Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/AkfKvhQEbxNg-ps1WHVeLm7C5wg.roa
File:                     AkfKvhQEbxNg-ps1WHVeLm7C5wg.roa (raw, json)
Hash identifier:          +F4Y+4x4uSjcgcKrus4/R/Sn470XjXWG6vwUGmWLU7o=
Subject key identifier:   02:47:CA:BE:14:04:6F:13:60:FA:9B:35:58:75:5E:2E:6E:C2:E7:08
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B62EDE46511A0D83B278DFEAC906EA
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/AkfKvhQEbxNg-ps1WHVeLm7C5wg.roa
Signing time:             Mon 14 Jul 2025 16:13:11 +0000
ROA not before:           Mon 14 Jul 2025 16:13:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216475
IP address blocks:        213.108.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b6:2e:de:46:51:1a:0d:83:b2:78:df:ea:c9:06:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:13:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0247cabe14046f1360fa9b3558755e2e6ec2e708
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:86:79:18:44:38:4f:6a:03:de:5d:00:46:9c:
                    06:cf:ef:0b:01:33:ac:9d:0f:ca:88:51:f1:59:c3:
                    ff:22:1b:25:b6:6d:68:ca:19:b1:27:6b:e9:cf:1e:
                    31:7c:f8:8a:dd:fb:b9:12:c5:b0:f6:ab:28:3a:bf:
                    c0:5a:51:fe:18:70:f5:1b:9f:8b:f5:dd:6e:27:28:
                    5c:fa:c1:32:06:0e:21:1d:6c:fc:51:71:01:33:9d:
                    c2:e2:4b:cc:2b:1a:b9:ea:58:01:c2:16:ad:5e:c2:
                    16:8d:77:3e:e9:cb:df:74:e8:bf:65:37:68:89:6f:
                    da:a3:5d:e5:8a:51:49:75:ab:39:68:8d:26:32:86:
                    ee:ca:86:65:29:ab:06:b4:47:d1:ca:ff:27:f5:73:
                    85:d4:42:51:ba:a6:ba:0e:2f:1b:b1:5a:8b:99:55:
                    21:8c:85:a3:3a:11:52:b4:a1:0a:c4:47:c6:05:c4:
                    5e:ed:f4:64:54:c2:54:ba:b5:c3:fd:d2:c2:13:ad:
                    19:62:88:18:7b:c3:68:d9:70:a3:22:23:65:2d:f3:
                    bb:75:81:6e:3f:53:41:09:9a:85:9a:0f:01:ef:ac:
                    7a:a9:12:fe:45:42:ae:68:89:83:b7:55:a2:fd:44:
                    fe:62:f3:c9:90:23:b6:29:84:6f:25:a9:54:d6:7a:
                    d3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:47:CA:BE:14:04:6F:13:60:FA:9B:35:58:75:5E:2E:6E:C2:E7:08
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/AkfKvhQEbxNg-ps1WHVeLm7C5wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:bd:72:59:fb:76:6f:b2:b8:96:19:4f:af:be:d1:72:4e:26:
         e1:1f:2f:f6:8a:c0:db:14:c2:08:7e:20:76:6c:69:b4:ef:5f:
         29:cb:ed:29:7d:2d:bd:4b:24:a6:84:06:66:2e:72:a3:d5:dc:
         11:1c:76:d0:08:58:18:61:71:f7:7e:e7:36:1c:1f:90:89:cc:
         5a:da:63:9e:6f:83:6b:c5:3b:4f:2c:cd:3f:ab:60:a9:41:2e:
         00:4a:77:42:3e:fb:04:cd:6a:80:83:5a:5d:14:2e:45:4c:9e:
         bc:1b:f7:5e:a7:4a:c9:4f:e6:84:c8:28:c6:c6:ee:64:b7:5a:
         e7:7e:3f:d9:d8:71:ac:06:d6:3d:7a:d2:04:df:bd:46:39:b2:
         28:17:15:af:ab:af:53:2e:10:bd:45:3b:9a:bf:0c:3a:48:6f:
         f0:a1:33:4e:d8:cc:62:aa:95:ea:8a:e8:33:99:fb:91:2f:00:
         42:61:de:4e:00:72:fb:72:b5:35:fc:a1:d7:71:4a:b6:84:f5:
         b8:4f:33:c9:fb:e7:f2:a4:8d:3e:e1:d2:e0:55:d5:8e:6f:d9:
         a8:7a:54:3e:25:b8:c7:83:07:cf:22:f6:9c:5b:f5:80:cd:c2:
         b6:55:48:1f:d2:f5:96:fb:72:ac:c6:4f:2a:68:f9:b0:8b:ff:
         20:20:fc:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJti7eRlEaDYOyeN/qyQbqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjQ3Y2FiZTE0MDQ2ZjEzNjBmYTliMzU1ODc1NWUyZTZlYzJlNzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoZ5GEQ4T2oD3l0ARpwGz+8LATOs
nQ/KiFHxWcP/Ihsltm1oyhmxJ2vpzx4xfPiK3fu5EsWw9qsoOr/AWlH+GHD1G5+L
9d1uJyhc+sEyBg4hHWz8UXEBM53C4kvMKxq56lgBwhatXsIWjXc+6cvfdOi/ZTdo
iW/ao13lilFJdas5aI0mMobuyoZlKasGtEfRyv8n9XOF1EJRuqa6Di8bsVqLmVUh
jIWjOhFStKEKxEfGBcRe7fRkVMJUurXD/dLCE60ZYogYe8No2XCjIiNlLfO7dYFu
P1NBCZqFmg8B76x6qRL+RUKuaImDt1Wi/UT+YvPJkCO2KYRvJalU1nrTCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJHyr4UBG8TYPqbNVh1Xi5uwucIMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvQWtmS3ZoUUVieE5nLXBzMVdIVmVMbTdDNXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1WzGMA0G
CSqGSIb3DQEBCwUAA4IBAQB6vXJZ+3ZvsriWGU+vvtFyTibhHy/2isDbFMIIfiB2
bGm0718py+0pfS29SySmhAZmLnKj1dwRHHbQCFgYYXH3fuc2HB+Qicxa2mOeb4Nr
xTtPLM0/q2CpQS4ASndCPvsEzWqAg1pdFC5FTJ68G/dep0rJT+aEyCjGxu5kt1rn
fj/Z2HGsBtY9etIE371GObIoFxWvq69TLhC9RTuavww6SG/woTNO2MxiqpXqiugz
mfuRLwBCYd5OAHL7crU1/KHXcUq2hPW4TzPJ++fypI0+4dLgVdWOb9moelQ+JbjH
gwfPIvacW/WAzcK2VUgf0vWW+3Ksxk8qaPmwi/8gIPw1
-----END CERTIFICATE-----