Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/iB5O2Dv_O9SgoFmPn7K4puMBzos.roa
File:                     iB5O2Dv_O9SgoFmPn7K4puMBzos.roa (raw, json)
Hash identifier:          K+etiy0pRWQK1jSmyGFXzRfY6HxDEmZPOQqgSoVB5WI=
Subject key identifier:   88:1E:4E:D8:3B:FF:3B:D4:A0:A0:59:8F:9F:B2:B8:A6:E3:01:CE:8B
Certificate issuer:       /CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
Certificate serial:       0199C3CC6CE952A277F1315D1B6304C15870
Authority key identifier: FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/iB5O2Dv_O9SgoFmPn7K4puMBzos.roa
Signing time:             Wed 08 Oct 2025 12:29:38 +0000
ROA not before:           Wed 08 Oct 2025 12:29:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136787
IP address blocks:        109.104.115.0/24 maxlen: 24
                          193.84.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c3:cc:6c:e9:52:a2:77:f1:31:5d:1b:63:04:c1:58:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
        Validity
            Not Before: Oct  8 12:29:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=881e4ed83bff3bd4a0a0598f9fb2b8a6e301ce8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:27:b4:db:ac:7e:72:15:27:21:8e:19:c3:ec:
                    7b:f0:ac:bd:5b:35:56:32:cc:b4:58:c1:92:d4:5c:
                    0a:99:68:fb:b8:20:32:6a:2c:88:e5:bd:fe:73:6d:
                    5d:b2:64:26:6e:94:e2:13:f9:14:3c:25:03:d5:39:
                    08:cf:7e:e2:5d:86:67:ad:a1:cd:51:fc:87:2c:0c:
                    86:7a:6c:00:4a:54:54:b9:ac:c9:66:b3:02:92:84:
                    b6:a1:b7:c9:ab:2f:50:f6:7d:93:b1:10:79:bf:94:
                    dc:37:7a:3e:ef:4d:9f:8e:4b:2c:68:61:c4:f0:89:
                    46:d0:57:4f:ee:c5:95:2f:d8:e1:f2:a6:d1:49:f1:
                    d0:2c:a7:83:83:72:f3:26:0b:38:dd:2d:9f:2e:df:
                    31:18:62:25:67:fe:5b:e3:0f:a1:a0:81:67:8a:15:
                    72:20:09:ca:c4:83:2b:aa:30:50:6d:2b:fb:96:c6:
                    50:1d:f4:05:71:de:a9:69:4a:f5:47:c9:48:09:34:
                    09:e1:4e:2c:7a:2f:9f:b8:9e:87:2e:76:a0:46:36:
                    46:18:d3:38:8f:58:d4:d9:eb:73:80:21:a1:60:53:
                    a0:1b:02:86:1a:c9:0c:59:68:53:70:66:e0:fa:d4:
                    1b:82:7d:8d:be:77:1b:f8:cc:f3:9a:98:e6:7c:ad:
                    ef:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:1E:4E:D8:3B:FF:3B:D4:A0:A0:59:8F:9F:B2:B8:A6:E3:01:CE:8B
            X509v3 Authority Key Identifier:
                keyid:FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/iB5O2Dv_O9SgoFmPn7K4puMBzos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.104.115.0/24
                  193.84.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:d3:0a:6f:cf:3b:74:15:74:0c:3c:d0:10:38:0a:65:3e:6d:
         55:7a:33:21:10:92:53:62:1f:f1:66:08:3c:f0:a3:ec:8b:3b:
         49:7f:6e:bd:a0:c6:a9:5a:84:1d:d5:f2:6a:af:d1:44:43:7f:
         49:5b:79:31:50:f5:17:09:6c:7c:67:0f:ab:44:fc:25:f7:81:
         ca:96:f8:29:fd:1d:a4:23:83:ae:74:fd:13:be:e6:62:94:3e:
         b8:53:4d:76:2a:c7:ec:e1:9b:49:c9:ae:2d:ae:61:c2:3d:3d:
         99:3e:4b:33:1d:cd:40:21:24:18:ab:91:ec:fb:64:91:d5:fd:
         02:76:9b:82:39:fd:15:1d:1d:96:80:aa:14:52:d7:60:cf:53:
         45:a0:3f:17:b6:37:3c:36:84:d7:a1:c1:36:03:34:1b:f0:d3:
         00:19:5f:6c:4f:5a:6a:c9:96:30:9f:16:52:5e:61:20:3d:84:
         b8:d6:77:7f:60:5f:5d:96:af:43:75:fa:fb:d9:b4:e2:36:8e:
         13:82:65:23:55:39:e4:ca:d2:e6:46:9e:3b:e8:8a:ad:b5:28:
         60:a6:63:51:cc:95:39:71:aa:9f:de:7c:b4:9e:04:eb:3f:b9:
         b2:64:79:59:72:bc:7d:2b:3f:49:27:8e:a5:a2:7f:cd:88:ca:
         96:7c:9c:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnDzGzpUqJ38TFdG2MEwVhwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGVjNGE0NmE2ZTZlNGY5YTkyZDBiYTJlMGIzYWI1NjU4
YmUxYmQwHhcNMjUxMDA4MTIyOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODFlNGVkODNiZmYzYmQ0YTBhMDU5OGY5ZmIyYjhhNmUzMDFjZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApye026x+chUnIY4Zw+x78Ky9WzVW
Msy0WMGS1FwKmWj7uCAyaiyI5b3+c21dsmQmbpTiE/kUPCUD1TkIz37iXYZnraHN
UfyHLAyGemwASlRUuazJZrMCkoS2obfJqy9Q9n2TsRB5v5TcN3o+702fjkssaGHE
8IlG0FdP7sWVL9jh8qbRSfHQLKeDg3LzJgs43S2fLt8xGGIlZ/5b4w+hoIFnihVy
IAnKxIMrqjBQbSv7lsZQHfQFcd6paUr1R8lICTQJ4U4sei+fuJ6HLnagRjZGGNM4
j1jU2etzgCGhYFOgGwKGGskMWWhTcGbg+tQbgn2Nvncb+MzzmpjmfK3vNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIgeTtg7/zvUoKBZj5+yuKbjAc6LMB8GA1UdIwQY
MBaAFP/exKRqbm5PmpLQui4LOrVli+G9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEt
N2U4YzZkNGQ5YmVmLzEvaUI1TzJEdl9POVNnb0ZtUG43SzRwdU1Cem9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEtN2U4YzZkNGQ5YmVm
LzEvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbWhzAwQA
wVQzMA0GCSqGSIb3DQEBCwUAA4IBAQAP0wpvzzt0FXQMPNAQOAplPm1VejMhEJJT
Yh/xZgg88KPsiztJf269oMapWoQd1fJqr9FEQ39JW3kxUPUXCWx8Zw+rRPwl94HK
lvgp/R2kI4OudP0TvuZilD64U012Ksfs4ZtJya4trmHCPT2ZPkszHc1AISQYq5Hs
+2SR1f0CdpuCOf0VHR2WgKoUUtdgz1NFoD8Xtjc8NoTXocE2AzQb8NMAGV9sT1pq
yZYwnxZSXmEgPYS41nd/YF9dlq9Ddfr72bTiNo4TgmUjVTnkytLmRp476IqttShg
pmNRzJU5caqf3ny0ngTrP7myZHlZcrx9Kz9JJ46lon/NiMqWfJxr
-----END CERTIFICATE-----