Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/1-WTtBjMSRrb4TAl7DySIOk7FY38.roa
File:                     1-WTtBjMSRrb4TAl7DySIOk7FY38.roa (raw, json)
Hash identifier:          oHE7Yoyc0yluIv4batxOrntXR8UN3jcb6OoGC5ontY0=
Subject key identifier:   F9:64:ED:06:33:12:46:B6:F8:4C:09:7B:0F:24:88:3A:4E:C5:63:7F
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       01981F26FE122FA200CFE6B3D2D86A575999
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/1-WTtBjMSRrb4TAl7DySIOk7FY38.roa
Signing time:             Fri 18 Jul 2025 20:08:25 +0000
ROA not before:           Fri 18 Jul 2025 20:08:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20115
IP address blocks:        212.111.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1f:26:fe:12:2f:a2:00:cf:e6:b3:d2:d8:6a:57:59:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jul 18 20:08:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f964ed06331246b6f84c097b0f24883a4ec5637f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:31:6d:43:d1:97:63:29:23:ed:18:50:f4:bb:
                    ec:52:6e:c5:b6:49:fe:07:b0:93:59:be:94:a7:d2:
                    59:a3:91:e1:8b:6f:33:b2:e5:9c:f4:9e:cc:d0:bd:
                    d4:8e:6d:6d:eb:4b:94:d8:b6:18:94:10:9b:61:25:
                    1f:04:98:01:0d:73:29:ab:ab:ae:18:b4:6f:d0:33:
                    a0:87:1f:df:0d:4d:6e:84:66:0d:b5:c6:f8:83:9a:
                    0a:03:1a:89:b4:73:0b:e6:95:d6:20:48:0d:3d:5a:
                    81:d7:9c:07:8b:bc:a2:7c:ce:97:ed:96:a5:6c:29:
                    0b:70:62:4f:3e:73:89:45:5f:a0:f2:ac:c4:b1:9a:
                    c6:67:1b:41:23:2c:f5:8a:f8:c1:13:5c:45:3a:93:
                    b8:e7:fb:ee:6f:41:fc:55:5b:b3:c5:ce:2d:ec:a2:
                    54:b3:f5:b3:39:da:b1:a1:ed:db:fe:ef:21:0f:12:
                    18:79:39:94:79:fd:37:44:90:f6:73:be:50:12:78:
                    e7:2c:a0:1d:41:75:5b:5f:a5:3c:38:90:10:33:ad:
                    df:2d:b0:52:71:5f:3a:e7:90:21:dc:8b:83:00:5a:
                    c8:da:bd:d4:27:9c:fa:d0:eb:6f:bc:f0:4e:6e:33:
                    46:7c:a7:a1:33:5d:ca:cc:9c:b7:3d:0c:29:2c:88:
                    dc:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:64:ED:06:33:12:46:B6:F8:4C:09:7B:0F:24:88:3A:4E:C5:63:7F
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/1-WTtBjMSRrb4TAl7DySIOk7FY38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:6a:6d:dd:89:34:90:3b:2a:ec:50:f9:58:5f:47:de:15:96:
         e7:4a:2c:a0:31:a1:b9:65:2e:28:fd:77:66:c8:a4:98:f7:00:
         53:b9:56:d9:99:46:5b:ab:42:3a:dd:42:03:70:43:c1:10:30:
         67:80:b8:2b:16:37:c1:22:09:9c:36:32:6c:53:5a:d6:a0:b3:
         c5:cb:52:c1:ed:19:ea:fd:6f:bb:4d:6d:6a:e4:5a:0b:15:82:
         0c:be:d3:d9:cd:fa:dc:33:2c:5e:09:04:e3:f6:ab:66:5b:12:
         76:b6:55:97:bf:1e:f5:71:bd:f5:72:a3:82:6a:16:03:55:a4:
         25:d5:ae:ae:86:14:c6:72:9d:01:07:a2:2c:b1:12:cb:37:86:
         3f:39:12:33:c7:15:6b:55:16:2c:f8:f4:56:e2:01:4c:ed:7a:
         34:46:30:0a:2b:8e:b1:8c:2a:43:23:cc:86:c9:6e:95:1e:d7:
         ad:39:92:6b:db:32:f4:0c:fc:89:66:8f:d4:45:9f:62:79:aa:
         86:e3:d9:b8:77:d0:ed:7f:48:c3:15:64:16:97:87:ab:db:ec:
         67:b3:fb:76:66:22:f2:e5:14:18:0b:2d:3e:7c:04:d0:80:0d:
         1b:fc:65:be:c6:4f:14:c4:78:e0:55:90:c2:1b:92:79:32:8e:
         33:be:76:37
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgfJv4SL6IAz+az0thqV1mZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwNzE4MjAwODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTY0ZWQwNjMzMTI0NmI2Zjg0YzA5N2IwZjI0ODgzYTRlYzU2MzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7DFtQ9GXYykj7RhQ9LvsUm7Ftkn+
B7CTWb6Up9JZo5Hhi28zsuWc9J7M0L3Ujm1t60uU2LYYlBCbYSUfBJgBDXMpq6uu
GLRv0DOghx/fDU1uhGYNtcb4g5oKAxqJtHML5pXWIEgNPVqB15wHi7yifM6X7Zal
bCkLcGJPPnOJRV+g8qzEsZrGZxtBIyz1ivjBE1xFOpO45/vub0H8VVuzxc4t7KJU
s/WzOdqxoe3b/u8hDxIYeTmUef03RJD2c75QEnjnLKAdQXVbX6U8OJAQM63fLbBS
cV8655Ah3IuDAFrI2r3UJ5z60OtvvPBObjNGfKehM13KzJy3PQwpLIjcbwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlk7QYzEka2+EwJew8kiDpOxWN/MB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvMS1XVHRCak1TUnJiNFRBbDdEeVNJT2s3RlkzOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTEvOGI2ZmIwLWE4NzUtNDk0Ny04YWU0LTAzZjRjNzExM2Mz
NC8xL0dVSmpKYXk0em1DYWFHLW1WYkJZbG9nSnMwWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtRv3DAN
BgkqhkiG9w0BAQsFAAOCAQEAQGpt3Yk0kDsq7FD5WF9H3hWW50osoDGhuWUuKP13
ZsikmPcAU7lW2ZlGW6tCOt1CA3BDwRAwZ4C4KxY3wSIJnDYybFNa1qCzxctSwe0Z
6v1vu01tauRaCxWCDL7T2c363DMsXgkE4/arZlsSdrZVl78e9XG99XKjgmoWA1Wk
JdWuroYUxnKdAQeiLLESyzeGPzkSM8cVa1UWLPj0VuIBTO16NEYwCiuOsYwqQyPM
hslulR7XrTmSa9sy9Az8iWaP1EWfYnmqhuPZuHfQ7X9IwxVkFpeHq9vsZ7P7dmYi
8uUUGAstPnwE0IANG/xlvsZPFMR44FWQwhuSeTKOM752Nw==
-----END CERTIFICATE-----