Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/rCPWcLEh1I3hYQg1ULMV7cY0RMk.roa
File:                     rCPWcLEh1I3hYQg1ULMV7cY0RMk.roa (raw, json)
Hash identifier:          JV53oIZHVvSYCe2jZ2mZQ68/LLu4o0/MYQT8dk2YZJg=
Subject key identifier:   AC:23:D6:70:B1:21:D4:8D:E1:61:08:35:50:B3:15:ED:C6:34:44:C9
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B45300154D3FFB86C7342FBE150178
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/rCPWcLEh1I3hYQg1ULMV7cY0RMk.roa
Signing time:             Mon 14 Jul 2025 16:11:09 +0000
ROA not before:           Mon 14 Jul 2025 16:11:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201624
IP address blocks:        176.118.199.0/24 maxlen: 24
                          193.238.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b4:53:00:15:4d:3f:fb:86:c7:34:2f:be:15:01:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:11:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac23d670b121d48de161083550b315edc63444c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:14:ee:e7:20:54:9c:5f:c2:ad:3d:a3:df:a8:
                    db:a2:3b:d2:5a:83:9a:29:9c:5a:0b:0b:86:b8:93:
                    43:af:90:c7:10:93:3d:e9:c8:66:17:cb:32:1c:a9:
                    74:c3:e7:77:e6:56:3f:59:ef:e8:4b:a9:6b:83:30:
                    e2:70:e0:f0:e9:41:02:43:fd:65:33:be:1b:b8:05:
                    95:13:2e:10:86:bb:57:3d:2a:f9:40:f9:21:62:62:
                    be:3d:cf:8f:c6:96:51:05:74:7d:41:42:19:e2:92:
                    59:8c:56:68:7a:52:b1:6f:2f:a7:36:98:db:36:c5:
                    54:1d:08:30:b3:e9:68:61:ce:16:b0:4a:2e:3f:a3:
                    95:18:66:70:c9:57:ad:56:1a:d0:ac:7f:d7:72:2b:
                    ab:df:24:f1:85:1a:be:70:82:2e:00:84:65:4e:37:
                    91:6a:77:cf:37:82:f5:2b:c2:74:8e:99:b1:d7:eb:
                    f2:28:6d:bd:ee:13:2b:55:1c:4f:d0:3d:48:bd:00:
                    b4:00:f4:19:92:ee:a8:a2:da:98:07:7a:08:d6:97:
                    eb:ec:5a:4c:92:98:6e:43:84:c6:49:21:22:b8:e0:
                    d9:e9:db:10:8c:c6:cb:b0:5d:36:0b:76:81:9e:04:
                    e3:87:e7:69:6b:db:b4:0c:ae:7b:03:e8:ef:79:85:
                    d4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:23:D6:70:B1:21:D4:8D:E1:61:08:35:50:B3:15:ED:C6:34:44:C9
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/rCPWcLEh1I3hYQg1ULMV7cY0RMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.199.0/24
                  193.238.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:e8:f6:7d:e2:0b:06:55:5e:3a:1d:13:88:66:9c:71:73:3d:
         bf:81:5e:28:7a:ce:6d:91:65:d1:1b:e1:f3:64:8b:16:6a:aa:
         99:01:6d:61:2c:bd:f2:25:6a:54:96:c3:33:d3:9e:85:70:50:
         6b:74:dd:be:2b:58:26:fe:6c:65:85:fa:14:9b:97:c5:d2:15:
         7c:30:b8:e7:5f:08:22:13:47:7a:1b:5c:e6:2c:9a:a9:19:4e:
         c5:dd:7a:88:0e:e2:c6:91:b0:ef:27:d0:cb:20:63:c3:6e:f8:
         a1:02:80:2e:5d:87:af:60:d8:ce:c3:36:69:b8:b3:68:8d:6e:
         a1:9c:bd:41:bc:bc:d1:15:17:5c:15:e4:e9:f8:06:fa:dd:a2:
         bd:5e:73:dd:4a:02:c2:19:86:6e:37:84:b3:9f:41:af:eb:9a:
         e9:71:92:4d:ba:e6:9e:ad:0f:fd:c1:c3:9d:27:10:39:13:0d:
         7f:3f:9d:0e:d7:74:4f:5e:ec:99:3d:c8:46:d3:58:f9:81:54:
         bb:ec:99:e0:6b:76:0e:8c:37:b1:46:07:d2:f9:7a:a3:c7:de:
         92:69:8a:27:2b:18:bf:5a:bb:10:57:4f:ab:38:b5:21:70:30:
         97:d2:24:a9:88:ea:83:ca:7c:d9:ba:98:cb:1d:ad:49:0a:35:
         2d:f8:d1:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgJtFMAFU0/+4bHNC++FQF4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzIzZDY3MGIxMjFkNDhkZTE2MTA4MzU1MGIzMTVlZGM2MzQ0NGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRTu5yBUnF/CrT2j36jbojvSWoOa
KZxaCwuGuJNDr5DHEJM96chmF8syHKl0w+d35lY/We/oS6lrgzDicODw6UECQ/1l
M74buAWVEy4QhrtXPSr5QPkhYmK+Pc+PxpZRBXR9QUIZ4pJZjFZoelKxby+nNpjb
NsVUHQgws+loYc4WsEouP6OVGGZwyVetVhrQrH/Xciur3yTxhRq+cIIuAIRlTjeR
anfPN4L1K8J0jpmx1+vyKG297hMrVRxP0D1IvQC0APQZku6ootqYB3oI1pfr7FpM
kphuQ4TGSSEiuODZ6dsQjMbLsF02C3aBngTjh+dpa9u0DK57A+jveYXU1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKwj1nCxIdSN4WEINVCzFe3GNETJMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvckNQV2NMRWgxSTNoWVFnMVVMTVY3Y1kwUk1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsHbHAwQA
we4sMA0GCSqGSIb3DQEBCwUAA4IBAQC46PZ94gsGVV46HROIZpxxcz2/gV4oes5t
kWXRG+HzZIsWaqqZAW1hLL3yJWpUlsMz056FcFBrdN2+K1gm/mxlhfoUm5fF0hV8
MLjnXwgiE0d6G1zmLJqpGU7F3XqIDuLGkbDvJ9DLIGPDbvihAoAuXYevYNjOwzZp
uLNojW6hnL1BvLzRFRdcFeTp+Ab63aK9XnPdSgLCGYZuN4Szn0Gv65rpcZJNuuae
rQ/9wcOdJxA5Ew1/P50O13RPXuyZPchG01j5gVS77Jnga3YOjDexRgfS+Xqjx96S
aYonKxi/WrsQV0+rOLUhcDCX0iSpiOqDynzZupjLHa1JCjUt+NGg
-----END CERTIFICATE-----