Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/uR0GCgMzcLoo7kMNpml9uCS8CMM.roa
File:                     uR0GCgMzcLoo7kMNpml9uCS8CMM.roa (raw, json)
Hash identifier:          QU71NgSIyG52g0tQUOMPeRAsoX9aQ7+oGv7C6ynHtWc=
Subject key identifier:   B9:1D:06:0A:03:33:70:BA:28:EE:43:0D:A6:69:7D:B8:24:BC:08:C3
Certificate issuer:       /CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
Certificate serial:       01998A2EBD5E4142CDFFADB3CCF46124D54B
Authority key identifier: 5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/uR0GCgMzcLoo7kMNpml9uCS8CMM.roa
Signing time:             Sat 27 Sep 2025 07:59:02 +0000
ROA not before:           Sat 27 Sep 2025 07:59:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        193.8.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 10:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:8a:2e:bd:5e:41:42:cd:ff:ad:b3:cc:f4:61:24:d5:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f1f213b8c792b7e013fa5041f5b89971e6f62d6
        Validity
            Not Before: Sep 27 07:59:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b91d060a033370ba28ee430da6697db824bc08c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:eb:2f:ca:a2:29:b1:2e:2f:c3:3c:9d:31:68:
                    e0:85:a0:dc:7a:92:9b:cf:1d:bc:0f:8b:da:fe:56:
                    33:b3:b0:d8:b2:04:ad:47:b9:66:4a:04:9c:90:ca:
                    e0:81:3f:2e:5d:db:5f:0c:29:f6:c1:c8:7b:d5:3a:
                    4a:4d:b0:c4:fa:5d:92:8f:67:78:11:d8:79:41:27:
                    f9:72:99:cf:f2:99:51:8b:27:9b:0f:db:e1:60:ff:
                    54:aa:f9:0f:ea:e7:58:19:7c:53:8d:39:0e:3b:07:
                    d9:b6:b9:b8:3f:97:9d:ad:2e:7a:92:9d:00:64:c2:
                    6c:b8:16:c5:46:6a:1b:60:7f:6f:ef:ba:0d:86:15:
                    11:e3:27:f2:09:1c:a0:30:56:22:0b:dc:46:c7:09:
                    18:62:7f:9a:a5:3e:aa:71:79:46:5c:e8:5d:54:94:
                    e3:8b:f8:0e:50:6d:29:81:d7:72:c4:57:87:72:14:
                    bf:13:e3:73:00:20:98:95:aa:92:54:5b:63:2e:dc:
                    61:7e:bf:e0:a0:2d:79:cf:e7:e2:09:fc:4c:44:4b:
                    ea:e6:13:55:17:80:10:4f:78:26:9b:0f:7f:56:75:
                    36:e7:64:f1:db:2d:9d:c1:58:e0:12:8f:8c:90:2f:
                    51:76:e5:70:b4:1e:c5:ba:28:22:eb:4c:35:1a:30:
                    f7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:1D:06:0A:03:33:70:BA:28:EE:43:0D:A6:69:7D:B8:24:BC:08:C3
            X509v3 Authority Key Identifier:
