Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/s3JX7MMd2F6H8sckTYHSRvimPE8.roa
File:                     s3JX7MMd2F6H8sckTYHSRvimPE8.roa (raw, json)
Hash identifier:          HEFhP2d7tonS6fNCUG/BahZ2ttIC+7YOH25ofTG5Rts=
Subject key identifier:   B3:72:57:EC:C3:1D:D8:5E:87:F2:C7:24:4D:81:D2:46:F8:A6:3C:4F
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       0199AE9F0510CB664DAE52335A66E17D2200
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/s3JX7MMd2F6H8sckTYHSRvimPE8.roa
Signing time:             Sat 04 Oct 2025 09:48:01 +0000
ROA not before:           Sat 04 Oct 2025 09:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        144.56.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ae:9f:05:10:cb:66:4d:ae:52:33:5a:66:e1:7d:22:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Oct  4 09:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b37257ecc31dd85e87f2c7244d81d246f8a63c4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:82:92:98:d6:c4:18:5f:d1:65:32:6b:93:78:
                    bc:2d:45:27:21:64:01:80:ba:e2:0a:65:ee:5f:5a:
                    56:91:85:39:d0:a2:25:dc:7c:83:9d:94:d8:c9:b0:
                    d1:69:e4:c7:29:5c:58:fa:98:7a:8f:02:9d:de:3d:
                    7b:26:5c:ee:64:e5:6c:70:ce:0b:b6:ca:a9:0d:fd:
                    9c:7a:5c:f7:60:7e:2d:ce:9e:f2:4d:bd:ec:61:1b:
                    aa:92:7a:f0:60:60:fe:73:3a:f6:a0:8a:17:f5:50:
                    3d:fe:13:d9:f9:2b:02:28:72:dc:51:8a:10:20:16:
                    85:e8:e9:1e:27:3c:6f:8a:32:6a:91:4e:5f:71:c7:
                    f1:4a:0d:17:53:c5:ab:da:5e:59:ea:4e:fd:c1:99:
                    a2:9f:db:84:a5:8a:69:38:a4:2a:41:59:22:80:ed:
                    79:92:70:ab:dd:2a:e5:29:81:04:f3:18:93:8d:a2:
                    28:1f:b2:0a:3c:b4:c4:65:66:9b:d0:a6:fd:10:31:
                    42:9b:3c:5e:f4:fd:8e:44:72:35:04:ac:b3:b1:0b:
                    cd:95:e1:09:be:56:e7:76:a9:cf:e5:d7:40:26:5f:
                    5f:a6:c4:a3:5b:e0:be:1c:aa:fc:5c:76:ff:b3:84:
                    80:b7:49:36:02:f5:99:0d:61:bd:ab:2d:89:a6:1a:
                    47:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:72:57:EC:C3:1D:D8:5E:87:F2:C7:24:4D:81:D2:46:F8:A6:3C:4F
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/s3JX7MMd2F6H8sckTYHSRvimPE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:00:1a:76:b7:5c:51:95:86:5b:67:9e:82:cb:4c:a4:4f:5e:
         70:24:39:d0:8a:85:3c:64:d8:92:b0:85:a0:e5:b8:9a:2c:1c:
         6d:09:15:8b:a5:22:c6:d9:74:e7:7d:d3:df:d4:ac:10:21:f1:
         ac:a3:e1:a6:8c:46:6a:14:65:91:5c:55:db:53:9f:8e:03:30:
         e0:47:3b:67:89:2a:83:29:81:0a:f2:87:ea:2e:c2:ad:e0:df:
         8e:b9:6a:3b:2f:78:88:e9:ef:aa:48:34:a5:56:78:13:90:28:
         d3:80:bf:82:5b:11:0c:e9:b2:f0:2e:80:45:cd:28:25:aa:62:
         87:04:b4:8d:ed:b5:c2:dc:ce:bc:fa:6f:b2:25:a4:54:1f:2b:
         75:1f:90:0f:3f:a9:20:70:96:45:fa:22:d7:2b:5d:e9:17:7d:
         7c:5b:54:4f:90:7b:d5:28:99:16:07:54:e7:5f:f2:83:f6:1f:
         19:77:03:7c:92:d0:a2:64:41:47:c4:b4:e6:68:84:fc:49:34:
         35:04:d2:dd:7d:5f:b2:fb:c9:3d:b1:e7:01:d2:90:0f:b3:8c:
         ee:90:02:08:dd:07:1d:b7:0d:de:91:7a:de:62:28:c1:26:71:
         7e:f1:e0:1e:48:d0:62:28:a7:17:54:a1:6a:64:8c:0b:d4:a4:
         29:d0:ce:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmunwUQy2ZNrlIzWmbhfSIAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUxMDA0MDk0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzcyNTdlY2MzMWRkODVlODdmMmM3MjQ0ZDgxZDI0NmY4YTYzYzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIKSmNbEGF/RZTJrk3i8LUUnIWQB
gLriCmXuX1pWkYU50KIl3HyDnZTYybDRaeTHKVxY+ph6jwKd3j17JlzuZOVscM4L
tsqpDf2celz3YH4tzp7yTb3sYRuqknrwYGD+czr2oIoX9VA9/hPZ+SsCKHLcUYoQ
IBaF6OkeJzxvijJqkU5fccfxSg0XU8Wr2l5Z6k79wZmin9uEpYppOKQqQVkigO15
knCr3SrlKYEE8xiTjaIoH7IKPLTEZWab0Kb9EDFCmzxe9P2ORHI1BKyzsQvNleEJ
vlbndqnP5ddAJl9fpsSjW+C+HKr8XHb/s4SAt0k2AvWZDWG9qy2JphpHLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNyV+zDHdheh/LHJE2B0kb4pjxPMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvczNKWDdNTWQyRjZIOHNja1RZSFNSdmltUEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDgpMA0G
CSqGSIb3DQEBCwUAA4IBAQDJABp2t1xRlYZbZ56Cy0ykT15wJDnQioU8ZNiSsIWg
5biaLBxtCRWLpSLG2XTnfdPf1KwQIfGso+GmjEZqFGWRXFXbU5+OAzDgRztniSqD
KYEK8ofqLsKt4N+OuWo7L3iI6e+qSDSlVngTkCjTgL+CWxEM6bLwLoBFzSglqmKH
BLSN7bXC3M68+m+yJaRUHyt1H5APP6kgcJZF+iLXK13pF318W1RPkHvVKJkWB1Tn
X/KD9h8ZdwN8ktCiZEFHxLTmaIT8STQ1BNLdfV+y+8k9secB0pAPs4zukAII3Qcd
tw3ekXreYijBJnF+8eAeSNBiKKcXVKFqZIwL1KQp0M6+
-----END CERTIFICATE-----