Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/52omqQEuqym82ipU0hYmrHOmv0Q.roa
File:                     52omqQEuqym82ipU0hYmrHOmv0Q.roa (raw, json)
Hash identifier:          XCFx/COmHu6CZIYbc3sid+Zpv5Ax1Cs1bDV/hO9qIaY=
Subject key identifier:   E7:6A:26:A9:01:2E:AB:29:BC:DA:2A:54:D2:16:26:AC:73:A6:BF:44
Certificate issuer:       /CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
Certificate serial:       0199CD0B102962D7BC83DD886B40D1B3926A
Authority key identifier: D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/52omqQEuqym82ipU0hYmrHOmv0Q.roa
Signing time:             Fri 10 Oct 2025 07:34:38 +0000
ROA not before:           Fri 10 Oct 2025 07:34:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8311
IP address blocks:        193.178.31.0/24 maxlen: 24
                          193.178.33.0/24 maxlen: 24
                          193.178.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:0b:10:29:62:d7:bc:83:dd:88:6b:40:d1:b3:92:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
        Validity
            Not Before: Oct 10 07:34:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e76a26a9012eab29bcda2a54d21626ac73a6bf44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d2:56:9b:36:6d:3c:7c:d2:08:ee:c3:2e:fc:
                    d8:e6:dd:02:e9:24:f5:8e:3e:76:a4:15:d9:c8:b5:
                    17:b2:a1:93:d9:ce:e8:6a:03:f2:c4:74:3f:85:5e:
                    6f:17:a1:c7:10:b9:55:a5:8b:29:e5:53:b1:f6:a0:
                    84:48:aa:c4:bd:0d:f0:e1:37:98:65:d0:09:9f:b3:
                    bd:7a:eb:2a:96:5e:03:38:a3:f9:fb:84:7f:3c:93:
                    eb:58:ae:cd:97:eb:ca:09:50:36:99:8f:ec:b6:e7:
                    90:65:af:11:21:5e:82:02:4c:e1:53:35:2f:59:f2:
                    0b:a7:f5:b9:42:9c:43:64:2a:c4:8f:ea:4d:0c:89:
                    3a:fa:e6:ab:89:9e:91:9c:52:47:0e:dd:46:58:dd:
                    1f:c6:cf:77:25:f5:31:b0:79:5d:6b:a0:f6:2f:4a:
                    a4:92:b1:05:ab:6f:d3:5c:a4:fa:02:78:78:cd:6e:
                    d7:8b:9e:bd:6d:07:93:8e:f1:65:fc:24:8f:15:98:
                    b1:06:80:af:88:1c:97:02:03:37:3a:54:47:b9:91:
                    f1:d7:a3:25:c9:b9:42:25:b5:77:28:09:4f:5e:76:
                    92:fc:a9:26:ed:b5:41:b7:4b:2b:e0:29:8c:77:30:
                    c2:d6:79:98:1e:57:9d:1a:50:b6:74:ca:90:c3:22:
                    9c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:6A:26:A9:01:2E:AB:29:BC:DA:2A:54:D2:16:26:AC:73:A6:BF:44
            X509v3 Authority Key Identifier:
                keyid:D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/52omqQEuqym82ipU0hYmrHOmv0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.31.0/24
                  193.178.33.0/24
                  193.178.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:ec:98:2a:86:3f:78:1c:f1:02:e2:63:f7:f1:6d:6b:0b:3c:
         42:fb:3c:65:02:d8:19:55:23:41:69:34:1c:8f:80:ea:63:bf:
         1e:bf:9a:5a:79:8e:91:e6:c3:8e:9a:f2:76:10:c1:22:1b:23:
         e1:18:d9:66:e2:fb:5b:42:b4:f2:cd:47:c1:04:3d:b8:e2:fe:
         30:a7:48:35:82:49:c9:79:ee:2f:d0:e2:83:c3:74:de:47:7a:
         c3:f1:65:1e:c9:33:a1:3a:8f:42:dc:c7:26:86:22:78:ec:81:
         c3:d5:61:94:46:73:a0:6c:6f:31:ad:db:02:4d:11:11:50:b3:
         b9:05:66:b6:51:89:10:71:14:47:e4:83:21:5e:3c:fa:d6:86:
         9b:c3:1b:6b:1d:0b:71:bc:ee:e3:30:70:2a:1f:e7:a9:45:ed:
         85:1a:0c:47:c9:7a:1b:92:01:ca:e4:c0:9e:51:1f:a4:70:ea:
         fb:29:d2:e2:7a:4e:80:dd:48:bc:e7:61:3c:63:5c:56:19:8d:
         69:09:43:32:45:19:97:74:32:48:1d:b6:ac:79:3b:f5:2d:57:
         1c:29:53:af:de:4b:52:e8:3a:5b:c5:9f:59:05:95:1c:56:97:
         02:3a:7f:08:2f:78:98:07:67:29:3d:85:35:39:d0:ae:92:d7:
         f4:36:97:b1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnNCxApYte8g92Ia0DRs5JqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZjA2NWM4YmRiNzhmZjI5NGY3YzU0NTQ5NzFkYmZhYmZi
NmMxODQwHhcNMjUxMDEwMDczNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzZhMjZhOTAxMmVhYjI5YmNkYTJhNTRkMjE2MjZhYzczYTZiZjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9JWmzZtPHzSCO7DLvzY5t0C6ST1
jj52pBXZyLUXsqGT2c7oagPyxHQ/hV5vF6HHELlVpYsp5VOx9qCESKrEvQ3w4TeY
ZdAJn7O9eusqll4DOKP5+4R/PJPrWK7Nl+vKCVA2mY/stueQZa8RIV6CAkzhUzUv
WfILp/W5QpxDZCrEj+pNDIk6+uariZ6RnFJHDt1GWN0fxs93JfUxsHlda6D2L0qk
krEFq2/TXKT6Anh4zW7Xi569bQeTjvFl/CSPFZixBoCviByXAgM3OlRHuZHx16Ml
yblCJbV3KAlPXnaS/Kkm7bVBt0sr4CmMdzDC1nmYHledGlC2dMqQwyKc1wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOdqJqkBLqspvNoqVNIWJqxzpr9EMB8GA1UdIwQY
MBaAFNXwZci9t4/ylPfFRUlx2/q/tsGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWIt
MzVhNWRjMmM3OTJjLzEvNTJvbXFRRXVxeW04MmlwVTBoWW1ySE9tdjBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWItMzVhNWRjMmM3OTJj
LzEvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwbIfAwQA
wbIhAwQAwbJzMA0GCSqGSIb3DQEBCwUAA4IBAQAG7Jgqhj94HPEC4mP38W1rCzxC
+zxlAtgZVSNBaTQcj4DqY78ev5paeY6R5sOOmvJ2EMEiGyPhGNlm4vtbQrTyzUfB
BD244v4wp0g1gknJee4v0OKDw3TeR3rD8WUeyTOhOo9C3McmhiJ47IHD1WGURnOg
bG8xrdsCTRERULO5BWa2UYkQcRRH5IMhXjz61oabwxtrHQtxvO7jMHAqH+epRe2F
GgxHyXobkgHK5MCeUR+kcOr7KdLiek6A3Ui852E8Y1xWGY1pCUMyRRmXdDJIHbas
eTv1LVccKVOv3ktS6DpbxZ9ZBZUcVpcCOn8IL3iYB2cpPYU1OdCuktf0Npex
-----END CERTIFICATE-----