Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/bc94fa-051e-48d5-acd3-c5125142ae58/1/Da7F_pVCBMO9Pya93Jt3tHR6Oco.roa
File:                     Da7F_pVCBMO9Pya93Jt3tHR6Oco.roa (raw, json)
Hash identifier:          UlhnFczuqpWrkcvlwjEVQtMKK1bvCGUHj/RuLRvxfcM=
Subject key identifier:   0D:AE:C5:FE:95:42:04:C3:BD:3F:26:BD:DC:9B:77:B4:74:7A:39:CA
Certificate issuer:       /CN=223087b337f7476c8d6304aeb08cee057f4bf691
Certificate serial:       0197C52AC011CC7B6A8D490C48E23BB5F446
Authority key identifier: 22:30:87:B3:37:F7:47:6C:8D:63:04:AE:B0:8C:EE:05:7F:4B:F6:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IjCHszf3R2yNYwSusIzuBX9L9pE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/bc94fa-051e-48d5-acd3-c5125142ae58/1/Da7F_pVCBMO9Pya93Jt3tHR6Oco.roa
Signing time:             Tue 01 Jul 2025 08:46:42 +0000
ROA not before:           Tue 01 Jul 2025 08:46:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20633
IP address blocks:        141.2.0.0/16 maxlen: 16
                          185.193.228.0/22 maxlen: 22
                          2001:a38::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/bc94fa-051e-48d5-acd3-c5125142ae58/1/IjCHszf3R2yNYwSusIzuBX9L9pE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/bc94fa-051e-48d5-acd3-c5125142ae58/1/IjCHszf3R2yNYwSusIzuBX9L9pE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IjCHszf3R2yNYwSusIzuBX9L9pE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c5:2a:c0:11:cc:7b:6a:8d:49:0c:48:e2:3b:b5:f4:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=223087b337f7476c8d6304aeb08cee057f4bf691
        Validity
            Not Before: Jul  1 08:46:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0daec5fe954204c3bd3f26bddc9b77b4747a39ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ca:ee:c2:38:f6:cd:a1:f5:3c:70:91:33:b4:
                    00:89:7f:22:c5:9b:c4:27:24:36:e5:2b:f9:79:89:
                    0a:25:75:ba:a8:05:cb:7f:73:b0:6a:f1:28:69:19:
                    21:cf:95:a6:1b:3a:37:a6:5b:87:42:d6:84:b4:e7:
                    57:05:31:ee:6f:33:8d:b2:cb:11:c1:3d:d8:ca:9a:
                    6e:f2:34:ed:5f:0d:a7:c9:c3:1c:17:f9:8a:db:38:
                    44:bb:f6:e6:22:c3:df:3e:ff:0f:21:84:69:f4:8c:
                    f2:20:cb:91:6d:cd:04:93:c4:f6:42:80:26:86:ca:
                    0a:9a:37:ac:f2:ef:1a:1a:04:64:38:4f:2a:0c:37:
                    7f:dd:9a:2b:a5:df:36:4c:17:8d:9b:a7:e0:f6:ae:
                    77:8e:d7:ed:a7:6e:a0:92:c1:7b:92:01:e9:46:85:
                    e0:07:eb:5a:ab:6c:a5:e5:b9:b4:8f:02:ac:53:a9:
                    32:9b:2a:14:88:92:84:ee:d8:c8:7b:51:e6:5b:ab:
                    18:d4:f6:28:8b:92:d4:c0:cc:97:0f:5b:58:8c:10:
                    7f:c3:c4:5d:a6:4c:bf:71:ff:44:8a:79:6a:d0:12:
                    59:f6:6e:9d:12:67:22:7c:d9:45:1c:cb:1e:f1:44:
                    33:9b:55:5f:3d:72:33:84:37:de:56:8e:b1:6f:37:
                    df:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:AE:C5:FE:95:42:04:C3:BD:3F:26:BD:DC:9B:77:B4:74:7A:39:CA
            X509v3 Authority Key Identifier:
