Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/SEfj_2e1WkHSt8IztlPvuRP2HcA.roa
File:                     SEfj_2e1WkHSt8IztlPvuRP2HcA.roa (raw, json)
Hash identifier:          alTNtLsUWwlBiGWYk6Ir/vCTwpBwsbSNpiqs5xpsAUQ=
Subject key identifier:   48:47:E3:FF:67:B5:5A:41:D2:B7:C2:33:B6:53:EF:B9:13:F6:1D:C0
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       0198C42659BC4A1BC246C849AB8F47055DBB
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/SEfj_2e1WkHSt8IztlPvuRP2HcA.roa
Signing time:             Tue 19 Aug 2025 21:05:04 +0000
ROA not before:           Tue 19 Aug 2025 21:05:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        91.234.22.0/24 maxlen: 24
                          194.59.6.0/24 maxlen: 24
                          194.116.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c4:26:59:bc:4a:1b:c2:46:c8:49:ab:8f:47:05:5d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Aug 19 21:05:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4847e3ff67b55a41d2b7c233b653efb913f61dc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:45:60:55:52:c9:ac:81:b1:9a:b1:df:d5:1a:
                    66:8c:0e:53:47:5c:dc:88:80:c1:45:80:6a:7c:f1:
                    6b:6a:6b:df:17:e7:4f:45:ea:5d:df:a6:07:82:a2:
                    6b:5b:74:3e:4e:32:8d:13:09:f1:9e:be:7b:9c:86:
                    22:32:a5:b7:f1:02:4c:bf:bb:3f:6b:e6:a6:e4:68:
                    d1:3d:b8:4b:ed:ed:c9:20:70:77:f1:5b:9f:67:da:
                    6c:7a:df:f1:6b:d3:da:28:ad:67:70:37:bd:e2:4d:
                    be:9c:ee:0b:fb:2e:ba:ea:00:a5:50:00:ab:7b:3e:
                    98:a9:7f:b7:80:72:07:10:05:b5:54:c6:23:22:58:
                    38:a7:2b:04:84:b2:38:56:f3:68:29:81:6e:bd:ee:
                    4c:08:18:96:72:35:73:88:dd:ad:25:a5:46:34:8a:
                    9f:d4:65:17:0c:a2:d5:c5:1f:34:70:9b:9d:cc:ca:
                    93:da:5c:59:2b:06:20:82:e7:ef:a2:3b:04:40:ec:
                    7e:04:3a:30:a6:17:e3:d0:a2:a5:6a:cd:58:14:86:
                    eb:48:4c:20:a7:40:4e:87:e1:ab:e8:c1:bc:9f:f0:
                    a0:f6:1b:7a:90:e1:b8:e8:e7:bb:a4:3b:53:26:42:
                    97:76:dc:0d:a4:f7:df:7c:be:21:61:a7:ac:d9:da:
                    66:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:47:E3:FF:67:B5:5A:41:D2:B7:C2:33:B6:53:EF:B9:13:F6:1D:C0
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/SEfj_2e1WkHSt8IztlPvuRP2HcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.22.0/24
                  194.59.6.0/24
                  194.116.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:68:0a:b4:1d:5a:39:ea:9c:09:a3:5c:8c:87:93:51:24:b1:
         ef:91:41:c2:aa:da:89:75:5c:5f:2a:35:41:8a:d6:a0:56:d1:
         32:32:dc:de:19:80:76:0f:b3:9c:ba:f9:e2:24:4e:80:4a:b7:
         98:a3:6b:19:2b:f6:07:70:34:95:f6:af:3f:b3:f6:b2:28:bb:
         4a:e2:c8:b9:71:64:ce:71:4a:85:4e:1f:3c:fa:b3:54:4c:71:
         e2:5c:d5:f2:5a:92:59:2e:bc:11:79:78:27:3c:8c:f9:d5:45:
         f7:5a:49:2d:31:24:ce:8c:52:76:18:71:93:1c:1a:24:98:6a:
         66:28:b9:4c:94:51:0e:a6:d3:1b:6d:c3:54:ed:4b:2c:a0:ce:
         c4:47:70:c8:22:5a:18:f3:bb:11:40:4e:06:bc:85:0f:eb:87:
         59:d3:33:e7:d4:5e:aa:7a:a0:c4:31:1e:1c:b3:61:c2:6b:36:
         aa:b1:4c:8f:e2:ed:a5:9e:4c:a2:ba:6a:03:eb:c2:92:e0:bb:
         d1:fc:b7:23:ae:74:15:83:b4:7d:2c:ef:67:1e:50:c8:42:9c:
         fb:4d:cc:c4:04:da:5e:0d:54:07:7c:73:7a:b4:81:8f:ae:15:
         fb:bf:96:64:74:9c:d2:38:d7:07:24:f3:69:c7:25:8c:30:eb:
         b2:50:d7:89
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZjEJlm8ShvCRshJq49HBV27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjUwODE5MjEwNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODQ3ZTNmZjY3YjU1YTQxZDJiN2MyMzNiNjUzZWZiOTEzZjYxZGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0VgVVLJrIGxmrHf1RpmjA5TR1zc
iIDBRYBqfPFramvfF+dPRepd36YHgqJrW3Q+TjKNEwnxnr57nIYiMqW38QJMv7s/
a+am5GjRPbhL7e3JIHB38VufZ9pset/xa9PaKK1ncDe94k2+nO4L+y666gClUACr
ez6YqX+3gHIHEAW1VMYjIlg4pysEhLI4VvNoKYFuve5MCBiWcjVziN2tJaVGNIqf
1GUXDKLVxR80cJudzMqT2lxZKwYggufvojsEQOx+BDowphfj0KKlas1YFIbrSEwg
p0BOh+Gr6MG8n/Cg9ht6kOG46Oe7pDtTJkKXdtwNpPfffL4hYaes2dpmywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEhH4/9ntVpB0rfCM7ZT77kT9h3AMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvU0Vmal8yZTFXa0hTdDhJenRsUHZ1UlAySGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+oWAwQA
wjsGAwQAwnTrMA0GCSqGSIb3DQEBCwUAA4IBAQA7aAq0HVo56pwJo1yMh5NRJLHv
kUHCqtqJdVxfKjVBitagVtEyMtzeGYB2D7OcuvniJE6ASreYo2sZK/YHcDSV9q8/
s/ayKLtK4si5cWTOcUqFTh88+rNUTHHiXNXyWpJZLrwReXgnPIz51UX3WkktMSTO
jFJ2GHGTHBokmGpmKLlMlFEOptMbbcNU7UssoM7ER3DIIloY87sRQE4GvIUP64dZ
0zPn1F6qeqDEMR4cs2HCazaqsUyP4u2lnkyiumoD68KS4LvR/LcjrnQVg7R9LO9n
HlDIQpz7TczEBNpeDVQHfHN6tIGPrhX7v5ZkdJzSONcHJPNpxyWMMOuyUNeJ
-----END CERTIFICATE-----