Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/a4bK7vSZUplAfyQIIabhy4o62nY.roa
File:                     a4bK7vSZUplAfyQIIabhy4o62nY.roa (raw, json)
Hash identifier:          k1vSSkQ5LW57zDynPRnBmz/NTF8YGpPQwBOTt+SoKdg=
Subject key identifier:   6B:86:CA:EE:F4:99:52:99:40:7F:24:08:21:A6:E1:CB:8A:3A:DA:76
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0197EE044E83F741C9B7CC9EE66BD6CFC207
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/a4bK7vSZUplAfyQIIabhy4o62nY.roa
Signing time:             Wed 09 Jul 2025 07:09:08 +0000
ROA not before:           Wed 09 Jul 2025 07:09:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26042
IP address blocks:        5.175.234.0/24 maxlen: 24
                          77.90.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 04:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:04:4e:83:f7:41:c9:b7:cc:9e:e6:6b:d6:cf:c2:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul  9 07:09:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b86caeef4995299407f240821a6e1cb8a3ada76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ce:5e:c0:71:05:1f:65:d6:e4:b8:5f:47:16:
                    88:36:68:0c:70:56:1a:64:10:40:bc:15:40:6e:82:
                    71:0c:77:61:24:39:8d:2a:0e:df:86:b3:94:11:3a:
                    80:3d:bc:1b:f8:4f:20:eb:9e:0d:ea:45:af:04:17:
                    48:2a:db:6b:08:19:65:f8:7a:ef:8c:d2:16:d0:33:
                    a7:97:3d:af:34:d6:39:78:48:6c:d4:e9:a4:54:be:
                    cd:8e:be:6b:f7:1e:58:d5:c2:8c:08:16:a4:89:fb:
                    45:c5:88:7a:1b:c4:70:3b:20:56:56:6c:96:43:5b:
                    f7:cc:0b:41:be:de:13:10:af:ee:8d:0a:c4:6d:51:
                    c4:53:5d:4b:c4:9b:fb:cb:28:15:50:38:32:2a:96:
                    52:93:8a:4d:55:20:e6:6e:e6:5e:82:dd:c3:72:b2:
                    8a:6e:54:83:28:3b:d1:fb:dc:dd:df:e4:88:6c:f5:
                    4f:41:e4:c0:6e:16:37:2f:d6:c1:ed:8a:47:ea:3a:
                    6f:63:f2:0f:af:2f:40:d7:b4:db:ab:b2:d4:65:9b:
                    1c:33:0a:a4:bf:36:9e:40:51:ac:69:9b:43:95:d3:
                    59:1b:8c:aa:c3:33:db:56:cb:a5:e0:be:91:12:43:
                    cf:c5:e6:5f:ba:67:0a:e9:d5:7c:28:a5:1a:7d:fe:
                    ef:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:86:CA:EE:F4:99:52:99:40:7F:24:08:21:A6:E1:CB:8A:3A:DA:76
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/a4bK7vSZUplAfyQIIabhy4o62nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.234.0/24
                  77.90.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:23:ee:0d:24:bd:42:8b:af:3f:3b:70:01:6e:a2:ab:28:8e:
         da:32:d8:eb:89:fe:9f:98:2a:0a:d8:d9:10:8c:ae:0e:49:92:
         0f:ac:2e:29:4d:22:79:72:45:ae:ee:cc:29:e7:76:a4:7e:c9:
         c7:cc:39:3b:ed:eb:5e:e2:e6:5a:69:6f:a4:75:f5:a4:32:76:
         e3:91:47:17:55:14:43:d9:c7:3c:18:bb:55:e8:8e:3f:1a:5c:
         f4:3e:c8:f2:4d:eb:9a:14:a7:c1:20:18:5e:93:c8:df:8f:8f:
         ff:92:f3:0f:b2:f0:b8:36:76:f1:42:b7:91:61:38:a6:0f:8c:
         a3:05:60:04:95:72:f2:a5:f3:3f:08:d5:fa:a4:6c:22:e1:0b:
         6f:48:8a:9f:bb:3c:d1:66:fd:f0:b9:b0:aa:34:d4:1d:d8:f9:
         db:d8:bd:8e:a2:87:53:40:e9:78:e0:6f:f5:97:b0:02:9c:1d:
         45:0a:f3:e0:18:e8:94:70:d8:c9:d2:10:40:4d:c4:8c:1c:6d:
         26:c1:7a:3b:ac:b2:cc:89:fb:af:65:af:90:72:f2:b2:36:17:
         e7:20:18:4b:81:0c:47:f0:7a:cd:ca:1c:97:c5:44:6b:74:d0:
         a7:0b:63:13:6b:ef:a0:bc:a5:85:bd:e7:a5:18:33:ca:fb:45:
         88:d4:3d:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfuBE6D90HJt8ye5mvWz8IHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzA5MDcwOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjg2Y2FlZWY0OTk1Mjk5NDA3ZjI0MDgyMWE2ZTFjYjhhM2FkYTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyM5ewHEFH2XW5LhfRxaINmgMcFYa
ZBBAvBVAboJxDHdhJDmNKg7fhrOUETqAPbwb+E8g654N6kWvBBdIKttrCBll+Hrv
jNIW0DOnlz2vNNY5eEhs1OmkVL7Njr5r9x5Y1cKMCBakiftFxYh6G8RwOyBWVmyW
Q1v3zAtBvt4TEK/ujQrEbVHEU11LxJv7yygVUDgyKpZSk4pNVSDmbuZegt3DcrKK
blSDKDvR+9zd3+SIbPVPQeTAbhY3L9bB7YpH6jpvY/IPry9A17Tbq7LUZZscMwqk
vzaeQFGsaZtDldNZG4yqwzPbVsul4L6REkPPxeZfumcK6dV8KKUaff7vMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGuGyu70mVKZQH8kCCGm4cuKOtp2MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvYTRiSzd2U1pVcGxBZnlRSUlhYmh5NG82Mm5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABa/qAwQA
TVoVMA0GCSqGSIb3DQEBCwUAA4IBAQDRI+4NJL1Ci68/O3ABbqKrKI7aMtjrif6f
mCoK2NkQjK4OSZIPrC4pTSJ5ckWu7swp53akfsnHzDk77ete4uZaaW+kdfWkMnbj
kUcXVRRD2cc8GLtV6I4/Glz0PsjyTeuaFKfBIBhek8jfj4//kvMPsvC4NnbxQreR
YTimD4yjBWAElXLypfM/CNX6pGwi4QtvSIqfuzzRZv3wubCqNNQd2Pnb2L2OoodT
QOl44G/1l7ACnB1FCvPgGOiUcNjJ0hBATcSMHG0mwXo7rLLMifuvZa+QcvKyNhfn
IBhLgQxH8HrNyhyXxURrdNCnC2MTa++gvKWFveelGDPK+0WI1D2y
-----END CERTIFICATE-----