Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/rnDodB7s0gpQktHMSBT-hXUItaw.roa
File:                     rnDodB7s0gpQktHMSBT-hXUItaw.roa (raw, json)
Hash identifier:          scf+UDgeFvA9fGqtgPdgrgkpCdxYh0GIU5nzCuRrgH8=
Subject key identifier:   AE:70:E8:74:1E:EC:D2:0A:50:92:D1:CC:48:14:FE:85:75:08:B5:AC
Certificate issuer:       /CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
Certificate serial:       0198085954F85409D997276A185A69E40A08
Authority key identifier: 75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/rnDodB7s0gpQktHMSBT-hXUItaw.roa
Signing time:             Mon 14 Jul 2025 09:52:08 +0000
ROA not before:           Mon 14 Jul 2025 09:52:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36352
IP address blocks:        213.178.140.0/24 maxlen: 24
                          213.178.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:59:54:f8:54:09:d9:97:27:6a:18:5a:69:e4:0a:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
        Validity
            Not Before: Jul 14 09:52:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae70e8741eecd20a5092d1cc4814fe857508b5ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:38:0a:56:e1:9e:22:bd:12:01:cc:a0:52:b9:
                    42:4f:04:8c:e0:c4:5b:a8:c0:08:27:3c:6b:d7:93:
                    40:82:c4:28:27:5e:97:8c:02:70:7d:8b:9b:58:84:
                    fc:88:bb:01:66:6e:cb:90:d5:21:8b:a8:30:93:db:
                    d6:2e:7c:ea:b8:5c:99:26:92:ce:5d:6c:a1:81:f7:
                    66:f6:1f:56:dd:53:d7:ab:bb:60:21:62:ed:f2:69:
                    84:9d:75:fb:5b:ed:1a:f1:5d:2b:e6:d5:fb:2f:43:
                    c2:fd:6b:cf:21:20:13:22:ab:1e:a6:7c:cb:e8:56:
                    17:c4:4a:ef:77:16:93:93:5d:bf:b4:ba:98:64:03:
                    f4:7e:5b:23:df:2d:5f:2d:fd:d0:b9:0c:d7:c5:e8:
                    7f:63:36:58:c4:4c:81:84:db:db:9c:39:6e:b8:56:
                    06:b3:81:5a:e8:ab:d5:f6:cb:e9:a0:2b:eb:bc:7e:
                    9d:da:21:7f:bd:36:a1:fc:82:91:1f:cb:23:03:c0:
                    9e:a2:37:3f:f9:20:72:60:f8:02:d8:f2:87:d1:ec:
                    d4:78:83:97:61:72:8f:53:c9:58:ae:83:3e:1d:66:
                    94:fb:7f:7d:d6:89:26:b5:c2:f4:fc:e0:be:33:df:
                    27:03:19:ab:96:0e:fd:cc:ef:1a:59:5d:f9:40:a5:
                    e7:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:70:E8:74:1E:EC:D2:0A:50:92:D1:CC:48:14:FE:85:75:08:B5:AC
            X509v3 Authority Key Identifier:
                keyid:75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/rnDodB7s0gpQktHMSBT-hXUItaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:28:e5:56:d5:e3:f0:fb:49:fb:38:a1:ec:70:de:81:56:ec:
         5d:26:22:0e:23:e8:08:e4:cf:01:73:76:1d:3a:65:af:ba:e8:
         e6:f1:86:a0:51:ae:00:8f:e7:32:8c:d6:87:29:3d:20:26:87:
         e1:c6:68:24:09:c6:81:cd:5e:b2:d4:4d:2c:14:12:97:3c:81:
         31:52:a8:8c:bc:32:e2:5d:fd:b8:9f:1c:c0:41:14:22:27:6f:
         52:c4:9d:35:b4:78:3a:0c:66:25:c4:f3:50:b5:58:07:41:82:
         54:a4:f4:cd:44:f4:3c:89:e0:7d:ba:83:0c:04:ed:5b:f9:ca:
         1d:7e:40:be:2d:a5:a6:e8:86:5d:d9:d5:90:c8:9e:81:8d:63:
         25:9b:e9:f0:13:f5:2b:65:48:b6:50:fd:82:c9:35:43:23:ab:
         82:6d:98:e9:3a:bc:02:3a:09:87:9c:ed:fc:5c:81:60:c7:00:
         c0:6f:ba:fd:bf:0d:1c:7a:fb:ee:28:d1:ac:e0:4a:0c:c5:fc:
         b2:b5:d3:6b:3d:45:85:10:c1:cd:98:ad:ea:c9:e1:15:f8:5e:
         cf:2f:41:16:63:6d:0e:23:d5:1d:e6:75:fa:f9:11:cd:10:87:
         57:ad:41:05:d8:e3:e5:e5:e6:11:39:15:a3:40:76:e0:3c:cd:
         09:a9:d8:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgIWVT4VAnZlydqGFpp5AoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NTRhYzRjN2Y0NTFjNWJiOTM4MmZiY2Q0NmQ3MGM0YzBm
OWRlNTYwHhcNMjUwNzE0MDk1MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTcwZTg3NDFlZWNkMjBhNTA5MmQxY2M0ODE0ZmU4NTc1MDhiNWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTgKVuGeIr0SAcygUrlCTwSM4MRb
qMAIJzxr15NAgsQoJ16XjAJwfYubWIT8iLsBZm7LkNUhi6gwk9vWLnzquFyZJpLO
XWyhgfdm9h9W3VPXq7tgIWLt8mmEnXX7W+0a8V0r5tX7L0PC/WvPISATIqsepnzL
6FYXxErvdxaTk12/tLqYZAP0flsj3y1fLf3QuQzXxeh/YzZYxEyBhNvbnDluuFYG
s4Fa6KvV9svpoCvrvH6d2iF/vTah/IKRH8sjA8Ceojc/+SByYPgC2PKH0ezUeIOX
YXKPU8lYroM+HWaU+3991okmtcL0/OC+M98nAxmrlg79zO8aWV35QKXnAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK5w6HQe7NIKUJLRzEgU/oV1CLWsMB8GA1UdIwQY
MBaAFHVUrEx/RRxbuTgvvNRtcMTA+d5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4Mjgt
ZDkzMzdkYjM5ZDFmLzEvcm5Eb2RCN3MwZ3BRa3RITVNCVC1oWFVJdGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4MjgtZDkzMzdkYjM5ZDFm
LzEvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1bKMMA0G
CSqGSIb3DQEBCwUAA4IBAQA4KOVW1ePw+0n7OKHscN6BVuxdJiIOI+gI5M8Bc3Yd
OmWvuujm8YagUa4Aj+cyjNaHKT0gJofhxmgkCcaBzV6y1E0sFBKXPIExUqiMvDLi
Xf24nxzAQRQiJ29SxJ01tHg6DGYlxPNQtVgHQYJUpPTNRPQ8ieB9uoMMBO1b+cod
fkC+LaWm6IZd2dWQyJ6BjWMlm+nwE/UrZUi2UP2CyTVDI6uCbZjpOrwCOgmHnO38
XIFgxwDAb7r9vw0cevvuKNGs4EoMxfyytdNrPUWFEMHNmK3qyeEV+F7PL0EWY20O
I9Ud5nX6+RHNEIdXrUEF2OPl5eYRORWjQHbgPM0Jqdhh
-----END CERTIFICATE-----