Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/jCuekCPh6g90jDUSnVtU0yB_8I4.roa
File:                     jCuekCPh6g90jDUSnVtU0yB_8I4.roa (raw, json)
Hash identifier:          /aSvnGLFqDSV6uliZ1Qk2d4iygDw3fLdob6CNavVz+M=
Subject key identifier:   8C:2B:9E:90:23:E1:EA:0F:74:8C:35:12:9D:5B:54:D3:20:7F:F0:8E
Certificate issuer:       /CN=c1d369e66cdbe30d7b3aff6081f20c17a98fdc5b
Certificate serial:       01994E7CF2ABA97ED35321A36BFDB31442F5
Authority key identifier: C1:D3:69:E6:6C:DB:E3:0D:7B:3A:FF:60:81:F2:0C:17:A9:8F:DC:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/jCuekCPh6g90jDUSnVtU0yB_8I4.roa
Signing time:             Mon 15 Sep 2025 17:47:15 +0000
ROA not before:           Mon 15 Sep 2025 17:47:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204601
IP address blocks:        45.88.78.0/24 maxlen: 24
                          81.91.178.0/24 maxlen: 24
                          95.215.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:7c:f2:ab:a9:7e:d3:53:21:a3:6b:fd:b3:14:42:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1d369e66cdbe30d7b3aff6081f20c17a98fdc5b
        Validity
            Not Before: Sep 15 17:47:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c2b9e9023e1ea0f748c35129d5b54d3207ff08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e4:56:c4:05:e8:d7:43:df:79:d8:62:9c:51:
                    b9:bf:7b:df:40:80:f7:47:c3:18:06:71:5c:d6:1f:
                    f3:ea:f0:5d:79:8b:d2:a5:dc:4c:5e:ed:4f:e5:3b:
                    d2:6d:67:75:68:8d:2b:b0:8e:25:f8:01:ed:96:07:
                    31:02:74:7e:ab:92:36:cb:eb:42:4c:d9:54:17:96:
                    26:23:bf:b3:c7:3d:fa:50:9b:a4:c1:2d:8c:ce:08:
                    16:3c:89:5d:9f:55:3d:81:6e:dd:0f:e2:28:05:8b:
                    fb:76:a6:9a:10:ff:34:e9:38:d8:a9:2b:ed:e6:e2:
                    58:d1:6f:be:e8:ca:fc:59:0b:c7:c9:58:7c:54:b7:
                    42:f5:96:f8:6a:76:7e:1d:15:fb:4b:e5:51:b6:28:
                    f9:b3:4a:93:54:5f:2b:98:27:3b:7a:4a:df:6a:cd:
                    f9:8f:9e:2e:09:c8:89:a5:fe:59:41:f4:d3:d9:da:
                    71:2c:2c:ee:3d:fd:49:f2:f6:8a:5a:42:c1:a0:a5:
                    5a:d5:17:c0:7a:54:08:80:3e:2f:f0:68:00:6a:a2:
                    d5:72:df:c9:f8:53:3c:81:8f:58:d7:b6:85:59:58:
                    25:31:65:67:25:1a:6d:4a:62:e7:45:bb:eb:98:f8:
                    4d:35:b0:aa:05:c9:1f:41:91:fd:f4:ed:36:41:0c:
                    4a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:2B:9E:90:23:E1:EA:0F:74:8C:35:12:9D:5B:54:D3:20:7F:F0:8E
            X509v3 Authority Key Identifier:
                keyid:C1:D3:69:E6:6C:DB:E3:0D:7B:3A:FF:60:81:F2:0C:17:A9:8F:DC:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/jCuekCPh6g90jDUSnVtU0yB_8I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.78.0/24
