Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/aeae3f-af4d-4eee-b284-a5f6c0aa11de/1/SNsRs_4WTuL917-zEoDb2DAW4Cs.roa
File:                     SNsRs_4WTuL917-zEoDb2DAW4Cs.roa (raw, json)
Hash identifier:          N22szcBJgG6xZhKtnqlshnG6vFReTJVV2XmRzhmuoSw=
Subject key identifier:   48:DB:11:B3:FE:16:4E:E2:FD:D7:BF:B3:12:80:DB:D8:30:16:E0:2B
Certificate issuer:       /CN=486510a3116972fced95e8a8bdafd6e455ded0ba
Certificate serial:       01999418945FF9C24D6F6E3CA39BBF39388D
Authority key identifier: 48:65:10:A3:11:69:72:FC:ED:95:E8:A8:BD:AF:D6:E4:55:DE:D0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SGUQoxFpcvztleiova_W5FXe0Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/aeae3f-af4d-4eee-b284-a5f6c0aa11de/1/SNsRs_4WTuL917-zEoDb2DAW4Cs.roa
Signing time:             Mon 29 Sep 2025 06:11:02 +0000
ROA not before:           Mon 29 Sep 2025 06:11:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8560
IP address blocks:        64.190.62.0/23 maxlen: 24
                          91.195.240.0/23 maxlen: 24
                          2001:67c:64c::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/aeae3f-af4d-4eee-b284-a5f6c0aa11de/1/SGUQoxFpcvztleiova_W5FXe0Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/aeae3f-af4d-4eee-b284-a5f6c0aa11de/1/SGUQoxFpcvztleiova_W5FXe0Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SGUQoxFpcvztleiova_W5FXe0Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:18:94:5f:f9:c2:4d:6f:6e:3c:a3:9b:bf:39:38:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=486510a3116972fced95e8a8bdafd6e455ded0ba
        Validity
            Not Before: Sep 29 06:11:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48db11b3fe164ee2fdd7bfb31280dbd83016e02b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e2:e9:73:01:d0:12:9f:54:0e:3c:d6:40:c4:
                    f7:c8:b3:34:f1:4d:b8:39:76:e5:b4:13:40:66:32:
                    bd:63:b7:35:26:20:b2:69:41:8c:36:d8:a4:11:a1:
                    a1:3a:84:fe:9f:0c:f2:7d:a6:6f:3b:77:a9:7d:0a:
                    f4:f9:b9:e7:fa:ff:6d:23:6f:19:95:27:f6:a5:38:
                    f1:8e:1e:d3:2d:f2:32:2e:62:ac:fc:71:a3:be:85:
                    36:47:30:60:f0:2b:4a:d3:b0:42:1e:2d:dd:a0:1b:
                    71:cf:12:29:08:c6:ed:c2:de:fb:90:58:32:55:cd:
                    0f:03:d4:7d:20:3f:6a:68:55:67:b8:6c:89:42:c3:
                    0f:0b:c4:88:81:f1:d1:81:d1:f0:4e:1e:4a:b8:d3:
                    9e:4b:3f:f1:df:42:00:9a:93:9b:b5:62:74:3b:94:
                    7f:34:10:17:ef:c9:0b:6c:77:e4:86:75:d3:2f:57:
                    75:88:24:c0:85:9f:7f:22:a7:db:8c:85:e1:d6:ea:
                    c1:1c:d1:18:ff:d6:3f:76:b3:8e:b4:b6:6c:fb:64:
                    0f:bb:9f:f8:aa:a0:30:42:cc:5f:22:aa:92:9f:f7:
                    fe:3e:4a:ba:38:e7:a1:57:e5:84:44:3a:c3:05:fd:
                    7e:59:ed:aa:1c:e9:0f:1b:75:17:19:b2:89:97:24:
                    a7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:DB:11:B3:FE:16:4E:E2:FD:D7:BF:B3:12:80:DB:D8:30:16:E0:2B
            X509v3 Authority Key Identifier:
                keyid:48:65:10:A3:11:69:72:FC:ED:95:E8:A8:BD:AF:D6:E4:55:DE:D0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SGUQoxFpcvztleiova_W5FXe0Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/aeae3f-af4d-4eee-b284-a5f6c0aa11de/1/SNsRs_4WTuL917-zEoDb2DAW4Cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/aeae3f-af4d-4eee-b284-a5f6c0aa11de/1/SGUQoxFpcvztleiova_W5FXe0Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.190.62.0/23
                  91.195.240.0/23
                IPv6:
                  2001:67c:64c::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:19:1e:5b:1b:a0:81:dc:93:ab:39:ac:6c:32:60:6b:c8:8d:
         7d:a1:ff:c9:3d:06:b1:1c:6c:97:0b:9e:5c:df:f3:38:19:a3:
         94:70:cc:e7:2d:eb:24:a1:8e:51:59:78:1c:5d:4d:1e:04:36:
         29:29:a3:83:ef:93:3b:e2:aa:d8:aa:b2:bc:ce:a9:49:f4:fa:
         cd:1b:9a:50:a0:42:a7:70:f0:e0:e8:e6:ce:44:04:2b:11:b9:
         ba:47:60:9a:96:2e:9f:a4:fa:08:33:90:5e:59:2c:57:d3:d6:
         4a:79:1f:6f:21:37:95:4f:64:6e:49:49:22:d9:4e:c7:f8:ed:
         f9:c0:c8:30:37:d1:8a:db:09:6c:06:e9:51:5a:12:d9:f3:e9:
         aa:95:c9:a5:bc:9b:fb:33:3b:c2:bc:df:3b:ab:fc:77:7d:43:
         68:d7:cc:b9:68:60:d8:bb:45:aa:78:f6:c7:52:15:d2:43:1e:
         6c:d5:49:d3:3d:17:ac:3e:4e:b6:b9:4c:71:1e:8f:82:fd:b6:
         27:18:6e:45:d4:3c:eb:97:2f:c7:af:24:01:75:db:78:3f:4e:
         8e:9d:e1:21:c4:8b:f6:24:00:0e:24:bf:60:fa:cf:2e:f5:43:
         9d:40:f2:6e:c0:2c:f9:5c:2d:b6:74:09:77:ff:7c:29:ed:f8:
         fa:ad:7d:f4
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZmUGJRf+cJNb248o5u/OTiNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NjUxMGEzMTE2OTcyZmNlZDk1ZThhOGJkYWZkNmU0NTVk
ZWQwYmEwHhcNMjUwOTI5MDYxMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGRiMTFiM2ZlMTY0ZWUyZmRkN2JmYjMxMjgwZGJkODMwMTZlMDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOLpcwHQEp9UDjzWQMT3yLM08U24
OXbltBNAZjK9Y7c1JiCyaUGMNtikEaGhOoT+nwzyfaZvO3epfQr0+bnn+v9tI28Z
lSf2pTjxjh7TLfIyLmKs/HGjvoU2RzBg8CtK07BCHi3doBtxzxIpCMbtwt77kFgy
Vc0PA9R9ID9qaFVnuGyJQsMPC8SIgfHRgdHwTh5KuNOeSz/x30IAmpObtWJ0O5R/
NBAX78kLbHfkhnXTL1d1iCTAhZ9/IqfbjIXh1urBHNEY/9Y/drOOtLZs+2QPu5/4
qqAwQsxfIqqSn/f+Pkq6OOehV+WERDrDBf1+We2qHOkPG3UXGbKJlySnoQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFEjbEbP+Fk7i/de/sxKA29gwFuArMB8GA1UdIwQY
MBaAFEhlEKMRaXL87ZXoqL2v1uRV3tC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0dVUW94RnBjdnp0bGVpb3ZhX1c1RlhlMExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9hZWFlM2YtYWY0ZC00ZWVlLWIyODQt
YTVmNmMwYWExMWRlLzEvU05zUnNfNFdUdUw5MTctekVvRGIyREFXNENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9hZWFlM2YtYWY0ZC00ZWVlLWIyODQtYTVmNmMwYWExMWRl
LzEvU0dVUW94RnBjdnp0bGVpb3ZhX1c1RlhlMExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBQL4+AwQB
W8PwMA8EAgACMAkDBwAgAQZ8BkwwDQYJKoZIhvcNAQELBQADggEBAJIZHlsboIHc
k6s5rGwyYGvIjX2h/8k9BrEcbJcLnlzf8zgZo5RwzOct6yShjlFZeBxdTR4ENikp
o4PvkzviqtiqsrzOqUn0+s0bmlCgQqdw8ODo5s5EBCsRubpHYJqWLp+k+ggzkF5Z
LFfT1kp5H28hN5VPZG5JSSLZTsf47fnAyDA30YrbCWwG6VFaEtnz6aqVyaW8m/sz
O8K83zur/Hd9Q2jXzLloYNi7Rap49sdSFdJDHmzVSdM9F6w+Tra5THEej4L9ticY
bkXUPOuXL8evJAF123g/To6d4SHEi/YkAA4kv2D6zy71Q51A8m7ALPlcLbZ0CXf/
fCnt+PqtffQ=
-----END CERTIFICATE-----