Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/OFSTTzksg55XbuxYGxE0hWRveAU.roa
File:                     OFSTTzksg55XbuxYGxE0hWRveAU.roa (raw, json)
Hash identifier:          lXdcJExrwcp2ElmTmNwfYLaK9X6rCxY+t+cA+ok9FKo=
Subject key identifier:   38:54:93:4F:39:2C:83:9E:57:6E:EC:58:1B:11:34:85:64:6F:78:05
Certificate issuer:       /CN=a56ff71e4b8ec24b1c632b2fa2248739cc572205
Certificate serial:       0199A998407AF54107C390BA84583332BC5C
Authority key identifier: A5:6F:F7:1E:4B:8E:C2:4B:1C:63:2B:2F:A2:24:87:39:CC:57:22:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pW_3HkuOwkscYysvoiSHOcxXIgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/OFSTTzksg55XbuxYGxE0hWRveAU.roa
Signing time:             Fri 03 Oct 2025 10:22:31 +0000
ROA not before:           Fri 03 Oct 2025 10:22:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61966
IP address blocks:        185.52.230.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/pW_3HkuOwkscYysvoiSHOcxXIgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/pW_3HkuOwkscYysvoiSHOcxXIgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pW_3HkuOwkscYysvoiSHOcxXIgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:98:40:7a:f5:41:07:c3:90:ba:84:58:33:32:bc:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a56ff71e4b8ec24b1c632b2fa2248739cc572205
        Validity
            Not Before: Oct  3 10:22:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3854934f392c839e576eec581b113485646f7805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:a8:0d:57:d3:6b:6a:a3:21:77:48:de:7a:d2:
                    23:d4:fa:a0:35:f9:3f:9b:b8:81:35:7a:82:bb:14:
                    a6:ee:ea:1a:76:bc:95:9d:8c:3c:32:8b:47:49:93:
                    c1:6e:5c:b3:53:46:6b:3a:44:88:b1:e0:b2:f6:3f:
                    11:b6:45:a6:99:38:3b:70:b2:94:59:56:f7:25:8b:
                    28:13:10:8e:82:44:a1:60:e6:96:34:61:7d:24:b1:
                    30:6c:0b:49:0c:c7:f8:64:43:8a:38:80:d7:cd:99:
                    2d:3e:15:81:51:cf:c8:7a:df:d6:cd:b6:cf:fb:97:
                    c4:e3:2f:38:07:24:d7:25:0e:31:f9:c0:6c:3c:42:
                    aa:dc:59:a1:4e:f9:66:30:31:38:02:17:99:4f:ed:
                    21:70:dd:d2:b6:6c:55:da:10:18:a5:39:ce:41:e8:
                    4a:18:bb:a6:9a:39:96:97:6a:23:24:fe:6f:de:15:
                    29:c1:50:86:24:c5:59:86:34:aa:a1:7d:fb:73:3a:
                    88:a2:0e:84:fe:c4:8f:7b:a9:77:c1:82:c9:29:57:
                    88:78:6e:24:74:c4:15:2f:54:24:69:f8:24:1d:de:
                    b5:c2:c2:a9:84:4b:77:b7:6b:e6:dd:28:a2:73:d1:
                    c5:8b:77:c2:f5:e2:56:30:a1:f7:a7:37:7a:b0:58:
                    76:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:54:93:4F:39:2C:83:9E:57:6E:EC:58:1B:11:34:85:64:6F:78:05
            X509v3 Authority Key Identifier:
