8zToO1PZkaOAJQ-mzY.roa
File:                     7SHjb3To_8zToO1PZkaOAJQ-mzY.roa (raw, json)
Hash identifier:          aqql1uslZqhQkjcDpj0gs+oDngpuPaF1ypOzLp6Vqak=
Subject key identifier:   ED:21:E3:6F:74:E8:FF:CC:D3:A0:ED:4F:66:46:8E:00:94:3E:9B:36
Certificate issuer:       /CN=75b795066150a1c367dabccf69c970ab0c723215
Certificate serial:       0199D86985389EDD7AB50935D8AEA9906047
Authority key identifier: 75:B7:95:06:61:50:A1:C3:67:DA:BC:CF:69:C9:70:AB:0C:72:32:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/7SHjb3To_8zToO1PZkaOAJQ-mzY.roa
Signing time:             Sun 12 Oct 2025 12:33:38 +0000
ROA not before:           Sun 12 Oct 2025 12:33:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52209
IP address blocks:        194.5.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d8:69:85:38:9e:dd:7a:b5:09:35:d8:ae:a9:90:60:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75b795066150a1c367dabccf69c970ab0c723215
        Validity
            Not Before: Oct 12 12:33:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed21e36f74e8ffccd3a0ed4f66468e00943e9b36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:74:d7:1d:b7:3d:85:db:21:c6:db:e9:63:43:
                    18:d8:9d:b9:01:7f:27:2a:f7:8a:22:3f:9d:57:75:
                    dd:6d:95:5d:1e:04:0d:67:c3:a7:13:cc:63:95:87:
                    20:72:5d:6e:b9:35:14:49:43:19:9d:d0:9f:b4:56:
                    0a:25:be:91:0b:1e:15:be:5e:94:8d:45:a6:11:e5:
                    a3:b0:28:b9:01:c2:c8:f8:78:2a:f8:65:4d:23:84:
                    19:92:09:8c:c2:b6:d5:42:05:19:e6:74:d8:08:af:
                    e4:b2:c0:2a:68:e4:83:4f:7d:4b:ec:57:21:11:f4:
                    e5:e0:f2:b6:62:d3:2c:bd:e6:db:60:36:57:dc:80:
                    d0:05:ac:1a:28:10:53:4f:de:0d:a3:bc:62:ed:9a:
                    86:fc:ae:b2:b8:46:8d:15:23:fa:a2:eb:10:e4:74:
                    40:61:bd:ac:b6:cb:63:f5:7b:07:bc:7c:7d:b4:75:
                    39:cb:50:90:f7:47:db:21:d6:50:ad:bb:fe:8e:a4:
                    01:73:5e:86:cb:59:85:72:cb:d0:1d:b3:a9:5b:35:
                    92:81:8a:71:89:63:4d:9f:59:a1:49:cf:4f:e5:e1:
                    95:d3:53:f6:cc:03:0e:d2:a6:76:03:fa:83:f2:85:
                    db:c0:02:68:37:6f:8d:0f:ad:26:ff:4e:57:32:ec:
                    77:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:21:E3:6F:74:E8:FF:CC:D3:A0:ED:4F:66:46:8E:00:94:3E:9B:36
            X509v3 Authority Key Identifier:
                keyid:75:B7:95:06:61:50:A1:C3:67:DA:BC:CF:69:C9:70:AB:0C:72:32:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/7SHjb3To_8zToO1PZkaOAJQ-mzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:b5:be:77:85:14:28:b9:98:b6:cc:75:2c:0e:56:ca:cb:8b:
