Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/cYRGhzL82eBqpmxlM9QdQCYRf0M.roa
File:                     cYRGhzL82eBqpmxlM9QdQCYRf0M.roa (raw, json)
Hash identifier:          JsKzcZfq1zGMtrEgXsSMPufU5mv03rsq7Q409GdhdZ8=
Subject key identifier:   71:84:46:87:32:FC:D9:E0:6A:A6:6C:65:33:D4:1D:40:26:11:7F:43
Certificate issuer:       /CN=e544eb328591184b3faf9e71a931cb325dcb11a8
Certificate serial:       0199A541471CA5C1AEECE3B6E4088B0BA722
Authority key identifier: E5:44:EB:32:85:91:18:4B:3F:AF:9E:71:A9:31:CB:32:5D:CB:11:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5UTrMoWRGEs_r55xqTHLMl3LEag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/cYRGhzL82eBqpmxlM9QdQCYRf0M.roa
Signing time:             Thu 02 Oct 2025 14:09:02 +0000
ROA not before:           Thu 02 Oct 2025 14:09:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209203
IP address blocks:        2.59.65.0/24 maxlen: 24
                          2.59.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/5UTrMoWRGEs_r55xqTHLMl3LEag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/5UTrMoWRGEs_r55xqTHLMl3LEag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5UTrMoWRGEs_r55xqTHLMl3LEag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a5:41:47:1c:a5:c1:ae:ec:e3:b6:e4:08:8b:0b:a7:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e544eb328591184b3faf9e71a931cb325dcb11a8
        Validity
            Not Before: Oct  2 14:09:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7184468732fcd9e06aa66c6533d41d4026117f43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:03:2b:a1:85:e8:7e:7b:2b:f8:c1:d5:7e:c1:
                    a4:ae:e4:f6:2d:43:6d:3d:7c:3a:df:05:95:82:d0:
                    60:7c:06:f4:fb:2c:20:bb:c2:9c:b0:0e:fd:7e:47:
                    9b:72:ff:aa:54:05:19:46:bc:3f:24:c0:92:ce:e3:
                    4e:d3:58:0a:95:e0:cc:3c:ed:71:1a:0b:cc:23:7b:
                    e8:bf:60:ed:ae:a6:30:6e:82:40:40:04:9a:ac:86:
                    dc:03:c4:5f:e3:ea:42:3f:1d:36:82:86:ce:9a:11:
                    f2:24:ea:76:3a:03:8d:bd:06:39:c4:7d:c1:1f:99:
                    eb:1f:de:a4:11:f6:04:16:ce:98:54:8f:25:42:db:
                    d1:e3:0d:5a:4a:c1:28:7d:04:c9:4c:0b:93:bd:7d:
                    27:3e:b8:26:bd:47:6f:8e:ed:44:4e:57:16:a2:3e:
                    33:da:09:57:d8:10:99:4e:cf:bf:a3:46:18:a5:67:
                    b2:16:6c:15:10:99:2e:54:e4:a0:07:c3:26:6e:d8:
                    de:46:3a:17:38:8a:c0:66:10:06:c5:d6:bf:d4:5a:
                    2f:55:0e:be:73:ea:87:79:7a:ff:54:61:d1:d7:c9:
                    34:46:4d:df:52:99:f5:a5:24:a1:12:72:09:67:2a:
                    72:e2:2e:05:b6:d2:b9:61:4b:ed:58:ee:53:c2:12:
                    ff:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:84:46:87:32:FC:D9:E0:6A:A6:6C:65:33:D4:1D:40:26:11:7F:43
            X509v3 Authority Key Identifier:
