Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/1RxiuQQEE3hYvCnKLXbQqvZScn4.roa
File:                     1RxiuQQEE3hYvCnKLXbQqvZScn4.roa (raw, json)
Hash identifier:          Fco0LOIT6Jp6IN6bV0QpMxndj/V7V5a5vCdUbYOcT+0=
Subject key identifier:   D5:1C:62:B9:04:04:13:78:58:BC:29:CA:2D:76:D0:AA:F6:52:72:7E
Certificate issuer:       /CN=c66d45a24d1c785839fecabbe1b4731bc2417790
Certificate serial:       0199FE24A86E5849E50B4F97E294162E5190
Authority key identifier: C6:6D:45:A2:4D:1C:78:58:39:FE:CA:BB:E1:B4:73:1B:C2:41:77:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm1Fok0ceFg5_sq74bRzG8JBd5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/1RxiuQQEE3hYvCnKLXbQqvZScn4.roa
Signing time:             Sun 19 Oct 2025 20:23:59 +0000
ROA not before:           Sun 19 Oct 2025 20:23:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212077
IP address blocks:        195.5.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/xm1Fok0ceFg5_sq74bRzG8JBd5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/xm1Fok0ceFg5_sq74bRzG8JBd5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm1Fok0ceFg5_sq74bRzG8JBd5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fe:24:a8:6e:58:49:e5:0b:4f:97:e2:94:16:2e:51:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d45a24d1c785839fecabbe1b4731bc2417790
        Validity
            Not Before: Oct 19 20:23:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d51c62b90404137858bc29ca2d76d0aaf652727e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:61:a3:65:ec:94:5e:cf:07:6f:49:60:0d:27:
                    22:a0:35:16:29:1e:25:05:0a:04:ad:00:95:a2:e0:
                    f6:4b:e5:71:d7:2b:60:2c:63:31:af:30:1e:e8:9a:
                    a4:1d:dd:b3:72:d8:13:1c:28:9a:bd:8b:b6:37:f7:
                    d5:63:95:78:6f:d4:39:66:6f:69:0e:ab:a2:08:e0:
                    df:c1:cd:b6:6e:84:84:80:4f:cc:da:4b:18:cc:11:
                    d7:72:1d:67:1f:0b:48:67:f9:08:4a:a2:01:06:f0:
                    0c:c5:7c:75:47:b2:f0:36:bc:aa:0f:22:9f:44:b0:
                    d1:c8:80:04:ca:c7:96:ac:1e:1b:e7:86:21:50:e8:
                    bb:08:3f:f7:d7:fc:3b:c2:15:f9:bd:75:a3:72:30:
                    11:f2:14:c7:d1:36:4a:17:c3:74:87:c2:79:d1:c7:
                    b5:14:e1:eb:bd:94:be:59:66:ac:e0:36:7d:ca:6c:
                    1f:9d:fd:cf:33:1e:3b:38:e1:00:8e:6c:04:19:65:
                    af:c5:a6:8e:f3:c9:c6:b1:94:8f:b1:f5:a3:a4:17:
                    58:6a:c1:20:e7:43:b5:7d:f7:32:66:a0:e3:49:cd:
                    63:20:02:54:ef:6f:92:d9:fd:3a:00:81:f8:b7:b0:
                    a2:75:1e:74:28:27:ec:2d:18:be:68:d9:1c:ba:12:
                    63:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:1C:62:B9:04:04:13:78:58:BC:29:CA:2D:76:D0:AA:F6:52:72:7E
            X509v3 Authority Key Identifier:
