Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/rnhdD5-8bSiFYqITT19uX_gBm3Q.roa
File:                     rnhdD5-8bSiFYqITT19uX_gBm3Q.roa (raw, json)
Hash identifier:          yOuOYWqODTjCSSjzwtgNJuIQsfARCoasQhMpsxakuPc=
Subject key identifier:   AE:78:5D:0F:9F:BC:6D:28:85:62:A2:13:4F:5F:6E:5F:F8:01:9B:74
Certificate issuer:       /CN=4151d6b441d3f57762c032f8fad217608a22f7a1
Certificate serial:       0199CE3A8DA610489F21110B48AA6BC502F6
Authority key identifier: 41:51:D6:B4:41:D3:F5:77:62:C0:32:F8:FA:D2:17:60:8A:22:F7:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QVHWtEHT9XdiwDL4-tIXYIoi96E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/rnhdD5-8bSiFYqITT19uX_gBm3Q.roa
Signing time:             Fri 10 Oct 2025 13:06:07 +0000
ROA not before:           Fri 10 Oct 2025 13:06:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49560
IP address blocks:        92.51.56.0/21 maxlen: 21
                          2a01:a320::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/QVHWtEHT9XdiwDL4-tIXYIoi96E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/QVHWtEHT9XdiwDL4-tIXYIoi96E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QVHWtEHT9XdiwDL4-tIXYIoi96E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:3a:8d:a6:10:48:9f:21:11:0b:48:aa:6b:c5:02:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4151d6b441d3f57762c032f8fad217608a22f7a1
        Validity
            Not Before: Oct 10 13:06:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae785d0f9fbc6d288562a2134f5f6e5ff8019b74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:0f:8f:92:2c:6a:ef:79:76:53:b4:1b:8a:44:
                    ee:7d:50:86:ad:ce:e7:db:b8:27:01:4b:07:f8:d1:
                    54:53:e7:e0:98:e3:ed:83:76:a2:8d:af:4e:44:73:
                    a4:33:a1:1e:e8:ac:89:79:05:27:fe:ac:31:b4:ee:
                    dd:6a:8a:ae:9e:85:cb:4e:aa:78:cb:87:cf:d9:22:
                    e9:7a:9f:b2:99:7d:37:1c:50:b9:de:da:98:ae:01:
                    22:b7:e5:19:7c:73:18:3b:ab:4c:b6:4b:1b:45:4d:
                    c7:0a:5a:f7:ff:b2:1a:c6:b2:98:d1:c7:c0:cf:b0:
                    b2:4e:46:73:8c:4c:77:01:75:ed:2d:0d:c9:7c:21:
                    bf:9a:40:da:4e:0d:78:f6:28:10:9c:46:2a:16:a2:
                    6a:cc:8e:46:45:04:f2:70:71:68:29:57:56:65:ae:
                    1e:39:71:c9:fe:a6:c7:a4:a2:14:7e:54:35:2b:73:
                    b6:e7:9b:8f:71:2b:48:72:9c:1e:d6:79:63:1d:1e:
                    58:9a:fb:0c:db:aa:2f:71:d1:03:67:97:8c:79:b3:
                    f0:43:68:8c:97:86:f0:12:a6:17:08:d1:59:d6:52:
                    54:8a:66:27:88:bd:94:d0:8b:cd:00:71:f2:8c:7e:
                    71:0d:f3:c7:c0:af:e2:82:57:37:bf:96:35:80:82:
                    03:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:78:5D:0F:9F:BC:6D:28:85:62:A2:13:4F:5F:6E:5F:F8:01:9B:74
            X509v3 Authority Key Identifier:
