Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/238548-8d74-4fa4-ad59-58399658784e/1/_xpIchk0-7OcmLKE5QqAd5gFe40.roa
File:                     _xpIchk0-7OcmLKE5QqAd5gFe40.roa (raw, json)
Hash identifier:          W5sNIk34R1s/k3ucndWBk0r/EQrbVh4FhIwqizPc4NA=
Subject key identifier:   FF:1A:48:72:19:34:FB:B3:9C:98:B2:84:E5:0A:80:77:98:05:7B:8D
Certificate issuer:       /CN=520536fe776691837728a7fe455a732555b91125
Certificate serial:       0199A9465485D001118CEF2458A26741B7D0
Authority key identifier: 52:05:36:FE:77:66:91:83:77:28:A7:FE:45:5A:73:25:55:B9:11:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UgU2_ndmkYN3KKf-RVpzJVW5ESU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/238548-8d74-4fa4-ad59-58399658784e/1/_xpIchk0-7OcmLKE5QqAd5gFe40.roa
Signing time:             Fri 03 Oct 2025 08:53:02 +0000
ROA not before:           Fri 03 Oct 2025 08:53:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34451
IP address blocks:        195.8.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/238548-8d74-4fa4-ad59-58399658784e/1/UgU2_ndmkYN3KKf-RVpzJVW5ESU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/238548-8d74-4fa4-ad59-58399658784e/1/UgU2_ndmkYN3KKf-RVpzJVW5ESU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UgU2_ndmkYN3KKf-RVpzJVW5ESU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:46:54:85:d0:01:11:8c:ef:24:58:a2:67:41:b7:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=520536fe776691837728a7fe455a732555b91125
        Validity
            Not Before: Oct  3 08:53:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff1a48721934fbb39c98b284e50a807798057b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:81:4f:8c:c5:ba:99:2b:ea:a3:6b:c8:9e:d4:
                    49:ce:71:d7:b1:3c:c1:45:8a:ec:3f:fe:15:2c:62:
                    ba:24:bb:94:fd:d1:ec:ab:12:fe:fa:31:9d:26:ab:
                    c6:10:bd:3d:27:90:44:44:4c:c4:4e:5a:83:84:82:
                    5f:65:f3:f0:9f:a0:b4:58:63:b7:36:46:87:71:44:
                    e4:80:f5:50:92:cc:ea:40:58:63:e0:79:45:b1:77:
                    f2:9e:73:86:56:85:15:73:e7:af:52:d8:c9:ac:65:
                    1f:b3:0c:5c:5e:6e:67:5b:83:75:d4:28:24:d5:5c:
                    92:4e:f5:63:27:06:82:67:c9:f0:68:fb:53:80:ba:
                    48:ae:b7:44:4b:83:ec:79:0b:3c:1f:64:e6:31:63:
                    ff:d5:b0:ee:d7:3d:26:be:b3:bf:f3:b6:c2:c1:11:
                    2f:a5:ea:f7:de:e6:cc:8b:4d:56:f9:66:2f:df:27:
                    87:91:bb:02:28:45:30:8f:41:e6:55:02:66:b1:18:
                    d3:ef:41:79:66:43:1c:ed:c2:f7:46:f9:b9:4d:71:
                    83:81:63:f0:6c:1a:72:c1:75:28:12:5c:5d:91:42:
                    c3:58:58:66:f0:e6:19:c8:33:10:fb:bf:06:8f:17:
                    83:95:9f:ab:f1:9d:87:d5:c0:16:7c:c7:84:0b:22:
                    f9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:1A:48:72:19:34:FB:B3:9C:98:B2:84:E5:0A:80:77:98:05:7B:8D
            X509v3 Authority Key Identifier:
