Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/1xRN2ISB9yDhR3Q54HcBc-sUzRM.roa
File:                     1xRN2ISB9yDhR3Q54HcBc-sUzRM.roa (raw, json)
Hash identifier:          ggo342L8QjroxZeBPHXxlyJmrWPYU4LhAqkE4B3nRK4=
Subject key identifier:   D7:14:4D:D8:84:81:F7:20:E1:47:74:39:E0:77:01:73:EB:14:CD:13
Certificate issuer:       /CN=39b08ca2c64ba735f4b145216dd14d99f0829f0f
Certificate serial:       0199BE0F5CC984A5B38A37A8E2AAC4837C97
Authority key identifier: 39:B0:8C:A2:C6:4B:A7:35:F4:B1:45:21:6D:D1:4D:99:F0:82:9F:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ObCMosZLpzX0sUUhbdFNmfCCnw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/1xRN2ISB9yDhR3Q54HcBc-sUzRM.roa
Signing time:             Tue 07 Oct 2025 09:45:01 +0000
ROA not before:           Tue 07 Oct 2025 09:45:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47777
IP address blocks:        185.224.240.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/ObCMosZLpzX0sUUhbdFNmfCCnw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/ObCMosZLpzX0sUUhbdFNmfCCnw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ObCMosZLpzX0sUUhbdFNmfCCnw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:be:0f:5c:c9:84:a5:b3:8a:37:a8:e2:aa:c4:83:7c:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39b08ca2c64ba735f4b145216dd14d99f0829f0f
        Validity
            Not Before: Oct  7 09:45:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7144dd88481f720e1477439e0770173eb14cd13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4b:c4:11:fe:95:39:85:d8:c0:7e:cf:cd:ce:
                    1c:35:84:c4:32:c5:c2:54:4a:c7:8d:74:35:c7:0b:
                    aa:65:6b:32:af:16:68:b5:bc:d3:00:f9:39:e5:92:
                    d6:74:a1:68:2c:bb:36:39:be:97:cf:be:f4:c5:c5:
                    c4:5f:a4:b3:a7:f9:60:57:e6:30:5f:5a:1f:bf:17:
                    37:11:12:fd:3e:5e:bf:27:e4:08:7d:96:7f:99:0d:
                    6d:4c:38:de:a7:12:8c:3f:79:41:6f:de:ec:eb:a3:
                    82:93:ee:f2:d3:f8:c0:f8:c9:ea:3b:e9:49:e5:9e:
                    67:55:00:60:3d:68:64:4f:dc:da:6c:a8:4e:ca:5e:
                    3f:8e:9f:e4:08:6f:65:00:1a:bb:3d:37:ac:72:8f:
                    06:0e:dc:6c:92:94:42:d7:65:30:42:16:9d:2a:b7:
                    21:47:70:d4:90:d2:53:a7:d4:9c:aa:3d:3d:3e:13:
                    86:fb:a3:c9:04:e8:72:44:b0:5f:df:2a:92:27:b1:
                    14:78:d9:67:ee:c0:79:03:bc:30:be:b4:45:90:5b:
                    9b:19:78:5b:10:3b:25:94:17:3c:0e:c5:0b:80:e3:
                    a1:f4:05:5b:43:1f:85:c7:0a:16:7a:18:b0:d9:a7:
                    21:d0:86:a1:16:63:92:81:53:e9:ac:9e:60:13:ab:
                    a0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:14:4D:D8:84:81:F7:20:E1:47:74:39:E0:77:01:73:EB:14:CD:13
            X509v3 Authority Key Identifier:
