Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/h-A858ZfddXvJk42E4zciUqkDGo.roa
File:                     h-A858ZfddXvJk42E4zciUqkDGo.roa (raw, json)
Hash identifier:          dyn6NbexTrThIgZ64mOYzwXCatyWxi4d3djRyVn/ZTk=
Subject key identifier:   87:E0:3C:E7:C6:5F:75:D5:EF:26:4E:36:13:8C:DC:89:4A:A4:0C:6A
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       0199BD68BCA3BE162EF036E2C05BC0D60689
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/h-A858ZfddXvJk42E4zciUqkDGo.roa
Signing time:             Tue 07 Oct 2025 06:43:01 +0000
ROA not before:           Tue 07 Oct 2025 06:43:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     984
IP address blocks:        95.173.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bd:68:bc:a3:be:16:2e:f0:36:e2:c0:5b:c0:d6:06:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Oct  7 06:43:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87e03ce7c65f75d5ef264e36138cdc894aa40c6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f6:db:55:2d:4c:02:9a:98:46:ba:3e:d9:0e:
                    20:a0:58:ea:09:4b:b1:89:ad:2a:9e:e3:98:3f:c9:
                    4d:52:02:b5:f1:f8:4e:83:d7:b9:80:79:61:6d:67:
                    de:95:b8:87:1e:3a:e1:55:f6:c5:07:ac:cb:db:5b:
                    cd:ca:62:d0:13:97:93:d0:64:de:7f:4e:9a:e1:c7:
                    b3:dc:1c:df:79:ee:9b:05:88:80:21:e5:00:f1:0b:
                    a7:fd:72:d7:d5:4a:b9:9e:29:42:f8:e7:ec:82:b9:
                    fe:bc:7c:ab:1a:da:eb:c0:fd:0c:fb:4d:4a:8f:1b:
                    28:75:2c:ae:ac:89:0b:81:f2:0b:0d:fa:47:c4:35:
                    83:75:16:5a:8b:0c:ff:b9:97:60:28:5f:6e:6e:f6:
                    29:db:4f:b7:7d:60:f3:db:bd:f5:72:67:e2:f5:cd:
                    ab:41:22:3b:6b:20:e2:34:2e:bc:a9:70:bc:f1:33:
                    9e:3c:cc:93:28:5c:7c:4a:54:e0:8a:e4:59:ac:ab:
                    fc:1c:89:04:c9:c2:7d:54:44:c2:ae:08:d6:56:6c:
                    f7:65:20:25:ac:0f:a8:79:6a:aa:80:e0:2b:29:f3:
                    f7:0e:ec:9c:3f:0c:ac:bb:65:8b:19:97:a3:c4:a8:
                    e2:f9:d2:9a:8e:6d:d4:4f:e2:7d:72:9d:40:4d:8c:
                    df:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:E0:3C:E7:C6:5F:75:D5:EF:26:4E:36:13:8C:DC:89:4A:A4:0C:6A
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/h-A858ZfddXvJk42E4zciUqkDGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:2a:f3:b0:36:43:a2:db:c3:22:bd:a0:01:ea:36:aa:19:49:
         c9:c8:4a:66:6f:9e:4d:e3:c5:48:72:24:40:03:8b:91:38:94:
         8c:76:52:73:09:5a:6f:0d:e5:fd:03:93:ae:58:d3:26:79:d7:
         6a:cc:f9:5f:2e:47:5e:81:0b:40:89:7a:86:6b:42:e9:19:58:
         3a:79:0c:42:88:0e:fe:0b:be:c7:6c:39:5c:b2:ec:12:97:8d:
         c2:ee:ca:7b:8e:95:13:a0:a7:fa:57:6b:3c:45:82:54:fa:f4:
         c2:58:ff:95:0b:81:c6:63:55:5b:ed:54:4c:dc:5d:5a:c3:e6:
         1e:ac:19:85:c3:76:53:cd:90:4e:d2:32:4f:69:92:9b:34:ce:
         f8:f8:2d:5d:2d:81:66:12:81:79:b3:0f:f1:47:b5:f6:13:11:
         e0:7e:11:05:a3:39:6c:c6:92:8e:c6:78:6b:bf:b9:ab:6e:22:
         18:ea:cc:a4:fc:66:65:e8:f9:31:a1:dc:a0:27:69:bc:b9:89:
         50:fc:1d:83:be:c2:11:f7:e9:7b:86:a4:3b:a8:c3:18:c7:60:
         9a:c9:02:6c:a4:0a:58:a4:3e:64:f4:22:77:02:43:e6:62:f5:
         4a:c5:ed:4c:09:94:cd:46:04:e1:fa:55:e8:a1:62:fa:23:f5:
         57:30:28:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm9aLyjvhYu8DbiwFvA1gaJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUxMDA3MDY0MzAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2UwM2NlN2M2NWY3NWQ1ZWYyNjRlMzYxMzhjZGM4OTRhYTQwYzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfbbVS1MApqYRro+2Q4goFjqCUux
ia0qnuOYP8lNUgK18fhOg9e5gHlhbWfelbiHHjrhVfbFB6zL21vNymLQE5eT0GTe
f06a4cez3Bzfee6bBYiAIeUA8Qun/XLX1Uq5nilC+Ofsgrn+vHyrGtrrwP0M+01K
jxsodSyurIkLgfILDfpHxDWDdRZaiwz/uZdgKF9ubvYp20+3fWDz2731cmfi9c2r
QSI7ayDiNC68qXC88TOePMyTKFx8SlTgiuRZrKv8HIkEycJ9VETCrgjWVmz3ZSAl
rA+oeWqqgOArKfP3DuycPwysu2WLGZejxKji+dKajm3UT+J9cp1ATYzf3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfgPOfGX3XV7yZONhOM3IlKpAxqMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvaC1BODU4WmZkZFh2Sms0MkU0emNpVXFrREdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX605MA0G
CSqGSIb3DQEBCwUAA4IBAQCFKvOwNkOi28MivaAB6jaqGUnJyEpmb55N48VIciRA
A4uROJSMdlJzCVpvDeX9A5OuWNMmeddqzPlfLkdegQtAiXqGa0LpGVg6eQxCiA7+
C77HbDlcsuwSl43C7sp7jpUToKf6V2s8RYJU+vTCWP+VC4HGY1Vb7VRM3F1aw+Ye
rBmFw3ZTzZBO0jJPaZKbNM74+C1dLYFmEoF5sw/xR7X2ExHgfhEFozlsxpKOxnhr
v7mrbiIY6syk/GZl6PkxodygJ2m8uYlQ/B2DvsIR9+l7hqQ7qMMYx2CayQJspApY
pD5k9CJ3AkPmYvVKxe1MCZTNRgTh+lXooWL6I/VXMCiE
-----END CERTIFICATE-----