                keyid:C6:6D:45:A2:4D:1C:78:58:39:FE:CA:BB:E1:B4:73:1B:C2:41:77:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm1Fok0ceFg5_sq74bRzG8JBd5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/1RxiuQQEE3hYvCnKLXbQqvZScn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/xm1Fok0ceFg5_sq74bRzG8JBd5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:67:75:82:1e:89:1e:8d:98:a8:d4:79:20:63:b4:cb:a8:60:
         21:53:8e:79:7c:bb:78:9d:95:7c:7e:de:86:ed:7d:3a:a1:ab:
         f7:9d:74:2c:78:45:ba:53:b4:4b:a2:a1:f8:c7:54:76:c1:93:
         26:32:4f:c3:ac:6a:44:22:6b:76:23:8b:dd:f1:bd:37:ab:45:
         cb:db:54:4a:8f:44:69:29:51:f9:dc:7e:41:33:df:56:cc:7e:
         84:05:7f:f2:d1:61:43:14:6b:66:b5:08:7e:2f:f1:74:cf:c9:
         5f:ba:63:34:77:a3:00:89:0c:97:79:d5:50:5f:e7:d6:2c:76:
         51:9e:13:68:49:21:6a:e0:e0:fd:50:a8:09:ef:d7:d5:4c:7d:
         0c:b2:40:7e:4b:8f:22:d4:d0:b8:a3:61:a9:c6:7b:23:80:25:
         c8:d3:40:bb:62:9e:fb:50:85:47:e7:08:71:0d:bd:8f:b5:b2:
         d1:e3:ef:0d:9e:b1:68:7c:7e:28:24:e2:be:9c:be:c7:fb:86:
         4a:70:d7:42:8b:eb:47:26:98:69:e2:b9:93:f1:d5:94:fb:78:
         38:fa:4f:cd:f1:fd:02:0b:23:0f:9d:db:ef:1e:56:f9:6e:01:
         3b:98:71:52:3f:f2:b5:b6:d5:5a:d7:b4:4a:d6:93:ad:d8:d3:
         d9:82:65:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn+JKhuWEnlC0+X4pQWLlGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ0NWEyNGQxYzc4NTgzOWZlY2FiYmUxYjQ3MzFiYzI0
MTc3OTAwHhcNMjUxMDE5MjAyMzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTFjNjJiOTA0MDQxMzc4NThiYzI5Y2EyZDc2ZDBhYWY2NTI3MjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GGjZeyUXs8Hb0lgDScioDUWKR4l
BQoErQCVouD2S+Vx1ytgLGMxrzAe6JqkHd2zctgTHCiavYu2N/fVY5V4b9Q5Zm9p
DquiCODfwc22boSEgE/M2ksYzBHXch1nHwtIZ/kISqIBBvAMxXx1R7LwNryqDyKf
RLDRyIAEyseWrB4b54YhUOi7CD/31/w7whX5vXWjcjAR8hTH0TZKF8N0h8J50ce1
FOHrvZS+WWas4DZ9ymwfnf3PMx47OOEAjmwEGWWvxaaO88nGsZSPsfWjpBdYasEg
50O1ffcyZqDjSc1jIAJU72+S2f06AIH4t7CidR50KCfsLRi+aNkcuhJjrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUcYrkEBBN4WLwpyi120Kr2UnJ+MB8GA1UdIwQY
MBaAFMZtRaJNHHhYOf7Ku+G0cxvCQXeQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0xRm9rMGNlRmc1X3NxNzRiUnpHOEpCZDVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS81MGZhN2ItNzU2MS00N2JiLWI0NTUt
MTZkMWYyMDhmMzVkLzEvMVJ4aXVRUUVFM2hZdkNuS0xYYlFxdlpTY240LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS81MGZhN2ItNzU2MS00N2JiLWI0NTUtMTZkMWYyMDhmMzVk
LzEveG0xRm9rMGNlRmc1X3NxNzRiUnpHOEpCZDVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwVpMA0G
CSqGSIb3DQEBCwUAA4IBAQA3Z3WCHokejZio1HkgY7TLqGAhU455fLt4nZV8ft6G
7X06oav3nXQseEW6U7RLoqH4x1R2wZMmMk/DrGpEImt2I4vd8b03q0XL21RKj0Rp
KVH53H5BM99WzH6EBX/y0WFDFGtmtQh+L/F0z8lfumM0d6MAiQyXedVQX+fWLHZR
nhNoSSFq4OD9UKgJ79fVTH0MskB+S48i1NC4o2GpxnsjgCXI00C7Yp77UIVH5whx
Db2PtbLR4+8NnrFofH4oJOK+nL7H+4ZKcNdCi+tHJphp4rmT8dWU+3g4+k/N8f0C
CyMPndvvHlb5bgE7mHFSP/K1ttVa17RK1pOt2NPZgmXS
-----END CERTIFICATE-----