Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/4e59DVO4NkPnw3RUdXinXYgZKhI.roa
File:                     4e59DVO4NkPnw3RUdXinXYgZKhI.roa (raw, json)
Hash identifier:          Xsz+QLo3ua4qkoV0U1mBEVAYiGazJCq/50LjJfTfImQ=
Subject key identifier:   E1:EE:7D:0D:53:B8:36:43:E7:C3:74:54:75:78:A7:5D:88:19:2A:12
Certificate issuer:       /CN=44e888a76e99851b01fb86cec537d4d8e610de16
Certificate serial:       01997ADB1BBE0D75D93B5E5D6867BF8A0D12
Authority key identifier: 44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/4e59DVO4NkPnw3RUdXinXYgZKhI.roa
Signing time:             Wed 24 Sep 2025 08:33:23 +0000
ROA not before:           Wed 24 Sep 2025 08:33:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60713
IP address blocks:        185.235.68.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7a:db:1b:be:0d:75:d9:3b:5e:5d:68:67:bf:8a:0d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44e888a76e99851b01fb86cec537d4d8e610de16
        Validity
            Not Before: Sep 24 08:33:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1ee7d0d53b83643e7c374547578a75d88192a12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:03:21:fb:4f:ad:86:e4:06:99:7f:b2:06:40:
                    2d:df:91:11:4f:30:8c:36:6c:6a:42:22:a1:cc:ec:
                    6c:38:29:ae:45:44:4d:f2:a7:23:5a:f2:14:b8:7e:
                    a5:92:35:73:f1:1e:aa:d1:dd:17:db:ba:bc:45:3c:
                    17:25:97:a4:fd:ca:3d:b6:92:9c:5f:b5:40:70:1a:
                    95:d1:70:08:e9:1c:b4:56:57:85:b1:7a:f6:7a:a5:
                    2c:10:38:ca:8e:14:19:74:ca:44:ea:dd:2e:62:45:
                    ae:5a:c7:fe:e0:9f:49:8c:78:5d:7c:57:62:84:cb:
                    60:e4:59:44:e5:97:3d:1c:69:e4:1e:5b:b5:ce:de:
                    1f:85:8e:30:ff:c1:ef:b3:c4:f2:40:71:37:2c:00:
                    87:8f:e3:64:d0:76:4b:0b:22:cc:66:3b:46:4c:c2:
                    c9:cd:b0:b0:06:35:25:8f:04:25:5b:fc:68:09:be:
                    86:d2:7a:3d:4c:94:44:e5:e0:34:fc:3e:3e:a6:71:
                    70:e7:1d:04:c6:0e:3d:d1:d1:9d:ae:50:70:14:ac:
                    ed:6b:d2:29:9e:cd:9b:01:61:0d:aa:0e:94:49:19:
                    45:7e:29:90:86:6c:86:3f:c7:8b:23:b3:0b:a9:62:
                    af:b1:8f:6e:42:ed:18:21:70:99:74:35:74:73:69:
                    d3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:EE:7D:0D:53:B8:36:43:E7:C3:74:54:75:78:A7:5D:88:19:2A:12
            X509v3 Authority Key Identifier:
                keyid:44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/4e59DVO4NkPnw3RUdXinXYgZKhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:dc:fa:99:c1:ed:ac:c3:00:d9:a4:46:25:a7:3d:dd:af:55:
         44:16:96:a1:69:4c:33:ff:5d:90:44:60:7d:76:a7:52:4a:b0:
         5e:21:3c:07:75:0e:01:1d:88:3d:47:12:ac:7d:28:04:4d:1a:
         ca:29:94:81:54:00:56:ad:b5:aa:ab:b1:b6:36:ce:3a:00:19:
         9f:bb:a8:03:13:c4:e8:7c:44:c7:cc:a6:04:7e:63:75:c2:9e:
         6d:03:8f:fc:82:13:c3:62:73:80:f9:19:4e:ce:98:f2:55:7b:
         a8:91:27:56:7c:3f:55:93:7f:82:d0:ab:dc:4e:fe:f9:ca:3c:
         93:7c:3c:87:80:ef:ff:8b:cf:9a:9e:dd:bc:fd:42:ff:82:b7:
         c7:1e:dc:98:61:d5:eb:ea:eb:bd:74:14:20:b4:cf:40:28:92:
         38:16:cd:03:fb:93:54:b6:14:42:bd:ba:26:8e:71:d7:83:e4:
         70:16:90:e5:d5:6a:c0:4b:2b:05:ca:78:a0:81:e2:87:8b:b6:
         72:ba:9e:f8:d3:51:f6:69:d9:e6:06:c3:8d:1b:7b:c8:92:2b:
         b6:26:7f:b9:04:30:d7:f8:88:ed:e9:48:97:db:53:fc:3e:5c:
         43:9a:13:b3:c1:69:26:17:06:60:d5:38:3a:ea:10:45:98:b9:
         e7:00:c6:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl62xu+DXXZO15daGe/ig0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZTg4OGE3NmU5OTg1MWIwMWZiODZjZWM1MzdkNGQ4ZTYx
MGRlMTYwHhcNMjUwOTI0MDgzMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWVlN2QwZDUzYjgzNjQzZTdjMzc0NTQ3NTc4YTc1ZDg4MTkyYTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQMh+0+thuQGmX+yBkAt35ERTzCM
NmxqQiKhzOxsOCmuRURN8qcjWvIUuH6lkjVz8R6q0d0X27q8RTwXJZek/co9tpKc
X7VAcBqV0XAI6Ry0VleFsXr2eqUsEDjKjhQZdMpE6t0uYkWuWsf+4J9JjHhdfFdi
hMtg5FlE5Zc9HGnkHlu1zt4fhY4w/8Hvs8TyQHE3LACHj+Nk0HZLCyLMZjtGTMLJ
zbCwBjUljwQlW/xoCb6G0no9TJRE5eA0/D4+pnFw5x0Exg490dGdrlBwFKzta9Ip
ns2bAWENqg6USRlFfimQhmyGP8eLI7MLqWKvsY9uQu0YIXCZdDV0c2nTJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHufQ1TuDZD58N0VHV4p12IGSoSMB8GA1UdIwQY
MBaAFEToiKdumYUbAfuGzsU31NjmEN4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUt
YmMwZGJhOTMyYjM1LzEvNGU1OURWTzROa1BudzNSVWRYaW5YWWdaS2hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUtYmMwZGJhOTMyYjM1
LzEvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuetEMA0G
CSqGSIb3DQEBCwUAA4IBAQAq3PqZwe2swwDZpEYlpz3dr1VEFpahaUwz/12QRGB9
dqdSSrBeITwHdQ4BHYg9RxKsfSgETRrKKZSBVABWrbWqq7G2Ns46ABmfu6gDE8To
fETHzKYEfmN1wp5tA4/8ghPDYnOA+RlOzpjyVXuokSdWfD9Vk3+C0KvcTv75yjyT
fDyHgO//i8+ant28/UL/grfHHtyYYdXr6uu9dBQgtM9AKJI4Fs0D+5NUthRCvbom
jnHXg+RwFpDl1WrASysFyniggeKHi7Zyup7401H2adnmBsONG3vIkiu2Jn+5BDDX
+Ijt6UiX21P8PlxDmhOzwWkmFwZg1Tg66hBFmLnnAMYF
-----END CERTIFICATE-----