                keyid:52:05:36:FE:77:66:91:83:77:28:A7:FE:45:5A:73:25:55:B9:11:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UgU2_ndmkYN3KKf-RVpzJVW5ESU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/238548-8d74-4fa4-ad59-58399658784e/1/_xpIchk0-7OcmLKE5QqAd5gFe40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/238548-8d74-4fa4-ad59-58399658784e/1/UgU2_ndmkYN3KKf-RVpzJVW5ESU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:04:3c:c7:01:aa:80:f8:8f:8f:1b:75:a3:49:f8:13:65:8a:
         37:3d:e4:67:04:aa:5c:37:f0:da:e9:e2:79:d8:41:be:a7:20:
         7a:fe:4b:97:3d:3f:69:05:16:ba:37:ae:30:05:c2:65:0a:eb:
         a2:a1:c7:3d:d2:34:55:1c:97:64:a5:ae:c4:3e:de:97:79:c0:
         93:03:d4:09:b8:22:38:2e:3b:03:6d:f0:a3:f9:b3:b5:7f:2d:
         00:42:76:65:c1:29:a4:5f:01:20:74:4b:27:c5:f3:57:78:c3:
         fe:c1:35:da:37:b3:73:95:5d:34:0b:c0:ae:2b:41:2d:94:54:
         3a:8e:c7:0e:aa:2f:a0:d6:07:0c:97:4f:4d:9b:8b:21:9e:b6:
         b0:19:44:b7:d7:8e:91:ac:a8:09:09:3b:cf:f3:8f:00:ce:88:
         a4:6c:86:77:1f:6a:65:0a:4b:0b:8f:3e:e4:b2:34:0d:ba:66:
         91:4b:ed:79:a0:dd:9f:23:cc:ea:95:d7:04:c4:9a:91:29:b6:
         58:84:7b:ed:e5:8b:ce:08:d1:0e:10:7f:b2:e3:e4:da:03:43:
         95:26:6b:8d:1c:e9:65:e2:5a:31:6e:5e:37:4c:f7:ef:22:0c:
         ec:8a:39:24:3c:a4:2b:03:2f:e8:88:4a:b7:1c:78:7e:e3:dc:
         a8:00:e4:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmpRlSF0AERjO8kWKJnQbfQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMDUzNmZlNzc2NjkxODM3NzI4YTdmZTQ1NWE3MzI1NTVi
OTExMjUwHhcNMjUxMDAzMDg1MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjFhNDg3MjE5MzRmYmIzOWM5OGIyODRlNTBhODA3Nzk4MDU3YjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5oFPjMW6mSvqo2vIntRJznHXsTzB
RYrsP/4VLGK6JLuU/dHsqxL++jGdJqvGEL09J5BEREzETlqDhIJfZfPwn6C0WGO3
NkaHcUTkgPVQkszqQFhj4HlFsXfynnOGVoUVc+evUtjJrGUfswxcXm5nW4N11Cgk
1VySTvVjJwaCZ8nwaPtTgLpIrrdES4PseQs8H2TmMWP/1bDu1z0mvrO/87bCwREv
per33ubMi01W+WYv3yeHkbsCKEUwj0HmVQJmsRjT70F5ZkMc7cL3Rvm5TXGDgWPw
bBpywXUoElxdkULDWFhm8OYZyDMQ+78GjxeDlZ+r8Z2H1cAWfMeECyL59wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8aSHIZNPuznJiyhOUKgHeYBXuNMB8GA1UdIwQY
MBaAFFIFNv53ZpGDdyin/kVacyVVuRElMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWdVMl9uZG1rWU4zS0tmLVJWcHpKVlc1RVNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8yMzg1NDgtOGQ3NC00ZmE0LWFkNTkt
NTgzOTk2NTg3ODRlLzEvX3hwSWNoazAtN09jbUxLRTVRcUFkNWdGZTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8yMzg1NDgtOGQ3NC00ZmE0LWFkNTktNTgzOTk2NTg3ODRl
LzEvVWdVMl9uZG1rWU4zS0tmLVJWcHpKVlc1RVNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwh4MA0G
CSqGSIb3DQEBCwUAA4IBAQAtBDzHAaqA+I+PG3WjSfgTZYo3PeRnBKpcN/Da6eJ5
2EG+pyB6/kuXPT9pBRa6N64wBcJlCuuiocc90jRVHJdkpa7EPt6XecCTA9QJuCI4
LjsDbfCj+bO1fy0AQnZlwSmkXwEgdEsnxfNXeMP+wTXaN7NzlV00C8CuK0EtlFQ6
jscOqi+g1gcMl09Nm4shnrawGUS3146RrKgJCTvP848AzoikbIZ3H2plCksLjz7k
sjQNumaRS+15oN2fI8zqldcExJqRKbZYhHvt5YvOCNEOEH+y4+TaA0OVJmuNHOll
4loxbl43TPfvIgzsijkkPKQrAy/oiEq3HHh+49yoAOQE
-----END CERTIFICATE-----