Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Rzxr67hrrlpTrqq0ioWuzkUfN8A.roa
File:                     Rzxr67hrrlpTrqq0ioWuzkUfN8A.roa (raw, json)
Hash identifier:          rQK2nBtFjoPunl7L9cFaNJ03huysdodJFSgn8qJTZ/g=
Subject key identifier:   47:3C:6B:EB:B8:6B:AE:5A:53:AE:AA:B4:8A:85:AE:CE:45:1F:37:C0
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0199A157B274538124FA2FD6C64FD15050BC
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Rzxr67hrrlpTrqq0ioWuzkUfN8A.roa
Signing time:             Wed 01 Oct 2025 19:55:03 +0000
ROA not before:           Wed 01 Oct 2025 19:55:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        88.216.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a1:57:b2:74:53:81:24:fa:2f:d6:c6:4f:d1:50:50:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct  1 19:55:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=473c6bebb86bae5a53aeaab48a85aece451f37c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:56:0d:52:ef:fa:95:07:a5:ea:ff:87:5d:52:
                    93:c7:f6:65:e0:80:1e:1a:25:a2:ca:b8:11:81:bc:
                    97:8c:2e:85:a3:e0:de:e8:b1:34:38:d5:77:6b:81:
                    f3:b4:f7:1a:f7:c9:e9:e3:fc:bb:f7:3d:12:fe:78:
                    6f:93:10:2a:dd:41:67:cb:15:a8:0b:6e:e0:4b:35:
                    2f:40:21:57:ac:24:3a:83:ec:de:59:01:da:51:9a:
                    e5:32:27:a2:2e:21:ac:36:f4:ec:65:38:32:fc:fa:
                    05:3c:4a:e4:1b:d3:ce:8b:64:3f:5a:f1:2b:7b:8a:
                    7b:35:f5:79:04:cc:59:6e:4c:33:4a:e3:48:d6:30:
                    19:76:e1:3d:5f:cf:4c:91:42:7d:fc:e3:90:a2:14:
                    65:5c:13:49:83:ad:78:b7:90:d7:76:18:fd:bc:dc:
                    57:90:80:e3:72:6f:a7:f8:f7:a4:46:10:8d:e3:1e:
                    a2:67:a4:bd:42:7b:a4:8a:75:75:ab:36:6e:08:f0:
                    1f:d9:a9:39:4d:b6:fd:94:a9:fe:62:d6:6f:a5:7a:
                    58:21:2b:bd:a4:68:58:9b:28:06:41:5e:46:e4:36:
                    f4:72:57:44:78:ad:4f:3b:2b:62:5c:9d:44:bb:08:
                    b2:61:cb:0d:f4:05:38:35:b1:48:f9:d6:57:54:43:
                    c3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:3C:6B:EB:B8:6B:AE:5A:53:AE:AA:B4:8A:85:AE:CE:45:1F:37:C0
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Rzxr67hrrlpTrqq0ioWuzkUfN8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:fe:54:49:14:50:66:3e:f0:3a:ab:50:32:10:06:50:4c:35:
         a7:07:e5:37:ed:97:60:5b:69:de:f6:81:62:34:cc:cf:d8:bc:
         48:ce:eb:ec:67:3c:bb:91:55:1c:a3:cb:12:87:97:f2:d9:c5:
         57:9c:7e:3b:96:f9:6c:56:8c:a8:a9:ae:82:19:d8:64:55:d1:
         23:a0:11:cc:69:cb:03:0c:53:bd:a8:4b:30:22:09:7e:c1:98:
         9b:dc:a0:68:f9:fb:44:27:2d:46:80:44:ca:0f:97:ea:98:58:
         b5:7e:46:76:c3:91:d5:58:44:41:5f:f9:c5:c3:0f:01:12:dd:
         1f:15:c4:78:dc:b4:19:7f:0d:4b:6e:5f:68:4c:7d:34:c9:70:
         c0:f8:57:1b:92:d4:c2:04:97:f2:19:c6:58:3a:27:c0:52:85:
         d7:6b:df:9a:19:89:31:4a:dc:3d:5c:2c:d8:12:5f:1d:83:8c:
         24:81:43:1c:d0:fd:e0:bb:bc:3e:72:b5:0c:5a:ca:87:2a:37:
         ee:ef:98:b2:9e:2f:7f:a3:c6:46:30:00:5d:fe:04:37:50:d0:
         91:97:aa:b5:a3:8c:6d:58:ba:ce:06:1f:7e:95:58:58:9e:3d:
         4f:50:7c:3a:28:f4:42:07:e3:5e:85:50:c5:f0:7d:e5:62:68:
         22:89:62:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmhV7J0U4Ek+i/Wxk/RUFC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUxMDAxMTk1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzNjNmJlYmI4NmJhZTVhNTNhZWFhYjQ4YTg1YWVjZTQ1MWYzN2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVYNUu/6lQel6v+HXVKTx/Zl4IAe
GiWiyrgRgbyXjC6Fo+De6LE0ONV3a4HztPca98np4/y79z0S/nhvkxAq3UFnyxWo
C27gSzUvQCFXrCQ6g+zeWQHaUZrlMieiLiGsNvTsZTgy/PoFPErkG9POi2Q/WvEr
e4p7NfV5BMxZbkwzSuNI1jAZduE9X89MkUJ9/OOQohRlXBNJg614t5DXdhj9vNxX
kIDjcm+n+PekRhCN4x6iZ6S9QnukinV1qzZuCPAf2ak5Tbb9lKn+YtZvpXpYISu9
pGhYmygGQV5G5Db0cldEeK1POytiXJ1EuwiyYcsN9AU4NbFI+dZXVEPDqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEc8a+u4a65aU66qtIqFrs5FHzfAMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvUnp4cjY3aHJybHBUcnFxMGlvV3V6a1VmTjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNgRMA0G
CSqGSIb3DQEBCwUAA4IBAQBV/lRJFFBmPvA6q1AyEAZQTDWnB+U37ZdgW2ne9oFi
NMzP2LxIzuvsZzy7kVUco8sSh5fy2cVXnH47lvlsVoyoqa6CGdhkVdEjoBHMacsD
DFO9qEswIgl+wZib3KBo+ftEJy1GgETKD5fqmFi1fkZ2w5HVWERBX/nFww8BEt0f
FcR43LQZfw1Lbl9oTH00yXDA+FcbktTCBJfyGcZYOifAUoXXa9+aGYkxStw9XCzY
El8dg4wkgUMc0P3gu7w+crUMWsqHKjfu75iyni9/o8ZGMABd/gQ3UNCRl6q1o4xt
WLrOBh9+lVhYnj1PUHw6KPRCB+NehVDF8H3lYmgiiWLx
-----END CERTIFICATE-----