                keyid:41:51:D6:B4:41:D3:F5:77:62:C0:32:F8:FA:D2:17:60:8A:22:F7:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QVHWtEHT9XdiwDL4-tIXYIoi96E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/rnhdD5-8bSiFYqITT19uX_gBm3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/QVHWtEHT9XdiwDL4-tIXYIoi96E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.51.56.0/21
                IPv6:
                  2a01:a320::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:ea:ea:f3:bd:26:d5:fa:c0:b0:1a:73:cd:5b:f2:44:9e:ee:
         1a:12:39:e0:60:99:e2:d3:c9:dc:d0:f3:c1:b2:90:fe:5f:46:
         7e:69:43:a3:78:8e:2b:9e:f9:ac:b6:15:87:b3:29:9c:8c:96:
         8c:e6:68:15:62:8d:eb:43:a2:b3:2f:88:73:e0:29:95:fb:46:
         31:13:b8:00:fa:17:36:90:33:b3:42:87:c3:73:b2:3a:47:ab:
         8c:3f:27:8a:0a:30:46:11:29:1c:87:d8:a7:58:6c:60:dd:16:
         ed:c4:81:10:3c:d3:53:49:f3:55:40:b4:13:62:98:8e:36:d3:
         a1:04:e8:3b:ad:8c:5e:bf:3d:eb:d1:93:59:37:3b:b0:9c:5c:
         58:67:bc:cc:57:6a:e4:20:40:4f:97:02:1e:5f:ff:a1:5e:8f:
         bf:62:eb:b3:e0:ef:a5:bd:32:57:94:e5:b3:18:3a:55:44:7b:
         72:31:0c:81:be:2b:76:78:a5:4f:8a:20:cb:79:d9:55:eb:a6:
         94:71:a1:da:14:11:d3:09:c9:fc:3b:9e:36:88:ac:43:5e:f7:
         05:ac:11:f6:6d:7a:66:d5:24:0c:ce:e9:28:df:ac:32:e6:2e:
         ac:23:77:4f:4d:04:5a:1f:5e:03:e1:57:e0:ec:29:f3:93:ab:
         7e:83:07:fd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZnOOo2mEEifIRELSKprxQL2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNTFkNmI0NDFkM2Y1Nzc2MmMwMzJmOGZhZDIxNzYwOGEy
MmY3YTEwHhcNMjUxMDEwMTMwNjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTc4NWQwZjlmYmM2ZDI4ODU2MmEyMTM0ZjVmNmU1ZmY4MDE5Yjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Q+Pkixq73l2U7QbikTufVCGrc7n
27gnAUsH+NFUU+fgmOPtg3aija9ORHOkM6Ee6KyJeQUn/qwxtO7daoqunoXLTqp4
y4fP2SLpep+ymX03HFC53tqYrgEit+UZfHMYO6tMtksbRU3HClr3/7IaxrKY0cfA
z7CyTkZzjEx3AXXtLQ3JfCG/mkDaTg149igQnEYqFqJqzI5GRQTycHFoKVdWZa4e
OXHJ/qbHpKIUflQ1K3O255uPcStIcpwe1nljHR5YmvsM26ovcdEDZ5eMebPwQ2iM
l4bwEqYXCNFZ1lJUimYniL2U0IvNAHHyjH5xDfPHwK/iglc3v5Y1gIID8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK54XQ+fvG0ohWKiE09fbl/4AZt0MB8GA1UdIwQY
MBaAFEFR1rRB0/V3YsAy+PrSF2CKIvehMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVZIV3RFSFQ5WGRpd0RMNC10SVhZSW9pOTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9jZGRiNjMtOTMwOC00M2M5LTk0NzMt
ZWFlNDE4MTU4YTUyLzEvcm5oZEQ1LThiU2lGWXFJVFQxOXVYX2dCbTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9jZGRiNjMtOTMwOC00M2M5LTk0NzMtZWFlNDE4MTU4YTUy
LzEvUVZIV3RFSFQ5WGRpd0RMNC10SVhZSW9pOTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXDM4MA0E
AgACMAcDBQAqAaMgMA0GCSqGSIb3DQEBCwUAA4IBAQBB6urzvSbV+sCwGnPNW/JE
nu4aEjngYJni08nc0PPBspD+X0Z+aUOjeI4rnvmsthWHsymcjJaM5mgVYo3rQ6Kz
L4hz4CmV+0YxE7gA+hc2kDOzQofDc7I6R6uMPyeKCjBGESkch9inWGxg3RbtxIEQ
PNNTSfNVQLQTYpiONtOhBOg7rYxevz3r0ZNZNzuwnFxYZ7zMV2rkIEBPlwIeX/+h
Xo+/Yuuz4O+lvTJXlOWzGDpVRHtyMQyBvit2eKVPiiDLedlV66aUcaHaFBHTCcn8
O542iKxDXvcFrBH2bXpm1SQMzuko36wy5i6sI3dPTQRaH14D4Vfg7Cnzk6t+gwf9
-----END CERTIFICATE-----