Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/3ad5e6-440b-453c-a29b-6fb67d9b8609/1/vlxgwnsrxTB2IrKODmYZkh1eLKk.roa
File:                     vlxgwnsrxTB2IrKODmYZkh1eLKk.roa (raw, json)
Hash identifier:          IINnobAEpyO+WbS5D8S+J3jsTeuhfNz2pRNchm53DWg=
Subject key identifier:   BE:5C:60:C2:7B:2B:C5:30:76:22:B2:8E:0E:66:19:92:1D:5E:2C:A9
Certificate issuer:       /CN=63ac247e6271f064916372b521fdc8649b254c55
Certificate serial:       019985D48A0260CA29065C8E1F14000ECE63
Authority key identifier: 63:AC:24:7E:62:71:F0:64:91:63:72:B5:21:FD:C8:64:9B:25:4C:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y6wkfmJx8GSRY3K1If3IZJslTFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/3ad5e6-440b-453c-a29b-6fb67d9b8609/1/vlxgwnsrxTB2IrKODmYZkh1eLKk.roa
Signing time:             Fri 26 Sep 2025 11:42:02 +0000
ROA not before:           Fri 26 Sep 2025 11:42:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34984
IP address blocks:        164.138.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/3ad5e6-440b-453c-a29b-6fb67d9b8609/1/Y6wkfmJx8GSRY3K1If3IZJslTFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/3ad5e6-440b-453c-a29b-6fb67d9b8609/1/Y6wkfmJx8GSRY3K1If3IZJslTFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y6wkfmJx8GSRY3K1If3IZJslTFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:d4:8a:02:60:ca:29:06:5c:8e:1f:14:00:0e:ce:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63ac247e6271f064916372b521fdc8649b254c55
        Validity
            Not Before: Sep 26 11:42:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be5c60c27b2bc5307622b28e0e6619921d5e2ca9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ab:22:00:af:61:9d:91:f1:1d:6b:80:65:f4:
                    1d:4a:4c:ef:4a:ae:8d:fe:3e:6c:17:db:db:31:f9:
                    92:92:16:d5:7c:00:5e:99:06:3b:9a:ed:86:6b:d2:
                    80:12:16:d5:fe:31:45:7a:f4:06:58:1a:29:59:bc:
                    4f:d4:f2:41:eb:61:39:1a:0a:44:81:3f:5d:81:e0:
                    f2:25:d2:48:31:cc:4e:37:3f:04:3f:6f:6c:03:dc:
                    68:4b:ea:7a:d6:b6:35:ab:ab:9a:52:41:7c:d6:91:
                    78:97:45:ac:0c:83:b6:00:ea:ee:a6:3c:30:7d:3f:
                    6e:09:8b:d1:3d:78:04:d9:42:fb:24:0b:fa:70:11:
                    c2:00:44:97:38:fa:f9:c7:4b:8a:0c:aa:90:f9:9e:
                    54:62:c8:fa:c8:68:2c:f1:59:6c:e7:5a:5e:21:68:
                    60:98:4d:73:a6:e5:e7:23:15:61:bb:be:27:17:a2:
                    12:14:e5:50:0b:20:b2:a9:1e:a8:7e:c6:d0:9a:2e:
                    5c:0d:5b:c4:da:dc:8c:9c:bf:05:54:07:1c:d9:1c:
                    ef:4c:08:da:b9:61:5c:44:6e:c5:df:a5:69:2b:3b:
                    ab:b5:b9:99:a4:4e:4f:b2:5b:e1:82:8e:14:9f:98:
                    fc:f8:3f:1e:34:a0:54:77:b3:4c:9f:1f:00:2b:8d:
                    60:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:5C:60:C2:7B:2B:C5:30:76:22:B2:8E:0E:66:19:92:1D:5E:2C:A9
            X509v3 Authority Key Identifier:
