Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/Dfhtm3wnVobQG_cxKx6XV-YuVZ0.roa
File:                     Dfhtm3wnVobQG_cxKx6XV-YuVZ0.roa (raw, json)
Hash identifier:          J7uIopIFjTtbgOcYcub/DlKdoJsUFsxhBk7dyA8dGqI=
Subject key identifier:   0D:F8:6D:9B:7C:27:56:86:D0:1B:F7:31:2B:1E:97:57:E6:2E:55:9D
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       01994C1A4C6C157B112E3F176B5A47FBC548
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/Dfhtm3wnVobQG_cxKx6XV-YuVZ0.roa
Signing time:             Mon 15 Sep 2025 06:40:15 +0000
ROA not before:           Mon 15 Sep 2025 06:40:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49040
IP address blocks:        95.158.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4c:1a:4c:6c:15:7b:11:2e:3f:17:6b:5a:47:fb:c5:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Sep 15 06:40:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0df86d9b7c275686d01bf7312b1e9757e62e559d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5b:ad:09:1e:57:f3:ae:66:c6:e7:47:1e:87:
                    37:7d:b9:a3:af:95:bf:ea:8d:e2:65:3c:07:67:8b:
                    76:6d:10:20:e4:8d:be:0b:22:18:9f:ab:26:fc:f5:
                    56:d8:d2:ec:a6:68:3f:ca:0f:1c:4e:08:18:3c:f9:
                    7f:5e:fe:ef:78:16:a5:4f:1d:cb:2f:02:e6:56:8b:
                    3a:2f:21:36:a1:4a:c4:45:e8:12:29:ec:40:03:22:
                    b2:c5:90:d6:ce:a2:56:28:d0:ae:74:4f:09:bf:e0:
                    14:b7:10:2e:a9:bb:25:30:80:61:14:84:78:b6:13:
                    a9:4c:11:35:61:75:8d:cb:83:e7:18:e8:6c:5a:a7:
                    24:26:26:58:c6:38:47:f7:82:6c:59:2f:37:ad:a8:
                    a0:45:b7:98:a0:95:0b:c1:f2:93:51:4a:d8:99:f0:
                    0f:00:f9:91:62:75:20:fd:fd:c8:97:2b:82:9c:8c:
                    10:7f:dc:94:4a:46:28:ec:13:3b:d3:9c:61:a9:9a:
                    c2:42:64:07:83:8c:18:5c:52:78:80:9c:3c:f8:e7:
                    b8:8c:f8:73:75:a9:d6:11:b5:02:04:db:ce:79:be:
                    a8:b5:6f:bf:e1:63:bb:8f:ec:44:5a:31:49:bc:60:
                    b7:00:7f:28:78:bb:65:f6:04:38:ae:4b:79:d1:b8:
                    47:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:F8:6D:9B:7C:27:56:86:D0:1B:F7:31:2B:1E:97:57:E6:2E:55:9D
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/Dfhtm3wnVobQG_cxKx6XV-YuVZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.158.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:4c:eb:eb:85:b5:f9:6e:8c:bd:4e:01:4c:6b:70:21:8e:43:
         f4:61:44:7d:be:cf:57:20:3b:24:bf:d6:dd:93:89:70:62:29:
         78:95:2d:8f:7f:43:e7:fb:2e:dd:6f:54:ed:a8:d2:47:c7:0f:
         e1:28:4b:53:da:7f:50:5c:b7:91:6f:52:d8:00:ac:2e:6c:11:
         58:89:96:b0:40:7f:e9:a4:3c:77:17:f0:c9:c3:27:cb:80:24:
         58:db:5f:c7:33:92:a5:90:f2:2b:21:f7:5e:ca:42:38:41:30:
         ca:cb:ce:f8:fd:3b:7b:f2:b1:56:f6:1a:ad:40:e9:36:7f:f4:
         15:72:2c:7a:48:8a:ca:5f:d8:80:68:83:4b:3f:c4:bc:65:a7:
         57:c1:96:dc:1f:16:27:22:00:85:ef:6b:06:26:1d:73:60:80:
         7d:2a:e7:4a:73:d6:7e:d3:5f:d7:ec:43:2a:fe:de:1f:e9:95:
         4a:26:c7:a9:08:ee:b6:44:d2:91:65:f6:c6:f1:f3:18:9b:e8:
         36:48:00:21:92:dd:50:2b:91:b7:b7:cd:f2:fa:7c:40:f0:b1:
         01:80:81:ac:dc:4a:ad:02:b4:2e:09:21:95:8d:e1:06:2b:96:
         9a:50:c8:26:1f:21:17:b4:98:97:36:a6:15:08:c0:14:75:62:
         b1:87:91:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlMGkxsFXsRLj8Xa1pH+8VIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjUwOTE1MDY0MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGY4NmQ5YjdjMjc1Njg2ZDAxYmY3MzEyYjFlOTc1N2U2MmU1NTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFutCR5X865mxudHHoc3fbmjr5W/
6o3iZTwHZ4t2bRAg5I2+CyIYn6sm/PVW2NLspmg/yg8cTggYPPl/Xv7veBalTx3L
LwLmVos6LyE2oUrERegSKexAAyKyxZDWzqJWKNCudE8Jv+AUtxAuqbslMIBhFIR4
thOpTBE1YXWNy4PnGOhsWqckJiZYxjhH94JsWS83raigRbeYoJULwfKTUUrYmfAP
APmRYnUg/f3IlyuCnIwQf9yUSkYo7BM705xhqZrCQmQHg4wYXFJ4gJw8+Oe4jPhz
danWEbUCBNvOeb6otW+/4WO7j+xEWjFJvGC3AH8oeLtl9gQ4rkt50bhHNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA34bZt8J1aG0Bv3MSsel1fmLlWdMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvRGZodG0zd25Wb2JRR19jeEt4NlhWLVl1VlowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX56IMA0G
CSqGSIb3DQEBCwUAA4IBAQBOTOvrhbX5boy9TgFMa3AhjkP0YUR9vs9XIDskv9bd
k4lwYil4lS2Pf0Pn+y7db1TtqNJHxw/hKEtT2n9QXLeRb1LYAKwubBFYiZawQH/p
pDx3F/DJwyfLgCRY21/HM5KlkPIrIfdeykI4QTDKy874/Tt78rFW9hqtQOk2f/QV
cix6SIrKX9iAaINLP8S8ZadXwZbcHxYnIgCF72sGJh1zYIB9KudKc9Z+01/X7EMq
/t4f6ZVKJsepCO62RNKRZfbG8fMYm+g2SAAhkt1QK5G3t83y+nxA8LEBgIGs3Eqt
ArQuCSGVjeEGK5aaUMgmHyEXtJiXNqYVCMAUdWKxh5G7
-----END CERTIFICATE-----