Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/i7ShfeBNXeE5C-roaREFy84WU-E.roa
File:                     i7ShfeBNXeE5C-roaREFy84WU-E.roa (raw, json)
Hash identifier:          uApywUSWp2zsd1xqhgx86otGYubRuvW6fy6PUkNy+30=
Subject key identifier:   8B:B4:A1:7D:E0:4D:5D:E1:39:0B:EA:E8:69:11:05:CB:CE:16:53:E1
Certificate issuer:       /CN=b14aba8b60749393478e83c360e6cbd75d156f89
Certificate serial:       0197CB7269EB7BE7F8D7AA14C809B68DC03E
Authority key identifier: B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/i7ShfeBNXeE5C-roaREFy84WU-E.roa
Signing time:             Wed 02 Jul 2025 14:02:42 +0000
ROA not before:           Wed 02 Jul 2025 14:02:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200040
IP address blocks:        188.124.0.0/24 maxlen: 24
                          188.124.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cb:72:69:eb:7b:e7:f8:d7:aa:14:c8:09:b6:8d:c0:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b14aba8b60749393478e83c360e6cbd75d156f89
        Validity
            Not Before: Jul  2 14:02:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bb4a17de04d5de1390beae8691105cbce1653e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b2:e9:f9:10:67:75:24:fc:0f:a6:2a:60:d1:
                    6a:03:32:39:5b:28:37:3c:92:21:fc:11:52:bd:bd:
                    14:64:cc:8a:15:ed:d6:10:47:a1:7a:88:96:c8:af:
                    6b:cf:e2:3d:b2:2c:78:ae:94:97:2f:c2:37:4b:25:
                    9d:84:ba:18:26:15:7e:2c:51:53:fc:56:cf:88:9d:
                    66:fe:89:e1:09:6d:e4:a5:44:32:45:14:f6:e8:80:
                    ec:8e:c3:6d:d7:4c:da:d5:22:2d:5a:fc:18:8b:c4:
                    a8:27:ec:d7:dd:9a:ab:31:8c:0e:8f:8e:03:05:42:
                    c8:81:1e:e7:44:51:56:f7:5b:82:2a:d6:3b:4a:bc:
                    27:88:11:09:14:9f:ac:3a:db:0b:b6:c8:cc:7b:b4:
                    16:6b:39:49:b5:a7:47:ce:9c:27:ea:e9:35:a8:f0:
                    5b:e5:0c:35:8d:a2:a0:fe:2f:a4:dc:a0:1f:bb:c3:
                    a2:42:64:fb:4c:4f:82:98:cd:0e:34:8e:57:ea:43:
                    0a:d0:9d:99:21:dd:bc:8d:6f:f9:f2:47:8a:94:db:
                    21:3d:2d:68:90:6e:06:a9:cc:b4:5c:92:a2:c1:04:
                    a9:4e:06:12:6c:62:c1:cb:55:af:55:bb:d0:f8:9e:
                    95:40:8a:b6:ee:ce:5d:44:4f:9e:38:64:47:b5:cf:
                    a1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:B4:A1:7D:E0:4D:5D:E1:39:0B:EA:E8:69:11:05:CB:CE:16:53:E1
            X509v3 Authority Key Identifier:
                keyid:B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/i7ShfeBNXeE5C-roaREFy84WU-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.124.0.0/24
                  188.124.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:a3:30:4c:a6:f2:0b:46:3f:69:90:e0:33:c9:ff:bd:ba:c0:
         8b:b9:53:15:d0:9e:98:40:df:35:d0:48:22:3e:cb:3e:e3:7d:
         7d:fd:52:54:36:cb:6c:e9:a2:81:7f:17:45:1c:d3:18:6a:e2:
         f9:c3:45:2d:f7:7e:93:25:78:b6:8a:e5:60:4d:12:0d:74:07:
         d6:80:aa:f8:b3:32:19:ba:c7:f3:a2:d5:0e:a7:5b:ad:24:f0:
         db:24:52:1b:13:61:93:dc:6b:39:9d:a9:d3:27:ea:78:90:9b:
         0f:65:1e:41:d1:90:2d:36:c9:ca:61:17:33:47:d0:4e:28:05:
         b2:2a:4f:0c:d5:6a:b8:0d:a6:ec:96:51:f0:66:58:ca:24:c5:
         38:bd:f1:9d:e7:d0:16:3d:0a:12:8d:20:38:68:6d:b4:f6:eb:
         44:89:a6:ce:5d:e2:86:b0:9f:07:0b:b7:31:e8:dd:88:7d:90:
         1f:5b:46:72:66:fc:48:ca:d7:f5:c5:60:7a:f2:1e:14:00:06:
         d4:96:92:96:ce:b9:13:c1:e3:14:da:77:6c:67:b3:e6:a4:5f:
         16:7d:05:13:d1:a0:83:08:a9:a4:9a:2f:83:69:e1:e1:2c:65:
         7b:5a:28:db:7e:b1:d9:f6:01:95:db:11:7b:39:94:44:d6:96:
         fb:24:9e:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfLcmnre+f416oUyAm2jcA+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNGFiYThiNjA3NDkzOTM0NzhlODNjMzYwZTZjYmQ3NWQx
NTZmODkwHhcNMjUwNzAyMTQwMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmI0YTE3ZGUwNGQ1ZGUxMzkwYmVhZTg2OTExMDVjYmNlMTY1M2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrLp+RBndST8D6YqYNFqAzI5Wyg3
PJIh/BFSvb0UZMyKFe3WEEeheoiWyK9rz+I9six4rpSXL8I3SyWdhLoYJhV+LFFT
/FbPiJ1m/onhCW3kpUQyRRT26IDsjsNt10za1SItWvwYi8SoJ+zX3ZqrMYwOj44D
BULIgR7nRFFW91uCKtY7SrwniBEJFJ+sOtsLtsjMe7QWazlJtadHzpwn6uk1qPBb
5Qw1jaKg/i+k3KAfu8OiQmT7TE+CmM0ONI5X6kMK0J2ZId28jW/58keKlNshPS1o
kG4Gqcy0XJKiwQSpTgYSbGLBy1WvVbvQ+J6VQIq27s5dRE+eOGRHtc+hCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIu0oX3gTV3hOQvq6GkRBcvOFlPhMB8GA1UdIwQY
MBaAFLFKuotgdJOTR46Dw2Dmy9ddFW+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYt
Y2Y2YzMwNTIxMmViLzEvaTdTaGZlQk5YZUU1Qy1yb2FSRUZ5ODRXVS1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYtY2Y2YzMwNTIxMmVi
LzEvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvHwAAwQA
vHwfMA0GCSqGSIb3DQEBCwUAA4IBAQBEozBMpvILRj9pkOAzyf+9usCLuVMV0J6Y
QN810EgiPss+4319/VJUNsts6aKBfxdFHNMYauL5w0Ut936TJXi2iuVgTRINdAfW
gKr4szIZusfzotUOp1utJPDbJFIbE2GT3Gs5nanTJ+p4kJsPZR5B0ZAtNsnKYRcz
R9BOKAWyKk8M1Wq4DabsllHwZljKJMU4vfGd59AWPQoSjSA4aG209utEiabOXeKG
sJ8HC7cx6N2IfZAfW0ZyZvxIytf1xWB68h4UAAbUlpKWzrkTweMU2ndsZ7PmpF8W
fQUT0aCDCKmkmi+DaeHhLGV7WijbfrHZ9gGV2xF7OZRE1pb7JJ42
-----END CERTIFICATE-----