Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/kVRn9pcJ9SweJ2b1JXlsr3Np7z4.roa
File:                     kVRn9pcJ9SweJ2b1JXlsr3Np7z4.roa (raw, json)
Hash identifier:          2o/FZDFVbEeF49sJqMyQTCC+n3vD6yzF4Wxorr4mVp8=
Subject key identifier:   91:54:67:F6:97:09:F5:2C:1E:27:66:F5:25:79:6C:AF:73:69:EF:3E
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       0199D4DB7D75EE151C1FABEF51D8B04D211B
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/kVRn9pcJ9SweJ2b1JXlsr3Np7z4.roa
Signing time:             Sat 11 Oct 2025 19:59:38 +0000
ROA not before:           Sat 11 Oct 2025 19:59:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214677
IP address blocks:        87.229.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d4:db:7d:75:ee:15:1c:1f:ab:ef:51:d8:b0:4d:21:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Oct 11 19:59:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=915467f69709f52c1e2766f525796caf7369ef3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9f:9e:fc:13:61:35:49:77:fa:f6:6d:73:79:
                    4b:6d:35:d2:93:3c:bb:2e:2b:a8:41:79:d0:fd:6c:
                    24:85:0e:60:93:79:8e:65:cb:c6:bc:5c:4d:ee:3a:
                    00:a8:bb:2d:cf:d1:f9:23:44:8f:40:f3:6f:97:05:
                    2b:ff:ff:b2:f8:9a:52:bd:45:18:90:87:eb:f1:17:
                    39:8f:f9:19:93:a2:95:84:ff:cd:02:6a:44:36:4a:
                    b6:4d:c8:fa:52:81:0e:10:0e:37:9a:c6:87:bd:9b:
                    09:36:c7:63:c6:18:c7:2f:1e:d5:61:f1:00:7b:e5:
                    6f:96:3b:21:31:f7:64:b0:b0:ad:c5:f0:cf:51:4e:
                    7a:12:d8:d3:8d:17:4d:32:9d:d8:1b:05:35:d9:38:
                    1e:b4:6a:b1:ef:d3:ac:58:b8:42:9a:87:97:61:86:
                    e2:7f:7c:4a:da:8a:b6:27:40:2a:90:33:d3:2e:f4:
                    72:f2:9f:60:b5:48:7a:12:f2:05:12:11:90:1b:d1:
                    fb:fa:3d:d1:b3:74:0a:f6:d7:17:45:fa:fd:c6:17:
                    e0:4b:ff:f4:56:9a:0a:49:4b:6a:84:fe:be:d4:6a:
                    3a:f7:04:a0:39:cf:bc:af:8d:fa:1d:24:7b:e3:c2:
                    47:b4:0b:2f:77:81:a0:ef:f3:42:30:42:c4:1b:dc:
                    11:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:54:67:F6:97:09:F5:2C:1E:27:66:F5:25:79:6C:AF:73:69:EF:3E
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/kVRn9pcJ9SweJ2b1JXlsr3Np7z4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:7b:90:d3:2d:4f:a9:6a:a7:05:55:e2:bf:d2:f3:5b:a8:74:
         53:7e:e1:57:75:86:b9:13:dd:6f:bf:d5:13:c0:c6:45:a4:d4:
         00:74:87:c0:eb:3b:ab:36:f6:86:25:3a:db:68:bb:f7:3e:f2:
         f6:c4:18:a4:fc:21:98:15:a0:7d:d9:a7:8f:f1:cc:78:70:5f:
         95:79:9a:cc:f3:cd:12:81:29:1b:a9:59:8f:00:09:85:e6:b7:
         30:fe:63:de:88:8b:d5:9e:25:fd:b5:33:e2:b2:5a:82:ce:30:
         76:de:57:37:41:9d:01:65:f0:3e:d0:97:16:8a:20:20:ed:96:
         1c:a9:a2:7a:94:7a:3d:67:68:53:89:93:08:71:05:56:15:35:
         ee:95:8c:a3:c6:1b:7c:5b:10:dd:4c:cb:2c:3e:ad:4f:26:6b:
         56:ba:43:f8:e4:c7:aa:98:79:2b:c9:de:99:11:77:3c:27:8c:
         dc:ae:22:4d:e1:fc:ce:0a:19:6d:ed:bf:3a:b0:72:85:f4:3e:
         3a:85:bc:b3:3f:a6:25:c4:0c:f6:d1:83:6b:e2:d1:3d:37:47:
         12:68:0c:ea:82:29:67:56:85:a1:23:ce:f6:f0:91:e8:3b:9a:
         76:4c:c2:09:d7:4e:9d:82:d9:2d:1d:01:a6:1c:3e:a7:26:d9:
         4d:80:38:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnU23117hUcH6vvUdiwTSEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUxMDExMTk1OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTU0NjdmNjk3MDlmNTJjMWUyNzY2ZjUyNTc5NmNhZjczNjllZjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5+e/BNhNUl3+vZtc3lLbTXSkzy7
LiuoQXnQ/WwkhQ5gk3mOZcvGvFxN7joAqLstz9H5I0SPQPNvlwUr//+y+JpSvUUY
kIfr8Rc5j/kZk6KVhP/NAmpENkq2Tcj6UoEOEA43msaHvZsJNsdjxhjHLx7VYfEA
e+VvljshMfdksLCtxfDPUU56EtjTjRdNMp3YGwU12TgetGqx79OsWLhCmoeXYYbi
f3xK2oq2J0AqkDPTLvRy8p9gtUh6EvIFEhGQG9H7+j3Rs3QK9tcXRfr9xhfgS//0
VpoKSUtqhP6+1Go69wSgOc+8r436HSR748JHtAsvd4Gg7/NCMELEG9wRewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFUZ/aXCfUsHidm9SV5bK9zae8+MB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEva1ZSbjlwY0o5U3dlSjJiMUpYbHNyM05wN3o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+VfMA0G
CSqGSIb3DQEBCwUAA4IBAQCEe5DTLU+paqcFVeK/0vNbqHRTfuFXdYa5E91vv9UT
wMZFpNQAdIfA6zurNvaGJTrbaLv3PvL2xBik/CGYFaB92aeP8cx4cF+VeZrM880S
gSkbqVmPAAmF5rcw/mPeiIvVniX9tTPislqCzjB23lc3QZ0BZfA+0JcWiiAg7ZYc
qaJ6lHo9Z2hTiZMIcQVWFTXulYyjxht8WxDdTMssPq1PJmtWukP45MeqmHkryd6Z
EXc8J4zcriJN4fzOChlt7b86sHKF9D46hbyzP6YlxAz20YNr4tE9N0cSaAzqgiln
VoWhI8728JHoO5p2TMIJ106dgtktHQGmHD6nJtlNgDgr
-----END CERTIFICATE-----