                keyid:A5:6F:F7:1E:4B:8E:C2:4B:1C:63:2B:2F:A2:24:87:39:CC:57:22:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pW_3HkuOwkscYysvoiSHOcxXIgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/OFSTTzksg55XbuxYGxE0hWRveAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/4a3139-8e1b-4a1e-87da-e6aabb06bbb0/1/pW_3HkuOwkscYysvoiSHOcxXIgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:cc:67:42:a9:0c:1a:34:81:f0:dd:8a:85:6b:7f:6d:ee:d0:
         db:90:96:fe:42:34:92:f8:bc:81:ac:92:62:69:b3:21:cf:f4:
         f7:f0:25:29:91:72:20:4d:82:ba:9e:ed:13:56:2d:04:9c:b3:
         d3:8c:d6:bd:8f:90:8a:0f:58:8c:cc:1f:e4:62:da:47:d0:e8:
         5e:af:31:24:5c:2a:86:30:bc:ee:85:e6:5b:3a:f8:f5:d1:fc:
         4a:ec:4d:cb:7a:ed:df:bf:e4:2e:15:d5:f8:5c:74:e2:bc:0c:
         9e:f5:26:27:1c:c2:5b:b4:c7:be:f8:20:8a:09:ec:01:25:19:
         39:62:e1:49:1f:77:cb:0c:46:eb:e5:7c:71:2d:6c:71:ad:d9:
         8b:6e:14:75:11:22:20:7b:04:b4:63:13:bb:f3:72:95:94:9e:
         d8:f8:e5:51:c6:fb:d4:e8:a2:4d:2a:90:e0:be:c4:9c:6d:e2:
         0b:27:cf:96:83:b3:ea:a3:47:c3:5c:e4:0a:e6:a7:72:f8:6c:
         58:d2:08:e3:0a:c2:02:7d:b8:10:66:06:da:f1:e0:5a:d1:f9:
         1e:06:4b:0c:77:fc:c4:8a:d7:f9:76:c4:e1:cd:d1:c7:54:96:
         30:34:d6:74:ec:41:ec:42:ba:6c:29:e6:18:5f:39:b9:11:86:
         49:68:8e:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmpmEB69UEHw5C6hFgzMrxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NmZmNzFlNGI4ZWMyNGIxYzYzMmIyZmEyMjQ4NzM5Y2M1
NzIyMDUwHhcNMjUxMDAzMTAyMjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU0OTM0ZjM5MmM4MzllNTc2ZWVjNTgxYjExMzQ4NTY0NmY3ODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6agNV9NraqMhd0jeetIj1PqgNfk/
m7iBNXqCuxSm7uoadryVnYw8MotHSZPBblyzU0ZrOkSIseCy9j8RtkWmmTg7cLKU
WVb3JYsoExCOgkShYOaWNGF9JLEwbAtJDMf4ZEOKOIDXzZktPhWBUc/Iet/WzbbP
+5fE4y84ByTXJQ4x+cBsPEKq3FmhTvlmMDE4AheZT+0hcN3StmxV2hAYpTnOQehK
GLummjmWl2ojJP5v3hUpwVCGJMVZhjSqoX37czqIog6E/sSPe6l3wYLJKVeIeG4k
dMQVL1QkafgkHd61wsKphEt3t2vm3Siic9HFi3fC9eJWMKH3pzd6sFh2XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhUk085LIOeV27sWBsRNIVkb3gFMB8GA1UdIwQY
MBaAFKVv9x5LjsJLHGMrL6IkhznMVyIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFdfM0hrdU93a3NjWXlzdm9pU0hPY3hYSWdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS80YTMxMzktOGUxYi00YTFlLTg3ZGEt
ZTZhYWJiMDZiYmIwLzEvT0ZTVFR6a3NnNTVYYnV4WUd4RTBoV1J2ZUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS80YTMxMzktOGUxYi00YTFlLTg3ZGEtZTZhYWJiMDZiYmIw
LzEvcFdfM0hrdU93a3NjWXlzdm9pU0hPY3hYSWdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTTmMA0G
CSqGSIb3DQEBCwUAA4IBAQBazGdCqQwaNIHw3YqFa39t7tDbkJb+QjSS+LyBrJJi
abMhz/T38CUpkXIgTYK6nu0TVi0EnLPTjNa9j5CKD1iMzB/kYtpH0OherzEkXCqG
MLzuheZbOvj10fxK7E3Leu3fv+QuFdX4XHTivAye9SYnHMJbtMe++CCKCewBJRk5
YuFJH3fLDEbr5XxxLWxxrdmLbhR1ESIgewS0YxO783KVlJ7Y+OVRxvvU6KJNKpDg
vsScbeILJ8+Wg7Pqo0fDXOQK5qdy+GxY0gjjCsICfbgQZgba8eBa0fkeBksMd/zE
itf5dsThzdHHVJYwNNZ07EHsQrpsKeYYXzm5EYZJaI7h
-----END CERTIFICATE-----