                keyid:E5:44:EB:32:85:91:18:4B:3F:AF:9E:71:A9:31:CB:32:5D:CB:11:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5UTrMoWRGEs_r55xqTHLMl3LEag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/cYRGhzL82eBqpmxlM9QdQCYRf0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/5UTrMoWRGEs_r55xqTHLMl3LEag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.65.0-2.59.66.255

    Signature Algorithm: sha256WithRSAEncryption
         68:db:8d:6c:3e:2c:b7:3b:83:c0:51:2a:db:d8:26:72:68:a5:
         4d:51:51:11:e0:f7:60:06:47:20:67:f4:30:3c:af:1f:b6:46:
         8d:bd:0b:53:c9:f6:c2:71:78:a1:78:6c:23:b2:21:70:d6:90:
         d2:f0:83:27:37:3b:33:8b:dd:58:04:e5:b5:5e:9e:02:d4:5b:
         c1:7a:c7:3a:65:1b:a8:b1:85:af:fc:fc:9f:68:e1:33:73:c1:
         ff:34:bb:a9:41:f8:6c:b6:c9:18:bf:7f:7f:65:fc:8d:63:be:
         d9:f9:3d:15:cc:60:a3:80:b4:67:cf:c0:9c:04:1c:4e:eb:d7:
         b5:60:0d:09:6b:88:b7:c5:15:6a:a0:ae:7f:80:a1:43:b0:eb:
         d9:73:41:bc:93:31:5b:29:bb:da:5a:68:20:f2:61:52:36:b0:
         5c:2e:69:2e:9f:e4:86:2b:33:49:93:d9:c2:de:31:29:78:15:
         3a:19:ca:15:ae:ed:53:4e:31:cf:d5:36:df:22:8d:05:f0:f3:
         cf:ac:03:8e:2b:b5:90:de:8d:b1:8a:c8:34:5f:5f:7f:9b:52:
         bc:6e:37:24:54:f7:18:86:0b:1c:c4:05:81:f3:bf:d2:ef:57:
         31:7b:e8:04:36:7c:9f:ec:b2:62:88:bd:b0:62:63:19:81:77:
         21:dc:43:b1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZmlQUccpcGu7OO25AiLC6ciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NDRlYjMyODU5MTE4NGIzZmFmOWU3MWE5MzFjYjMyNWRj
YjExYTgwHhcNMjUxMDAyMTQwOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTg0NDY4NzMyZmNkOWUwNmFhNjZjNjUzM2Q0MWQ0MDI2MTE3ZjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AMroYXofnsr+MHVfsGkruT2LUNt
PXw63wWVgtBgfAb0+ywgu8KcsA79fkebcv+qVAUZRrw/JMCSzuNO01gKleDMPO1x
GgvMI3vov2DtrqYwboJAQASarIbcA8Rf4+pCPx02gobOmhHyJOp2OgONvQY5xH3B
H5nrH96kEfYEFs6YVI8lQtvR4w1aSsEofQTJTAuTvX0nPrgmvUdvju1ETlcWoj4z
2glX2BCZTs+/o0YYpWeyFmwVEJkuVOSgB8MmbtjeRjoXOIrAZhAGxda/1FovVQ6+
c+qHeXr/VGHR18k0Rk3fUpn1pSShEnIJZypy4i4FttK5YUvtWO5TwhL/qwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHGERocy/NngaqZsZTPUHUAmEX9DMB8GA1UdIwQY
MBaAFOVE6zKFkRhLP6+ecakxyzJdyxGoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVVUck1vV1JHRXNfcjU1eHFUSExNbDNMRWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFkMTMtY2M3YS00OWQ2LTkxYzQt
NzBhYTY0NWVjYzI5LzEvY1lSR2h6TDgyZUJxcG14bE05UWRRQ1lSZjBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFkMTMtY2M3YS00OWQ2LTkxYzQtNzBhYTY0NWVjYzI5
LzEvNVVUck1vV1JHRXNfcjU1eHFUSExNbDNMRWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAACO0ED
BAACO0IwDQYJKoZIhvcNAQELBQADggEBAGjbjWw+LLc7g8BRKtvYJnJopU1RURHg
92AGRyBn9DA8rx+2Ro29C1PJ9sJxeKF4bCOyIXDWkNLwgyc3OzOL3VgE5bVengLU
W8F6xzplG6ixha/8/J9o4TNzwf80u6lB+Gy2yRi/f39l/I1jvtn5PRXMYKOAtGfP
wJwEHE7r17VgDQlriLfFFWqgrn+AoUOw69lzQbyTMVspu9paaCDyYVI2sFwuaS6f
5IYrM0mT2cLeMSl4FToZyhWu7VNOMc/VNt8ijQXw88+sA44rtZDejbGKyDRfX3+b
UrxuNyRU9xiGCxzEBYHzv9LvVzF76AQ2fJ/ssmKIvbBiYxmBdyHcQ7E=
-----END CERTIFICATE-----