Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/7dd25d-a521-479c-988b-9cee77bc5222/1/vnrJw0_RXF_3eNlI4J759GvRvbQ.roa
File:                     vnrJw0_RXF_3eNlI4J759GvRvbQ.roa (raw, json)
Hash identifier:          Eb6f4bJUmWLqH0E5jlnZq5oby6oYj5i5BTlzMbxWrPI=
Subject key identifier:   BE:7A:C9:C3:4F:D1:5C:5F:F7:78:D9:48:E0:9E:F9:F4:6B:D1:BD:B4
Certificate issuer:       /CN=a6162102e5a3c0aeeab63c21ed92a805826db7aa
Certificate serial:       0199A4DF50FAE6B88847B8AD02A1F7E6292F
Authority key identifier: A6:16:21:02:E5:A3:C0:AE:EA:B6:3C:21:ED:92:A8:05:82:6D:B7:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/phYhAuWjwK7qtjwh7ZKoBYJtt6o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/7dd25d-a521-479c-988b-9cee77bc5222/1/vnrJw0_RXF_3eNlI4J759GvRvbQ.roa
Signing time:             Thu 02 Oct 2025 12:22:02 +0000
ROA not before:           Thu 02 Oct 2025 12:22:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59956
IP address blocks:        195.191.200.0/24 maxlen: 24
                          195.191.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/7dd25d-a521-479c-988b-9cee77bc5222/1/phYhAuWjwK7qtjwh7ZKoBYJtt6o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/7dd25d-a521-479c-988b-9cee77bc5222/1/phYhAuWjwK7qtjwh7ZKoBYJtt6o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/phYhAuWjwK7qtjwh7ZKoBYJtt6o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a4:df:50:fa:e6:b8:88:47:b8:ad:02:a1:f7:e6:29:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6162102e5a3c0aeeab63c21ed92a805826db7aa
        Validity
            Not Before: Oct  2 12:22:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be7ac9c34fd15c5ff778d948e09ef9f46bd1bdb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:68:f4:5f:0c:b8:c9:7c:b1:b1:92:f4:b8:f2:
                    23:e1:35:b0:e4:e9:0e:eb:7d:f6:18:8b:6e:cb:43:
                    57:de:2b:ae:ea:cd:e0:00:1a:49:f5:e6:44:50:1a:
                    31:ce:3b:eb:52:1c:e4:e4:1b:b4:c1:6d:5c:89:46:
                    58:fb:6a:bf:8a:70:8b:e5:ab:b6:eb:b7:47:ea:f4:
                    40:71:74:9b:b4:b8:c2:fd:94:9c:31:63:46:5d:e7:
                    d6:ab:36:6b:72:e1:19:7d:74:73:ab:40:f4:5d:41:
                    d1:51:2d:1e:fa:6e:78:1e:7a:de:3c:e1:69:a2:d7:
                    eb:7a:6a:73:a6:54:46:c3:32:da:e9:2e:fe:09:f4:
                    ea:15:c3:06:f4:03:a1:d6:fa:77:76:8a:66:c2:ce:
                    fb:b2:af:92:94:2d:01:2f:d9:a0:7b:85:da:2f:f2:
                    b9:ca:98:a0:00:d4:d5:65:e8:ca:02:81:5c:eb:0c:
                    bd:14:f9:99:e8:3f:da:95:fe:20:ad:59:72:44:78:
                    01:a3:19:1c:c8:7d:d0:34:70:99:2f:3c:96:b7:e1:
                    00:f6:40:b4:85:0d:a8:d5:d0:03:5d:ec:c0:68:b3:
                    d0:0b:1e:56:6f:c5:d4:24:6b:55:78:b0:3e:80:e7:
                    cf:3c:21:b5:d4:73:d9:5e:48:c6:c8:48:2d:31:6d:
                    82:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:7A:C9:C3:4F:D1:5C:5F:F7:78:D9:48:E0:9E:F9:F4:6B:D1:BD:B4
            X509v3 Authority Key Identifier:
                keyid:A6:16:21:02:E5:A3:C0:AE:EA:B6:3C:21:ED:92:A8:05:82:6D:B7:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/phYhAuWjwK7qtjwh7ZKoBYJtt6o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/7dd25d-a521-479c-988b-9cee77bc5222/1/vnrJw0_RXF_3eNlI4J759GvRvbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/7dd25d-a521-479c-988b-9cee77bc5222/1/phYhAuWjwK7qtjwh7ZKoBYJtt6o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:ab:9d:99:6c:4a:cc:6c:9b:26:03:7e:47:5c:d9:68:d3:10:
         5c:36:1e:a5:77:b8:31:3b:a7:31:e3:85:f6:13:b5:92:6d:f8:
         dc:61:f8:b7:f9:01:07:15:3b:0a:58:6c:75:60:93:7d:f6:eb:
         c2:fa:6d:30:79:95:ca:e0:29:2d:d5:6f:61:53:48:aa:45:08:
         e3:2e:09:09:12:17:75:b9:0c:23:f8:73:83:9c:14:89:d5:ea:
         15:36:c0:ab:aa:ed:96:b1:85:52:8c:7b:14:0a:81:b4:50:c4:
         c7:a5:25:4f:c4:de:f2:df:e0:4a:b6:aa:c4:d5:62:dc:d9:e4:
         cc:b9:ad:94:3b:95:11:d3:35:a9:2b:42:ba:90:5d:31:24:ca:
         de:1d:57:b1:57:a8:25:2f:46:bd:1d:dd:9c:0d:ff:65:94:0e:
         a0:65:0a:58:d2:69:dd:e6:72:f0:83:ec:83:b2:b0:0d:74:c2:
         c3:3a:c0:fc:ea:48:c6:19:61:f3:93:f5:a1:d8:30:50:8c:c9:
         36:b2:b0:86:30:95:77:ff:3c:80:70:1a:db:25:78:91:c0:8b:
         66:e0:54:b9:31:6c:32:ae:c1:2a:a3:7a:75:40:9a:bf:39:1e:
         e0:47:52:70:4d:df:d8:23:2b:c5:29:0f:9a:45:de:7c:47:17:
         55:e1:3a:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmk31D65riIR7itAqH35ikvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MTYyMTAyZTVhM2MwYWVlYWI2M2MyMWVkOTJhODA1ODI2
ZGI3YWEwHhcNMjUxMDAyMTIyMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTdhYzljMzRmZDE1YzVmZjc3OGQ5NDhlMDllZjlmNDZiZDFiZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmj0Xwy4yXyxsZL0uPIj4TWw5OkO
6332GItuy0NX3iuu6s3gABpJ9eZEUBoxzjvrUhzk5Bu0wW1ciUZY+2q/inCL5au2
67dH6vRAcXSbtLjC/ZScMWNGXefWqzZrcuEZfXRzq0D0XUHRUS0e+m54HnrePOFp
otfrempzplRGwzLa6S7+CfTqFcMG9AOh1vp3dopmws77sq+SlC0BL9mge4XaL/K5
ypigANTVZejKAoFc6wy9FPmZ6D/alf4grVlyRHgBoxkcyH3QNHCZLzyWt+EA9kC0
hQ2o1dADXezAaLPQCx5Wb8XUJGtVeLA+gOfPPCG11HPZXkjGyEgtMW2C9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL56ycNP0Vxf93jZSOCe+fRr0b20MB8GA1UdIwQY
MBaAFKYWIQLlo8Cu6rY8Ie2SqAWCbbeqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGhZaEF1V2p3SzdxdGp3aDdaS29CWUp0dDZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83ZGQyNWQtYTUyMS00NzljLTk4OGIt
OWNlZTc3YmM1MjIyLzEvdm5ySncwX1JYRl8zZU5sSTRKNzU5R3ZSdmJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83ZGQyNWQtYTUyMS00NzljLTk4OGItOWNlZTc3YmM1MjIy
LzEvcGhZaEF1V2p3SzdxdGp3aDdaS29CWUp0dDZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7/IMA0G
CSqGSIb3DQEBCwUAA4IBAQCIq52ZbErMbJsmA35HXNlo0xBcNh6ld7gxO6cx44X2
E7WSbfjcYfi3+QEHFTsKWGx1YJN99uvC+m0weZXK4Ckt1W9hU0iqRQjjLgkJEhd1
uQwj+HODnBSJ1eoVNsCrqu2WsYVSjHsUCoG0UMTHpSVPxN7y3+BKtqrE1WLc2eTM
ua2UO5UR0zWpK0K6kF0xJMreHVexV6glL0a9Hd2cDf9llA6gZQpY0mnd5nLwg+yD
srANdMLDOsD86kjGGWHzk/Wh2DBQjMk2srCGMJV3/zyAcBrbJXiRwItm4FS5MWwy
rsEqo3p1QJq/OR7gR1JwTd/YIyvFKQ+aRd58RxdV4Trp
-----END CERTIFICATE-----