Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/65UW0bP330_sbiHmhn1GPke5-s0.roa
File:                     65UW0bP330_sbiHmhn1GPke5-s0.roa (raw, json)
Hash identifier:          9frLX6TRDGO7w/2l84LcQ4FcvrGdeUXKebJFsxtBILI=
Subject key identifier:   EB:95:16:D1:B3:F7:DF:4F:EC:6E:21:E6:86:7D:46:3E:47:B9:FA:CD
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       01989AC258AEA82BCD5EFB5A21AC093108C8
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/65UW0bP330_sbiHmhn1GPke5-s0.roa
Signing time:             Mon 11 Aug 2025 20:11:24 +0000
ROA not before:           Mon 11 Aug 2025 20:11:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        86.110.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9a:c2:58:ae:a8:2b:cd:5e:fb:5a:21:ac:09:31:08:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Aug 11 20:11:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb9516d1b3f7df4fec6e21e6867d463e47b9facd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:89:2c:46:50:f5:3f:b0:21:27:28:a4:a6:a1:
                    b1:6b:f8:7b:52:5c:20:31:62:8c:34:d8:e0:84:a7:
                    d1:b4:e7:2c:5d:fb:20:c3:41:c9:46:c2:d8:7a:06:
                    6f:32:ef:f5:ac:01:ea:a7:22:64:49:95:9e:21:f1:
                    22:73:26:0a:f4:19:91:3e:c6:ae:4a:d0:d2:5f:49:
                    2d:36:df:75:d9:ac:2d:77:df:bf:18:5d:d7:fc:4f:
                    6b:fb:94:92:68:59:77:88:e8:56:a2:6c:e4:7c:19:
                    d0:84:58:58:51:9e:a7:c3:a0:7b:fe:30:ab:98:8d:
                    a1:85:d5:bb:4a:5c:6c:88:af:4d:0c:ab:4b:3e:cd:
                    7d:c1:8a:55:d0:af:01:91:60:14:19:f0:a8:51:62:
                    eb:ca:72:7c:72:06:62:31:40:0d:ec:1e:f1:5c:e4:
                    15:ad:a1:94:fb:48:65:69:e4:a4:3d:fb:f5:12:15:
                    2c:7f:11:81:10:6e:be:0c:33:fe:7e:72:ab:2f:d1:
                    da:16:46:18:52:e8:30:6f:3e:29:ff:ed:32:01:64:
                    c5:34:27:89:a9:f5:f3:22:d5:16:c1:6e:a6:cb:02:
                    35:38:f6:cb:fb:c4:7f:0d:c7:57:77:08:f2:8c:7d:
                    a7:a3:80:05:70:e0:93:06:c5:5d:6b:b1:73:ec:05:
                    79:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:95:16:D1:B3:F7:DF:4F:EC:6E:21:E6:86:7D:46:3E:47:B9:FA:CD
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/65UW0bP330_sbiHmhn1GPke5-s0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:37:45:b6:64:e8:1e:d3:2f:47:0a:f7:a1:7d:e1:e9:44:c1:
         74:f7:6a:63:82:c5:45:e2:39:7e:49:55:b1:91:63:04:f0:9e:
         25:c9:b3:f5:4a:b7:ef:6b:b3:9c:1f:bd:ea:9f:ec:df:73:d2:
         24:3a:8b:c7:20:34:16:65:5b:46:4e:30:89:ca:96:76:6f:41:
         72:45:91:3c:c2:47:1a:ac:a3:dc:d7:6f:7c:97:ab:80:f4:07:
         1b:f3:f7:03:9b:c6:41:58:21:f0:fe:08:4c:a7:57:5d:7b:aa:
         a0:a0:32:ca:ea:84:b8:cc:68:73:29:9e:40:b0:a1:e4:00:d8:
         79:aa:a6:5d:12:f5:c3:66:df:c7:97:e2:7e:4d:13:a6:38:c4:
         3c:d9:ed:9f:a2:24:e1:27:e0:80:f6:78:85:ab:67:84:a8:a5:
         83:57:86:2a:2b:08:9b:d8:77:db:b6:9f:2c:d8:f4:d5:a9:1c:
         b7:7c:8e:1a:25:7f:7e:1b:ab:82:5b:8b:d7:36:b0:4b:38:5e:
         6e:df:cf:63:7e:70:87:31:83:00:5b:4f:56:1a:cc:8d:e2:e3:
         f2:f9:d2:7f:00:c4:ba:d4:31:2e:47:f3:a1:39:7e:da:1e:09:
         3e:8e:4b:d4:79:27:8c:0c:cd:95:7b:ae:8e:d6:11:e6:73:79:
         b9:5d:c7:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiawliuqCvNXvtaIawJMQjIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwODExMjAxMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjk1MTZkMWIzZjdkZjRmZWM2ZTIxZTY4NjdkNDYzZTQ3YjlmYWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYksRlD1P7AhJyikpqGxa/h7Ulwg
MWKMNNjghKfRtOcsXfsgw0HJRsLYegZvMu/1rAHqpyJkSZWeIfEicyYK9BmRPsau
StDSX0ktNt912awtd9+/GF3X/E9r+5SSaFl3iOhWomzkfBnQhFhYUZ6nw6B7/jCr
mI2hhdW7SlxsiK9NDKtLPs19wYpV0K8BkWAUGfCoUWLrynJ8cgZiMUAN7B7xXOQV
raGU+0hlaeSkPfv1EhUsfxGBEG6+DDP+fnKrL9HaFkYYUugwbz4p/+0yAWTFNCeJ
qfXzItUWwW6mywI1OPbL+8R/DcdXdwjyjH2no4AFcOCTBsVda7Fz7AV5uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuVFtGz999P7G4h5oZ9Rj5HufrNMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvNjVVVzBiUDMzMF9zYmlIbWhuMUdQa2U1LXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm49MA0G
CSqGSIb3DQEBCwUAA4IBAQBJN0W2ZOge0y9HCvehfeHpRMF092pjgsVF4jl+SVWx
kWME8J4lybP1Srfva7OcH73qn+zfc9IkOovHIDQWZVtGTjCJypZ2b0FyRZE8wkca
rKPc1298l6uA9Acb8/cDm8ZBWCHw/ghMp1dde6qgoDLK6oS4zGhzKZ5AsKHkANh5
qqZdEvXDZt/Hl+J+TROmOMQ82e2foiThJ+CA9niFq2eEqKWDV4YqKwib2Hfbtp8s
2PTVqRy3fI4aJX9+G6uCW4vXNrBLOF5u389jfnCHMYMAW09WGsyN4uPy+dJ/AMS6
1DEuR/OhOX7aHgk+jkvUeSeMDM2Ve66O1hHmc3m5XccW
-----END CERTIFICATE-----