Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/e60sWnJjS7OqPLG3um1LduzUYAU.roa
File:                     e60sWnJjS7OqPLG3um1LduzUYAU.roa (raw, json)
Hash identifier:          6LkYvh0PJF76DWe4qBQ1lIZdD6rQH3lgpkZLnY2ETg0=
Subject key identifier:   7B:AD:2C:5A:72:63:4B:B3:AA:3C:B1:B7:BA:6D:4B:76:EC:D4:60:05
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B280AD8E9CD02F0DA7CE60E6ECED4E
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/e60sWnJjS7OqPLG3um1LduzUYAU.roa
Signing time:             Mon 14 Jul 2025 16:09:09 +0000
ROA not before:           Mon 14 Jul 2025 16:09:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42922
IP address blocks:        185.252.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 21:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b2:80:ad:8e:9c:d0:2f:0d:a7:ce:60:e6:ec:ed:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:09:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bad2c5a72634bb3aa3cb1b7ba6d4b76ecd46005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:3f:89:44:e1:69:57:73:76:54:6b:19:c2:1f:
                    86:a8:72:34:9c:a2:d0:89:ac:c2:da:94:ec:55:5c:
                    01:f8:78:86:74:0c:4b:04:5e:05:58:7e:ba:1e:c4:
                    e6:0b:f1:e9:de:24:12:cc:99:f3:13:07:1b:b3:a2:
                    02:46:eb:00:24:9c:bc:ae:48:e1:d0:c0:3e:ab:b9:
                    b1:d4:c5:25:10:bf:aa:bc:ab:db:68:7c:54:e1:57:
                    cb:d0:2a:ca:c8:9b:16:0c:1a:f2:4d:43:4d:0f:2f:
                    51:ce:43:0e:b5:0c:29:11:07:dc:07:4d:58:65:37:
                    0b:28:16:96:18:c9:6d:1a:03:eb:5f:de:de:81:1b:
                    7c:76:3d:e2:14:81:78:0e:f8:0e:9a:1c:b9:4b:06:
                    0a:84:fa:65:8a:62:7e:98:0f:0d:5c:34:46:06:19:
                    90:b3:24:b8:9e:8b:e1:0a:06:b5:99:11:87:4c:2c:
                    d9:7d:e4:3d:61:75:42:9e:f8:a5:7d:c7:71:3a:88:
                    9c:8e:a6:27:d9:a7:ce:6e:6d:8c:4b:d6:cd:85:12:
                    30:27:85:b1:9d:c7:c1:e1:b2:61:aa:94:92:27:fd:
                    f5:de:65:a7:dc:2d:c0:19:a6:48:1e:f5:d1:27:06:
                    4c:5f:81:38:c7:f4:75:22:55:7a:84:2e:3c:18:7f:
                    5c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:AD:2C:5A:72:63:4B:B3:AA:3C:B1:B7:BA:6D:4B:76:EC:D4:60:05
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/e60sWnJjS7OqPLG3um1LduzUYAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:fa:b6:7a:f8:be:68:8a:c9:45:2a:65:4c:f2:a4:92:05:66:
         3c:4b:18:ea:30:f1:66:f3:47:3b:91:ef:b0:d6:aa:ad:0c:0c:
         97:96:77:1f:1c:d0:f1:6f:84:53:0f:d1:a7:70:1f:2f:3a:07:
         bc:8c:6e:7c:05:86:03:72:4b:50:b5:df:cb:ef:c6:3b:5d:83:
         1a:42:30:14:a1:c1:0b:07:25:54:2b:2e:b2:fd:42:02:07:f9:
         2b:12:19:fb:18:74:12:ce:5f:69:20:99:91:64:81:27:33:30:
         0e:00:b6:85:1c:f9:9b:73:49:27:05:66:26:53:3c:52:4b:19:
         67:a6:e0:ef:ac:a8:03:c0:2b:72:89:87:79:96:0a:c2:ac:56:
         e0:c5:e1:af:ab:aa:05:5a:cb:c0:1c:b7:74:45:58:e5:89:c5:
         d2:b1:8b:68:f1:26:56:63:10:f2:67:3c:a7:d5:81:d0:2f:b7:
         eb:c0:ec:70:9e:74:0a:81:ce:23:bc:46:0d:53:dd:31:95:5e:
         52:2d:aa:7b:63:34:f0:31:fb:ae:68:90:6f:41:2e:ab:4e:2e:
         18:8e:51:34:a4:2c:07:4e:a2:fb:7c:44:6b:f3:ac:e9:28:01:
         30:52:4a:fa:93:21:20:63:c2:00:1c:67:d3:c6:3f:a8:7e:56:
         09:86:12:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJsoCtjpzQLw2nzmDm7O1OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYwOTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmFkMmM1YTcyNjM0YmIzYWEzY2IxYjdiYTZkNGI3NmVjZDQ2MDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6z+JROFpV3N2VGsZwh+GqHI0nKLQ
iazC2pTsVVwB+HiGdAxLBF4FWH66HsTmC/Hp3iQSzJnzEwcbs6ICRusAJJy8rkjh
0MA+q7mx1MUlEL+qvKvbaHxU4VfL0CrKyJsWDBryTUNNDy9RzkMOtQwpEQfcB01Y
ZTcLKBaWGMltGgPrX97egRt8dj3iFIF4DvgOmhy5SwYKhPplimJ+mA8NXDRGBhmQ
syS4novhCga1mRGHTCzZfeQ9YXVCnvilfcdxOoicjqYn2afObm2MS9bNhRIwJ4Wx
ncfB4bJhqpSSJ/313mWn3C3AGaZIHvXRJwZMX4E4x/R1IlV6hC48GH9cuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHutLFpyY0uzqjyxt7ptS3bs1GAFMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvZTYwc1duSmpTN09xUExHM3VtMUxkdXpVWUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufyRMA0G
CSqGSIb3DQEBCwUAA4IBAQCB+rZ6+L5oislFKmVM8qSSBWY8SxjqMPFm80c7ke+w
1qqtDAyXlncfHNDxb4RTD9GncB8vOge8jG58BYYDcktQtd/L78Y7XYMaQjAUocEL
ByVUKy6y/UICB/krEhn7GHQSzl9pIJmRZIEnMzAOALaFHPmbc0knBWYmUzxSSxln
puDvrKgDwCtyiYd5lgrCrFbgxeGvq6oFWsvAHLd0RVjlicXSsYto8SZWYxDyZzyn
1YHQL7frwOxwnnQKgc4jvEYNU90xlV5SLap7YzTwMfuuaJBvQS6rTi4YjlE0pCwH
TqL7fERr86zpKAEwUkr6kyEgY8IAHGfTxj+oflYJhhIw
-----END CERTIFICATE-----