Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-Lrf6QEOtW7p0YEBQBk9_eAKdfc.roa
File:                     1-Lrf6QEOtW7p0YEBQBk9_eAKdfc.roa (raw, json)
Hash identifier:          GcIdkWXxbD3EPOagH+CvJ+B9W4u493QQvBk9yfBntE8=
Subject key identifier:   F8:BA:DF:E9:01:0E:B5:6E:E9:D1:81:01:40:19:3D:FD:E0:0A:75:F7
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0199EDCD9BFAFE8CA5519D900C85D026A9FE
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-Lrf6QEOtW7p0YEBQBk9_eAKdfc.roa
Signing time:             Thu 16 Oct 2025 16:14:58 +0000
ROA not before:           Thu 16 Oct 2025 16:14:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50053
IP address blocks:        5.39.255.0/24 maxlen: 24
                          5.144.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ed:cd:9b:fa:fe:8c:a5:51:9d:90:0c:85:d0:26:a9:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Oct 16 16:14:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8badfe9010eb56ee9d1810140193dfde00a75f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a4:bd:c1:13:7c:a2:6a:54:3f:95:27:cf:42:
                    e3:80:9e:81:56:8d:1f:e3:ed:a1:a1:11:de:d0:e5:
                    5f:58:99:a1:51:45:84:a5:ac:02:e9:f0:d2:a6:57:
                    23:99:5d:4d:ca:14:7b:95:fd:27:88:09:e0:74:52:
                    3b:93:e0:50:06:d5:05:2a:8d:45:a8:b9:b1:2d:1d:
                    e6:11:bc:1c:ef:36:b9:74:0a:90:56:e2:dc:c7:fc:
                    ee:d6:03:f0:84:e2:05:fa:59:24:85:2a:bd:3d:51:
                    5d:cd:78:cb:9c:ba:09:b7:60:57:6e:3e:75:4f:ec:
                    f2:90:23:45:a0:a4:4d:5a:c1:6d:89:53:71:c4:33:
                    7b:1b:99:67:a7:01:e7:4c:15:39:6c:0a:5c:4b:cf:
                    2d:14:00:83:5c:07:c6:24:78:23:29:8c:8d:e1:08:
                    0e:54:a3:e9:4f:1f:43:c8:28:ee:c0:71:4d:73:e2:
                    97:b0:b9:1a:2e:4f:ac:0f:ce:94:f4:40:bd:d3:f2:
                    44:17:2f:c9:b0:84:19:fd:e0:60:e3:aa:73:d1:f8:
                    ef:43:ce:85:d6:ad:31:6f:a0:31:8f:e2:c0:66:bf:
                    8c:fb:4f:97:dd:da:f9:79:6b:f8:78:3d:83:11:9d:
                    59:fc:65:52:06:bc:cd:56:7a:71:0e:82:eb:3b:ee:
                    82:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:BA:DF:E9:01:0E:B5:6E:E9:D1:81:01:40:19:3D:FD:E0:0A:75:F7
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-Lrf6QEOtW7p0YEBQBk9_eAKdfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.255.0/24
                  5.144.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:25:8c:9d:c0:82:46:7f:ad:13:ba:45:81:3d:20:03:66:7a:
         e1:0c:96:1d:d6:f6:0a:aa:39:8b:f1:ca:c1:39:49:75:cc:12:
         2f:e9:cc:9d:3c:1b:66:4a:4c:16:77:c5:b3:f2:c1:d2:cb:33:
         a5:f4:b6:80:57:9f:a6:48:4b:b3:28:f5:b2:eb:1d:8e:35:b8:
         aa:bf:f8:04:24:24:dc:23:9e:d6:cf:e6:17:04:94:00:58:7c:
         47:36:d6:db:13:5e:80:26:82:44:02:b3:96:37:68:73:f1:89:
         c5:e3:22:16:5d:de:c5:12:38:53:5a:cf:e0:f7:17:5f:a8:e7:
         f3:f9:12:50:a3:56:af:c4:b6:4b:89:d0:0e:d8:7f:51:af:61:
         a0:30:79:b6:05:3a:64:1a:93:a6:74:d0:16:34:07:22:7b:f7:
         db:ef:f3:70:a6:a3:e1:84:62:4d:5f:56:3f:08:67:ad:08:69:
         31:e8:ac:c9:62:28:fd:7f:ee:c5:e3:5d:2b:3d:5e:b3:d5:9d:
         f7:c8:5c:0c:0c:3d:2e:44:e1:4b:c8:eb:b0:27:12:49:e6:39:
         b1:5f:78:6c:44:68:61:2d:cd:98:85:17:d2:d0:e9:6e:27:9b:
         87:e3:c9:0b:c1:dd:2a:bb:6e:23:2d:31:44:da:c9:83:be:e6:
         08:94:be:1f
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZntzZv6/oylUZ2QDIXQJqn+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUxMDE2MTYxNDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGJhZGZlOTAxMGViNTZlZTlkMTgxMDE0MDE5M2RmZGUwMGE3NWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqS9wRN8ompUP5Unz0LjgJ6BVo0f
4+2hoRHe0OVfWJmhUUWEpawC6fDSplcjmV1NyhR7lf0niAngdFI7k+BQBtUFKo1F
qLmxLR3mEbwc7za5dAqQVuLcx/zu1gPwhOIF+lkkhSq9PVFdzXjLnLoJt2BXbj51
T+zykCNFoKRNWsFtiVNxxDN7G5lnpwHnTBU5bApcS88tFACDXAfGJHgjKYyN4QgO
VKPpTx9DyCjuwHFNc+KXsLkaLk+sD86U9EC90/JEFy/JsIQZ/eBg46pz0fjvQ86F
1q0xb6Axj+LAZr+M+0+X3dr5eWv4eD2DEZ1Z/GVSBrzNVnpxDoLrO+6CjwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPi63+kBDrVu6dGBAUAZPf3gCnX3MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvMS1McmY2UUVPdFc3cDBZRUJRQms5X2VBS2RmYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmEvODlmMDcxLTU2MzEtNDVkYi1hN2U1LWNkNjE1MjI2MWM2
Zi8xL0V4aUJjeW8tSkZxVm04WjU0RVdNT2ZpVDVHcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAAUn/wME
AAWQtDANBgkqhkiG9w0BAQsFAAOCAQEAECWMncCCRn+tE7pFgT0gA2Z64QyWHdb2
Cqo5i/HKwTlJdcwSL+nMnTwbZkpMFnfFs/LB0sszpfS2gFefpkhLsyj1susdjjW4
qr/4BCQk3COe1s/mFwSUAFh8RzbW2xNegCaCRAKzljdoc/GJxeMiFl3exRI4U1rP
4PcXX6jn8/kSUKNWr8S2S4nQDth/Ua9hoDB5tgU6ZBqTpnTQFjQHInv32+/zcKaj
4YRiTV9WPwhnrQhpMeisyWIo/X/uxeNdKz1es9Wd98hcDAw9LkThS8jrsCcSSeY5
sV94bERoYS3NmIUX0tDpbiebh+PJC8HdKrtuIy0xRNrJg77mCJS+Hw==
-----END CERTIFICATE-----