Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/SRXsV36P-CVrg5tozNoMPCpnyF4.roa
File:                     SRXsV36P-CVrg5tozNoMPCpnyF4.roa (raw, json)
Hash identifier:          OCSCJQF696SWQeZY+m9KrqSwCcjrgufE4o3QCg0DxDs=
Subject key identifier:   49:15:EC:57:7E:8F:F8:25:6B:83:9B:68:CC:DA:0C:3C:2A:67:C8:5E
Certificate issuer:       /CN=4eedb8556a0cf1e82d8e7c79058f0efb50402ca6
Certificate serial:       019957A3C83366A8C61F27B7CBCF608256B7
Authority key identifier: 4E:ED:B8:55:6A:0C:F1:E8:2D:8E:7C:79:05:8F:0E:FB:50:40:2C:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tu24VWoM8egtjnx5BY8O-1BALKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/SRXsV36P-CVrg5tozNoMPCpnyF4.roa
Signing time:             Wed 17 Sep 2025 12:26:15 +0000
ROA not before:           Wed 17 Sep 2025 12:26:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35706
IP address blocks:        217.10.116.208/28 maxlen: 28
                          2001:4db8:e004::/64 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/Tu24VWoM8egtjnx5BY8O-1BALKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/Tu24VWoM8egtjnx5BY8O-1BALKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tu24VWoM8egtjnx5BY8O-1BALKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:57:a3:c8:33:66:a8:c6:1f:27:b7:cb:cf:60:82:56:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eedb8556a0cf1e82d8e7c79058f0efb50402ca6
        Validity
            Not Before: Sep 17 12:26:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4915ec577e8ff8256b839b68ccda0c3c2a67c85e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:50:30:51:df:d0:a1:95:75:af:a8:57:00:59:
                    c9:9f:3e:10:c4:aa:4f:c5:e3:91:f3:74:20:ef:aa:
                    ce:65:da:05:b4:12:5b:8c:0b:a7:c6:f5:02:b1:7d:
                    c1:47:13:2b:d8:34:0d:17:a2:a4:86:74:6f:ad:f2:
                    e1:49:4b:72:b8:f4:4e:e5:3b:91:f0:6f:b2:bf:8d:
                    22:09:57:6d:a3:ba:03:f2:20:df:26:d9:3a:c4:c4:
                    92:64:cf:3f:04:18:a3:a3:ed:61:1b:52:d3:bc:5e:
                    28:39:ce:c8:92:0b:df:c0:41:40:c2:9f:8c:c1:cf:
                    11:eb:61:10:3a:76:28:5f:1e:f7:ac:cd:08:1f:a7:
                    e9:72:40:58:0a:48:4e:5b:f5:06:b1:40:f0:2b:34:
                    20:03:5e:85:c2:b6:72:80:50:4e:0a:a8:03:d9:5d:
                    16:41:ce:09:ef:ae:b8:04:7a:17:5d:15:aa:bd:96:
                    bf:a4:ae:47:13:bf:ef:aa:d8:aa:04:d2:66:1f:7f:
                    a6:f8:c8:fb:9e:04:43:67:04:4a:42:ed:64:de:43:
                    33:86:12:f0:60:1a:02:67:88:58:15:e7:66:ba:ac:
                    93:68:eb:83:28:ba:16:e5:1a:d4:02:54:c4:2f:5b:
                    dd:24:d0:19:49:f5:b9:ac:52:0a:08:ab:a4:61:7a:
                    86:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:15:EC:57:7E:8F:F8:25:6B:83:9B:68:CC:DA:0C:3C:2A:67:C8:5E
            X509v3 Authority Key Identifier:
