Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/e2Te0aWCQ8EtrlV0PLf_q38tHSg.roa
File:                     e2Te0aWCQ8EtrlV0PLf_q38tHSg.roa (raw, json)
Hash identifier:          4ft8eS+VBA6HZC5LW6/i8Z2mYfS+sEEPwTfWda0kvP4=
Subject key identifier:   7B:64:DE:D1:A5:82:43:C1:2D:AE:55:74:3C:B7:FF:AB:7F:2D:1D:28
Certificate issuer:       /CN=240fd0d33886d839c5cc90103a186e13a348ad50
Certificate serial:       01997815935F2B2F01272E391C827ADF1DA4
Authority key identifier: 24:0F:D0:D3:38:86:D8:39:C5:CC:90:10:3A:18:6E:13:A3:48:AD:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/e2Te0aWCQ8EtrlV0PLf_q38tHSg.roa
Signing time:             Tue 23 Sep 2025 19:38:23 +0000
ROA not before:           Tue 23 Sep 2025 19:38:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51918
IP address blocks:        195.10.232.0/24 maxlen: 24
                          195.10.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:78:15:93:5f:2b:2f:01:27:2e:39:1c:82:7a:df:1d:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=240fd0d33886d839c5cc90103a186e13a348ad50
        Validity
            Not Before: Sep 23 19:38:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b64ded1a58243c12dae55743cb7ffab7f2d1d28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a9:cd:f0:77:eb:47:5b:c6:1a:ba:13:17:a5:
                    e7:0b:5d:93:15:e1:3d:a4:7c:5d:92:9c:7e:4c:94:
                    b2:0b:f8:3c:ab:b3:86:a2:1b:66:c5:10:23:17:72:
                    45:32:54:9e:88:1b:51:1a:6b:71:c6:33:14:ef:2f:
                    ea:82:3d:80:e5:30:93:f7:8a:94:a2:fa:14:31:83:
                    8d:20:fc:e1:a5:c8:50:70:fe:76:c7:ba:19:b2:22:
                    b8:53:03:61:b1:80:59:2e:f3:eb:9e:5a:5a:ee:0e:
                    94:c9:46:ac:b9:3f:ab:9f:6c:6a:d8:0b:f2:cc:89:
                    e6:b0:22:b6:b1:69:a5:d8:b0:8f:a8:af:70:93:2c:
                    7e:19:53:0f:d8:bf:df:7a:0e:fb:2d:07:73:d2:9d:
                    a1:64:81:7a:58:47:fa:ad:cc:fd:45:e1:5e:e4:0c:
                    ed:ec:26:94:e1:cf:0d:08:93:dc:3e:bf:fc:2b:a2:
                    3d:99:55:bc:50:c3:68:8f:56:a5:22:cb:20:f7:19:
                    88:bf:ea:80:2c:18:96:1f:91:95:92:19:d8:63:be:
                    a2:a5:ca:47:b6:eb:cb:ce:80:73:e0:55:6a:3a:ca:
                    59:fe:68:6d:83:00:2f:13:97:1e:f7:36:6d:1a:c0:
                    95:3c:af:45:7a:64:73:3c:4b:d1:8d:8a:81:63:d6:
                    63:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:64:DE:D1:A5:82:43:C1:2D:AE:55:74:3C:B7:FF:AB:7F:2D:1D:28
            X509v3 Authority Key Identifier:
                keyid:24:0F:D0:D3:38:86:D8:39:C5:CC:90:10:3A:18:6E:13:A3:48:AD:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/e2Te0aWCQ8EtrlV0PLf_q38tHSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.232.0/24