                keyid:63:AC:24:7E:62:71:F0:64:91:63:72:B5:21:FD:C8:64:9B:25:4C:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y6wkfmJx8GSRY3K1If3IZJslTFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3ad5e6-440b-453c-a29b-6fb67d9b8609/1/vlxgwnsrxTB2IrKODmYZkh1eLKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3ad5e6-440b-453c-a29b-6fb67d9b8609/1/Y6wkfmJx8GSRY3K1If3IZJslTFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:1f:05:69:f9:53:17:89:19:87:95:e9:ef:f2:4b:53:0d:28:
         b7:ce:7d:26:53:6b:63:a2:93:62:73:2d:ef:e4:41:b8:87:63:
         24:0e:75:99:40:52:82:b8:99:ff:ce:ad:b4:de:78:bc:9b:6f:
         d4:14:93:21:5f:b7:70:a9:db:5c:f6:64:ce:7b:74:68:a8:28:
         1e:5d:b4:1f:89:84:81:41:7c:b2:f3:28:da:db:47:aa:ee:5b:
         71:d7:2f:6a:94:2f:9d:7f:9c:5a:74:44:66:0e:19:1b:ba:86:
         9f:cb:af:65:88:c4:a3:c0:f7:a5:ab:86:f3:0c:2e:43:7d:b2:
         86:8d:1e:5b:85:63:24:d3:c9:b9:8d:76:28:ec:2f:68:44:df:
         ac:90:d8:71:a9:e9:00:47:c3:5f:61:dc:28:f2:6b:7b:86:30:
         37:1c:c0:82:d4:f2:e7:ed:6b:ed:34:01:8c:75:2a:83:b6:a1:
         95:21:cb:d5:68:6e:06:da:1c:42:bc:3d:e0:5d:10:4c:fa:44:
         66:ed:82:63:8d:f7:6d:d3:fc:55:fd:b1:c2:4e:14:63:23:be:
         5e:b5:80:70:45:1b:ce:d5:a2:99:cf:0e:ec:62:ff:1d:53:92:
         69:6f:10:7c:13:fd:22:ad:45:6f:1f:15:28:39:32:0e:20:a7:
         09:d4:f6:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmF1IoCYMopBlyOHxQADs5jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYWMyNDdlNjI3MWYwNjQ5MTYzNzJiNTIxZmRjODY0OWIy
NTRjNTUwHhcNMjUwOTI2MTE0MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTVjNjBjMjdiMmJjNTMwNzYyMmIyOGUwZTY2MTk5MjFkNWUyY2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6siAK9hnZHxHWuAZfQdSkzvSq6N
/j5sF9vbMfmSkhbVfABemQY7mu2Ga9KAEhbV/jFFevQGWBopWbxP1PJB62E5GgpE
gT9dgeDyJdJIMcxONz8EP29sA9xoS+p61rY1q6uaUkF81pF4l0WsDIO2AOrupjww
fT9uCYvRPXgE2UL7JAv6cBHCAESXOPr5x0uKDKqQ+Z5UYsj6yGgs8Vls51peIWhg
mE1zpuXnIxVhu74nF6ISFOVQCyCyqR6ofsbQmi5cDVvE2tyMnL8FVAcc2RzvTAja
uWFcRG7F36VpKzurtbmZpE5Pslvhgo4Un5j8+D8eNKBUd7NMnx8AK41gCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5cYMJ7K8UwdiKyjg5mGZIdXiypMB8GA1UdIwQY
MBaAFGOsJH5icfBkkWNytSH9yGSbJUxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTZ3a2ZtSng4R1NSWTNLMUlmM0laSnNsVEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zYWQ1ZTYtNDQwYi00NTNjLWEyOWIt
NmZiNjdkOWI4NjA5LzEvdmx4Z3duc3J4VEIySXJLT0RtWVpraDFlTEtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zYWQ1ZTYtNDQwYi00NTNjLWEyOWItNmZiNjdkOWI4NjA5
LzEvWTZ3a2ZtSng4R1NSWTNLMUlmM0laSnNsVEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApIrNMA0G
CSqGSIb3DQEBCwUAA4IBAQCbHwVp+VMXiRmHlenv8ktTDSi3zn0mU2tjopNicy3v
5EG4h2MkDnWZQFKCuJn/zq203ni8m2/UFJMhX7dwqdtc9mTOe3RoqCgeXbQfiYSB
QXyy8yja20eq7ltx1y9qlC+df5xadERmDhkbuoafy69liMSjwPelq4bzDC5DfbKG
jR5bhWMk08m5jXYo7C9oRN+skNhxqekAR8NfYdwo8mt7hjA3HMCC1PLn7WvtNAGM
dSqDtqGVIcvVaG4G2hxCvD3gXRBM+kRm7YJjjfdt0/xV/bHCThRjI75etYBwRRvO
1aKZzw7sYv8dU5JpbxB8E/0irUVvHxUoOTIOIKcJ1PZE
-----END CERTIFICATE-----