Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/_k9uGiLDcm5tP87R5PW26LXOS7w.roa
File:                     _k9uGiLDcm5tP87R5PW26LXOS7w.roa (raw, json)
Hash identifier:          Fs0PgI05LPk2bxQ2UmQmWKulGaLtlqrtVLsZ6BIjSA8=
Subject key identifier:   FE:4F:6E:1A:22:C3:72:6E:6D:3F:CE:D1:E4:F5:B6:E8:B5:CE:4B:BC
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B36A60F720238EABB4F2193DFA7F94
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/_k9uGiLDcm5tP87R5PW26LXOS7w.roa
Signing time:             Mon 14 Jul 2025 16:10:09 +0000
ROA not before:           Mon 14 Jul 2025 16:10:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56975
IP address blocks:        185.212.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b3:6a:60:f7:20:23:8e:ab:b4:f2:19:3d:fa:7f:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:10:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe4f6e1a22c3726e6d3fced1e4f5b6e8b5ce4bbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:1f:d5:1a:88:23:b3:8c:1c:11:15:4e:9d:07:
                    5e:ed:29:68:a8:27:91:18:3e:ca:9e:dc:49:85:e9:
                    ab:0b:af:57:41:ad:77:bc:c3:f3:21:12:41:5c:d0:
                    55:f7:dc:3a:a6:39:fe:36:d9:31:49:a0:49:9e:7d:
                    96:82:a7:56:d3:21:38:f3:61:e6:7c:92:0d:d0:de:
                    ff:22:e7:a9:3a:08:f9:67:d1:30:40:1e:f2:20:1b:
                    35:65:0c:85:0e:22:69:7d:01:c2:71:6d:d9:9a:c0:
                    da:a0:c4:48:22:43:80:55:05:d4:f7:57:e7:55:cd:
                    59:18:ad:6c:ca:70:c0:cc:bb:9e:5a:15:bb:b2:77:
                    c6:9c:d2:c4:81:36:a3:61:5b:39:1b:ab:08:83:83:
                    96:b8:e0:be:6a:ed:90:15:28:d1:f2:88:23:4f:75:
                    28:2d:c1:9b:bc:21:1b:6f:a4:61:4e:6c:34:0d:8b:
                    2e:02:db:04:fa:c7:d1:34:75:df:2b:16:d1:d6:01:
                    3d:4b:9e:a6:ff:05:37:96:89:8a:35:32:0a:62:d7:
                    82:d5:4e:ca:a6:eb:28:a4:68:01:a6:bb:42:6c:da:
                    c7:b1:0c:51:e6:96:3d:3a:e5:f3:05:20:ac:ab:87:
                    e2:4a:cf:9b:85:63:79:62:af:1d:e5:b2:b8:9a:b2:
                    ee:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:4F:6E:1A:22:C3:72:6E:6D:3F:CE:D1:E4:F5:B6:E8:B5:CE:4B:BC
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/_k9uGiLDcm5tP87R5PW26LXOS7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:27:c2:03:d8:62:92:fd:fa:16:53:17:32:70:b8:52:5b:dc:
         c5:df:6d:18:a0:8f:fa:af:e8:96:85:fb:8c:48:bf:0b:71:fd:
         9f:1d:26:1d:4e:ca:48:9e:6c:d2:c6:3d:d2:b7:4c:10:06:7a:
         36:b2:9b:90:60:cf:52:c1:6f:6b:bf:13:a8:e2:4d:fd:4d:2e:
         6a:f2:a2:38:87:e7:59:9a:ee:6b:b1:34:69:c9:0d:10:cb:34:
         29:9f:cd:68:d1:a3:33:0e:27:ed:24:e4:e5:cf:2f:43:d2:77:
         f0:db:d1:d8:89:89:79:9a:90:88:1e:7f:f3:84:10:89:be:18:
         d6:cc:9d:23:3e:3c:3f:e6:a6:06:76:e3:73:39:ff:70:cf:b7:
         f7:b3:aa:bf:cd:7b:5e:20:be:fc:76:4d:a7:f2:06:0c:b6:68:
         e2:ac:6f:77:ef:ec:7f:33:a3:92:27:f9:22:60:d9:3d:8f:ab:
         cf:b2:b5:1e:ea:27:16:4c:3a:0c:02:7c:73:a8:d2:fa:40:8e:
         a6:f3:44:c0:cd:b2:2c:4f:e5:e0:ce:48:84:b5:ad:cd:e9:11:
         a0:eb:d5:0c:23:55:13:ee:9b:f7:99:f4:ea:6a:71:3a:d1:88:
         fa:00:3b:38:08:08:64:39:c4:90:85:52:e1:79:0b:97:7d:14:
         5b:79:36:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJs2pg9yAjjqu08hk9+n+UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTRmNmUxYTIyYzM3MjZlNmQzZmNlZDFlNGY1YjZlOGI1Y2U0YmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4B/VGogjs4wcERVOnQde7SloqCeR
GD7KntxJhemrC69XQa13vMPzIRJBXNBV99w6pjn+NtkxSaBJnn2WgqdW0yE482Hm
fJIN0N7/IuepOgj5Z9EwQB7yIBs1ZQyFDiJpfQHCcW3ZmsDaoMRIIkOAVQXU91fn
Vc1ZGK1synDAzLueWhW7snfGnNLEgTajYVs5G6sIg4OWuOC+au2QFSjR8ogjT3Uo
LcGbvCEbb6RhTmw0DYsuAtsE+sfRNHXfKxbR1gE9S56m/wU3lomKNTIKYteC1U7K
pusopGgBprtCbNrHsQxR5pY9OuXzBSCsq4fiSs+bhWN5Yq8d5bK4mrLugQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5Pbhoiw3JubT/O0eT1tui1zku8MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvX2s5dUdpTERjbTV0UDg3UjVQVzI2TFhPUzd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudSXMA0G
CSqGSIb3DQEBCwUAA4IBAQApJ8ID2GKS/foWUxcycLhSW9zF320YoI/6r+iWhfuM
SL8Lcf2fHSYdTspInmzSxj3St0wQBno2spuQYM9SwW9rvxOo4k39TS5q8qI4h+dZ
mu5rsTRpyQ0QyzQpn81o0aMzDiftJOTlzy9D0nfw29HYiYl5mpCIHn/zhBCJvhjW
zJ0jPjw/5qYGduNzOf9wz7f3s6q/zXteIL78dk2n8gYMtmjirG937+x/M6OSJ/ki
YNk9j6vPsrUe6icWTDoMAnxzqNL6QI6m80TAzbIsT+XgzkiEta3N6RGg69UMI1UT
7pv3mfTqanE60Yj6ADs4CAhkOcSQhVLheQuXfRRbeTam
-----END CERTIFICATE-----