         d3:42:9f:ed:05:bc:24:85:47:12:5d:ca:3e:8d:11:67:5f:84:
         9f:8d:92:52:18:c7:7d:2e:78:6a:25:35:f5:cf:11:a7:07:a5:
         9b:f6:5c:da:00:f0:77:c2:75:47:47:e5:49:2a:d0:42:b2:5e:
         36:1d:44:58:eb:2a:39:0b:ac:54:a1:65:c1:ad:48:55:01:4b:
         f9:85:3c:0e:c2:ff:85:48:0e:85:80:ec:ad:38:d8:f9:98:66:
         fb:5e:42:e3:38:af:b6:62:59:3e:69:63:c3:40:46:cf:46:17:
         7a:2e:74:74:89:de:d7:db:d4:61:ab:b9:2f:5c:26:0b:e3:f8:
         37:76:cd:9f:d2:31:b4:c0:8c:73:0a:d5:27:c1:a4:12:cc:0b:
         9a:a6:9e:e7:60:f5:6a:92:50:ce:f5:51:a1:38:6c:7c:75:dd:
         de:e0:12:ce:0e:1e:71:21:b8:7a:f4:72:a9:08:59:3e:09:a1:
         cd:ae:75:1c:86:f8:33:ee:98:65:ff:29:93:7d:5b:67:03:3c:
         3a:b0:c5:7a:1a:d9:08:aa:40:4f:a5:20:0f:4e:d4:60:f6:80:
         1f:b6:02:92:01:b4:0e:79:fb:fe:1f:9f:18:19:8e:dd:3b:b3:
         24:fd:c1:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnYaYU4nt16tQk12K6pkGBHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1Yjc5NTA2NjE1MGExYzM2N2RhYmNjZjY5Yzk3MGFiMGM3
MjMyMTUwHhcNMjUxMDEyMTIzMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDIxZTM2Zjc0ZThmZmNjZDNhMGVkNGY2NjQ2OGUwMDk0M2U5YjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnTXHbc9hdshxtvpY0MY2J25AX8n
KveKIj+dV3XdbZVdHgQNZ8OnE8xjlYcgcl1uuTUUSUMZndCftFYKJb6RCx4Vvl6U
jUWmEeWjsCi5AcLI+Hgq+GVNI4QZkgmMwrbVQgUZ5nTYCK/kssAqaOSDT31L7Fch
EfTl4PK2YtMsvebbYDZX3IDQBawaKBBTT94No7xi7ZqG/K6yuEaNFSP6ousQ5HRA
Yb2ststj9XsHvHx9tHU5y1CQ90fbIdZQrbv+jqQBc16Gy1mFcsvQHbOpWzWSgYpx
iWNNn1mhSc9P5eGV01P2zAMO0qZ2A/qD8oXbwAJoN2+ND60m/05XMux3owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO0h42906P/M06DtT2ZGjgCUPps2MB8GA1UdIwQY
MBaAFHW3lQZhUKHDZ9q8z2nJcKsMcjIVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGJlVkJtRlFvY05uMnJ6UGFjbHdxd3h5TWhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80NjZhYWItYTQ3MC00MzQ0LWEzNjct
NTQ3YmU0Y2ZhNDU3LzEvN1NIamIzVG9fOHpUb08xUFprYU9BSlEtbXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80NjZhYWItYTQ3MC00MzQ0LWEzNjctNTQ3YmU0Y2ZhNDU3
LzEvZGJlVkJtRlFvY05uMnJ6UGFjbHdxd3h5TWhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgU2MA0G
CSqGSIb3DQEBCwUAA4IBAQCdtb53hRQouZi2zHUsDlbKy4vTQp/tBbwkhUcSXco+
jRFnX4SfjZJSGMd9LnhqJTX1zxGnB6Wb9lzaAPB3wnVHR+VJKtBCsl42HURY6yo5
C6xUoWXBrUhVAUv5hTwOwv+FSA6FgOytONj5mGb7XkLjOK+2Ylk+aWPDQEbPRhd6
LnR0id7X29Rhq7kvXCYL4/g3ds2f0jG0wIxzCtUnwaQSzAuapp7nYPVqklDO9VGh
OGx8dd3e4BLODh5xIbh69HKpCFk+CaHNrnUchvgz7phl/ymTfVtnAzw6sMV6GtkI
qkBPpSAPTtRg9oAftgKSAbQOefv+H58YGY7dO7Mk/cG+
-----END CERTIFICATE-----