Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lKjWul4Wg-qUMX2VscIdTOM6DOw.roa
File:                     lKjWul4Wg-qUMX2VscIdTOM6DOw.roa (raw, json)
Hash identifier:          nwhzD1Ge8aOm8V2+BiaoyoZrCJpL+4ySJAtiRxiTHVw=
Subject key identifier:   94:A8:D6:BA:5E:16:83:EA:94:31:7D:95:B1:C2:1D:4C:E3:3A:0C:EC
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0198124AE7171A2D77E4CA45C95E0014AEF7
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lKjWul4Wg-qUMX2VscIdTOM6DOw.roa
Signing time:             Wed 16 Jul 2025 08:12:35 +0000
ROA not before:           Wed 16 Jul 2025 08:12:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35783
IP address blocks:        193.233.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:12:4a:e7:17:1a:2d:77:e4:ca:45:c9:5e:00:14:ae:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jul 16 08:12:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94a8d6ba5e1683ea94317d95b1c21d4ce33a0cec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:79:df:e5:f9:d4:f3:a3:6c:e1:29:07:58:75:
                    cc:7d:4e:9e:85:b8:49:37:bd:a4:98:61:24:25:17:
                    37:0b:a1:35:4a:20:77:14:44:0e:3c:5a:5f:ce:be:
                    65:e1:6e:00:ca:1e:dd:b8:4d:6d:40:d7:43:7a:b6:
                    e0:9c:38:6e:68:aa:56:b9:d9:6d:c2:8f:af:d8:40:
                    96:58:a3:da:03:71:51:0d:03:3f:dd:0e:19:53:df:
                    23:ac:b3:cd:4f:3d:c8:5d:15:4a:a6:ba:37:8b:5c:
                    ce:e0:19:08:f3:57:66:dc:1a:ad:06:4e:8f:2d:9c:
                    8e:a4:76:0a:e9:73:d2:5c:f0:30:97:4b:53:5e:03:
                    5b:7b:e3:dc:e8:14:65:82:3f:59:ac:50:a2:6a:de:
                    05:7b:7e:90:0c:7a:eb:67:6f:8d:cf:00:cb:da:ad:
                    73:a1:8b:69:22:1e:ee:42:e0:19:85:43:77:94:c2:
                    10:fe:50:17:cf:b9:82:9c:b9:4f:70:a8:7a:34:24:
                    9f:d9:4b:87:87:2f:e8:74:55:2a:53:77:a0:47:c3:
                    df:9b:1c:3f:2f:8b:ce:94:19:d2:1c:3c:43:2b:49:
                    c0:ea:2b:15:2d:29:aa:c0:0b:29:64:b8:b4:22:23:
                    7c:a1:d5:c2:c7:a3:71:9f:da:51:43:35:60:65:92:
                    9b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:A8:D6:BA:5E:16:83:EA:94:31:7D:95:B1:C2:1D:4C:E3:3A:0C:EC
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lKjWul4Wg-qUMX2VscIdTOM6DOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:80:eb:67:12:4d:7f:7d:5e:56:d5:61:95:9f:f1:8f:45:5c:
         12:e6:75:e2:0f:d6:84:63:50:79:62:44:02:de:d4:99:f4:52:
         93:80:ec:68:35:4b:87:d8:6f:a9:7e:1d:7d:e1:78:cc:f8:5b:
         61:7c:a0:70:82:76:8d:ce:4d:4f:54:ce:52:26:92:fc:76:93:
         d2:0f:04:70:a1:bb:40:f0:b8:b3:d3:0e:ee:3b:03:7b:b5:74:
         8b:90:d7:c3:d3:d9:11:10:95:9a:c8:67:b3:77:a6:7e:37:c5:
         5b:e7:a4:76:88:6d:20:e1:a8:d8:48:3a:dc:2d:90:40:ca:6b:
         09:db:ac:79:75:10:fd:3b:06:66:1b:0e:f7:e0:cb:0e:5d:70:
         b7:20:ce:2b:80:29:3e:1e:ef:e8:26:61:34:9c:4e:c3:63:35:
         c5:d7:8c:c6:68:cd:46:8b:44:94:fa:01:f8:23:86:09:01:cb:
         bc:0d:81:d0:c9:b8:1a:bd:f0:31:5c:92:72:17:2a:54:ef:81:
         61:cc:54:bd:fb:a1:af:b0:85:f4:0a:15:c0:b6:94:3b:d8:af:
         50:5b:f6:59:5a:a2:88:39:16:2e:10:77:fe:85:d6:e6:ca:1e:
         9e:6b:75:73:e4:e2:f5:87:1a:d8:f0:0d:d5:62:85:cd:60:e2:
         ef:da:2b:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgSSucXGi135MpFyV4AFK73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwNzE2MDgxMjM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGE4ZDZiYTVlMTY4M2VhOTQzMTdkOTViMWMyMWQ0Y2UzM2EwY2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHnf5fnU86Ns4SkHWHXMfU6ehbhJ
N72kmGEkJRc3C6E1SiB3FEQOPFpfzr5l4W4Ayh7duE1tQNdDerbgnDhuaKpWudlt
wo+v2ECWWKPaA3FRDQM/3Q4ZU98jrLPNTz3IXRVKpro3i1zO4BkI81dm3BqtBk6P
LZyOpHYK6XPSXPAwl0tTXgNbe+Pc6BRlgj9ZrFCiat4Fe36QDHrrZ2+NzwDL2q1z
oYtpIh7uQuAZhUN3lMIQ/lAXz7mCnLlPcKh6NCSf2UuHhy/odFUqU3egR8Pfmxw/
L4vOlBnSHDxDK0nA6isVLSmqwAspZLi0IiN8odXCx6Nxn9pRQzVgZZKbuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSo1rpeFoPqlDF9lbHCHUzjOgzsMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbEtqV3VsNFdnLXFVTVgyVnNjSWRUT002RE93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwemtMA0G
CSqGSIb3DQEBCwUAA4IBAQBCgOtnEk1/fV5W1WGVn/GPRVwS5nXiD9aEY1B5YkQC
3tSZ9FKTgOxoNUuH2G+pfh194XjM+FthfKBwgnaNzk1PVM5SJpL8dpPSDwRwobtA
8Liz0w7uOwN7tXSLkNfD09kREJWayGezd6Z+N8Vb56R2iG0g4ajYSDrcLZBAymsJ
26x5dRD9OwZmGw734MsOXXC3IM4rgCk+Hu/oJmE0nE7DYzXF14zGaM1Gi0SU+gH4
I4YJAcu8DYHQybgavfAxXJJyFypU74FhzFS9+6GvsIX0ChXAtpQ72K9QW/ZZWqKI
ORYuEHf+hdbmyh6ea3Vz5OL1hxrY8A3VYoXNYOLv2it9
-----END CERTIFICATE-----