                  195.10.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:f8:23:44:71:89:e4:70:b2:ba:03:4c:1f:f5:11:78:4b:11:
         bc:cb:bf:3c:b5:17:73:56:73:f1:85:3b:ba:28:fb:f4:c1:18:
         86:f0:61:0e:e6:ef:f8:aa:e0:ac:86:e3:8f:3d:8a:21:a5:88:
         b0:26:6a:03:9c:ca:56:1e:61:45:0b:ed:66:ab:26:25:22:f6:
         33:c8:af:ba:21:6e:d8:e5:b7:9a:14:9c:28:a1:f8:d8:56:06:
         7f:a2:3b:1f:bd:26:46:12:f6:b2:f0:3f:2e:a3:20:a2:d7:a1:
         cd:48:6b:2c:0e:c8:98:e2:86:ac:7b:79:c3:77:00:19:b3:2a:
         1c:00:5c:4e:bc:ef:f5:22:cc:2a:57:a9:48:d3:e4:b0:21:52:
         11:7a:6c:f6:c7:b4:fa:ac:29:7d:4d:97:d4:ef:4e:29:a2:20:
         67:c0:59:73:7f:7f:dc:d6:89:b0:8c:6e:9e:b9:cc:5e:3a:8c:
         e9:ba:23:0d:1b:f2:3b:0f:01:9e:fc:7c:df:62:e0:51:a9:1e:
         0a:f7:e0:ba:a8:7d:3b:94:a6:46:0a:07:a4:f6:73:ad:4c:d3:
         5a:65:d2:4d:69:38:10:68:46:ae:50:3b:18:42:8f:37:9d:a4:
         c0:8b:1e:bc:4e:59:a6:7d:32:63:eb:8f:81:4d:71:4d:45:01:
         0f:58:6d:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl4FZNfKy8BJy45HIJ63x2kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MGZkMGQzMzg4NmQ4MzljNWNjOTAxMDNhMTg2ZTEzYTM0
OGFkNTAwHhcNMjUwOTIzMTkzODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjY0ZGVkMWE1ODI0M2MxMmRhZTU1NzQzY2I3ZmZhYjdmMmQxZDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyanN8HfrR1vGGroTF6XnC12TFeE9
pHxdkpx+TJSyC/g8q7OGohtmxRAjF3JFMlSeiBtRGmtxxjMU7y/qgj2A5TCT94qU
ovoUMYONIPzhpchQcP52x7oZsiK4UwNhsYBZLvPrnlpa7g6UyUasuT+rn2xq2Avy
zInmsCK2sWml2LCPqK9wkyx+GVMP2L/feg77LQdz0p2hZIF6WEf6rcz9ReFe5Azt
7CaU4c8NCJPcPr/8K6I9mVW8UMNoj1alIssg9xmIv+qALBiWH5GVkhnYY76ipcpH
tuvLzoBz4FVqOspZ/mhtgwAvE5ce9zZtGsCVPK9FemRzPEvRjYqBY9ZjyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHtk3tGlgkPBLa5VdDy3/6t/LR0oMB8GA1UdIwQY
MBaAFCQP0NM4htg5xcyQEDoYbhOjSK1QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkFfUTB6aUcyRG5GekpBUU9oaHVFNk5JclZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy85NThhNTktZjgwZC00ZDU4LTlkNDMt
ZjI2YmZmOGI0OTk0LzEvZTJUZTBhV0NROEV0cmxWMFBMZl9xMzh0SFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy85NThhNTktZjgwZC00ZDU4LTlkNDMtZjI2YmZmOGI0OTk0
LzEvSkFfUTB6aUcyRG5GekpBUU9oaHVFNk5JclZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwwroAwQA
wwrvMA0GCSqGSIb3DQEBCwUAA4IBAQA++CNEcYnkcLK6A0wf9RF4SxG8y788tRdz
VnPxhTu6KPv0wRiG8GEO5u/4quCshuOPPYohpYiwJmoDnMpWHmFFC+1mqyYlIvYz
yK+6IW7Y5beaFJwoofjYVgZ/ojsfvSZGEvay8D8uoyCi16HNSGssDsiY4oase3nD
dwAZsyocAFxOvO/1IswqV6lI0+SwIVIRemz2x7T6rCl9TZfU704poiBnwFlzf3/c
1omwjG6eucxeOozpuiMNG/I7DwGe/HzfYuBRqR4K9+C6qH07lKZGCgek9nOtTNNa
ZdJNaTgQaEauUDsYQo83naTAix68TlmmfTJj64+BTXFNRQEPWG1g
-----END CERTIFICATE-----