Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/507660-12ba-4be8-9b73-b749387df0f5/1/SqwoZLt0wGfQ52uqKIyPq1MR0n0.roa
File:                     SqwoZLt0wGfQ52uqKIyPq1MR0n0.roa (raw, json)
Hash identifier:          54gdg5z/WirnRdadVGX+GzAUp4jdY5Mqe47XSjLSOVQ=
Subject key identifier:   4A:AC:28:64:BB:74:C0:67:D0:E7:6B:AA:28:8C:8F:AB:53:11:D2:7D
Certificate issuer:       /CN=ec70790cdce0c192ac886f3d9ef725f399518398
Certificate serial:       019B76EAF056DB699FFC0018C8C6CA1A6E1A
Authority key identifier: EC:70:79:0C:DC:E0:C1:92:AC:88:6F:3D:9E:F7:25:F3:99:51:83:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7HB5DNzgwZKsiG89nvcl85lRg5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/507660-12ba-4be8-9b73-b749387df0f5/1/SqwoZLt0wGfQ52uqKIyPq1MR0n0.roa
Signing time:             Thu 01 Jan 2026 00:17:46 +0000
ROA not before:           Thu 01 Jan 2026 00:17:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61319
IP address blocks:        171.25.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/507660-12ba-4be8-9b73-b749387df0f5/1/7HB5DNzgwZKsiG89nvcl85lRg5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/507660-12ba-4be8-9b73-b749387df0f5/1/7HB5DNzgwZKsiG89nvcl85lRg5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7HB5DNzgwZKsiG89nvcl85lRg5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:f0:56:db:69:9f:fc:00:18:c8:c6:ca:1a:6e:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec70790cdce0c192ac886f3d9ef725f399518398
        Validity
            Not Before: Jan  1 00:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4aac2864bb74c067d0e76baa288c8fab5311d27d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7d:c4:24:43:72:65:72:42:b4:37:61:7f:1c:
                    41:c1:fe:97:14:8a:1c:74:06:90:b3:9d:a1:c0:89:
                    fe:35:a5:89:d1:f4:ca:84:fb:09:6a:a8:07:8b:79:
                    6b:d0:82:41:ac:6c:79:5c:22:94:91:be:a7:49:bd:
                    af:9f:76:cc:ee:2a:d5:29:b4:f7:96:64:25:97:1e:
                    4e:7f:49:88:91:6f:9e:f6:41:eb:36:55:b6:e0:11:
                    27:aa:63:4d:f1:cc:3b:b2:48:24:eb:b4:0c:b6:5c:
                    d2:08:95:60:ae:54:45:86:54:c0:d2:7c:28:ef:ba:
                    fa:27:5e:eb:af:c1:76:68:3b:8a:bf:9c:b2:fe:7e:
                    1b:c0:8f:3c:f1:31:22:33:9e:ce:cd:3a:73:e9:91:
                    68:dd:b2:48:9f:61:0d:4d:94:91:b4:4f:71:eb:4c:
                    a9:90:bb:60:6c:fa:c5:88:da:5b:88:3a:99:ad:ca:
                    e3:ea:42:5f:35:60:72:f1:76:73:1b:1e:3f:73:9f:
                    8a:17:98:42:4c:57:88:b6:54:94:88:f7:c4:f6:1b:
                    2a:02:b8:35:a5:55:1e:9a:52:fe:69:e2:4f:ca:0e:
                    5e:cb:92:29:7c:d3:aa:31:33:47:18:af:ae:e8:86:
                    f2:64:f0:46:ff:2d:fc:ff:15:f4:24:e2:17:8c:55:
                    0c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:AC:28:64:BB:74:C0:67:D0:E7:6B:AA:28:8C:8F:AB:53:11:D2:7D
            X509v3 Authority Key Identifier:
                keyid:EC:70:79:0C:DC:E0:C1:92:AC:88:6F:3D:9E:F7:25:F3:99:51:83:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7HB5DNzgwZKsiG89nvcl85lRg5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/507660-12ba-4be8-9b73-b749387df0f5/1/SqwoZLt0wGfQ52uqKIyPq1MR0n0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/507660-12ba-4be8-9b73-b749387df0f5/1/7HB5DNzgwZKsiG89nvcl85lRg5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.25.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:56:b3:4f:ba:2b:d6:f6:38:90:dd:c8:fc:c0:3b:6c:d8:60:
         4c:6e:8d:fe:df:70:a5:12:e7:43:a2:93:50:db:e2:e3:60:b1:
         da:a8:3e:69:42:bc:61:07:87:53:35:a9:44:c9:fb:5e:07:e6:
         6a:14:a8:bc:3f:ae:cd:10:80:99:ae:e1:bf:ab:ce:82:52:58:
         2e:f5:1c:a1:15:e8:75:ae:99:db:07:5e:e7:22:31:40:43:63:
         bc:31:f4:34:b0:84:06:23:b0:84:92:78:99:8a:e4:3c:ab:62:
         81:5c:65:ef:75:2a:3e:43:97:1c:89:4f:ec:af:5b:9a:42:43:
         e4:17:eb:b8:d4:54:a1:d1:03:dd:52:d1:f1:45:77:21:6d:24:
         b8:ac:fb:f1:02:73:9c:03:a1:32:98:12:2e:e9:53:b8:3a:d9:
         ba:62:5d:70:8c:54:fe:3a:c5:af:a4:3c:ab:a2:ad:2b:8b:4f:
         91:cc:c6:c4:15:ba:84:c1:bb:04:04:c7:1b:0e:e5:e4:a6:77:
         17:5b:4f:27:54:0e:20:ba:f2:28:b8:f7:4b:e8:32:ec:b7:d8:
         51:0e:4e:5e:53:4f:05:c5:24:21:aa:4b:95:ef:62:7a:e8:b9:
         9e:67:76:ad:ed:ae:0b:5a:6a:19:bc:a1:5a:89:5e:2d:1c:9f:
         7f:a4:9d:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26vBW22mf/AAYyMbKGm4aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNzA3OTBjZGNlMGMxOTJhYzg4NmYzZDllZjcyNWYzOTk1
MTgzOTgwHhcNMjYwMTAxMDAxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWFjMjg2NGJiNzRjMDY3ZDBlNzZiYWEyODhjOGZhYjUzMTFkMjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnX3EJENyZXJCtDdhfxxBwf6XFIoc
dAaQs52hwIn+NaWJ0fTKhPsJaqgHi3lr0IJBrGx5XCKUkb6nSb2vn3bM7irVKbT3
lmQllx5Of0mIkW+e9kHrNlW24BEnqmNN8cw7skgk67QMtlzSCJVgrlRFhlTA0nwo
77r6J17rr8F2aDuKv5yy/n4bwI888TEiM57OzTpz6ZFo3bJIn2ENTZSRtE9x60yp
kLtgbPrFiNpbiDqZrcrj6kJfNWBy8XZzGx4/c5+KF5hCTFeItlSUiPfE9hsqArg1
pVUemlL+aeJPyg5ey5IpfNOqMTNHGK+u6IbyZPBG/y38/xX0JOIXjFUMQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEqsKGS7dMBn0OdrqiiMj6tTEdJ9MB8GA1UdIwQY
MBaAFOxweQzc4MGSrIhvPZ73JfOZUYOYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0hCNUROemd3WktzaUc4OW52Y2w4NWxSZzVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My81MDc2NjAtMTJiYS00YmU4LTliNzMt
Yjc0OTM4N2RmMGY1LzEvU3F3b1pMdDB3R2ZRNTJ1cUtJeVBxMU1SMG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My81MDc2NjAtMTJiYS00YmU4LTliNzMtYjc0OTM4N2RmMGY1
LzEvN0hCNUROemd3WktzaUc4OW52Y2w4NWxSZzVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxm3MA0G
CSqGSIb3DQEBCwUAA4IBAQCeVrNPuivW9jiQ3cj8wDts2GBMbo3+33ClEudDopNQ
2+LjYLHaqD5pQrxhB4dTNalEyfteB+ZqFKi8P67NEICZruG/q86CUlgu9RyhFeh1
rpnbB17nIjFAQ2O8MfQ0sIQGI7CEkniZiuQ8q2KBXGXvdSo+Q5cciU/sr1uaQkPk
F+u41FSh0QPdUtHxRXchbSS4rPvxAnOcA6EymBIu6VO4Otm6Yl1wjFT+OsWvpDyr
oq0ri0+RzMbEFbqEwbsEBMcbDuXkpncXW08nVA4guvIouPdL6DLst9hRDk5eU08F
xSQhqkuV72J66LmeZ3at7a4LWmoZvKFaiV4tHJ9/pJ28
-----END CERTIFICATE-----