Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/qGENJESy0r4yMpyOLaSnKiFyC6g.roa
File:                     qGENJESy0r4yMpyOLaSnKiFyC6g.roa (raw, json)
Hash identifier:          YNQ1luudWTgMRhpSK56qAEttNJ4g5ZmNbKxoPnTKLxA=
Subject key identifier:   A8:61:0D:24:44:B2:D2:BE:32:32:9C:8E:2D:A4:A7:2A:21:72:0B:A8
Certificate issuer:       /CN=cbd942d96ee94a7a5a652ef7ac855dc9401415df
Certificate serial:       01981255E2F45F906E285B8B2A02A2A6A8F1
Authority key identifier: CB:D9:42:D9:6E:E9:4A:7A:5A:65:2E:F7:AC:85:5D:C9:40:14:15:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9lC2W7pSnpaZS73rIVdyUAUFd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/qGENJESy0r4yMpyOLaSnKiFyC6g.roa
Signing time:             Wed 16 Jul 2025 08:24:35 +0000
ROA not before:           Wed 16 Jul 2025 08:24:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64404
IP address blocks:        151.217.0.0/16 maxlen: 16
                          2001:678:814::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/y9lC2W7pSnpaZS73rIVdyUAUFd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/y9lC2W7pSnpaZS73rIVdyUAUFd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9lC2W7pSnpaZS73rIVdyUAUFd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:12:55:e2:f4:5f:90:6e:28:5b:8b:2a:02:a2:a6:a8:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd942d96ee94a7a5a652ef7ac855dc9401415df
        Validity
            Not Before: Jul 16 08:24:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8610d2444b2d2be32329c8e2da4a72a21720ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ab:89:8b:02:73:e8:4d:67:17:e9:6e:b8:39:
                    dd:80:87:e8:bd:91:40:23:fc:27:e3:52:d2:4b:cd:
                    25:74:30:63:45:28:23:16:a7:52:71:2d:31:78:1c:
                    a0:cb:2b:b1:ef:0e:ca:8f:df:5a:3d:19:a9:f6:57:
                    c7:1f:54:b5:74:04:97:af:af:f7:f0:fd:e0:f4:36:
                    ef:d3:a8:ad:ee:dc:ff:f9:43:75:54:5d:37:9f:7f:
                    80:5d:37:ca:e9:f9:fd:f4:6f:21:02:0a:a4:31:4e:
                    ef:0e:6a:db:01:ac:99:fe:83:c4:de:3c:b3:69:41:
                    72:82:81:3f:ba:e0:8c:ac:cb:d2:39:fa:d1:1d:09:
                    c2:cf:4d:21:62:4b:d2:09:31:1a:a5:ec:c7:74:a8:
                    77:ce:e7:e3:f1:4a:95:8e:4b:2b:2f:42:10:3c:e9:
                    a9:41:f4:ea:c9:a8:52:f1:51:59:c5:c1:d2:a5:7b:
                    8f:c4:c5:1e:dc:d6:4c:ae:73:9c:cf:a3:8f:c5:97:
                    43:61:a3:24:eb:ea:42:ee:75:f1:09:3b:05:1a:9e:
                    0f:cc:f5:d9:fe:e1:a6:59:44:c4:01:1a:85:fa:55:
                    34:13:64:2f:9e:1a:e8:81:a7:46:98:71:e3:b0:4b:
                    f0:31:a7:53:f8:d3:ad:a3:ee:1a:9b:bc:0c:8d:fb:
                    c3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:61:0D:24:44:B2:D2:BE:32:32:9C:8E:2D:A4:A7:2A:21:72:0B:A8
            X509v3 Authority Key Identifier:
