Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/d4I51w20scF0qqj486GiV-nYoLE.roa
File:                     d4I51w20scF0qqj486GiV-nYoLE.roa (raw, json)
Hash identifier:          BmIi2OiasNN95IJMu0tNLgXYd8MOoQKfmXcF14LcfbE=
Subject key identifier:   77:82:39:D7:0D:B4:B1:C1:74:AA:A8:F8:F3:A1:A2:57:E9:D8:A0:B1
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       0199CE861655CBBAFE97035CAA51D85D36DA
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/d4I51w20scF0qqj486GiV-nYoLE.roa
Signing time:             Fri 10 Oct 2025 14:28:38 +0000
ROA not before:           Fri 10 Oct 2025 14:28:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54252
IP address blocks:        144.56.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:86:16:55:cb:ba:fe:97:03:5c:aa:51:d8:5d:36:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Oct 10 14:28:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=778239d70db4b1c174aaa8f8f3a1a257e9d8a0b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6b:30:e2:38:30:b1:c6:8e:c8:0c:57:23:d8:
                    bd:a9:b2:39:4b:84:f7:4e:4b:c7:b9:7f:46:f3:62:
                    c5:3e:90:36:3a:f1:ea:64:e9:5e:5c:d3:f5:a8:93:
                    fd:0e:a1:71:6e:d6:f3:57:61:bc:38:1b:49:90:2b:
                    e4:10:a5:69:c6:2f:38:73:0a:cf:81:02:d7:c1:7c:
                    c6:77:15:d4:77:92:b4:48:51:32:7c:e3:bc:47:2e:
                    70:d5:f6:51:ef:25:33:10:19:f7:fb:35:7b:fe:c0:
                    1f:2a:22:12:1a:e4:42:95:77:1f:6c:66:4a:8a:8e:
                    df:1a:62:cd:26:82:a7:00:66:38:50:68:5e:e4:ab:
                    8e:f3:e6:7e:34:59:c6:d0:d9:c4:4e:3f:17:50:e8:
                    a2:9f:bf:ec:33:6f:df:7b:43:14:1f:a3:5e:d6:5b:
                    1c:c7:94:4c:84:16:b5:02:ce:f3:77:72:97:70:f6:
                    87:f2:a0:81:b1:79:66:3d:5c:0d:a9:1b:7f:02:39:
                    3c:df:3e:2d:cf:32:1d:86:ee:ac:e2:fe:26:6d:f6:
                    4b:7c:ba:7d:ed:39:b2:a9:4d:08:39:e0:51:1e:6a:
                    9d:e6:29:d3:b5:30:a4:18:e2:26:65:6f:53:ec:1c:
                    f8:93:d5:d9:41:a0:8f:4a:69:2a:1f:35:b4:bd:98:
                    61:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:82:39:D7:0D:B4:B1:C1:74:AA:A8:F8:F3:A1:A2:57:E9:D8:A0:B1
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/d4I51w20scF0qqj486GiV-nYoLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:20:ef:98:33:0c:2a:fb:af:33:65:46:a6:f0:35:39:d2:9e:
         3e:63:cc:f9:79:d2:38:52:03:42:c7:03:6f:1d:96:e6:1c:d7:
         ae:cd:05:f5:c3:50:c8:d2:01:d5:35:39:64:21:c8:b5:20:60:
         b3:a8:4f:1d:29:a3:af:1a:56:bc:fc:91:0d:16:21:1f:b5:5e:
         8f:91:59:5b:ec:e5:f2:6b:a5:20:b6:ed:4d:98:02:65:09:72:
         68:57:8d:95:00:fa:8e:c7:8f:83:59:02:83:39:6e:ab:83:83:
         87:d5:1a:95:8d:8c:41:38:f5:6b:98:6b:c9:9c:9c:a3:28:71:
         07:74:9e:d2:18:b1:3f:0e:05:47:52:46:77:cb:54:90:e5:24:
         f7:a6:35:a0:ce:73:32:2d:1a:82:b0:a7:fe:d3:2c:7f:a4:8d:
         60:ac:2d:30:0d:1a:80:85:35:bd:14:d2:fe:f3:ab:0c:c4:c7:
         c1:97:a3:bc:c6:ed:7f:d3:95:87:9e:a0:a4:31:fe:f8:c2:44:
         bd:b7:5d:c2:e1:ab:03:fc:f4:64:44:18:db:d1:71:7e:64:c8:
         2c:f6:3d:c3:d1:5d:37:82:d6:62:bd:3f:0e:c1:56:19:b4:03:
         37:65:37:f8:a2:01:23:16:95:89:1f:35:ea:2d:07:a3:91:00:
         df:c8:28:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOhhZVy7r+lwNcqlHYXTbaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUxMDEwMTQyODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzgyMzlkNzBkYjRiMWMxNzRhYWE4ZjhmM2ExYTI1N2U5ZDhhMGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWsw4jgwscaOyAxXI9i9qbI5S4T3
TkvHuX9G82LFPpA2OvHqZOleXNP1qJP9DqFxbtbzV2G8OBtJkCvkEKVpxi84cwrP
gQLXwXzGdxXUd5K0SFEyfOO8Ry5w1fZR7yUzEBn3+zV7/sAfKiISGuRClXcfbGZK
io7fGmLNJoKnAGY4UGhe5KuO8+Z+NFnG0NnETj8XUOiin7/sM2/fe0MUH6Ne1lsc
x5RMhBa1As7zd3KXcPaH8qCBsXlmPVwNqRt/Ajk83z4tzzIdhu6s4v4mbfZLfLp9
7TmyqU0IOeBRHmqd5inTtTCkGOImZW9T7Bz4k9XZQaCPSmkqHzW0vZhhowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHeCOdcNtLHBdKqo+POholfp2KCxMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvZDRJNTF3MjBzY0YwcXFqNDg2R2lWLW5Zb0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDgHMA0G
CSqGSIb3DQEBCwUAA4IBAQBEIO+YMwwq+68zZUam8DU50p4+Y8z5edI4UgNCxwNv
HZbmHNeuzQX1w1DI0gHVNTlkIci1IGCzqE8dKaOvGla8/JENFiEftV6PkVlb7OXy
a6Ugtu1NmAJlCXJoV42VAPqOx4+DWQKDOW6rg4OH1RqVjYxBOPVrmGvJnJyjKHEH
dJ7SGLE/DgVHUkZ3y1SQ5ST3pjWgznMyLRqCsKf+0yx/pI1grC0wDRqAhTW9FNL+
86sMxMfBl6O8xu1/05WHnqCkMf74wkS9t13C4asD/PRkRBjb0XF+ZMgs9j3D0V03
gtZivT8OwVYZtAM3ZTf4ogEjFpWJHzXqLQejkQDfyCg7
-----END CERTIFICATE-----