Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/e2eD9qK2hYztM9wMgcHLi8AhZs8.roa
File:                     e2eD9qK2hYztM9wMgcHLi8AhZs8.roa (raw, json)
Hash identifier:          tUPW+7fViLoXv6YzC5FAQqNxsVyrAjo9of3A+F1usKg=
Subject key identifier:   7B:67:83:F6:A2:B6:85:8C:ED:33:DC:0C:81:C1:CB:8B:C0:21:66:CF
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       0199A33CEC1B17DC84563085B3DC41376D22
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/e2eD9qK2hYztM9wMgcHLi8AhZs8.roa
Signing time:             Thu 02 Oct 2025 04:45:02 +0000
ROA not before:           Thu 02 Oct 2025 04:45:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     262589
IP address blocks:        158.172.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a3:3c:ec:1b:17:dc:84:56:30:85:b3:dc:41:37:6d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Oct  2 04:45:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b6783f6a2b6858ced33dc0c81c1cb8bc02166cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:63:b0:ba:ee:6c:0c:ff:7d:5f:3a:25:4e:75:
                    2a:e8:67:f0:b0:16:d1:a1:fc:b5:d1:60:35:05:f0:
                    f9:d8:b1:79:81:7a:6a:99:02:d3:bb:f1:88:32:9b:
                    01:25:bf:3d:fc:50:c5:5f:2f:9e:fb:dc:2f:f5:e9:
                    8a:90:e3:14:0e:e4:e0:04:9b:7e:47:3c:c3:93:b5:
                    f6:89:53:58:99:c9:b4:55:6f:37:28:94:5d:69:62:
                    d4:56:51:60:d8:34:90:00:4f:f5:8e:c6:c0:7d:d7:
                    5e:e4:1c:fc:f4:8b:e1:b8:02:cf:fa:5e:4f:00:ef:
                    48:be:1d:2a:82:23:9e:ad:6d:4d:6d:a4:db:26:9c:
                    1c:bb:1c:eb:53:8d:f1:47:7b:8d:4d:70:c5:e3:14:
                    3e:fe:db:00:d5:04:00:ea:c6:64:ff:9a:10:23:e7:
                    3d:74:bc:40:27:52:33:93:89:55:b3:52:a2:4f:6c:
                    6a:35:e6:e1:39:98:b1:bf:58:31:eb:0d:01:2b:b6:
                    4d:67:4d:b0:a9:ad:8b:39:ac:be:95:a5:00:96:10:
                    d3:a1:42:30:ad:cb:29:1b:c8:c3:e9:e5:f6:ae:de:
                    62:2c:07:9d:b0:6c:9e:69:20:68:b2:56:8a:10:41:
                    45:fb:ee:67:70:4c:b9:55:11:9b:60:7a:25:14:27:
                    2b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:67:83:F6:A2:B6:85:8C:ED:33:DC:0C:81:C1:CB:8B:C0:21:66:CF
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/e2eD9qK2hYztM9wMgcHLi8AhZs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.172.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:15:32:b2:ab:19:2f:55:71:05:91:a4:4e:8e:3e:ff:07:a8:
         90:32:88:f8:b3:d1:3f:37:ab:98:85:af:f7:09:26:0e:83:6c:
         44:ad:ec:1a:bf:03:df:aa:7a:c7:31:66:11:ef:ed:3c:a6:4d:
         0f:c9:46:65:2b:b1:93:c4:26:ec:d1:d1:0d:dc:6f:ac:58:9f:
         df:64:8d:db:24:12:36:3d:1d:04:6c:84:b0:30:df:d8:d3:b0:
         a1:b5:f1:42:98:0a:ed:f6:d8:b4:dc:66:91:0f:1d:74:cf:d7:
         17:e9:44:64:f2:83:8a:0d:2e:2d:95:61:93:aa:2e:06:28:7d:
         47:02:9e:b9:76:52:73:fd:34:80:c3:39:28:9e:14:5e:1a:c1:
         27:89:bd:13:e2:26:d6:22:75:a7:47:4e:91:48:c7:23:99:61:
         89:19:2e:b8:a4:ef:de:8b:37:52:0b:ef:93:67:d6:d1:b9:b8:
         2d:32:bf:7a:45:13:e5:34:15:9d:b9:70:db:90:8f:8c:85:43:
         04:60:33:44:4d:39:ae:19:d4:3f:d9:3f:5c:1f:20:1f:a8:7b:
         50:ad:da:2d:21:e0:09:a8:67:53:5a:7c:67:81:41:36:a1:51:
         2a:46:d9:2f:65:ab:3f:12:f8:a4:86:4a:2f:53:8c:ad:62:52:
         82:58:ed:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmjPOwbF9yEVjCFs9xBN20iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjUxMDAyMDQ0NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjY3ODNmNmEyYjY4NThjZWQzM2RjMGM4MWMxY2I4YmMwMjE2NmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGOwuu5sDP99XzolTnUq6GfwsBbR
ofy10WA1BfD52LF5gXpqmQLTu/GIMpsBJb89/FDFXy+e+9wv9emKkOMUDuTgBJt+
RzzDk7X2iVNYmcm0VW83KJRdaWLUVlFg2DSQAE/1jsbAfdde5Bz89IvhuALP+l5P
AO9Ivh0qgiOerW1NbaTbJpwcuxzrU43xR3uNTXDF4xQ+/tsA1QQA6sZk/5oQI+c9
dLxAJ1Izk4lVs1KiT2xqNebhOZixv1gx6w0BK7ZNZ02wqa2LOay+laUAlhDToUIw
rcspG8jD6eX2rt5iLAedsGyeaSBoslaKEEFF++5ncEy5VRGbYHolFCcr3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtng/aitoWM7TPcDIHBy4vAIWbPMB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvZTJlRDlxSzJoWXp0TTl3TWdjSExpOEFoWnM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnqzbMA0G
CSqGSIb3DQEBCwUAA4IBAQBFFTKyqxkvVXEFkaROjj7/B6iQMoj4s9E/N6uYha/3
CSYOg2xErewavwPfqnrHMWYR7+08pk0PyUZlK7GTxCbs0dEN3G+sWJ/fZI3bJBI2
PR0EbISwMN/Y07ChtfFCmArt9ti03GaRDx10z9cX6URk8oOKDS4tlWGTqi4GKH1H
Ap65dlJz/TSAwzkonhReGsEnib0T4ibWInWnR06RSMcjmWGJGS64pO/eizdSC++T
Z9bRubgtMr96RRPlNBWduXDbkI+MhUMEYDNETTmuGdQ/2T9cHyAfqHtQrdotIeAJ
qGdTWnxngUE2oVEqRtkvZas/EvikhkovU4ytYlKCWO3I
-----END CERTIFICATE-----