Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/pTp6RUrUCMxAVwwEyObJoI9FgUo.roa
File:                     pTp6RUrUCMxAVwwEyObJoI9FgUo.roa (raw, json)
Hash identifier:          31GS9EncPmPzR2DkvO+/C4bnToRE3RwTxUOXXgxEo7c=
Subject key identifier:   A5:3A:7A:45:4A:D4:08:CC:40:57:0C:04:C8:E6:C9:A0:8F:45:81:4A
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       0197FFDDB3AE827ADC6BBA013CBAB9398459
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/pTp6RUrUCMxAVwwEyObJoI9FgUo.roa
Signing time:             Sat 12 Jul 2025 18:20:08 +0000
ROA not before:           Sat 12 Jul 2025 18:20:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        185.148.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ff:dd:b3:ae:82:7a:dc:6b:ba:01:3c:ba:b9:39:84:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jul 12 18:20:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a53a7a454ad408cc40570c04c8e6c9a08f45814a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:91:20:f7:38:09:ec:77:67:0b:01:30:f1:29:
                    82:69:da:24:c3:94:1f:3b:27:1b:24:c2:68:c4:fe:
                    7e:a0:8d:bf:34:0a:21:77:a4:0c:53:b0:83:2a:97:
                    50:e1:97:3d:b7:04:eb:27:01:33:dd:a6:73:7a:16:
                    1a:e1:39:9c:52:a5:4c:1f:2d:37:b6:f4:02:35:0d:
                    75:b1:cc:bf:09:60:c5:83:0f:29:54:e5:c8:e3:cb:
                    7d:c4:3f:79:88:6b:20:81:8a:a7:b4:60:0a:39:be:
                    2d:8f:81:24:57:ac:7c:57:c4:50:20:19:7b:39:b6:
                    75:c6:01:70:31:12:da:23:47:f8:b4:6f:df:8c:ae:
                    34:07:2d:07:09:ab:c8:21:08:51:4f:cb:ba:c6:15:
                    8b:a7:d9:54:af:0c:b5:4d:6b:2a:8a:fc:d1:a7:f5:
                    6e:fb:c4:4c:00:3b:85:3f:79:a6:8e:e5:21:5c:42:
                    c5:27:1e:89:19:5a:d7:1a:a9:74:38:ed:4b:1b:53:
                    c0:2d:6f:c5:c0:de:48:cc:4b:c1:8a:a0:2d:bd:17:
                    cd:ed:5a:fa:f4:ef:9a:d1:5f:e9:c8:9e:e8:ce:0f:
                    d8:0c:2e:f0:9e:3a:b4:80:e1:d8:80:30:aa:b3:df:
                    db:58:c3:a3:14:7b:b4:95:19:d0:17:98:15:cb:38:
                    18:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:3A:7A:45:4A:D4:08:CC:40:57:0C:04:C8:E6:C9:A0:8F:45:81:4A
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/pTp6RUrUCMxAVwwEyObJoI9FgUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:c0:b9:a4:45:bf:96:e0:c3:55:96:d7:10:f5:42:24:42:c0:
         6c:e8:f5:a4:5f:bb:88:2a:83:0b:b5:4a:ee:e9:ea:91:55:b4:
         95:af:6d:db:5f:af:e2:85:ef:63:23:eb:55:3b:3c:38:7f:bf:
         a5:6e:ef:bd:df:f6:a4:1b:dc:55:3c:cf:52:c8:d8:a7:85:27:
         e5:9c:4d:d1:04:3a:93:3c:33:35:81:75:e7:c1:21:c3:21:48:
         dc:09:f6:eb:4a:6b:ef:7e:2b:8c:cb:78:d7:42:53:b4:02:3d:
         61:0b:4e:fa:6c:81:3b:c1:7d:ab:a9:24:d5:d4:02:21:5c:32:
         a0:ba:04:5e:c7:62:dc:f2:7d:d4:89:fc:a2:ae:d7:20:ce:55:
         f9:a0:1d:e9:79:e2:b9:b2:ba:a5:48:e6:8e:81:2d:ed:40:d8:
         c5:a6:1c:76:17:ae:4b:ac:c6:97:1d:a8:83:ff:c4:79:78:a6:
         df:53:87:65:51:ae:7f:ed:29:28:df:51:ba:5f:c7:88:99:a7:
         8d:23:ab:01:27:f1:da:d7:5d:61:7a:62:88:88:b2:34:95:c7:
         c2:f2:86:a5:d4:0d:c7:a4:42:12:be:79:12:99:96:fa:f4:67:
         54:00:23:bc:67:76:c7:03:06:64:98:e9:60:98:2f:ec:77:10:
         68:68:4f:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf/3bOugnrca7oBPLq5OYRZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjUwNzEyMTgyMDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTNhN2E0NTRhZDQwOGNjNDA1NzBjMDRjOGU2YzlhMDhmNDU4MTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypEg9zgJ7HdnCwEw8SmCadokw5Qf
OycbJMJoxP5+oI2/NAohd6QMU7CDKpdQ4Zc9twTrJwEz3aZzehYa4TmcUqVMHy03
tvQCNQ11scy/CWDFgw8pVOXI48t9xD95iGsggYqntGAKOb4tj4EkV6x8V8RQIBl7
ObZ1xgFwMRLaI0f4tG/fjK40By0HCavIIQhRT8u6xhWLp9lUrwy1TWsqivzRp/Vu
+8RMADuFP3mmjuUhXELFJx6JGVrXGql0OO1LG1PALW/FwN5IzEvBiqAtvRfN7Vr6
9O+a0V/pyJ7ozg/YDC7wnjq0gOHYgDCqs9/bWMOjFHu0lRnQF5gVyzgYowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKU6ekVK1AjMQFcMBMjmyaCPRYFKMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvcFRwNlJVclVDTXhBVnd3RXlPYkpvSTlGZ1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZTzMA0G
CSqGSIb3DQEBCwUAA4IBAQBowLmkRb+W4MNVltcQ9UIkQsBs6PWkX7uIKoMLtUru
6eqRVbSVr23bX6/ihe9jI+tVOzw4f7+lbu+93/akG9xVPM9SyNinhSflnE3RBDqT
PDM1gXXnwSHDIUjcCfbrSmvvfiuMy3jXQlO0Aj1hC076bIE7wX2rqSTV1AIhXDKg
ugRex2Lc8n3UifyirtcgzlX5oB3peeK5srqlSOaOgS3tQNjFphx2F65LrMaXHaiD
/8R5eKbfU4dlUa5/7Sko31G6X8eImaeNI6sBJ/Ha111hemKIiLI0lcfC8oal1A3H
pEISvnkSmZb69GdUACO8Z3bHAwZkmOlgmC/sdxBoaE9T
-----END CERTIFICATE-----