Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/U-o32g2m-zkBaemr1nnuY9SOSjU.roa
File:                     U-o32g2m-zkBaemr1nnuY9SOSjU.roa (raw, json)
Hash identifier:          JXcUuFiHFQ5EmR2trhbhiVPnYy1NQTasthqcbQZkyu8=
Subject key identifier:   53:EA:37:DA:0D:A6:FB:39:01:69:E9:AB:D6:79:EE:63:D4:8E:4A:35
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B54164072D145BAB2B0922065327AB
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/U-o32g2m-zkBaemr1nnuY9SOSjU.roa
Signing time:             Mon 14 Jul 2025 16:12:10 +0000
ROA not before:           Mon 14 Jul 2025 16:12:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209657
IP address blocks:        176.118.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b5:41:64:07:2d:14:5b:ab:2b:09:22:06:53:27:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:12:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53ea37da0da6fb390169e9abd679ee63d48e4a35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f8:02:54:7a:cc:bd:0b:8b:80:c5:35:31:ee:
                    1c:e4:c9:1a:ec:c8:98:9a:66:6d:ad:bb:a6:71:30:
                    66:2b:00:1a:b2:8a:bf:ad:62:ed:e2:6e:4b:0c:67:
                    35:d0:8e:27:9d:e2:0c:f5:8c:ab:c0:2a:02:39:79:
                    61:b7:74:78:3d:51:aa:13:6c:e7:26:e8:47:69:a5:
                    8a:26:5b:b8:84:3b:15:e3:a3:1b:a9:f6:5a:0b:22:
                    3f:70:e2:dc:fe:ea:db:02:53:12:fb:a0:41:6a:f6:
                    c1:66:93:39:1a:e4:1f:ae:3d:da:92:33:47:83:7a:
                    a1:eb:fa:64:f8:fd:32:66:f5:62:be:9e:79:63:a3:
                    b4:a5:c3:5a:9c:1d:f2:89:d7:d4:71:5f:6d:a2:97:
                    88:96:aa:a6:1b:72:cd:d3:cf:71:03:bc:63:a2:69:
                    32:9b:e3:67:4b:c4:a1:87:e8:5d:77:83:d1:50:9c:
                    e8:8f:83:d4:a0:17:fa:50:d8:bd:11:71:2a:42:e9:
                    5e:eb:f1:92:94:0a:1e:70:78:04:61:d8:e5:93:04:
                    8f:d2:34:af:15:25:df:4f:e6:ce:84:3c:dc:ad:01:
                    0c:55:64:7c:95:2c:96:d5:3d:04:10:f1:ac:c9:93:
                    19:dd:89:67:1d:dc:20:e8:0b:70:3b:04:11:5c:74:
                    70:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:EA:37:DA:0D:A6:FB:39:01:69:E9:AB:D6:79:EE:63:D4:8E:4A:35
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/U-o32g2m-zkBaemr1nnuY9SOSjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:74:cb:a4:9b:d1:3e:1b:fb:35:97:47:fb:df:b2:06:7b:b8:
         d5:cc:29:38:f5:33:b9:9a:7d:45:ef:06:04:92:d6:4e:8d:d4:
         ce:22:88:25:83:ff:1b:51:40:91:82:91:92:b7:ee:e5:81:c5:
         18:cf:2e:4a:0b:8f:b4:c9:29:96:85:1a:30:d3:67:e1:9c:40:
         c2:14:4e:7a:9b:dc:62:70:f3:50:38:75:2a:ab:f6:4b:7a:45:
         8a:ae:17:80:27:13:05:01:12:fe:90:40:44:93:85:3e:9f:3e:
         ed:6d:82:be:f1:23:68:2f:03:ee:cb:6c:d1:2e:a9:36:4a:7e:
         10:73:22:a3:32:25:b1:4b:4f:2c:d6:39:9e:f1:26:a4:3c:d7:
         56:bf:96:78:6d:41:5f:c4:3f:37:e0:46:d8:e8:59:02:2e:d2:
         65:a3:dc:5b:0f:d7:7c:5e:6e:a5:74:58:bc:12:6e:dd:4e:3d:
         e1:b4:62:37:47:6e:e8:1f:a9:9e:8c:8e:16:ce:09:ed:54:f3:
         25:6a:a5:3c:3e:24:48:3e:6e:2c:13:77:92:1b:a5:32:b5:d5:
         72:b2:0f:04:93:11:7f:9a:c0:14:02:1d:62:c3:c0:d8:5d:2d:
         00:f4:7e:1a:f2:03:54:0c:18:62:c9:47:86:96:e9:df:bb:ee:
         75:05:37:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJtUFkBy0UW6srCSIGUyerMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2VhMzdkYTBkYTZmYjM5MDE2OWU5YWJkNjc5ZWU2M2Q0OGU0YTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfgCVHrMvQuLgMU1Me4c5Mka7MiY
mmZtrbumcTBmKwAasoq/rWLt4m5LDGc10I4nneIM9YyrwCoCOXlht3R4PVGqE2zn
JuhHaaWKJlu4hDsV46MbqfZaCyI/cOLc/urbAlMS+6BBavbBZpM5GuQfrj3akjNH
g3qh6/pk+P0yZvVivp55Y6O0pcNanB3yidfUcV9topeIlqqmG3LN089xA7xjomky
m+NnS8Shh+hdd4PRUJzoj4PUoBf6UNi9EXEqQule6/GSlAoecHgEYdjlkwSP0jSv
FSXfT+bOhDzcrQEMVWR8lSyW1T0EEPGsyZMZ3YlnHdwg6AtwOwQRXHRw3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPqN9oNpvs5AWnpq9Z57mPUjko1MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvVS1vMzJnMm0temtCYWVtcjFubnVZOVNPU2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHbEMA0G
CSqGSIb3DQEBCwUAA4IBAQDCdMukm9E+G/s1l0f737IGe7jVzCk49TO5mn1F7wYE
ktZOjdTOIoglg/8bUUCRgpGSt+7lgcUYzy5KC4+0ySmWhRow02fhnEDCFE56m9xi
cPNQOHUqq/ZLekWKrheAJxMFARL+kEBEk4U+nz7tbYK+8SNoLwPuy2zRLqk2Sn4Q
cyKjMiWxS08s1jme8SakPNdWv5Z4bUFfxD834EbY6FkCLtJlo9xbD9d8Xm6ldFi8
Em7dTj3htGI3R27oH6mejI4WzgntVPMlaqU8PiRIPm4sE3eSG6UytdVysg8EkxF/
msAUAh1iw8DYXS0A9H4a8gNUDBhiyUeGlunfu+51BTez
-----END CERTIFICATE-----