Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Runr-6VXW2y4koiSKGKGORC8B5Y.roa
File:                     Runr-6VXW2y4koiSKGKGORC8B5Y.roa (raw, json)
Hash identifier:          UUYD457obmBupxoLSkbSM/YMJTJBprRsA6L9Dn56qa8=
Subject key identifier:   46:E9:EB:FB:A5:57:5B:6C:B8:92:88:92:28:62:86:39:10:BC:07:96
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       0199CD516CDB568CDA9B911033290FE60B9F
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Runr-6VXW2y4koiSKGKGORC8B5Y.roa
Signing time:             Fri 10 Oct 2025 08:51:29 +0000
ROA not before:           Fri 10 Oct 2025 08:51:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200095
IP address blocks:        37.18.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 08:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:51:6c:db:56:8c:da:9b:91:10:33:29:0f:e6:0b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Oct 10 08:51:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46e9ebfba5575b6cb89288922862863910bc0796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:79:2d:a8:43:56:f2:d1:d0:5a:9d:fb:48:20:
                    b9:16:4a:cd:4c:df:7e:9b:c1:43:71:2b:67:25:41:
                    2b:77:62:cb:ea:8a:90:9c:ec:ef:d9:27:59:7a:04:
                    80:37:e2:28:fc:e4:50:16:b6:e8:2c:6e:52:2b:da:
                    90:dd:27:9d:ee:a5:24:7f:ef:e6:72:fe:a4:56:34:
                    20:66:6b:65:0b:7a:f6:ed:29:c0:23:02:25:c6:dd:
                    3e:bf:9f:f1:23:6b:de:37:ac:7a:cc:9b:3c:6b:d6:
                    21:68:b9:16:2f:b6:11:b9:56:1d:62:75:96:8d:6b:
                    81:8f:52:7e:f9:ef:0d:4a:ab:b5:73:01:75:02:50:
                    25:68:17:04:3e:6c:70:4b:90:c1:06:b0:76:70:4c:
                    7f:38:47:9c:e3:49:2a:bc:03:3c:82:4b:4a:d0:f1:
                    38:a5:7d:37:a8:4e:ed:c2:8d:c1:b7:28:d8:a3:c4:
                    24:a4:11:32:11:a2:47:59:00:53:49:20:2b:71:a0:
                    ab:01:2c:3d:7b:f9:ec:16:da:5d:1b:69:64:84:e7:
                    78:f3:dd:cd:63:86:2e:c0:b0:4e:5a:8e:b6:a3:4e:
                    43:ac:db:b0:3a:6a:94:95:d1:02:97:b3:13:cd:7d:
                    e3:2e:81:3a:b1:26:a6:0a:cb:0d:9b:76:27:7b:ce:
                    c5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:E9:EB:FB:A5:57:5B:6C:B8:92:88:92:28:62:86:39:10:BC:07:96
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Runr-6VXW2y4koiSKGKGORC8B5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:8c:35:98:92:78:be:fa:43:76:60:b9:77:5b:12:38:57:f0:
         76:76:4e:0d:54:3e:9e:8b:f0:a8:6a:31:fd:14:be:36:7f:8e:
         15:59:af:32:f7:6d:25:b8:60:5e:ff:8e:06:4f:3f:b5:17:34:
         b9:28:e7:ce:58:0c:95:fb:3a:f8:7f:4b:1e:a9:fb:ae:d4:19:
         ab:22:bb:23:94:89:80:71:4d:e2:0f:be:b8:f4:b9:65:6d:1f:
         fa:8c:15:0d:50:0a:f6:6a:64:71:18:c5:76:9e:17:78:3a:52:
         4f:5f:4c:e6:c0:14:5e:a0:21:bf:36:2d:bd:cf:40:10:17:ff:
         9c:81:1c:1d:24:5f:66:a7:4c:91:df:36:a6:03:84:92:00:3d:
         89:43:d5:f8:cf:54:09:d1:f7:3b:b7:5b:32:e4:96:f4:c4:e2:
         d7:c6:c2:3f:59:55:9c:92:c5:ac:89:38:68:ed:e5:15:f8:21:
         ff:33:92:fc:ad:83:1e:a5:f1:ff:ad:66:74:4c:83:dc:e2:33:
         07:f7:91:56:14:f5:f1:73:0e:6f:91:6f:f4:1b:c5:45:67:5a:
         19:07:41:67:5d:58:43:8e:bd:49:3f:02:2b:05:96:6d:4b:39:
         01:36:d4:10:a9:fc:33:df:c1:a8:0b:cd:90:b9:5d:4f:e5:ef:
         7a:51:d0:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnNUWzbVozam5EQMykP5gufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUxMDEwMDg1MTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmU5ZWJmYmE1NTc1YjZjYjg5Mjg4OTIyODYyODYzOTEwYmMwNzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nktqENW8tHQWp37SCC5FkrNTN9+
m8FDcStnJUErd2LL6oqQnOzv2SdZegSAN+Io/ORQFrboLG5SK9qQ3Sed7qUkf+/m
cv6kVjQgZmtlC3r27SnAIwIlxt0+v5/xI2veN6x6zJs8a9YhaLkWL7YRuVYdYnWW
jWuBj1J++e8NSqu1cwF1AlAlaBcEPmxwS5DBBrB2cEx/OEec40kqvAM8gktK0PE4
pX03qE7two3BtyjYo8QkpBEyEaJHWQBTSSArcaCrASw9e/nsFtpdG2lkhOd4893N
Y4YuwLBOWo62o05DrNuwOmqUldECl7MTzX3jLoE6sSamCssNm3Yne87FHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEbp6/ulV1tsuJKIkihihjkQvAeWMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvUnVuci02VlhXMnk0a29pU0tHS0dPUkM4QjVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRINMA0G
CSqGSIb3DQEBCwUAA4IBAQB5jDWYkni++kN2YLl3WxI4V/B2dk4NVD6ei/CoajH9
FL42f44VWa8y920luGBe/44GTz+1FzS5KOfOWAyV+zr4f0seqfuu1BmrIrsjlImA
cU3iD7649LllbR/6jBUNUAr2amRxGMV2nhd4OlJPX0zmwBReoCG/Ni29z0AQF/+c
gRwdJF9mp0yR3zamA4SSAD2JQ9X4z1QJ0fc7t1sy5Jb0xOLXxsI/WVWcksWsiTho
7eUV+CH/M5L8rYMepfH/rWZ0TIPc4jMH95FWFPXxcw5vkW/0G8VFZ1oZB0FnXVhD
jr1JPwIrBZZtSzkBNtQQqfwz38GoC82QuV1P5e96UdBT
-----END CERTIFICATE-----