                  81.91.178.0/24
                  95.215.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:7f:35:3e:7c:20:28:af:1e:ab:a5:19:06:0f:90:0c:75:a3:
         74:36:fb:ac:ef:93:bd:cf:8f:84:e2:dd:92:51:ca:d6:ec:53:
         50:4d:08:84:2e:d7:0f:33:ae:a7:b8:b2:63:5f:e3:0a:e9:a7:
         a6:59:90:08:1f:d5:d2:47:47:1d:b6:ac:2e:60:d9:4e:1b:73:
         95:a0:74:fe:23:2a:0c:c2:6d:87:ff:fa:d4:9a:65:3a:4f:96:
         f4:5f:f6:6a:7b:d4:b6:7f:62:8a:2f:ee:2f:38:66:87:e4:3c:
         5c:ab:db:5a:06:4f:f5:03:41:61:d4:b3:9b:e7:dd:41:75:15:
         71:ba:5c:f2:87:d8:70:ae:34:a7:ea:03:ad:f0:97:14:dd:de:
         7e:6a:a1:41:b8:e3:85:6f:a4:7f:59:a0:64:b3:88:67:19:16:
         20:d9:ef:26:7e:5b:97:b6:4a:f8:7f:ee:4c:5e:58:78:80:9f:
         63:98:a4:83:8b:0d:ec:9a:11:23:6e:4c:34:7f:6c:f3:b7:9b:
         59:49:90:90:ea:7c:6a:16:83:44:85:60:69:23:bf:0a:92:33:
         e7:80:a6:2e:0e:93:d6:e4:64:f5:56:22:b5:ca:69:77:f9:30:
         f2:40:d6:2b:53:9d:6f:06:79:e1:3c:12:1a:a8:ce:9c:80:db:
         24:14:cd:05
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlOfPKrqX7TUyGja/2zFEL1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZDM2OWU2NmNkYmUzMGQ3YjNhZmY2MDgxZjIwYzE3YTk4
ZmRjNWIwHhcNMjUwOTE1MTc0NzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzJiOWU5MDIzZTFlYTBmNzQ4YzM1MTI5ZDViNTRkMzIwN2ZmMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+RWxAXo10PfedhinFG5v3vfQID3
R8MYBnFc1h/z6vBdeYvSpdxMXu1P5TvSbWd1aI0rsI4l+AHtlgcxAnR+q5I2y+tC
TNlUF5YmI7+zxz36UJukwS2MzggWPIldn1U9gW7dD+IoBYv7dqaaEP806TjYqSvt
5uJY0W++6Mr8WQvHyVh8VLdC9Zb4anZ+HRX7S+VRtij5s0qTVF8rmCc7ekrfas35
j54uCciJpf5ZQfTT2dpxLCzuPf1J8vaKWkLBoKVa1RfAelQIgD4v8GgAaqLVct/J
+FM8gY9Y17aFWVglMWVnJRptSmLnRbvrmPhNNbCqBckfQZH99O02QQxKJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIwrnpAj4eoPdIw1Ep1bVNMgf/COMB8GA1UdIwQY
MBaAFMHTaeZs2+MNezr/YIHyDBepj9xbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2ROcDVtemI0dzE3T3Y5Z2dmSU1GNm1QM0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yMjQzNTEtM2E0Ny00MDE0LWIzOTUt
YTYzNDc5NjEwOTY4LzEvakN1ZWtDUGg2ZzkwakRVU25WdFUweUJfOEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yMjQzNTEtM2E0Ny00MDE0LWIzOTUtYTYzNDc5NjEwOTY4
LzEvd2ROcDVtemI0dzE3T3Y5Z2dmSU1GNm1QM0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVhOAwQA
UVuyAwQAX9fNMA0GCSqGSIb3DQEBCwUAA4IBAQCKfzU+fCAorx6rpRkGD5AMdaN0
Nvus75O9z4+E4t2SUcrW7FNQTQiELtcPM66nuLJjX+MK6aemWZAIH9XSR0cdtqwu
YNlOG3OVoHT+IyoMwm2H//rUmmU6T5b0X/Zqe9S2f2KKL+4vOGaH5Dxcq9taBk/1
A0Fh1LOb591BdRVxulzyh9hwrjSn6gOt8JcU3d5+aqFBuOOFb6R/WaBks4hnGRYg
2e8mfluXtkr4f+5MXlh4gJ9jmKSDiw3smhEjbkw0f2zzt5tZSZCQ6nxqFoNEhWBp
I78KkjPngKYuDpPW5GT1ViK1yml3+TDyQNYrU51vBnnhPBIaqM6cgNskFM0F
-----END CERTIFICATE-----