Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/IEW1KRb6lmdmt9uvjKbJ7Vx4KOU.roa
File:                     IEW1KRb6lmdmt9uvjKbJ7Vx4KOU.roa (raw, json)
Hash identifier:          EE9BbonsKAKQ/4dVT210oiZKAUY97maNXHc53hj/8uw=
Subject key identifier:   20:45:B5:29:16:FA:96:67:66:B7:DB:AF:8C:A6:C9:ED:5C:78:28:E5
Certificate issuer:       /CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Certificate serial:       01996B3781A9E4D74902E4FF73C671D8EBD8
Authority key identifier: FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/IEW1KRb6lmdmt9uvjKbJ7Vx4KOU.roa
Signing time:             Sun 21 Sep 2025 07:40:23 +0000
ROA not before:           Sun 21 Sep 2025 07:40:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3301
IP address blocks:        193.221.47.0/24 maxlen: 24
                          193.221.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:6b:37:81:a9:e4:d7:49:02:e4:ff:73:c6:71:d8:eb:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
        Validity
            Not Before: Sep 21 07:40:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2045b52916fa966766b7dbaf8ca6c9ed5c7828e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:0e:dc:ef:53:37:2d:ef:78:2a:15:7e:44:21:
                    5f:2d:9c:6b:bd:b1:89:f4:d8:2f:d0:43:7a:54:43:
                    80:49:03:a2:53:ba:9d:08:c3:e3:5b:29:26:5b:93:
                    39:97:5e:19:50:4a:0d:15:07:18:f4:46:47:a7:30:
                    52:2b:cd:c9:7c:2e:00:14:ba:98:66:be:e4:b7:3b:
                    af:68:e4:dd:ff:c0:4a:90:71:6b:c9:1c:b6:80:5c:
                    d6:ac:18:c2:78:03:5f:5b:24:58:61:72:96:cf:6d:
                    ad:32:e9:71:50:1f:93:42:b7:1f:8f:77:fe:18:b2:
                    ed:d4:45:a7:d8:e8:b2:e8:0c:b1:aa:20:34:49:2c:
                    53:4c:68:70:af:83:f4:26:18:c3:2f:85:e2:40:38:
                    8d:0b:cb:5c:18:d3:8a:55:e5:ef:bc:89:b9:95:a3:
                    8e:6b:25:19:00:27:7e:e4:3c:78:ce:ab:f2:7b:0c:
                    04:5f:5b:ed:10:e5:32:fb:6c:e9:41:0d:04:db:52:
                    31:6e:0c:95:ea:46:11:b7:eb:21:b2:8b:42:2d:9f:
                    ac:c4:b4:c2:8a:15:44:3a:cf:45:e9:4f:3b:e0:cb:
                    a8:ee:d0:34:4c:4d:c8:0f:fc:3a:44:c9:a3:b2:31:
                    e2:da:a5:dd:b7:85:e2:00:a9:c4:ff:f2:c2:6a:9c:
                    ea:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:45:B5:29:16:FA:96:67:66:B7:DB:AF:8C:A6:C9:ED:5C:78:28:E5
            X509v3 Authority Key Identifier:
                keyid:FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/IEW1KRb6lmdmt9uvjKbJ7Vx4KOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.47.0/24
                  193.221.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:41:6e:ad:f0:0b:c3:60:c7:c6:59:87:86:b3:68:db:0c:7e:
         4c:71:c9:1e:66:07:1b:b7:65:13:35:e3:26:75:5a:14:ce:c8:
         4f:91:4a:4d:69:38:c8:67:8c:77:c8:f5:04:ea:c6:5a:ba:ad:
         d1:92:07:37:49:cc:d1:cb:96:e7:06:46:fe:68:a5:99:fe:87:
         36:b8:a6:fb:57:cb:a4:3f:8a:6d:21:4b:3f:56:ed:a4:a2:31:
         76:23:1a:31:d6:a5:55:47:b0:74:bd:e7:b1:2f:56:3d:12:27:
         a1:d5:59:5c:8d:d9:9d:f7:47:25:7b:85:31:35:d7:2f:d1:02:
         b8:a7:ba:c1:9e:41:32:08:04:78:e3:79:f7:97:28:1a:dc:80:
         c2:2e:b7:42:e4:02:e1:e6:76:76:5f:4f:fa:32:b7:ec:fd:3a:
         43:79:68:10:11:2c:7d:aa:2c:f4:ed:9d:e4:24:5a:a2:ee:39:
         7e:23:bf:9c:90:55:ee:55:01:9c:2a:ad:fb:c0:73:98:2c:36:
         82:d3:f7:af:92:0f:9e:f4:d8:a5:72:08:98:2b:33:e5:70:7c:
         78:d9:20:33:53:33:e3:cd:6a:e4:82:5a:31:f8:ff:c9:32:49:
         0a:a8:58:c2:69:15:26:a3:6b:24:e6:47:d9:f3:88:68:fe:73:
         35:24:82:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlrN4Gp5NdJAuT/c8Zx2OvYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTRhYjJkNDgxY2YxNjIyYTJjNTIxODNhYjRmNWE5MzBh
NGFlNDEwHhcNMjUwOTIxMDc0MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDQ1YjUyOTE2ZmE5NjY3NjZiN2RiYWY4Y2E2YzllZDVjNzgyOGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Q7c71M3Le94KhV+RCFfLZxrvbGJ
9Ngv0EN6VEOASQOiU7qdCMPjWykmW5M5l14ZUEoNFQcY9EZHpzBSK83JfC4AFLqY
Zr7ktzuvaOTd/8BKkHFryRy2gFzWrBjCeANfWyRYYXKWz22tMulxUB+TQrcfj3f+
GLLt1EWn2Oiy6AyxqiA0SSxTTGhwr4P0JhjDL4XiQDiNC8tcGNOKVeXvvIm5laOO
ayUZACd+5Dx4zqvyewwEX1vtEOUy+2zpQQ0E21IxbgyV6kYRt+shsotCLZ+sxLTC
ihVEOs9F6U874Muo7tA0TE3ID/w6RMmjsjHi2qXdt4XiAKnE//LCapzq5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCBFtSkW+pZnZrfbr4ymye1ceCjlMB8GA1UdIwQY
MBaAFP5Uqy1IHPFiKixSGDq09akwpK5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYt
MWIxMzYyYjliNmEyLzEvSUVXMUtSYjZsbWRtdDl1dmpLYko3Vng0S09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYtMWIxMzYyYjliNmEy
LzEvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwd0vAwQA
wd01MA0GCSqGSIb3DQEBCwUAA4IBAQA2QW6t8AvDYMfGWYeGs2jbDH5McckeZgcb
t2UTNeMmdVoUzshPkUpNaTjIZ4x3yPUE6sZauq3Rkgc3SczRy5bnBkb+aKWZ/oc2
uKb7V8ukP4ptIUs/Vu2kojF2Ixox1qVVR7B0veexL1Y9Eieh1Vlcjdmd90cle4Ux
Ndcv0QK4p7rBnkEyCAR443n3lyga3IDCLrdC5ALh5nZ2X0/6Mrfs/TpDeWgQESx9
qiz07Z3kJFqi7jl+I7+ckFXuVQGcKq37wHOYLDaC0/evkg+e9NilcgiYKzPlcHx4
2SAzUzPjzWrkglox+P/JMkkKqFjCaRUmo2sk5kfZ84ho/nM1JIIL
-----END CERTIFICATE-----