                keyid:4E:ED:B8:55:6A:0C:F1:E8:2D:8E:7C:79:05:8F:0E:FB:50:40:2C:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tu24VWoM8egtjnx5BY8O-1BALKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/SRXsV36P-CVrg5tozNoMPCpnyF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/884aae-2203-4f21-91a4-8f1ff3880102/1/Tu24VWoM8egtjnx5BY8O-1BALKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.10.116.208/28
                IPv6:
                  2001:4db8:e004::/64

    Signature Algorithm: sha256WithRSAEncryption
         0b:9c:88:af:be:cb:45:ee:bf:b0:82:a9:e7:a2:c3:f5:e5:a8:
         7d:5b:d9:d2:6e:58:37:a0:88:38:6d:a9:d1:3b:e0:42:b1:67:
         b1:96:8c:1f:2c:ed:2d:b9:77:44:bb:c2:19:db:31:6b:c4:8d:
         82:13:02:b9:33:01:b8:3f:a8:67:c0:83:37:f8:af:e7:44:27:
         85:c0:d9:5b:da:ef:2b:f4:dc:60:60:61:f1:8c:b0:70:ab:52:
         cb:51:de:ce:92:b0:a0:cc:4d:08:b7:f4:0e:ce:88:f5:08:8b:
         a5:09:57:67:fc:2c:00:fa:f0:e7:f9:ed:20:d2:1e:42:61:e4:
         68:58:9e:07:01:b6:78:d1:ba:4c:06:e9:4d:f6:c0:55:58:c1:
         b5:f1:a6:87:ce:7a:f7:e5:40:4e:2f:1d:2f:a8:28:f4:43:27:
         60:d6:c6:22:c4:11:2f:cc:eb:94:0f:6e:36:e5:8c:24:cd:50:
         d1:f3:d0:2e:cb:a4:72:93:63:5e:1c:01:8f:c6:ff:0b:68:2f:
         49:e2:9a:c7:16:67:9a:30:12:4b:1b:17:21:14:6f:4f:c4:7a:
         aa:1d:73:f2:8b:e4:0a:eb:2c:0a:82:4d:42:24:7b:f2:c3:02:
         4a:ab:52:10:8a:12:d8:2d:8b:05:b3:55:c3:66:f9:bc:c3:f2:
         67:cb:30:ca
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZlXo8gzZqjGHye3y89ggla3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZWRiODU1NmEwY2YxZTgyZDhlN2M3OTA1OGYwZWZiNTA0
MDJjYTYwHhcNMjUwOTE3MTIyNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTE1ZWM1NzdlOGZmODI1NmI4MzliNjhjY2RhMGMzYzJhNjdjODVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1AwUd/QoZV1r6hXAFnJnz4QxKpP
xeOR83Qg76rOZdoFtBJbjAunxvUCsX3BRxMr2DQNF6KkhnRvrfLhSUtyuPRO5TuR
8G+yv40iCVdto7oD8iDfJtk6xMSSZM8/BBijo+1hG1LTvF4oOc7IkgvfwEFAwp+M
wc8R62EQOnYoXx73rM0IH6fpckBYCkhOW/UGsUDwKzQgA16FwrZygFBOCqgD2V0W
Qc4J7664BHoXXRWqvZa/pK5HE7/vqtiqBNJmH3+m+Mj7ngRDZwRKQu1k3kMzhhLw
YBoCZ4hYFedmuqyTaOuDKLoW5RrUAlTEL1vdJNAZSfW5rFIKCKukYXqG2QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFEkV7Fd+j/gla4ObaMzaDDwqZ8heMB8GA1UdIwQY
MBaAFE7tuFVqDPHoLY58eQWPDvtQQCymMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHUyNFZXb004ZWd0am54NUJZOE8tMUJBTEtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi84ODRhYWUtMjIwMy00ZjIxLTkxYTQt
OGYxZmYzODgwMTAyLzEvU1JYc1YzNlAtQ1ZyZzV0b3pOb01QQ3BueUY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi84ODRhYWUtMjIwMy00ZjIxLTkxYTQtOGYxZmYzODgwMTAy
LzEvVHUyNFZXb004ZWd0am54NUJZOE8tMUJBTEtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjANBAIAATAHAwUE2Qp00DAR
BAIAAjALAwkAIAFNuOAEAAAwDQYJKoZIhvcNAQELBQADggEBAAuciK++y0Xuv7CC
qeeiw/XlqH1b2dJuWDegiDhtqdE74EKxZ7GWjB8s7S25d0S7whnbMWvEjYITArkz
Abg/qGfAgzf4r+dEJ4XA2Vva7yv03GBgYfGMsHCrUstR3s6SsKDMTQi39A7OiPUI
i6UJV2f8LAD68Of57SDSHkJh5GhYngcBtnjRukwG6U32wFVYwbXxpofOevflQE4v
HS+oKPRDJ2DWxiLEES/M65QPbjbljCTNUNHz0C7LpHKTY14cAY/G/wtoL0nimscW
Z5owEksbFyEUb0/Eeqodc/KL5ArrLAqCTUIke/LDAkqrUhCKEtgtiwWzVcNm+bzD
8mfLMMo=
-----END CERTIFICATE-----