Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/kJU-KgD8cYtkfeivKCJEB0DdEd8.roa
File:                     kJU-KgD8cYtkfeivKCJEB0DdEd8.roa (raw, json)
Hash identifier:          5IehEg28rjh+Szw0jXY9Pro/E9tT/kZUcz/KhGmkIUc=
Subject key identifier:   90:95:3E:2A:00:FC:71:8B:64:7D:E8:AF:28:22:44:07:40:DD:11:DF
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019975B3D4BBCF5C7DDA9D3F20070FD65215
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/kJU-KgD8cYtkfeivKCJEB0DdEd8.roa
Signing time:             Tue 23 Sep 2025 08:32:23 +0000
ROA not before:           Tue 23 Sep 2025 08:32:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20648
IP address blocks:        84.55.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:75:b3:d4:bb:cf:5c:7d:da:9d:3f:20:07:0f:d6:52:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Sep 23 08:32:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90953e2a00fc718b647de8af2822440740dd11df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:51:9d:db:b6:f9:b9:45:2e:d8:12:c9:96:c9:
                    37:aa:b7:75:f3:da:a2:81:c0:a8:7e:80:59:75:44:
                    8d:ca:7e:87:72:68:50:1d:a6:7f:92:c3:e2:c4:7a:
                    58:35:65:89:7f:01:bc:f9:91:b4:09:e8:45:fd:bc:
                    2d:6a:67:b9:38:8e:c8:72:b1:76:bb:e2:29:ff:5f:
                    e6:5e:54:d4:8e:da:ae:be:79:26:e8:d0:d4:88:eb:
                    ba:89:32:8b:dc:9b:b3:d9:86:3a:90:aa:a7:58:4d:
                    2c:1c:c3:c7:ca:e3:6f:fb:51:ee:a1:76:f7:09:54:
                    12:77:ba:2e:d9:c1:49:d2:9f:bd:45:c6:9e:bf:80:
                    12:9a:1b:44:f6:18:ea:fb:e6:f6:d6:fb:93:c1:14:
                    5f:af:ae:4c:98:39:12:10:df:a4:49:d8:f2:88:87:
                    d2:f2:fc:6e:99:27:17:6e:d9:39:4c:89:51:96:6a:
                    41:e8:e5:d5:de:22:9d:bb:d2:78:9e:d8:8c:ac:af:
                    15:60:62:7b:93:70:9d:c2:29:a1:79:6d:e8:ee:fc:
                    99:c5:87:aa:3f:43:25:7e:f7:cb:5d:ad:4a:97:55:
                    de:93:9d:d1:36:29:ca:e9:c3:48:11:1b:5d:42:23:
                    50:2e:da:8a:e8:07:ad:c5:64:9b:6d:c4:55:a5:68:
                    63:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:95:3E:2A:00:FC:71:8B:64:7D:E8:AF:28:22:44:07:40:DD:11:DF
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/kJU-KgD8cYtkfeivKCJEB0DdEd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.55.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:f3:07:ec:6e:72:20:a3:fc:1f:b4:89:35:ae:8f:9c:fd:68:
         f8:b8:5a:c3:5c:da:8a:09:f7:4f:06:3a:fb:bd:c7:cd:30:6b:
         08:8d:f7:48:de:a0:7b:22:e1:66:ed:59:1a:da:ce:5b:7a:a1:
         f9:f9:bf:ca:30:f0:59:a9:c7:75:82:53:63:d7:04:e8:8a:f8:
         64:fa:7b:b4:d3:9e:30:4f:1b:ab:ed:c5:f1:d5:c0:e2:7c:97:
         f4:11:0d:65:1d:29:3a:22:bb:7d:17:23:a5:af:28:ee:41:0f:
         27:9a:04:ce:e9:c7:e1:ad:56:b6:c1:a5:72:a6:21:fe:ff:56:
         c3:23:d3:ee:a8:c2:0a:8a:9e:7a:7f:dc:9a:79:f4:11:84:b7:
         25:f2:3f:ca:54:77:8a:aa:8e:2c:b9:a1:4b:f8:0e:a5:e1:7f:
         01:79:cc:4d:c6:3c:30:e6:55:ab:3c:42:51:88:fe:af:b1:b4:
         55:ad:02:18:17:61:10:15:83:32:ed:52:e8:f9:87:64:2d:1c:
         91:f8:39:53:6f:26:1e:0f:a7:c5:ed:8b:6b:eb:1f:3f:48:a6:
         f2:65:21:d3:b0:e0:b0:b5:cb:fa:21:fb:31:fe:8d:3d:d6:ad:
         0a:c5:c2:59:25:59:bd:5b:80:ab:9a:34:23:13:9b:56:07:b5:
         be:2f:5b:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl1s9S7z1x92p0/IAcP1lIVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwOTIzMDgzMjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDk1M2UyYTAwZmM3MThiNjQ3ZGU4YWYyODIyNDQwNzQwZGQxMWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21Gd27b5uUUu2BLJlsk3qrd189qi
gcCofoBZdUSNyn6HcmhQHaZ/ksPixHpYNWWJfwG8+ZG0CehF/bwtame5OI7IcrF2
u+Ip/1/mXlTUjtquvnkm6NDUiOu6iTKL3Juz2YY6kKqnWE0sHMPHyuNv+1HuoXb3
CVQSd7ou2cFJ0p+9Rcaev4ASmhtE9hjq++b21vuTwRRfr65MmDkSEN+kSdjyiIfS
8vxumScXbtk5TIlRlmpB6OXV3iKdu9J4ntiMrK8VYGJ7k3CdwimheW3o7vyZxYeq
P0MlfvfLXa1Kl1Xek53RNinK6cNIERtdQiNQLtqK6AetxWSbbcRVpWhjmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCVPioA/HGLZH3orygiRAdA3RHfMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEva0pVLUtnRDhjWXRrZmVpdktDSkVCMERkRWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVDcKMA0G
CSqGSIb3DQEBCwUAA4IBAQAe8wfsbnIgo/wftIk1ro+c/Wj4uFrDXNqKCfdPBjr7
vcfNMGsIjfdI3qB7IuFm7Vka2s5beqH5+b/KMPBZqcd1glNj1wToivhk+nu0054w
Txur7cXx1cDifJf0EQ1lHSk6Irt9FyOlryjuQQ8nmgTO6cfhrVa2waVypiH+/1bD
I9PuqMIKip56f9yaefQRhLcl8j/KVHeKqo4suaFL+A6l4X8BecxNxjww5lWrPEJR
iP6vsbRVrQIYF2EQFYMy7VLo+YdkLRyR+DlTbyYeD6fF7Ytr6x8/SKbyZSHTsOCw
tcv6Ifsx/o091q0KxcJZJVm9W4CrmjQjE5tWB7W+L1vb
-----END CERTIFICATE-----