Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/DMYb7XcApaUgpEb9ZoPOYV9utaU.roa
File:                     DMYb7XcApaUgpEb9ZoPOYV9utaU.roa (raw, json)
Hash identifier:          ueHYzMwRHwrYagGy8tSOrW2mqNhSEnZT6KkgAgwR810=
Subject key identifier:   0C:C6:1B:ED:77:00:A5:A5:20:A4:46:FD:66:83:CE:61:5F:6E:B5:A5
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B62C2FF8000F23FBD2B61D69D8E762
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/DMYb7XcApaUgpEb9ZoPOYV9utaU.roa
Signing time:             Mon 14 Jul 2025 16:13:10 +0000
ROA not before:           Mon 14 Jul 2025 16:13:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215115
IP address blocks:        94.142.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b6:2c:2f:f8:00:0f:23:fb:d2:b6:1d:69:d8:e7:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:13:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cc61bed7700a5a520a446fd6683ce615f6eb5a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8e:ae:5d:d0:7b:54:f3:e5:5b:e7:c3:b6:c4:
                    95:53:56:b1:58:8d:f7:b1:7c:94:63:d2:51:62:b7:
                    85:e8:13:13:63:f1:f6:52:bd:e1:42:74:fc:11:92:
                    a6:68:af:c9:d7:97:1e:24:29:88:ed:90:db:5d:c1:
                    24:df:9a:f4:ae:f4:e4:bc:f5:4c:83:6b:a6:eb:c7:
                    56:8e:ea:bf:10:18:6e:d8:ad:5d:3c:0a:87:fc:5d:
                    1e:d8:d8:06:31:76:27:11:0c:76:6f:c9:2b:ad:b6:
                    01:dc:cc:40:16:2d:94:7a:0a:97:f1:61:43:d4:c7:
                    ef:25:62:a1:65:1c:c0:0f:a2:36:a7:cd:95:61:91:
                    1e:d7:c2:99:ae:0f:9c:26:47:e1:b6:72:b9:00:2a:
                    41:fd:a7:01:59:d2:4e:46:51:b5:57:7a:6e:65:ec:
                    95:a7:c2:81:ab:cf:bb:6c:56:8d:76:ac:a2:cd:77:
                    f6:b0:35:01:e1:44:5f:63:c0:e8:51:41:b6:09:b1:
                    20:68:33:37:33:7c:02:16:45:4b:d8:dc:e6:79:46:
                    bd:83:62:43:95:08:45:01:e2:18:0b:e6:b2:4e:df:
                    61:85:34:e9:9f:64:f4:40:18:4c:47:fc:a2:ee:3a:
                    f9:a6:e7:34:3f:a6:f8:ab:d7:d3:96:a4:af:ab:71:
                    7a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:C6:1B:ED:77:00:A5:A5:20:A4:46:FD:66:83:CE:61:5F:6E:B5:A5
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/DMYb7XcApaUgpEb9ZoPOYV9utaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:9e:da:34:a6:d4:dc:56:30:73:b7:6b:47:0f:32:2f:77:c9:
         2b:f5:8b:d0:9d:bb:97:59:4a:2c:8d:22:bc:c8:f5:88:53:0a:
         07:e0:e0:47:c4:5a:5b:72:dd:b0:58:47:02:e2:e8:14:23:81:
         a7:8f:99:5b:22:d8:c0:b8:f7:f9:57:7c:5a:a5:27:f9:06:ef:
         6f:dd:50:08:44:1e:51:a1:a4:f6:a8:4c:99:da:c3:a6:af:2e:
         a4:d9:8a:b4:32:08:bd:28:ef:48:9a:43:1b:de:38:d5:98:32:
         b5:cd:c2:f9:87:f8:7a:36:eb:e1:78:83:47:2a:af:57:83:14:
         54:52:7c:60:4b:11:23:67:4c:be:e8:91:1e:e3:99:43:81:57:
         37:07:5a:b9:8f:40:1b:ab:3d:df:97:89:89:06:d5:fe:01:fd:
         d9:93:ca:ca:a6:b2:3b:5e:55:c2:39:c4:00:1e:56:86:ae:37:
         32:64:78:7d:14:fd:a7:25:1e:8f:cf:0c:78:49:fd:56:c8:a1:
         7d:87:a4:0d:5b:c9:92:31:70:b4:0a:73:cc:4d:21:6e:bb:df:
         04:ed:32:08:af:71:c7:8b:4f:bf:5e:4e:f0:30:b4:ca:95:6c:
         c2:c3:b0:99:c3:88:b1:6a:ae:fa:fc:6e:7c:87:85:ea:70:f1:
         41:e6:30:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJtiwv+AAPI/vSth1p2OdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2M2MWJlZDc3MDBhNWE1MjBhNDQ2ZmQ2NjgzY2U2MTVmNmViNWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtI6uXdB7VPPlW+fDtsSVU1axWI33
sXyUY9JRYreF6BMTY/H2Ur3hQnT8EZKmaK/J15ceJCmI7ZDbXcEk35r0rvTkvPVM
g2um68dWjuq/EBhu2K1dPAqH/F0e2NgGMXYnEQx2b8krrbYB3MxAFi2UegqX8WFD
1MfvJWKhZRzAD6I2p82VYZEe18KZrg+cJkfhtnK5ACpB/acBWdJORlG1V3puZeyV
p8KBq8+7bFaNdqyizXf2sDUB4URfY8DoUUG2CbEgaDM3M3wCFkVL2NzmeUa9g2JD
lQhFAeIYC+ayTt9hhTTpn2T0QBhMR/yi7jr5puc0P6b4q9fTlqSvq3F6SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzGG+13AKWlIKRG/WaDzmFfbrWlMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvRE1ZYjdYY0FwYVVncEViOVpvUE9ZVjl1dGFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo6PMA0G
CSqGSIb3DQEBCwUAA4IBAQDJnto0ptTcVjBzt2tHDzIvd8kr9YvQnbuXWUosjSK8
yPWIUwoH4OBHxFpbct2wWEcC4ugUI4Gnj5lbItjAuPf5V3xapSf5Bu9v3VAIRB5R
oaT2qEyZ2sOmry6k2Yq0Mgi9KO9ImkMb3jjVmDK1zcL5h/h6NuvheINHKq9XgxRU
UnxgSxEjZ0y+6JEe45lDgVc3B1q5j0Abqz3fl4mJBtX+Af3Zk8rKprI7XlXCOcQA
HlaGrjcyZHh9FP2nJR6Pzwx4Sf1WyKF9h6QNW8mSMXC0CnPMTSFuu98E7TIIr3HH
i0+/Xk7wMLTKlWzCw7CZw4ixaq76/G58h4XqcPFB5jCd
-----END CERTIFICATE-----