                keyid:5F:1F:21:3B:8C:79:2B:7E:01:3F:A5:04:1F:5B:89:97:1E:6F:62:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xx8hO4x5K34BP6UEH1uJlx5vYtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/uR0GCgMzcLoo7kMNpml9uCS8CMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32f8d3-7328-45f0-a007-402238638ea3/1/Xx8hO4x5K34BP6UEH1uJlx5vYtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:2f:ff:4e:ea:e9:fe:10:60:58:63:d8:5d:72:fd:e3:49:d5:
         99:5a:07:a7:9c:60:00:a4:63:0f:d8:31:38:dd:42:ca:eb:13:
         6c:0a:34:f0:61:04:b4:89:fa:51:12:06:6e:53:03:2f:24:73:
         a2:76:c7:be:21:a1:0c:af:d2:81:07:c0:d9:78:51:c3:51:d8:
         36:33:e2:d5:8c:2f:ec:33:f1:ac:f0:7f:32:9b:76:ff:cc:30:
         20:b4:1b:6f:12:72:da:f1:09:39:c3:9d:6c:09:5d:df:08:cf:
         fb:3e:c4:0a:b6:82:25:8a:11:da:6e:8e:51:dc:3c:6d:77:dc:
         67:7c:05:b0:6c:11:62:de:ae:bd:04:38:a2:64:40:2f:74:e8:
         6c:d5:7c:11:a6:61:ea:bd:3b:4a:c4:01:4a:08:0e:53:d9:2b:
         fe:a7:31:ec:0b:83:20:15:3b:34:cb:c4:59:d0:97:10:4d:dc:
         97:42:04:19:91:87:3a:3c:4c:aa:28:15:73:ad:2e:9d:cc:b3:
         4b:87:68:f5:fe:ed:1e:f8:e7:71:bd:8a:3d:7c:53:ba:35:ef:
         46:2e:b0:10:fc:c7:f1:97:ac:1b:c5:7a:2b:ef:59:66:4a:64:
         0e:3c:5a:fa:f4:97:2b:fd:f8:de:9a:bf:31:46:bd:34:b5:e7:
         4f:38:91:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmKLr1eQULN/62zzPRhJNVLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWYyMTNiOGM3OTJiN2UwMTNmYTUwNDFmNWI4OTk3MWU2
ZjYyZDYwHhcNMjUwOTI3MDc1OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTFkMDYwYTAzMzM3MGJhMjhlZTQzMGRhNjY5N2RiODI0YmMwOGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwesvyqIpsS4vwzydMWjghaDcepKb
zx28D4va/lYzs7DYsgStR7lmSgSckMrggT8uXdtfDCn2wch71TpKTbDE+l2Sj2d4
Edh5QSf5cpnP8plRiyebD9vhYP9UqvkP6udYGXxTjTkOOwfZtrm4P5edrS56kp0A
ZMJsuBbFRmobYH9v77oNhhUR4yfyCRygMFYiC9xGxwkYYn+apT6qcXlGXOhdVJTj
i/gOUG0pgddyxFeHchS/E+NzACCYlaqSVFtjLtxhfr/goC15z+fiCfxMREvq5hNV
F4AQT3gmmw9/VnU252Tx2y2dwVjgEo+MkC9RduVwtB7Fuigi60w1GjD3cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkdBgoDM3C6KO5DDaZpfbgkvAjDMB8GA1UdIwQY
MBaAFF8fITuMeSt+AT+lBB9biZceb2LWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDct
NDAyMjM4NjM4ZWEzLzEvdVIwR0NnTXpjTG9vN2tNTnBtbDl1Q1M4Q01NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zMmY4ZDMtNzMyOC00NWYwLWEwMDctNDAyMjM4NjM4ZWEz
LzEvWHg4aE80eDVLMzRCUDZVRUgxdUpseDV2WXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQjsMA0G
CSqGSIb3DQEBCwUAA4IBAQBkL/9O6un+EGBYY9hdcv3jSdWZWgennGAApGMP2DE4
3ULK6xNsCjTwYQS0ifpREgZuUwMvJHOidse+IaEMr9KBB8DZeFHDUdg2M+LVjC/s
M/Gs8H8ym3b/zDAgtBtvEnLa8Qk5w51sCV3fCM/7PsQKtoIlihHabo5R3Dxtd9xn
fAWwbBFi3q69BDiiZEAvdOhs1XwRpmHqvTtKxAFKCA5T2Sv+pzHsC4MgFTs0y8RZ
0JcQTdyXQgQZkYc6PEyqKBVzrS6dzLNLh2j1/u0e+OdxvYo9fFO6Ne9GLrAQ/Mfx
l6wbxXor71lmSmQOPFr69Jcr/fjemr8xRr00tedPOJGF
-----END CERTIFICATE-----