Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/AuIXsACFZFXiRbUNGuqesbMnYNk.roa
File:                     AuIXsACFZFXiRbUNGuqesbMnYNk.roa (raw, json)
Hash identifier:          AtCFXdHEG1WMWeYjbN29zoI3CDK+hXSx8POzE7WNroc=
Subject key identifier:   02:E2:17:B0:00:85:64:55:E2:45:B5:0D:1A:EA:9E:B1:B3:27:60:D9
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       01995BAE54EE9AFEC39BE283C876836F02C2
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/AuIXsACFZFXiRbUNGuqesbMnYNk.roa
Signing time:             Thu 18 Sep 2025 07:16:15 +0000
ROA not before:           Thu 18 Sep 2025 07:16:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61156
IP address blocks:        185.17.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5b:ae:54:ee:9a:fe:c3:9b:e2:83:c8:76:83:6f:02:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Sep 18 07:16:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02e217b000856455e245b50d1aea9eb1b32760d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:cd:a3:c9:20:27:cd:d5:df:25:be:4b:52:79:
                    e3:9b:5f:4f:c8:7a:a4:79:4d:b0:dc:b7:52:1e:db:
                    d8:5c:9a:dd:19:b5:b0:06:c6:7e:6c:1b:f0:97:53:
                    02:9d:6c:83:ab:2d:1a:a5:98:ee:ab:e0:ba:ea:ed:
                    5a:29:ad:b7:30:cc:0f:1f:74:de:12:3f:a5:9c:6c:
                    ad:79:5c:ec:67:0d:33:76:e0:9d:59:ec:ce:ab:e8:
                    9b:86:32:18:23:83:02:d6:5d:05:59:42:a4:05:01:
                    91:a2:10:d7:2a:eb:7a:1e:79:ac:36:f7:17:80:1a:
                    8c:2f:45:34:15:8f:1c:fa:c5:10:f2:63:3a:fd:c7:
                    3b:de:79:e9:1c:08:3c:34:78:13:8f:4d:09:ae:d0:
                    9e:7d:a7:93:c7:85:1d:b8:eb:be:8a:a4:23:7a:71:
                    da:bb:aa:de:33:0b:24:09:dd:ce:65:4b:52:df:ae:
                    65:e7:51:c3:81:98:c2:40:01:e9:02:c6:31:8e:72:
                    bf:01:65:00:36:52:c9:83:9f:79:30:99:de:af:42:
                    7a:24:90:ad:8a:7c:49:b1:73:1b:75:4e:46:63:3d:
                    21:b1:9f:a1:d8:d7:04:c0:05:12:c3:cc:d9:a3:2f:
                    81:27:1f:c3:74:b7:96:2a:31:bc:c5:9d:4d:69:a2:
                    ef:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:E2:17:B0:00:85:64:55:E2:45:B5:0D:1A:EA:9E:B1:B3:27:60:D9
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/AuIXsACFZFXiRbUNGuqesbMnYNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:e4:19:ee:28:8a:c9:31:c4:92:f3:75:29:f6:7e:eb:15:b2:
         45:79:18:52:c4:0a:21:01:f5:89:70:d9:30:b9:80:dc:9b:90:
         ab:83:1b:51:0c:eb:05:3b:4f:e9:93:20:28:ab:ee:06:90:20:
         c5:42:90:61:54:eb:cb:1e:e2:cf:15:f3:51:0f:d3:ac:84:ba:
         30:96:fc:c0:07:18:e9:d8:52:69:7d:6b:70:c7:dd:33:cf:e3:
         fb:2a:07:0d:db:fe:72:17:62:9e:5e:e8:e0:78:d8:9e:a4:5a:
         1f:06:9e:a9:d6:87:aa:00:5a:51:4c:e6:ab:92:2f:16:6f:27:
         d7:a4:65:2d:ab:e3:cd:94:62:52:82:43:33:61:ef:79:5f:2c:
         fa:d7:f0:3b:90:af:b9:17:e0:91:e8:f8:4f:6e:56:86:ae:10:
         95:37:a6:90:cf:ec:b1:ed:2a:4a:ab:2e:b4:5a:ea:f8:1e:18:
         ff:3a:fd:a9:21:db:7b:62:16:be:c4:23:64:cf:98:54:0f:a7:
         14:7a:aa:94:72:27:94:4b:1b:3c:f5:2c:c3:74:97:27:d4:47:
         4d:8b:c4:a0:10:d3:79:e8:51:5c:4e:bb:49:8a:18:ad:48:92:
         35:5e:d5:33:c4:0d:c4:53:53:50:41:f9:2d:17:a9:83:13:61:
         78:e4:19:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlbrlTumv7Dm+KDyHaDbwLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjUwOTE4MDcxNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmUyMTdiMDAwODU2NDU1ZTI0NWI1MGQxYWVhOWViMWIzMjc2MGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzs2jySAnzdXfJb5LUnnjm19PyHqk
eU2w3LdSHtvYXJrdGbWwBsZ+bBvwl1MCnWyDqy0apZjuq+C66u1aKa23MMwPH3Te
Ej+lnGyteVzsZw0zduCdWezOq+ibhjIYI4MC1l0FWUKkBQGRohDXKut6HnmsNvcX
gBqML0U0FY8c+sUQ8mM6/cc73nnpHAg8NHgTj00JrtCefaeTx4UduOu+iqQjenHa
u6reMwskCd3OZUtS365l51HDgZjCQAHpAsYxjnK/AWUANlLJg595MJner0J6JJCt
inxJsXMbdU5GYz0hsZ+h2NcEwAUSw8zZoy+BJx/DdLeWKjG8xZ1NaaLvlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALiF7AAhWRV4kW1DRrqnrGzJ2DZMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvQXVJWHNBQ0ZaRlhpUmJVTkd1cWVzYk1uWU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRFXMA0G
CSqGSIb3DQEBCwUAA4IBAQAN5BnuKIrJMcSS83Up9n7rFbJFeRhSxAohAfWJcNkw
uYDcm5CrgxtRDOsFO0/pkyAoq+4GkCDFQpBhVOvLHuLPFfNRD9OshLowlvzABxjp
2FJpfWtwx90zz+P7KgcN2/5yF2KeXujgeNiepFofBp6p1oeqAFpRTOarki8WbyfX
pGUtq+PNlGJSgkMzYe95Xyz61/A7kK+5F+CR6PhPblaGrhCVN6aQz+yx7SpKqy60
Wur4Hhj/Ov2pIdt7Yha+xCNkz5hUD6cUeqqUcieUSxs89SzDdJcn1EdNi8SgENN5
6FFcTrtJihitSJI1XtUzxA3EU1NQQfktF6mDE2F45BmF
-----END CERTIFICATE-----