                keyid:39:B0:8C:A2:C6:4B:A7:35:F4:B1:45:21:6D:D1:4D:99:F0:82:9F:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ObCMosZLpzX0sUUhbdFNmfCCnw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/1xRN2ISB9yDhR3Q54HcBc-sUzRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/ObCMosZLpzX0sUUhbdFNmfCCnw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:2e:41:6e:b0:74:79:a8:9a:00:d4:a9:97:c4:4a:e3:0b:e0:
         a9:80:01:ea:04:cd:0a:d6:9a:ff:7d:72:97:1d:81:2a:64:19:
         a4:1d:8d:6f:5a:35:9e:ee:2d:d1:2a:68:00:f3:5f:12:76:19:
         3b:3c:d9:25:32:7b:9c:0c:c7:9c:67:24:97:6e:a0:40:1e:74:
         c0:98:21:37:b4:6a:6b:e9:f1:0d:cd:9a:49:f1:1c:57:28:8e:
         4d:d8:05:c2:82:f8:b0:bc:95:a4:3b:e3:0d:1c:64:4d:99:f2:
         b0:70:0f:6a:f2:30:c3:fd:b3:0d:a2:4f:66:c6:8e:a4:ec:cc:
         19:30:d1:08:d8:02:ba:08:77:d8:8c:0f:6f:cf:97:27:6e:68:
         98:f2:a5:a1:0c:5e:c3:a6:cf:e3:e3:73:27:a0:22:3b:99:f8:
         bb:ac:75:9c:e9:d7:0f:ae:f7:ad:9f:37:52:37:4e:02:35:b3:
         15:1a:40:bb:ff:b6:e3:ac:c5:af:a1:13:ab:66:d9:00:af:9f:
         3e:69:02:de:ce:32:df:3e:fe:2d:1c:f0:81:0b:ee:ee:7b:33:
         42:37:d7:dd:9f:19:5b:e8:94:52:3f:20:45:10:0c:8b:4d:70:
         41:89:a4:ea:82:1c:7c:24:6b:16:6d:b1:fa:b1:0b:fe:f6:a7:
         ba:ea:c6:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm+D1zJhKWzijeo4qrEg3yXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5YjA4Y2EyYzY0YmE3MzVmNGIxNDUyMTZkZDE0ZDk5ZjA4
MjlmMGYwHhcNMjUxMDA3MDk0NTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzE0NGRkODg0ODFmNzIwZTE0Nzc0MzllMDc3MDE3M2ViMTRjZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikvEEf6VOYXYwH7Pzc4cNYTEMsXC
VErHjXQ1xwuqZWsyrxZotbzTAPk55ZLWdKFoLLs2Ob6Xz770xcXEX6Szp/lgV+Yw
X1ofvxc3ERL9Pl6/J+QIfZZ/mQ1tTDjepxKMP3lBb97s66OCk+7y0/jA+MnqO+lJ
5Z5nVQBgPWhkT9zabKhOyl4/jp/kCG9lABq7PTesco8GDtxskpRC12UwQhadKrch
R3DUkNJTp9Scqj09PhOG+6PJBOhyRLBf3yqSJ7EUeNln7sB5A7wwvrRFkFubGXhb
EDsllBc8DsULgOOh9AVbQx+FxwoWehiw2ach0IahFmOSgVPprJ5gE6ugkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcUTdiEgfcg4Ud0OeB3AXPrFM0TMB8GA1UdIwQY
MBaAFDmwjKLGS6c19LFFIW3RTZnwgp8PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2JDTW9zWkxwelgwc1VVaGJkRk5tZkNDbnc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hYzAwYjctZGE0Mi00NDY0LWJiYzUt
MzQxNjA0NGUzNThlLzEvMXhSTjJJU0I5eURoUjNRNTRIY0JjLXNVelJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hYzAwYjctZGE0Mi00NDY0LWJiYzUtMzQxNjA0NGUzNThl
LzEvT2JDTW9zWkxwelgwc1VVaGJkRk5tZkNDbnc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueDwMA0G
CSqGSIb3DQEBCwUAA4IBAQAALkFusHR5qJoA1KmXxErjC+CpgAHqBM0K1pr/fXKX
HYEqZBmkHY1vWjWe7i3RKmgA818Sdhk7PNklMnucDMecZySXbqBAHnTAmCE3tGpr
6fENzZpJ8RxXKI5N2AXCgviwvJWkO+MNHGRNmfKwcA9q8jDD/bMNok9mxo6k7MwZ
MNEI2AK6CHfYjA9vz5cnbmiY8qWhDF7Dps/j43MnoCI7mfi7rHWc6dcPrvetnzdS
N04CNbMVGkC7/7bjrMWvoROrZtkAr58+aQLezjLfPv4tHPCBC+7uezNCN9fdnxlb
6JRSPyBFEAyLTXBBiaTqghx8JGsWbbH6sQv+9qe66sbo
-----END CERTIFICATE-----