Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/5OAXbGjOqg-vS_55ZPKWFqHiJWs.roa
File:                     5OAXbGjOqg-vS_55ZPKWFqHiJWs.roa (raw, json)
Hash identifier:          Xs90gWSaUge8bMFZD1j250L70pMv92DLAovpQ1YIcqQ=
Subject key identifier:   E4:E0:17:6C:68:CE:AA:0F:AF:4B:FE:79:64:F2:96:16:A1:E2:25:6B
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       0199296E6215642C42CA9B588AE57F80015B
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/5OAXbGjOqg-vS_55ZPKWFqHiJWs.roa
Signing time:             Mon 08 Sep 2025 13:05:23 +0000
ROA not before:           Mon 08 Sep 2025 13:05:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200239
IP address blocks:        193.106.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:29:6e:62:15:64:2c:42:ca:9b:58:8a:e5:7f:80:01:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Sep  8 13:05:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4e0176c68ceaa0faf4bfe7964f29616a1e2256b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:63:78:45:90:ef:bd:58:4a:fc:d3:07:f3:a5:
                    b4:51:b2:fe:25:d2:a1:71:aa:b4:4c:07:70:6f:9c:
                    9c:e0:89:aa:04:12:f3:35:e2:1b:7f:1a:36:4f:f5:
                    3a:ae:2e:d0:7e:e1:63:8f:49:ed:e6:b5:06:90:30:
                    26:2d:47:61:39:9b:8d:15:3c:27:44:74:70:92:a8:
                    78:1f:6b:07:69:f2:b9:f4:a2:88:eb:b5:99:83:f9:
                    01:00:92:13:36:f1:c4:4b:42:2f:76:6a:db:bc:94:
                    a7:b6:15:21:63:ff:fa:f0:1e:f6:c2:24:59:b5:7f:
                    0d:fc:99:83:c2:6a:45:d8:a5:58:38:b2:2b:04:72:
                    8d:ed:1c:1e:d1:c4:23:cc:eb:d2:58:95:b0:ba:3d:
                    fe:9e:1b:d2:ec:3f:39:7e:10:c8:c5:20:54:47:9d:
                    af:31:4d:d9:27:43:c2:15:6d:02:52:68:80:34:94:
                    f6:78:e7:b2:1c:29:45:b5:14:7e:8a:16:39:6c:52:
                    b2:f1:69:ea:20:b9:d6:d2:0b:e8:5b:55:3c:e6:00:
                    ba:cf:44:6d:21:cf:df:42:0e:40:c0:30:6d:79:02:
                    91:c0:a6:b8:5f:f5:8d:05:c5:50:5c:6a:48:1a:c1:
                    65:fe:cc:cb:d2:04:23:11:17:5c:78:e9:76:b6:7f:
                    fa:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E0:17:6C:68:CE:AA:0F:AF:4B:FE:79:64:F2:96:16:A1:E2:25:6B
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/5OAXbGjOqg-vS_55ZPKWFqHiJWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:94:0c:a4:c6:4a:1d:dc:15:01:b7:18:37:43:34:e0:7d:d8:
         52:3d:52:b7:33:d5:18:04:28:ce:78:8e:1d:a9:f6:2f:36:e0:
         12:c1:14:73:b5:a6:8d:a5:99:07:59:e2:6e:f5:c4:13:65:68:
         cf:7c:2d:db:84:b0:cd:d9:51:75:55:35:84:0a:1a:a8:e6:22:
         6a:78:f4:a5:cd:6a:91:c9:e3:9c:c5:b9:30:d4:6e:35:05:f6:
         cc:54:90:a3:fa:78:c2:dc:cc:a8:48:d5:6c:23:50:5b:ab:ad:
         b6:9a:09:51:63:a5:3b:a5:59:b5:21:c0:43:7c:a0:11:a8:0c:
         8b:eb:10:1c:dc:df:55:e7:2b:0d:62:51:58:dd:9d:b4:f8:49:
         2a:6e:f6:e4:c5:4a:77:41:4f:7f:cd:4e:14:b3:81:e8:2a:f1:
         d0:ea:2b:07:91:cc:d5:29:bb:23:61:0c:13:b9:b3:86:98:dc:
         9e:a3:df:9e:9d:73:c5:45:3f:b5:92:be:9f:2b:ef:f1:25:a5:
         0b:b9:64:3a:f6:b6:a7:52:33:02:72:31:11:0c:0c:a7:7c:0a:
         a5:97:b6:17:da:d4:e0:b3:a1:90:a2:43:e0:29:66:57:5c:c7:
         70:d7:34:2e:f7:62:5d:94:ec:77:2d:53:be:73:0a:13:46:4a:
         d0:02:b6:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkpbmIVZCxCyptYiuV/gAFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwOTA4MTMwNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGUwMTc2YzY4Y2VhYTBmYWY0YmZlNzk2NGYyOTYxNmExZTIyNTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGN4RZDvvVhK/NMH86W0UbL+JdKh
caq0TAdwb5yc4ImqBBLzNeIbfxo2T/U6ri7QfuFjj0nt5rUGkDAmLUdhOZuNFTwn
RHRwkqh4H2sHafK59KKI67WZg/kBAJITNvHES0IvdmrbvJSnthUhY//68B72wiRZ
tX8N/JmDwmpF2KVYOLIrBHKN7Rwe0cQjzOvSWJWwuj3+nhvS7D85fhDIxSBUR52v
MU3ZJ0PCFW0CUmiANJT2eOeyHClFtRR+ihY5bFKy8WnqILnW0gvoW1U85gC6z0Rt
Ic/fQg5AwDBteQKRwKa4X/WNBcVQXGpIGsFl/szL0gQjERdceOl2tn/6VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTgF2xozqoPr0v+eWTylhah4iVrMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvNU9BWGJHak9xZy12U181NVpQS1dGcUhpSldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWrFMA0G
CSqGSIb3DQEBCwUAA4IBAQBVlAykxkod3BUBtxg3QzTgfdhSPVK3M9UYBCjOeI4d
qfYvNuASwRRztaaNpZkHWeJu9cQTZWjPfC3bhLDN2VF1VTWEChqo5iJqePSlzWqR
yeOcxbkw1G41BfbMVJCj+njC3MyoSNVsI1Bbq622mglRY6U7pVm1IcBDfKARqAyL
6xAc3N9V5ysNYlFY3Z20+EkqbvbkxUp3QU9/zU4Us4HoKvHQ6isHkczVKbsjYQwT
ubOGmNyeo9+enXPFRT+1kr6fK+/xJaULuWQ69ranUjMCcjERDAynfAqll7YX2tTg
s6GQokPgKWZXXMdw1zQu92JdlOx3LVO+cwoTRkrQArY2
-----END CERTIFICATE-----