Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/wOE4JPTIGJlAFi9Bt4Todp1oTNs.roa
File:                     wOE4JPTIGJlAFi9Bt4Todp1oTNs.roa (raw, json)
Hash identifier:          XvGJnBOc7q3iGCoEZmt4SjrH7do6eadl4QVxex68LpU=
Subject key identifier:   C0:E1:38:24:F4:C8:18:99:40:16:2F:41:B7:84:E8:76:9D:68:4C:DB
Certificate issuer:       /CN=4142d3f9b31126e0850265715c9fc32174b557a4
Certificate serial:       01995CD71556559719ED576933BA8F358AA9
Authority key identifier: 41:42:D3:F9:B3:11:26:E0:85:02:65:71:5C:9F:C3:21:74:B5:57:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/wOE4JPTIGJlAFi9Bt4Todp1oTNs.roa
Signing time:             Thu 18 Sep 2025 12:40:23 +0000
ROA not before:           Thu 18 Sep 2025 12:40:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212584
IP address blocks:        213.142.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:d7:15:56:55:97:19:ed:57:69:33:ba:8f:35:8a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4142d3f9b31126e0850265715c9fc32174b557a4
        Validity
            Not Before: Sep 18 12:40:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0e13824f4c8189940162f41b784e8769d684cdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:9b:79:85:cc:70:fc:55:fd:aa:eb:73:df:82:
                    40:7a:28:bf:ab:c5:e8:3f:51:88:80:0e:91:94:6e:
                    44:0b:2f:4f:39:ea:0b:7b:d1:30:c2:c9:0e:88:78:
                    cc:9b:39:95:64:b2:7d:bb:a6:99:1d:1a:d7:e3:c2:
                    74:45:c3:8d:f4:b7:16:b9:88:7a:13:ee:6b:bd:0b:
                    99:ca:0e:ce:6e:7f:4b:c7:f7:a1:cb:c8:e4:08:76:
                    c1:06:cc:46:dd:c7:da:bd:03:e7:93:87:fb:d0:71:
                    1f:34:d3:63:b6:ac:01:49:9b:e1:dc:20:65:56:e9:
                    61:56:53:cf:00:66:62:9f:b2:b3:74:9d:3b:51:20:
                    0b:6b:19:ce:ef:90:5d:98:ce:c8:61:58:21:c4:89:
                    06:fa:6b:fd:8c:bc:0e:ec:54:41:b8:2f:94:5e:e6:
                    18:d3:89:7e:64:60:f9:bf:17:57:78:07:d8:dd:07:
                    45:b0:db:cc:ae:ff:02:47:b2:a1:47:6b:c5:a4:7f:
                    7d:36:c2:ff:4a:50:a0:ec:57:54:89:0f:b8:be:09:
                    26:92:f2:03:eb:30:aa:c0:49:85:68:4a:ed:0f:d6:
                    38:be:f8:0c:3a:fb:fc:f1:a1:b4:b7:23:17:29:50:
                    cc:71:e9:3c:42:07:01:e9:6e:12:fc:d6:e6:8d:03:
                    c1:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:E1:38:24:F4:C8:18:99:40:16:2F:41:B7:84:E8:76:9D:68:4C:DB
            X509v3 Authority Key Identifier:
                keyid:41:42:D3:F9:B3:11:26:E0:85:02:65:71:5C:9F:C3:21:74:B5:57:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/wOE4JPTIGJlAFi9Bt4Todp1oTNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ae1953-bfc4-42b5-950b-9c98d11197b7/1/QULT-bMRJuCFAmVxXJ_DIXS1V6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.142.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:06:d5:43:90:1a:7a:be:0b:a5:6f:e7:aa:15:35:5a:14:75:
         09:d2:1c:20:21:b6:2e:cb:02:e0:a5:a4:61:4d:80:4d:9d:37:
         d2:11:ee:68:40:cd:d2:7b:8a:da:7a:53:40:65:2d:80:e4:25:
         8c:d9:cc:41:d8:d4:df:09:81:84:7f:63:c4:fb:f9:44:60:67:
         92:e6:b8:16:a9:4f:d8:dd:79:14:de:f7:dd:0f:88:d7:ee:88:
         d0:62:e0:fa:69:67:1b:bc:61:f8:26:8f:fd:1d:e2:ca:f1:81:
         52:bc:e3:16:96:58:3f:40:24:18:3e:91:cb:37:eb:ee:2b:e9:
         49:ea:cd:20:da:6a:e1:4c:7c:d3:64:e2:49:7a:b6:c8:9f:dd:
         cb:33:88:e1:d6:17:0d:6f:be:f7:1f:95:5f:bb:2b:28:4e:c6:
         3c:ba:24:3b:c6:56:d4:24:d9:00:a3:b0:76:1a:33:f1:00:ad:
         25:9f:01:9d:7a:dc:13:e3:f9:f4:7e:78:80:1c:24:87:cc:8a:
         ea:be:4f:67:11:b1:9e:28:48:23:f4:6a:f4:91:55:d6:dc:50:
         18:ec:db:88:1d:7e:89:f6:69:f6:f3:16:82:45:4b:bd:11:e0:
         d9:26:99:49:bb:08:55:90:27:0d:76:e8:89:6b:25:d8:df:3b:
         a2:51:de:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlc1xVWVZcZ7VdpM7qPNYqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNDJkM2Y5YjMxMTI2ZTA4NTAyNjU3MTVjOWZjMzIxNzRi
NTU3YTQwHhcNMjUwOTE4MTI0MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGUxMzgyNGY0YzgxODk5NDAxNjJmNDFiNzg0ZTg3NjlkNjg0Y2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5t5hcxw/FX9qutz34JAeii/q8Xo
P1GIgA6RlG5ECy9POeoLe9EwwskOiHjMmzmVZLJ9u6aZHRrX48J0RcON9LcWuYh6
E+5rvQuZyg7Obn9Lx/ehy8jkCHbBBsxG3cfavQPnk4f70HEfNNNjtqwBSZvh3CBl
VulhVlPPAGZin7KzdJ07USALaxnO75BdmM7IYVghxIkG+mv9jLwO7FRBuC+UXuYY
04l+ZGD5vxdXeAfY3QdFsNvMrv8CR7KhR2vFpH99NsL/SlCg7FdUiQ+4vgkmkvID
6zCqwEmFaErtD9Y4vvgMOvv88aG0tyMXKVDMcek8QgcB6W4S/NbmjQPBzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDhOCT0yBiZQBYvQbeE6HadaEzbMB8GA1UdIwQY
MBaAFEFC0/mzESbghQJlcVyfwyF0tVekMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVVMVC1iTVJKdUNGQW1WeFhKX0RJWFMxVjZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hZTE5NTMtYmZjNC00MmI1LTk1MGIt
OWM5OGQxMTE5N2I3LzEvd09FNEpQVElHSmxBRmk5QnQ0VG9kcDFvVE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hZTE5NTMtYmZjNC00MmI1LTk1MGItOWM5OGQxMTE5N2I3
LzEvUVVMVC1iTVJKdUNGQW1WeFhKX0RJWFMxVjZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Y6dMA0G
CSqGSIb3DQEBCwUAA4IBAQBzBtVDkBp6vgulb+eqFTVaFHUJ0hwgIbYuywLgpaRh
TYBNnTfSEe5oQM3Se4raelNAZS2A5CWM2cxB2NTfCYGEf2PE+/lEYGeS5rgWqU/Y
3XkU3vfdD4jX7ojQYuD6aWcbvGH4Jo/9HeLK8YFSvOMWllg/QCQYPpHLN+vuK+lJ
6s0g2mrhTHzTZOJJerbIn93LM4jh1hcNb773H5VfuysoTsY8uiQ7xlbUJNkAo7B2
GjPxAK0lnwGdetwT4/n0fniAHCSHzIrqvk9nEbGeKEgj9Gr0kVXW3FAY7NuIHX6J
9mn28xaCRUu9EeDZJplJuwhVkCcNduiJayXY3zuiUd7p
-----END CERTIFICATE-----