                keyid:CB:D9:42:D9:6E:E9:4A:7A:5A:65:2E:F7:AC:85:5D:C9:40:14:15:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9lC2W7pSnpaZS73rIVdyUAUFd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/qGENJESy0r4yMpyOLaSnKiFyC6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/y9lC2W7pSnpaZS73rIVdyUAUFd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.217.0.0/16
                IPv6:
                  2001:678:814::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:0e:00:36:1a:5e:38:11:10:e6:ca:25:71:5d:ea:0e:5b:1c:
         23:c4:70:c2:b8:4c:ec:fc:ab:c9:6d:7e:68:03:58:bb:45:5e:
         f1:24:c5:99:d5:9b:c8:cf:e1:a5:63:7f:ee:d0:15:c8:88:dc:
         ac:ce:05:04:ea:12:56:bc:81:59:d3:3f:9d:2a:ba:04:52:96:
         d1:0c:f8:1e:94:a6:f9:8c:cd:34:0e:6b:6c:84:b2:7a:a1:3e:
         2c:5a:4f:db:1f:17:f7:65:a7:c1:13:0e:42:99:04:d4:c1:93:
         87:ce:ec:0c:41:ee:19:90:43:1b:e1:5f:7d:ac:88:ac:6c:be:
         d9:86:70:8a:96:9b:85:e4:9b:63:fc:f5:4c:7e:d8:5a:ce:6a:
         f4:6e:01:58:38:14:91:84:7f:71:a4:bc:84:c3:ee:20:df:98:
         f0:42:6a:52:a9:c5:af:6f:0d:d5:f2:24:4b:ba:89:75:ea:c3:
         3e:07:d7:36:83:5b:6a:29:50:f0:5c:25:ab:d0:57:08:40:91:
         c6:91:a9:93:54:c2:e9:60:1a:0d:b0:09:82:68:a2:9a:11:66:
         2e:3a:a6:4d:31:ec:5c:22:1b:57:c3:d2:ed:7d:4d:78:ec:11:
         bd:ae:a5:44:c5:0f:cb:77:ab:47:15:5d:4a:63:68:6c:e8:6a:
         c0:45:1b:0a
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZgSVeL0X5BuKFuLKgKipqjxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDk0MmQ5NmVlOTRhN2E1YTY1MmVmN2FjODU1ZGM5NDAx
NDE1ZGYwHhcNMjUwNzE2MDgyNDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODYxMGQyNDQ0YjJkMmJlMzIzMjljOGUyZGE0YTcyYTIxNzIwYmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmauJiwJz6E1nF+luuDndgIfovZFA
I/wn41LSS80ldDBjRSgjFqdScS0xeBygyyux7w7Kj99aPRmp9lfHH1S1dASXr6/3
8P3g9Dbv06it7tz/+UN1VF03n3+AXTfK6fn99G8hAgqkMU7vDmrbAayZ/oPE3jyz
aUFygoE/uuCMrMvSOfrRHQnCz00hYkvSCTEapezHdKh3zufj8UqVjksrL0IQPOmp
QfTqyahS8VFZxcHSpXuPxMUe3NZMrnOcz6OPxZdDYaMk6+pC7nXxCTsFGp4PzPXZ
/uGmWUTEARqF+lU0E2QvnhrogadGmHHjsEvwMadT+NOto+4am7wMjfvDbwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKhhDSREstK+MjKcji2kpyohcguoMB8GA1UdIwQY
MBaAFMvZQtlu6Up6WmUu96yFXclAFBXfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlsQzJXN3BTbnBhWlM3M3JJVmR5VUFVRmQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8wODJmMTItNTEzYi00ZWI5LWExNzEt
YzZmNmQ0NDQ5MTVmLzEvcUdFTkpFU3kwcjR5TXB5T0xhU25LaUZ5QzZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8wODJmMTItNTEzYi00ZWI5LWExNzEtYzZmNmQ0NDQ5MTVm
LzEveTlsQzJXN3BTbnBhWlM3M3JJVmR5VUFVRmQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjALBAIAATAFAwMAl9kwDwQC
AAIwCQMHACABBngIFDANBgkqhkiG9w0BAQsFAAOCAQEApg4ANhpeOBEQ5solcV3q
DlscI8RwwrhM7PyryW1+aANYu0Ve8STFmdWbyM/hpWN/7tAVyIjcrM4FBOoSVryB
WdM/nSq6BFKW0Qz4HpSm+YzNNA5rbISyeqE+LFpP2x8X92WnwRMOQpkE1MGTh87s
DEHuGZBDG+FffayIrGy+2YZwipabheSbY/z1TH7YWs5q9G4BWDgUkYR/caS8hMPu
IN+Y8EJqUqnFr28N1fIkS7qJderDPgfXNoNbailQ8Fwlq9BXCECRxpGpk1TC6WAa
DbAJgmiimhFmLjqmTTHsXCIbV8PS7X1NeOwRva6lRMUPy3erRxVdSmNobOhqwEUb
Cg==
-----END CERTIFICATE-----