Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/noewYl5P0rkhAPD3Zn8s9bc2_qs.roa
File:                     noewYl5P0rkhAPD3Zn8s9bc2_qs.roa (raw, json)
Hash identifier:          h2zqiA+vL/GF8rvskPe0YPXeCInpKFuXr/zZvqUEJgg=
Subject key identifier:   9E:87:B0:62:5E:4F:D2:B9:21:00:F0:F7:66:7F:2C:F5:B7:36:FE:AB
Certificate issuer:       /CN=2719412918a6627f99cce55c7aca139057b8574e
Certificate serial:       0199BFE2D5AF91FAEA3A70FDBF7E756D5424
Authority key identifier: 27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/noewYl5P0rkhAPD3Zn8s9bc2_qs.roa
Signing time:             Tue 07 Oct 2025 18:15:38 +0000
ROA not before:           Tue 07 Oct 2025 18:15:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        45.149.60.0/24 maxlen: 24
                          45.149.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bf:e2:d5:af:91:fa:ea:3a:70:fd:bf:7e:75:6d:54:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2719412918a6627f99cce55c7aca139057b8574e
        Validity
            Not Before: Oct  7 18:15:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e87b0625e4fd2b92100f0f7667f2cf5b736feab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ae:bf:97:d3:db:69:e9:05:2f:8c:eb:2a:ab:
                    46:25:d8:3a:2c:63:c3:73:0c:ad:e5:92:a6:b9:0a:
                    08:2c:e3:80:6d:91:9f:d1:71:48:55:e4:4c:a6:00:
                    5a:68:f8:c6:6b:4d:b4:62:37:54:04:51:81:3f:51:
                    0d:e3:27:b5:fa:68:5a:4f:98:ab:1b:11:dd:f0:ea:
                    21:16:ab:f9:89:10:b9:31:53:57:f0:ab:d7:0d:d9:
                    bc:27:31:2c:ac:72:34:cc:30:7a:0a:d9:5c:66:7c:
                    d2:23:04:83:e5:29:d2:50:87:9c:c6:c4:3e:3e:da:
                    e5:52:59:16:32:3f:25:18:6a:1f:cb:1c:3a:19:a1:
                    f8:3f:00:2c:e2:08:85:7e:a1:19:64:a5:31:e1:9a:
                    4e:fe:9b:47:80:5f:30:84:12:f2:74:fb:25:f5:db:
                    90:5a:96:3b:80:b9:27:54:cd:4f:c9:7e:16:23:4a:
                    9e:27:d2:4d:c0:01:ee:76:65:de:08:a3:2c:27:4b:
                    31:1c:96:bb:37:c3:4f:71:d0:1e:3f:73:31:aa:56:
                    60:97:0c:e7:23:9f:ff:a4:21:f6:14:d3:ca:1d:27:
                    92:d2:5b:30:2d:cc:1f:73:c5:69:21:01:c6:6a:4c:
                    1d:a3:6f:f5:38:ae:96:4a:ff:3b:10:0d:17:52:04:
                    f4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:87:B0:62:5E:4F:D2:B9:21:00:F0:F7:66:7F:2C:F5:B7:36:FE:AB
            X509v3 Authority Key Identifier:
                keyid:27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/noewYl5P0rkhAPD3Zn8s9bc2_qs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.60.0/24
                  45.149.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:b1:a5:de:9b:28:d6:db:49:e9:f0:c2:8d:77:76:04:40:11:
         36:1d:32:86:48:df:57:e2:9b:ab:c8:05:e8:5c:b9:81:4a:29:
         d5:6d:ff:52:32:2f:8e:0e:b7:94:b0:17:12:9a:5f:64:57:01:
         df:83:1b:21:ae:a3:53:e7:a6:6b:c2:0f:b2:05:3f:58:6f:7d:
         b3:82:ee:4c:f0:77:ff:d8:1b:e7:b3:4a:9c:ea:4f:29:4c:28:
         cf:a5:b0:cf:cb:84:c0:0f:5d:6b:7a:d1:0f:be:e1:be:58:c5:
         68:fe:04:9d:72:f5:0e:62:1c:c6:a9:4c:4b:57:87:96:12:4f:
         19:3a:c8:fb:a8:c8:99:a7:6f:2d:76:15:fd:86:35:89:1d:30:
         e8:70:5d:27:35:fb:ea:97:e1:41:62:a9:2a:40:01:c3:7f:fa:
         e5:45:1b:28:eb:bb:99:65:88:8e:14:28:08:00:ec:33:d5:b6:
         76:82:a6:32:8e:d4:9b:ee:e8:45:68:c0:af:18:2b:03:85:87:
         38:f0:54:31:41:7e:16:14:f1:46:43:e9:1f:12:71:de:ea:38:
         c2:7d:81:49:aa:be:34:7f:4a:14:47:88:16:f6:0b:fe:02:4b:
         3a:28:2e:8f:35:9d:4c:6b:ab:30:d1:e7:2b:eb:bb:ab:f2:ea:
         95:ea:fa:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm/4tWvkfrqOnD9v351bVQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MTk0MTI5MThhNjYyN2Y5OWNjZTU1YzdhY2ExMzkwNTdi
ODU3NGUwHhcNMjUxMDA3MTgxNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTg3YjA2MjVlNGZkMmI5MjEwMGYwZjc2NjdmMmNmNWI3MzZmZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0K6/l9PbaekFL4zrKqtGJdg6LGPD
cwyt5ZKmuQoILOOAbZGf0XFIVeRMpgBaaPjGa020YjdUBFGBP1EN4ye1+mhaT5ir
GxHd8OohFqv5iRC5MVNX8KvXDdm8JzEsrHI0zDB6CtlcZnzSIwSD5SnSUIecxsQ+
PtrlUlkWMj8lGGofyxw6GaH4PwAs4giFfqEZZKUx4ZpO/ptHgF8whBLydPsl9duQ
WpY7gLknVM1PyX4WI0qeJ9JNwAHudmXeCKMsJ0sxHJa7N8NPcdAeP3MxqlZglwzn
I5//pCH2FNPKHSeS0lswLcwfc8VpIQHGakwdo2/1OK6WSv87EA0XUgT03QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ6HsGJeT9K5IQDw92Z/LPW3Nv6rMB8GA1UdIwQY
MBaAFCcZQSkYpmJ/mczlXHrKE5BXuFdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYt
NGUyMjM5MTdiODYwLzEvbm9ld1lsNVAwcmtoQVBEM1puOHM5YmMyX3FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYtNGUyMjM5MTdiODYw
LzEvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZU8AwQA
LZU/MA0GCSqGSIb3DQEBCwUAA4IBAQA9saXemyjW20np8MKNd3YEQBE2HTKGSN9X
4puryAXoXLmBSinVbf9SMi+ODreUsBcSml9kVwHfgxshrqNT56Zrwg+yBT9Yb32z
gu5M8Hf/2Bvns0qc6k8pTCjPpbDPy4TAD11retEPvuG+WMVo/gSdcvUOYhzGqUxL
V4eWEk8ZOsj7qMiZp28tdhX9hjWJHTDocF0nNfvql+FBYqkqQAHDf/rlRRso67uZ
ZYiOFCgIAOwz1bZ2gqYyjtSb7uhFaMCvGCsDhYc48FQxQX4WFPFGQ+kfEnHe6jjC
fYFJqr40f0oUR4gW9gv+Aks6KC6PNZ1Ma6sw0ecr67ur8uqV6vpX
-----END CERTIFICATE-----