Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/KSrqd-K2qN25PnwAmClxYgD_VwI.roa
File:                     KSrqd-K2qN25PnwAmClxYgD_VwI.roa (raw, json)
Hash identifier:          R/U3yBT9e4imvw3Tjw/+/dIWqaaKNifNNdmI6TUsVik=
Subject key identifier:   29:2A:EA:77:E2:B6:A8:DD:B9:3E:7C:00:98:29:71:62:00:FF:57:02
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       01999A2C0FE975EFB77FB63D663DFEC61407
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/KSrqd-K2qN25PnwAmClxYgD_VwI.roa
Signing time:             Tue 30 Sep 2025 10:30:02 +0000
ROA not before:           Tue 30 Sep 2025 10:30:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        95.173.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:2c:0f:e9:75:ef:b7:7f:b6:3d:66:3d:fe:c6:14:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Sep 30 10:30:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=292aea77e2b6a8ddb93e7c009829716200ff5702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:38:46:36:f7:0a:b6:36:92:bb:a8:05:6e:ea:
                    ee:fa:09:78:46:9d:ef:3b:97:e0:d1:d2:77:f5:fc:
                    da:96:20:f5:9f:78:91:da:17:ee:ea:16:4c:2a:1c:
                    16:32:4d:e5:b2:e4:10:7d:69:49:c6:8d:93:07:d4:
                    87:45:ea:8f:9a:38:5b:5c:b4:e0:83:2b:8d:54:ce:
                    e7:ee:8b:17:07:79:d7:2f:ab:b9:47:82:fa:1c:7a:
                    cd:a5:74:8c:15:15:c6:b8:fa:db:c8:5a:42:e2:48:
                    02:41:45:cd:d4:d0:e6:cd:aa:a4:de:98:3f:e4:4b:
                    00:b6:c7:fc:ca:f4:3b:8f:2a:ad:13:c4:20:ef:7d:
                    34:65:a7:ba:85:a5:c1:6a:a0:04:e0:94:46:bd:98:
                    c0:af:12:8e:81:85:66:bd:ca:5e:80:a2:ac:4e:e7:
                    a5:67:ef:5f:df:de:8c:be:30:8b:7e:dc:bf:78:82:
                    b1:b3:6f:9f:51:30:e9:86:11:b5:52:f7:12:c9:a9:
                    db:1b:4e:d2:5a:a0:a1:50:1d:95:7e:45:01:47:07:
                    30:b6:3c:e5:3e:e1:26:a7:21:00:bc:a8:85:39:1b:
                    b8:c1:6c:1c:1c:96:43:61:b2:17:5a:81:0f:b4:cd:
                    38:1f:8f:5a:4a:58:87:93:45:ba:63:9a:fb:69:55:
                    b2:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:2A:EA:77:E2:B6:A8:DD:B9:3E:7C:00:98:29:71:62:00:FF:57:02
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/KSrqd-K2qN25PnwAmClxYgD_VwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:b9:59:91:15:f3:4a:c8:7b:a6:55:32:af:4a:61:fd:cd:b6:
         56:a5:7c:d8:5d:aa:d6:ed:b1:b4:1b:8c:15:b1:2b:57:b8:16:
         eb:9f:04:e3:2c:37:75:e2:7f:fc:e6:37:fd:ba:98:77:a8:96:
         e3:58:31:fd:99:b1:36:55:3c:ea:16:b6:ed:95:7d:c9:33:a2:
         c0:54:75:2d:8e:3b:9c:87:12:d5:45:8a:68:ae:1b:70:01:9e:
         86:ac:24:b2:b0:ca:bf:d7:93:2d:3f:f9:82:99:7b:12:5d:11:
         a0:75:15:f9:aa:ec:dd:53:01:63:b0:5b:f5:55:97:87:d9:2d:
         2f:c0:c8:b3:c5:08:af:66:92:1d:80:6e:58:ab:ef:be:e7:62:
         28:f6:95:2b:ec:0b:dd:a9:23:59:06:0b:c7:92:6a:a0:14:c2:
         a8:a7:7e:7f:2e:9c:a9:cf:a7:f9:6d:c2:39:40:63:52:64:09:
         e4:51:06:77:c8:d9:35:87:52:bb:aa:89:3b:45:9a:4d:fc:7f:
         96:b7:b1:33:04:5d:75:58:09:e5:f1:8d:4f:79:cf:c8:26:32:
         60:3d:fb:80:91:d2:fd:fb:4d:1a:2b:9e:d7:e6:df:ce:aa:b2:
         87:82:ab:f9:71:82:91:b7:6e:ab:00:1e:99:d4:e1:86:50:ab:
         82:a3:0a:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmaLA/pde+3f7Y9Zj3+xhQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwOTMwMTAzMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTJhZWE3N2UyYjZhOGRkYjkzZTdjMDA5ODI5NzE2MjAwZmY1NzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDhGNvcKtjaSu6gFburu+gl4Rp3v
O5fg0dJ39fzaliD1n3iR2hfu6hZMKhwWMk3lsuQQfWlJxo2TB9SHReqPmjhbXLTg
gyuNVM7n7osXB3nXL6u5R4L6HHrNpXSMFRXGuPrbyFpC4kgCQUXN1NDmzaqk3pg/
5EsAtsf8yvQ7jyqtE8Qg7300Zae6haXBaqAE4JRGvZjArxKOgYVmvcpegKKsTuel
Z+9f396MvjCLfty/eIKxs2+fUTDphhG1UvcSyanbG07SWqChUB2VfkUBRwcwtjzl
PuEmpyEAvKiFORu4wWwcHJZDYbIXWoEPtM04H49aSliHk0W6Y5r7aVWyfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkq6nfitqjduT58AJgpcWIA/1cCMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvS1NycWQtSzJxTjI1UG53QW1DbHhZZ0RfVndJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX606MA0G
CSqGSIb3DQEBCwUAA4IBAQBGuVmRFfNKyHumVTKvSmH9zbZWpXzYXarW7bG0G4wV
sStXuBbrnwTjLDd14n/85jf9uph3qJbjWDH9mbE2VTzqFrbtlX3JM6LAVHUtjjuc
hxLVRYporhtwAZ6GrCSysMq/15MtP/mCmXsSXRGgdRX5quzdUwFjsFv1VZeH2S0v
wMizxQivZpIdgG5Yq+++52Io9pUr7AvdqSNZBgvHkmqgFMKop35/Lpypz6f5bcI5
QGNSZAnkUQZ3yNk1h1K7qok7RZpN/H+Wt7EzBF11WAnl8Y1Pec/IJjJgPfuAkdL9
+00aK57X5t/OqrKHgqv5cYKRt26rAB6Z1OGGUKuCowqB
-----END CERTIFICATE-----