Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/Y3eIjjaADlqPYslQ6LVIGKsbv_w.roa
File:                     Y3eIjjaADlqPYslQ6LVIGKsbv_w.roa (raw, json)
Hash identifier:          Z4qkgPUrTToIqTEJGniS6vXulVTkRUgqcb39uARrEjg=
Subject key identifier:   63:77:88:8E:36:80:0E:5A:8F:62:C9:50:E8:B5:48:18:AB:1B:BF:FC
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       0199FD7EF0FACD07F876B9D9F68D548FA6E6
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/Y3eIjjaADlqPYslQ6LVIGKsbv_w.roa
Signing time:             Sun 19 Oct 2025 17:22:58 +0000
ROA not before:           Sun 19 Oct 2025 17:22:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        217.114.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fd:7e:f0:fa:cd:07:f8:76:b9:d9:f6:8d:54:8f:a6:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Oct 19 17:22:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6377888e36800e5a8f62c950e8b54818ab1bbffc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:4d:bf:67:41:0d:38:60:c9:22:eb:5c:68:fa:
                    31:6c:4d:c9:5d:00:a7:da:81:2a:4f:80:9f:5d:45:
                    a2:a4:17:04:f4:09:fc:59:97:6f:44:9c:50:08:ad:
                    3e:da:14:29:4f:bb:bb:ae:0a:2d:48:31:0b:89:8a:
                    ec:7f:d5:b2:9d:7f:1e:01:17:30:7a:37:d5:64:0a:
                    1c:c9:85:af:76:e1:2a:d2:5d:77:a2:94:19:ae:28:
                    2f:49:57:93:bf:cc:f0:6e:5c:4e:75:e8:aa:9f:ea:
                    10:54:e3:93:06:85:35:9a:a3:01:9d:42:28:ab:24:
                    51:08:75:f4:03:73:ec:52:08:7f:e8:7d:3e:bd:20:
                    76:35:d9:58:a0:1a:08:f4:63:53:a4:43:f2:43:22:
                    3f:77:ac:70:f6:eb:7f:e3:bd:30:10:df:b4:09:f5:
                    ed:f7:b6:59:5e:3e:53:77:b3:2e:6c:d5:39:dd:14:
                    94:1c:00:e8:10:0e:49:28:be:65:70:0e:61:e4:4b:
                    dc:4d:6d:2a:d2:18:3f:1b:b9:d0:a1:ab:fc:c5:2b:
                    a6:d7:2f:ff:4c:06:5d:b9:96:58:2c:dc:25:c6:83:
                    f2:66:fa:6c:8c:75:77:5e:06:2c:53:13:42:b8:b5:
                    77:70:66:cb:4a:86:8a:0e:27:6b:27:0e:2a:21:f6:
                    f5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:77:88:8E:36:80:0E:5A:8F:62:C9:50:E8:B5:48:18:AB:1B:BF:FC
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/Y3eIjjaADlqPYslQ6LVIGKsbv_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.114.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:04:2c:dc:1d:33:6b:d8:f6:8c:41:6b:ac:fb:2c:5f:79:c2:
         d2:41:7d:26:6c:c5:6a:3d:8e:82:a9:b5:34:71:65:c4:b0:13:
         b6:8f:91:e5:dd:3e:8e:82:e1:dc:8b:59:9b:b6:78:19:ea:90:
         cf:cd:f7:e5:17:56:ac:02:29:05:b4:57:11:af:71:75:9d:37:
         3d:98:7f:03:33:6b:0b:67:e4:13:ff:72:d9:b8:68:ef:a1:64:
         56:55:7a:4f:92:a7:69:97:1b:4e:5e:51:cc:b0:4a:94:24:81:
         11:27:43:8c:18:a5:9b:e7:f0:b7:b3:d3:75:b7:94:7d:da:ba:
         60:ca:e3:47:92:c6:11:0d:94:18:b6:ba:89:ee:01:1e:7c:f9:
         c0:9e:3b:1c:ab:c5:0f:2d:02:23:dd:82:9b:8e:c7:14:77:a5:
         ec:7f:4c:84:bb:61:8a:89:90:da:5c:1a:eb:aa:af:0d:e8:71:
         71:87:8d:72:7c:5f:8e:4d:6c:bd:6d:be:a3:79:60:04:c7:14:
         22:d4:90:63:d4:b8:16:bd:58:e4:47:aa:de:06:19:e4:52:39:
         e8:9b:3c:bb:0a:a9:b8:94:08:74:9e:12:a0:a0:55:ef:87:d3:
         fe:96:75:ce:6b:ac:3b:93:bd:61:58:ed:43:80:15:2c:ff:e1:
         94:7f:e7:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn9fvD6zQf4drnZ9o1Uj6bmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjUxMDE5MTcyMjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzc3ODg4ZTM2ODAwZTVhOGY2MmM5NTBlOGI1NDgxOGFiMWJiZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1k2/Z0ENOGDJIutcaPoxbE3JXQCn
2oEqT4CfXUWipBcE9An8WZdvRJxQCK0+2hQpT7u7rgotSDELiYrsf9WynX8eARcw
ejfVZAocyYWvduEq0l13opQZrigvSVeTv8zwblxOdeiqn+oQVOOTBoU1mqMBnUIo
qyRRCHX0A3PsUgh/6H0+vSB2NdlYoBoI9GNTpEPyQyI/d6xw9ut/470wEN+0CfXt
97ZZXj5Td7MubNU53RSUHADoEA5JKL5lcA5h5EvcTW0q0hg/G7nQoav8xSum1y//
TAZduZZYLNwlxoPyZvpsjHV3XgYsUxNCuLV3cGbLSoaKDidrJw4qIfb1KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGN3iI42gA5aj2LJUOi1SBirG7/8MB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvWTNlSWpqYUFEbHFQWXNsUTZMVklHS3Nidl93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XIoMA0G
CSqGSIb3DQEBCwUAA4IBAQBUBCzcHTNr2PaMQWus+yxfecLSQX0mbMVqPY6CqbU0
cWXEsBO2j5Hl3T6OguHci1mbtngZ6pDPzfflF1asAikFtFcRr3F1nTc9mH8DM2sL
Z+QT/3LZuGjvoWRWVXpPkqdplxtOXlHMsEqUJIERJ0OMGKWb5/C3s9N1t5R92rpg
yuNHksYRDZQYtrqJ7gEefPnAnjscq8UPLQIj3YKbjscUd6Xsf0yEu2GKiZDaXBrr
qq8N6HFxh41yfF+OTWy9bb6jeWAExxQi1JBj1LgWvVjkR6reBhnkUjnomzy7Cqm4
lAh0nhKgoFXvh9P+lnXOa6w7k71hWO1DgBUs/+GUf+fB
-----END CERTIFICATE-----