Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/y5WqXGLU22u4aL4JCEBbxVrtOEY.roa
File:                     y5WqXGLU22u4aL4JCEBbxVrtOEY.roa (raw, json)
Hash identifier:          z4DU3Lg8BtbgwUJ28ZcKpy28XNCoDU5QwBzlGJaolwE=
Subject key identifier:   CB:95:AA:5C:62:D4:DB:6B:B8:68:BE:09:08:40:5B:C5:5A:ED:38:46
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0198C85F968FC28306B54EB53A4732A7C5C4
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/y5WqXGLU22u4aL4JCEBbxVrtOEY.roa
Signing time:             Wed 20 Aug 2025 16:46:04 +0000
ROA not before:           Wed 20 Aug 2025 16:46:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60721
IP address blocks:        195.178.154.0/24 maxlen: 24
                          212.111.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 22:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c8:5f:96:8f:c2:83:06:b5:4e:b5:3a:47:32:a7:c5:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Aug 20 16:46:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb95aa5c62d4db6bb868be0908405bc55aed3846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:62:d9:15:22:1e:24:06:fe:48:98:4f:fd:12:
                    20:92:e9:83:e7:09:16:b9:37:16:8d:73:89:20:e2:
                    f5:63:08:b1:a5:2e:f5:86:3f:48:71:42:33:ab:79:
                    56:a6:d0:c4:75:4f:ea:04:ea:15:0e:6d:0c:e2:dd:
                    38:9f:d3:d1:4b:ec:eb:fc:c9:cb:98:8c:2c:1c:04:
                    e1:25:ab:6b:37:2f:69:10:aa:88:0f:d2:1f:cd:29:
                    42:de:d7:03:b9:c9:74:d4:f5:78:95:3d:2d:b7:cb:
                    f8:fe:8e:67:b4:0c:b3:ce:a8:3c:2c:1c:97:e0:03:
                    7e:ac:f3:89:20:76:0c:25:3e:c2:1d:72:61:c4:44:
                    31:92:fa:54:17:f8:1a:07:e7:00:59:87:64:7c:95:
                    6c:f9:c7:7c:aa:df:ae:95:ea:76:3a:7f:7f:2c:39:
                    ce:27:a8:3c:f8:c4:4f:95:9d:12:8c:d3:9c:f7:bc:
                    e7:dc:75:82:8a:19:7f:af:44:60:06:41:eb:69:64:
                    bf:e0:fa:90:c6:15:e1:12:16:36:5d:98:46:57:49:
                    05:0a:5e:14:71:c4:34:49:f7:a2:78:57:96:43:08:
                    00:73:bf:a6:0e:37:12:ce:70:3a:43:61:89:d9:6d:
                    1d:e0:72:85:0d:44:e7:e9:f1:e5:51:5b:78:21:0d:
                    88:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:95:AA:5C:62:D4:DB:6B:B8:68:BE:09:08:40:5B:C5:5A:ED:38:46
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/y5WqXGLU22u4aL4JCEBbxVrtOEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.154.0/24
                  212.111.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:59:33:49:b0:85:63:72:6d:21:ca:b1:ee:90:00:81:46:75:
         d5:24:2d:26:4e:40:6f:99:8d:3b:9b:6f:41:36:9b:15:9e:69:
         cd:01:52:c5:bc:1f:0c:f0:68:ee:3a:92:c8:30:b2:3e:a4:64:
         58:e9:cd:c6:60:e0:d4:51:75:c8:80:db:b7:43:bc:3a:ef:38:
         33:02:99:d5:98:72:9c:ba:71:dc:bf:7a:ca:d6:ec:73:97:ab:
         42:ec:4b:4d:bc:eb:a8:be:0e:8d:36:dd:5e:14:f2:f7:91:30:
         25:07:bd:38:1b:63:54:ab:48:28:aa:c2:b8:cb:23:03:e3:fb:
         dc:74:b4:bd:84:20:68:76:30:d5:25:86:28:3f:6c:fe:ff:ac:
         53:72:5e:b4:d7:d7:fb:33:e0:a5:6b:2a:d7:26:ae:a3:17:0d:
         4c:b1:c4:a8:d1:77:9f:5e:c4:d1:a5:c2:fd:68:f6:c9:52:1a:
         99:8f:b8:3e:3f:ac:f0:4f:b4:23:e4:ad:06:a8:a9:67:ff:b4:
         b5:17:1a:62:c8:08:08:34:c9:17:6d:04:1d:a3:f1:8a:64:a4:
         01:74:c4:f8:42:da:fb:30:a0:d4:18:53:fe:92:b5:0d:4e:85:
         fc:3c:e6:59:95:63:58:16:0e:b1:75:8c:2c:9e:87:f1:8a:6f:
         c3:8e:5a:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjIX5aPwoMGtU61Okcyp8XEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwODIwMTY0NjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjk1YWE1YzYyZDRkYjZiYjg2OGJlMDkwODQwNWJjNTVhZWQzODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2LZFSIeJAb+SJhP/RIgkumD5wkW
uTcWjXOJIOL1YwixpS71hj9IcUIzq3lWptDEdU/qBOoVDm0M4t04n9PRS+zr/MnL
mIwsHAThJatrNy9pEKqID9IfzSlC3tcDucl01PV4lT0tt8v4/o5ntAyzzqg8LByX
4AN+rPOJIHYMJT7CHXJhxEQxkvpUF/gaB+cAWYdkfJVs+cd8qt+ulep2On9/LDnO
J6g8+MRPlZ0SjNOc97zn3HWCihl/r0RgBkHraWS/4PqQxhXhEhY2XZhGV0kFCl4U
ccQ0SfeieFeWQwgAc7+mDjcSznA6Q2GJ2W0d4HKFDUTn6fHlUVt4IQ2IyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMuVqlxi1NtruGi+CQhAW8Va7ThGMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEveTVXcVhHTFUyMnU0YUw0SkNFQmJ4VnJ0T0VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw7KaAwQA
1G/CMA0GCSqGSIb3DQEBCwUAA4IBAQBdWTNJsIVjcm0hyrHukACBRnXVJC0mTkBv
mY07m29BNpsVnmnNAVLFvB8M8GjuOpLIMLI+pGRY6c3GYODUUXXIgNu3Q7w67zgz
ApnVmHKcunHcv3rK1uxzl6tC7EtNvOuovg6NNt1eFPL3kTAlB704G2NUq0goqsK4
yyMD4/vcdLS9hCBodjDVJYYoP2z+/6xTcl6019f7M+ClayrXJq6jFw1MscSo0Xef
XsTRpcL9aPbJUhqZj7g+P6zwT7Qj5K0GqKln/7S1FxpiyAgINMkXbQQdo/GKZKQB
dMT4Qtr7MKDUGFP+krUNToX8POZZlWNYFg6xdYwsnofxim/Djlog
-----END CERTIFICATE-----