Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/P4M24TnSGwdPOoxiFvgJ6ea4E1M.roa
File:                     P4M24TnSGwdPOoxiFvgJ6ea4E1M.roa (raw, json)
Hash identifier:          pxKdcx8krZUKbFb1Tzu5Y7St2EVLFJBgjWaCl6IDuEI=
Subject key identifier:   3F:83:36:E1:39:D2:1B:07:4F:3A:8C:62:16:F8:09:E9:E6:B8:13:53
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B629D83DFA0F9A58063608CF44FB25
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/P4M24TnSGwdPOoxiFvgJ6ea4E1M.roa
Signing time:             Mon 14 Jul 2025 16:13:09 +0000
ROA not before:           Mon 14 Jul 2025 16:13:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213220
IP address blocks:        213.108.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b6:29:d8:3d:fa:0f:9a:58:06:36:08:cf:44:fb:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:13:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f8336e139d21b074f3a8c6216f809e9e6b81353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:10:84:7e:a2:69:eb:cd:63:c3:9d:53:80:69:
                    ce:57:bc:dc:98:71:db:a8:35:f6:e0:16:c0:ba:17:
                    36:b2:ed:88:40:f9:ef:a6:a4:56:81:4a:46:5f:66:
                    9d:b6:f5:7c:b3:78:8d:ff:f7:d7:8a:b1:3a:71:3b:
                    38:34:d7:e9:38:a8:78:77:ce:a7:91:fe:d6:45:59:
                    03:21:df:c6:4a:b1:30:cf:ce:fd:81:64:16:e9:62:
                    8e:a5:8d:9d:37:cf:2c:11:2c:ae:5c:bc:87:5f:83:
                    3a:2d:1f:e2:25:a8:5c:75:54:83:19:fe:70:ff:6a:
                    37:04:aa:aa:ad:22:e4:77:f5:18:13:f3:24:9d:99:
                    81:8d:12:91:2c:1d:e8:8b:c9:74:f9:a3:f2:04:2c:
                    3c:23:02:d9:bc:17:05:2e:9e:fd:69:be:07:4d:44:
                    eb:43:7e:9f:58:77:cf:bf:d6:70:c9:90:f6:a5:24:
                    9d:a9:99:17:22:69:97:c2:0e:63:f5:26:cc:88:23:
                    16:6c:b8:ea:59:f2:84:92:57:21:ba:a5:8a:6c:3f:
                    77:bf:d7:cd:15:2c:dc:78:b5:7a:eb:f4:55:04:6e:
                    e6:e8:98:e8:36:d9:7c:a2:16:50:6b:9b:3a:aa:69:
                    64:cf:7d:85:cf:f5:85:20:e8:09:1c:42:c2:79:2b:
                    90:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:83:36:E1:39:D2:1B:07:4F:3A:8C:62:16:F8:09:E9:E6:B8:13:53
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/P4M24TnSGwdPOoxiFvgJ6ea4E1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:ae:6b:1c:97:a5:29:17:81:46:98:5d:33:1b:88:79:80:71:
         cb:96:7e:a8:6b:fa:ac:7b:31:8a:57:4e:d0:37:5e:5b:8c:76:
         d3:59:54:95:2a:9e:d2:35:30:64:a3:c4:8f:11:48:1b:b1:57:
         89:e5:d8:39:f9:fc:7d:72:14:9d:ca:2f:fa:ff:1d:e4:df:ea:
         0b:46:6d:ed:22:2c:b0:5d:e3:c9:2b:e1:e0:0c:d1:af:f0:01:
         ce:b6:0e:b2:00:21:59:77:1b:94:e7:15:0c:89:f1:93:b3:5a:
         fd:9a:15:ab:6a:dc:b0:59:18:2a:75:ff:1d:36:fb:03:31:c0:
         c7:5d:9d:e3:37:33:92:4c:2b:a8:9e:87:7d:33:9d:8c:fd:cc:
         af:e4:38:0e:87:29:2e:92:3d:4c:39:81:2f:0b:e8:2f:60:2d:
         7d:1f:92:9f:07:e2:53:da:25:ff:aa:47:c5:84:4f:aa:d5:87:
         eb:6c:25:78:a6:15:a1:0c:50:4b:15:31:79:5b:e2:fd:81:b2:
         c2:bb:ef:25:04:53:d5:ba:c6:02:58:8a:13:3c:b1:e7:ae:ff:
         64:cf:fd:df:d2:4e:57:ca:36:fb:42:59:e7:c9:f8:00:e6:69:
         a9:e9:35:e6:20:a9:29:40:de:fe:67:3b:93:90:cc:a9:b0:8b:
         f2:40:4a:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJtinYPfoPmlgGNgjPRPslMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjgzMzZlMTM5ZDIxYjA3NGYzYThjNjIxNmY4MDllOWU2YjgxMzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRCEfqJp681jw51TgGnOV7zcmHHb
qDX24BbAuhc2su2IQPnvpqRWgUpGX2adtvV8s3iN//fXirE6cTs4NNfpOKh4d86n
kf7WRVkDId/GSrEwz879gWQW6WKOpY2dN88sESyuXLyHX4M6LR/iJahcdVSDGf5w
/2o3BKqqrSLkd/UYE/MknZmBjRKRLB3oi8l0+aPyBCw8IwLZvBcFLp79ab4HTUTr
Q36fWHfPv9ZwyZD2pSSdqZkXImmXwg5j9SbMiCMWbLjqWfKEklchuqWKbD93v9fN
FSzceLV66/RVBG7m6JjoNtl8ohZQa5s6qmlkz32Fz/WFIOgJHELCeSuQcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+DNuE50hsHTzqMYhb4CenmuBNTMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvUDRNMjRUblNHd2RQT294aUZ2Z0o2ZWE0RTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1WzEMA0G
CSqGSIb3DQEBCwUAA4IBAQALrmscl6UpF4FGmF0zG4h5gHHLln6oa/qsezGKV07Q
N15bjHbTWVSVKp7SNTBko8SPEUgbsVeJ5dg5+fx9chSdyi/6/x3k3+oLRm3tIiyw
XePJK+HgDNGv8AHOtg6yACFZdxuU5xUMifGTs1r9mhWratywWRgqdf8dNvsDMcDH
XZ3jNzOSTCuonod9M52M/cyv5DgOhykukj1MOYEvC+gvYC19H5KfB+JT2iX/qkfF
hE+q1YfrbCV4phWhDFBLFTF5W+L9gbLCu+8lBFPVusYCWIoTPLHnrv9kz/3f0k5X
yjb7QlnnyfgA5mmp6TXmIKkpQN7+ZzuTkMypsIvyQEqh
-----END CERTIFICATE-----