                keyid:22:30:87:B3:37:F7:47:6C:8D:63:04:AE:B0:8C:EE:05:7F:4B:F6:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IjCHszf3R2yNYwSusIzuBX9L9pE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/bc94fa-051e-48d5-acd3-c5125142ae58/1/Da7F_pVCBMO9Pya93Jt3tHR6Oco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/bc94fa-051e-48d5-acd3-c5125142ae58/1/IjCHszf3R2yNYwSusIzuBX9L9pE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.2.0.0/16
                  185.193.228.0/22
                IPv6:
                  2001:a38::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:38:d9:33:05:35:de:f9:3d:20:3a:bc:db:52:4d:a1:cc:65:
         76:13:42:d8:e0:59:8f:79:98:24:ca:1d:33:b7:f6:5e:42:47:
         37:eb:da:a6:a0:15:ac:0b:e4:03:63:5c:a4:10:6b:31:be:0b:
         b4:1a:a0:6f:09:c3:30:1a:4f:6b:c9:6f:44:be:12:d7:e6:e8:
         3b:81:81:d0:2b:c9:6e:00:07:2b:39:7c:c3:e3:25:49:0e:eb:
         1f:6c:d8:7c:54:ae:da:ba:0d:27:39:29:75:00:6e:62:b4:6a:
         91:4e:2a:a2:f6:82:af:c4:f4:8c:c9:1d:f7:65:0a:86:60:e0:
         47:5b:b1:e6:04:9f:82:03:f7:58:cd:42:9b:94:35:69:fb:0f:
         5c:fd:94:4a:1a:e4:ea:3a:b6:ce:b0:79:7c:1c:be:fa:70:72:
         06:6d:3c:f4:b4:d5:ee:f3:27:fa:78:ff:b7:fb:33:ef:99:31:
         4c:72:aa:30:f7:fe:3a:18:f0:c8:54:c0:29:50:2a:b7:31:0c:
         af:e4:b5:42:32:f7:36:8e:01:f7:e0:5e:92:d7:4b:34:45:37:
         64:09:1f:54:6a:e5:29:22:82:31:d1:29:97:ad:fc:12:f5:d5:
         cb:e2:91:3d:1f:3b:0f:80:8b:37:91:31:05:d8:c8:b6:ac:77:
         bf:b5:18:ef
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZfFKsARzHtqjUkMSOI7tfRGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzA4N2IzMzdmNzQ3NmM4ZDYzMDRhZWIwOGNlZTA1N2Y0
YmY2OTEwHhcNMjUwNzAxMDg0NjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGFlYzVmZTk1NDIwNGMzYmQzZjI2YmRkYzliNzdiNDc0N2EzOWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMruwjj2zaH1PHCRM7QAiX8ixZvE
JyQ25Sv5eYkKJXW6qAXLf3OwavEoaRkhz5WmGzo3pluHQtaEtOdXBTHubzONsssR
wT3Yyppu8jTtXw2nycMcF/mK2zhEu/bmIsPfPv8PIYRp9IzyIMuRbc0Ek8T2QoAm
hsoKmjes8u8aGgRkOE8qDDd/3Zorpd82TBeNm6fg9q53jtftp26gksF7kgHpRoXg
B+taq2yl5bm0jwKsU6kymyoUiJKE7tjIe1HmW6sY1PYoi5LUwMyXD1tYjBB/w8Rd
pky/cf9Einlq0BJZ9m6dEmcifNlFHMse8UQzm1VfPXIzhDfeVo6xbzffEQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFA2uxf6VQgTDvT8mvdybd7R0ejnKMB8GA1UdIwQY
MBaAFCIwh7M390dsjWMErrCM7gV/S/aRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpDSHN6ZjNSMnlOWXdTdXNJenVCWDlMOXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9iYzk0ZmEtMDUxZS00OGQ1LWFjZDMt
YzUxMjUxNDJhZTU4LzEvRGE3Rl9wVkNCTU85UHlhOTNKdDN0SFI2T2NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9iYzk0ZmEtMDUxZS00OGQ1LWFjZDMtYzUxMjUxNDJhZTU4
LzEvSWpDSHN6ZjNSMnlOWXdTdXNJenVCWDlMOXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAjQIDBAK5
weQwDQQCAAIwBwMFACABCjgwDQYJKoZIhvcNAQELBQADggEBAJE42TMFNd75PSA6
vNtSTaHMZXYTQtjgWY95mCTKHTO39l5CRzfr2qagFawL5ANjXKQQazG+C7QaoG8J
wzAaT2vJb0S+Etfm6DuBgdAryW4ABys5fMPjJUkO6x9s2HxUrtq6DSc5KXUAbmK0
apFOKqL2gq/E9IzJHfdlCoZg4EdbseYEn4ID91jNQpuUNWn7D1z9lEoa5Oo6ts6w
eXwcvvpwcgZtPPS01e7zJ/p4/7f7M++ZMUxyqjD3/joY8MhUwClQKrcxDK/ktUIy
9zaOAffgXpLXSzRFN2QJH1Rq5SkigjHRKZet/BL11cvikT0fOw+AizeRMQXYyLas
d7+1GO8=
-----END CERTIFICATE-----