Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/ySapTfZYgbxoEK957EhqmLLUXOc.roa
File:                     ySapTfZYgbxoEK957EhqmLLUXOc.roa (raw, json)
Hash identifier:          PiAUqrCpwQjO/wsILlIaOLs415SXxFD6K/JzPp3q6ws=
Subject key identifier:   C9:26:A9:4D:F6:58:81:BC:68:10:AF:79:EC:48:6A:98:B2:D4:5C:E7
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       0199A8C7FCD35EC420D14A43D07E825309BC
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/ySapTfZYgbxoEK957EhqmLLUXOc.roa
Signing time:             Fri 03 Oct 2025 06:35:02 +0000
ROA not before:           Fri 03 Oct 2025 06:35:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50867
IP address blocks:        185.36.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a8:c7:fc:d3:5e:c4:20:d1:4a:43:d0:7e:82:53:09:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Oct  3 06:35:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c926a94df65881bc6810af79ec486a98b2d45ce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:a6:2b:b7:79:0f:9a:c8:f7:cb:6c:27:e1:12:
                    d9:dc:92:d5:3b:f0:59:74:8d:bb:36:54:53:30:37:
                    98:a8:2f:27:42:e1:92:3e:5a:33:4a:a1:59:97:9f:
                    dc:69:68:a8:59:df:8c:80:bb:0d:f7:ab:70:e6:20:
                    e1:e8:34:b0:ba:b0:b0:91:85:a2:11:6c:20:e8:11:
                    52:59:6b:fd:03:d6:f4:72:bc:db:d6:e8:b4:1e:f8:
                    d2:10:37:63:33:52:47:ae:05:70:5a:c7:df:47:d9:
                    16:16:80:e7:57:a9:71:0f:b2:c5:6d:aa:69:ed:21:
                    2d:15:b8:b6:4b:03:23:d6:40:91:b6:4c:2a:4a:48:
                    3b:04:75:30:8b:d9:71:64:0a:90:9a:49:0b:2b:ba:
                    cc:fc:f1:87:4d:19:96:5c:9e:ec:be:7d:b3:9e:17:
                    26:08:49:b7:cc:4b:e0:29:05:63:e1:ec:e1:2c:41:
                    43:89:9e:f1:51:a1:fa:72:df:e9:62:17:fb:9f:f9:
                    de:69:48:1e:76:e5:3d:a5:3e:20:e7:e6:9f:a7:75:
                    32:27:1e:53:b7:8d:5a:ad:9c:a5:c1:b7:45:b8:dc:
                    bc:75:74:67:fb:b4:db:03:04:05:e6:15:ef:01:d0:
                    8e:a3:6a:eb:95:b8:2b:a7:5d:3a:57:9c:5e:7f:81:
                    47:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:26:A9:4D:F6:58:81:BC:68:10:AF:79:EC:48:6A:98:B2:D4:5C:E7
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/ySapTfZYgbxoEK957EhqmLLUXOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:0d:d1:3d:23:54:bf:40:45:f7:37:b3:e4:6e:cc:d4:b5:bb:
         d3:f1:31:5e:08:dc:6a:7a:13:4d:97:30:7e:74:10:e2:ac:eb:
         dc:e4:05:5f:36:e1:05:34:64:29:07:5b:f9:a3:44:21:c0:e0:
         8c:f9:b4:2e:a2:91:1a:22:6f:08:a1:7f:f8:87:85:6a:42:c3:
         32:f3:95:19:20:03:3d:78:0c:d4:71:f7:da:ee:77:aa:9c:5c:
         0b:57:f2:25:ec:ac:db:ce:45:df:3b:5d:07:8a:6d:99:64:df:
         8a:4b:ef:6b:21:35:a2:36:67:80:35:0e:e3:2e:f8:9f:16:13:
         61:95:94:68:9a:5e:6b:05:16:06:5e:73:6f:8e:f4:65:df:9c:
         09:e6:97:a1:c0:12:b5:dc:a8:e3:5b:47:96:20:e5:f5:a3:53:
         b4:29:f8:81:df:6d:99:62:de:24:49:04:8c:51:78:1b:c4:22:
         3a:e2:75:50:d2:8e:a2:73:5e:22:88:6c:71:6e:50:22:b9:f0:
         78:dd:cb:19:14:f8:00:89:7c:3b:af:81:0c:14:75:78:7f:6d:
         e5:ff:bd:b7:cb:9a:cc:c5:7b:72:84:9d:d1:6f:41:03:69:fe:
         74:19:29:46:8f:87:ac:b3:94:f1:e0:18:e5:07:83:42:81:41:
         15:19:1f:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmox/zTXsQg0UpD0H6CUwm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjUxMDAzMDYzNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTI2YTk0ZGY2NTg4MWJjNjgxMGFmNzllYzQ4NmE5OGIyZDQ1Y2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4KYrt3kPmsj3y2wn4RLZ3JLVO/BZ
dI27NlRTMDeYqC8nQuGSPlozSqFZl5/caWioWd+MgLsN96tw5iDh6DSwurCwkYWi
EWwg6BFSWWv9A9b0crzb1ui0HvjSEDdjM1JHrgVwWsffR9kWFoDnV6lxD7LFbapp
7SEtFbi2SwMj1kCRtkwqSkg7BHUwi9lxZAqQmkkLK7rM/PGHTRmWXJ7svn2znhcm
CEm3zEvgKQVj4ezhLEFDiZ7xUaH6ct/pYhf7n/neaUgeduU9pT4g5+afp3UyJx5T
t41arZylwbdFuNy8dXRn+7TbAwQF5hXvAdCOo2rrlbgrp106V5xef4FHcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkmqU32WIG8aBCveexIapiy1FznMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEveVNhcFRmWllnYnhvRUs5NTdFaHFtTExVWE9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSR9MA0G
CSqGSIb3DQEBCwUAA4IBAQBMDdE9I1S/QEX3N7PkbszUtbvT8TFeCNxqehNNlzB+
dBDirOvc5AVfNuEFNGQpB1v5o0QhwOCM+bQuopEaIm8IoX/4h4VqQsMy85UZIAM9
eAzUcffa7neqnFwLV/Il7KzbzkXfO10Him2ZZN+KS+9rITWiNmeANQ7jLvifFhNh
lZRoml5rBRYGXnNvjvRl35wJ5pehwBK13KjjW0eWIOX1o1O0KfiB322ZYt4kSQSM
UXgbxCI64nVQ0o6ic14iiGxxblAiufB43csZFPgAiXw7r4EMFHV4f23l/723y5rM
xXtyhJ3Rb0EDaf50GSlGj4ess5Tx4BjlB4NCgUEVGR9p
-----END CERTIFICATE-----