Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/52AprETIRbFDUqM46ur0ZcU_kJ8.roa
File:                     52AprETIRbFDUqM46ur0ZcU_kJ8.roa (raw, json)
Hash identifier:          r7B0mvb9UUSQmten8hxAPFepljFzhrKT4KBjDSQtBTw=
Subject key identifier:   E7:60:29:AC:44:C8:45:B1:43:52:A3:38:EA:EA:F4:65:C5:3F:90:9F
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       01995C056EDA5C7123E74691D5CAE8179D6A
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/52AprETIRbFDUqM46ur0ZcU_kJ8.roa
Signing time:             Thu 18 Sep 2025 08:51:23 +0000
ROA not before:           Thu 18 Sep 2025 08:51:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        95.173.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:05:6e:da:5c:71:23:e7:46:91:d5:ca:e8:17:9d:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Sep 18 08:51:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e76029ac44c845b14352a338eaeaf465c53f909f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f6:44:e1:79:3f:4d:5a:8a:81:86:58:cb:0b:
                    43:d7:ab:71:9d:a1:08:39:13:48:4f:7e:20:fe:53:
                    4d:03:14:74:88:0f:82:a0:13:46:2e:fd:6d:89:10:
                    b0:76:fc:5c:8d:33:5a:0a:41:5e:64:df:07:ef:58:
                    db:16:a8:67:d3:9c:32:55:1b:43:77:59:43:04:b3:
                    82:3b:e1:ff:98:90:26:b0:b6:5e:c6:02:b8:1c:25:
                    e8:35:82:e4:b0:78:12:85:64:16:70:2e:9b:94:bb:
                    68:c4:f5:6e:d6:1f:dd:76:3b:f6:4e:72:48:a5:c8:
                    52:63:5a:70:b2:77:d5:d6:7c:2b:4c:8d:3a:88:b7:
                    b0:78:51:7a:5b:eb:17:56:00:e6:da:15:e1:98:99:
                    87:e9:0d:5d:99:73:37:c6:ad:ae:bb:38:60:6f:eb:
                    78:ac:82:dc:18:65:e5:66:df:15:ef:03:8d:d7:74:
                    ec:76:38:07:3b:1d:92:34:05:f8:b2:bf:3b:60:78:
                    c7:5e:57:4b:d4:84:28:0d:ca:36:d4:7e:f2:4e:0e:
                    51:0b:99:89:b4:20:2f:5c:66:22:a1:c2:3d:87:12:
                    80:f7:17:91:29:1b:40:32:09:bc:fd:a9:e3:12:a9:
                    38:6f:b2:ff:87:bc:2e:85:43:d5:e5:3e:e4:7f:16:
                    f4:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:60:29:AC:44:C8:45:B1:43:52:A3:38:EA:EA:F4:65:C5:3F:90:9F
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/52AprETIRbFDUqM46ur0ZcU_kJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:9c:cc:ec:43:de:48:e5:d2:e2:7a:b9:38:a6:23:e8:d1:22:
         4a:84:93:ae:aa:7a:ad:04:ac:54:30:f3:64:e3:48:01:bb:69:
         7d:c6:3b:a5:d8:63:1a:62:4e:d1:a2:7c:c6:59:41:b3:0e:4a:
         43:7d:5a:6e:3b:bf:30:64:10:45:b5:4b:cb:89:6d:a3:2c:f0:
         fb:3b:20:3d:7c:cf:21:79:ee:ad:a1:6e:77:64:8a:9e:53:3d:
         66:ac:f5:0a:65:94:e2:f3:bd:5a:54:05:4c:62:84:72:37:73:
         80:76:03:2c:6b:50:63:22:78:6c:d3:ec:c6:4f:05:24:45:08:
         20:5c:93:11:d1:61:30:9c:c7:11:b0:21:8a:f5:fe:ed:4c:9b:
         75:b2:d1:2f:b2:43:6e:53:65:cd:2c:16:be:4b:95:4c:7d:7f:
         2c:5a:cf:8b:2b:94:19:05:7a:b0:d4:28:df:d2:3a:f7:0b:a1:
         67:56:34:a7:59:c9:31:dc:b5:0b:90:5c:42:7b:64:2e:3d:c7:
         0a:82:32:4a:43:de:be:de:23:ab:bd:3c:cf:64:e5:41:73:21:
         b4:2a:73:fa:74:76:0e:1a:1b:83:1e:dc:b7:fb:ab:46:41:6b:
         be:cd:9a:3c:e9:db:1b:ef:4a:0c:b5:47:63:af:0e:91:74:f8:
         4a:05:16:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlcBW7aXHEj50aR1croF51qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwOTE4MDg1MTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzYwMjlhYzQ0Yzg0NWIxNDM1MmEzMzhlYWVhZjQ2NWM1M2Y5MDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvZE4Xk/TVqKgYZYywtD16txnaEI
ORNIT34g/lNNAxR0iA+CoBNGLv1tiRCwdvxcjTNaCkFeZN8H71jbFqhn05wyVRtD
d1lDBLOCO+H/mJAmsLZexgK4HCXoNYLksHgShWQWcC6blLtoxPVu1h/ddjv2TnJI
pchSY1pwsnfV1nwrTI06iLeweFF6W+sXVgDm2hXhmJmH6Q1dmXM3xq2uuzhgb+t4
rILcGGXlZt8V7wON13TsdjgHOx2SNAX4sr87YHjHXldL1IQoDco21H7yTg5RC5mJ
tCAvXGYiocI9hxKA9xeRKRtAMgm8/anjEqk4b7L/h7wuhUPV5T7kfxb0LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdgKaxEyEWxQ1KjOOrq9GXFP5CfMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvNTJBcHJFVElSYkZEVXFNNDZ1cjBaY1Vfa0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX60xMA0G
CSqGSIb3DQEBCwUAA4IBAQANnMzsQ95I5dLierk4piPo0SJKhJOuqnqtBKxUMPNk
40gBu2l9xjul2GMaYk7RonzGWUGzDkpDfVpuO78wZBBFtUvLiW2jLPD7OyA9fM8h
ee6toW53ZIqeUz1mrPUKZZTi871aVAVMYoRyN3OAdgMsa1BjInhs0+zGTwUkRQgg
XJMR0WEwnMcRsCGK9f7tTJt1stEvskNuU2XNLBa+S5VMfX8sWs+LK5QZBXqw1Cjf
0jr3C6FnVjSnWckx3LULkFxCe2QuPccKgjJKQ96+3iOrvTzPZOVBcyG0KnP6dHYO
GhuDHty3+6tGQWu+zZo86dsb70oMtUdjrw6RdPhKBRZQ
-----END CERTIFICATE-----