Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/RT2actreI4xxkte646TUz02XjFQ.roa
File:                     RT2actreI4xxkte646TUz02XjFQ.roa (raw, json)
Hash identifier:          Wy64shTeipgQtErWNwSOYTNCSt9UxR/a78WDAuspKQ4=
Subject key identifier:   45:3D:9A:72:DA:DE:23:8C:71:92:D7:BA:E3:A4:D4:CF:4D:97:8C:54
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       01980902B4571C051C088941FAC01489500A
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/RT2actreI4xxkte646TUz02XjFQ.roa
Signing time:             Mon 14 Jul 2025 12:57:08 +0000
ROA not before:           Mon 14 Jul 2025 12:57:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393942
IP address blocks:        195.96.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:02:b4:57:1c:05:1c:08:89:41:fa:c0:14:89:50:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jul 14 12:57:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=453d9a72dade238c7192d7bae3a4d4cf4d978c54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:dd:59:7a:4e:d2:63:e2:ea:f6:5f:ba:78:c1:
                    a5:d1:08:cc:82:6c:c2:f4:32:37:aa:d1:72:8d:3d:
                    0f:9a:ed:a6:7f:05:35:76:45:9f:06:64:79:b6:49:
                    ae:c7:ee:69:7e:90:d9:b2:7c:67:67:17:ad:19:cb:
                    49:51:ef:1f:f7:14:dc:33:dc:b9:77:64:9d:70:24:
                    c3:13:b0:ec:63:0e:ec:fa:8a:7e:d2:f0:8f:7f:a3:
                    1b:17:48:2a:37:e7:99:29:06:14:da:84:64:a5:74:
                    ec:a4:41:60:4a:fe:f0:ab:6c:96:f8:a4:b3:e6:4a:
                    e8:fc:5d:f2:b4:31:e4:b9:b5:82:f7:2a:09:b8:77:
                    ee:8e:0d:f3:1b:05:38:63:b2:86:e2:e9:4b:5b:de:
                    8b:e4:33:2c:fe:13:55:ee:16:77:0f:09:ba:3c:09:
                    f5:cf:c6:18:a4:0f:8f:99:6d:28:b7:f7:1c:ad:87:
                    94:9a:da:83:42:48:72:38:17:20:d7:19:72:3e:f8:
                    42:20:89:80:0b:5e:f7:0c:a3:c8:90:32:c6:d9:2e:
                    60:07:fa:aa:8f:ae:9b:0c:7f:c5:76:93:b2:e1:f3:
                    00:0e:ea:e0:fc:a9:af:2b:72:c1:1d:86:bb:18:9a:
                    d7:a5:4f:bf:bc:65:df:4d:34:6f:35:56:43:5c:71:
                    a6:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:3D:9A:72:DA:DE:23:8C:71:92:D7:BA:E3:A4:D4:CF:4D:97:8C:54
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/RT2actreI4xxkte646TUz02XjFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:d1:91:4e:7e:eb:30:c9:61:ad:6e:41:52:7c:b7:c3:7d:a9:
         25:42:95:44:37:4d:41:df:83:67:19:e1:e4:c6:47:02:db:f5:
         9d:d8:da:67:38:6e:99:97:5a:f3:15:4b:30:2b:7f:46:a3:aa:
         7b:ee:c3:24:db:42:6c:e2:7d:50:75:6f:5e:ba:5d:b4:1e:a8:
         b6:be:55:07:90:3a:69:fa:1a:5f:6b:85:3c:54:80:5e:c6:49:
         97:92:6c:c9:f6:14:3f:81:f9:65:01:8d:32:36:89:ee:4d:b8:
         5c:15:ce:bf:12:5c:d8:86:ae:16:01:df:ac:97:f2:70:42:56:
         00:30:cc:e3:a9:f0:ea:0b:be:a3:0a:24:e1:37:35:1c:61:e5:
         26:64:b1:0f:57:7f:fe:fc:39:49:fb:a9:16:e8:e0:13:bb:38:
         d2:e0:15:7c:bb:a9:ae:70:7b:c5:76:e6:80:84:7b:0e:15:05:
         0a:86:ac:d3:5b:08:22:d5:8f:86:06:09:8a:0e:a6:99:65:48:
         0b:db:4b:a1:9e:08:f7:ec:e6:4f:ba:29:32:16:c8:2f:d8:fa:
         bd:38:7f:a6:ca:f2:5d:e8:08:2a:5b:de:71:06:b6:82:c7:7f:
         8b:06:ab:33:19:2d:47:0f:e3:00:a8:c7:25:0a:7d:f9:48:22:
         8c:f1:a0:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJArRXHAUcCIlB+sAUiVAKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjUwNzE0MTI1NzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTNkOWE3MmRhZGUyMzhjNzE5MmQ3YmFlM2E0ZDRjZjRkOTc4YzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvN1Zek7SY+Lq9l+6eMGl0QjMgmzC
9DI3qtFyjT0Pmu2mfwU1dkWfBmR5tkmux+5pfpDZsnxnZxetGctJUe8f9xTcM9y5
d2SdcCTDE7DsYw7s+op+0vCPf6MbF0gqN+eZKQYU2oRkpXTspEFgSv7wq2yW+KSz
5kro/F3ytDHkubWC9yoJuHfujg3zGwU4Y7KG4ulLW96L5DMs/hNV7hZ3Dwm6PAn1
z8YYpA+PmW0ot/ccrYeUmtqDQkhyOBcg1xlyPvhCIImAC173DKPIkDLG2S5gB/qq
j66bDH/FdpOy4fMADurg/KmvK3LBHYa7GJrXpU+/vGXfTTRvNVZDXHGmEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEU9mnLa3iOMcZLXuuOk1M9Nl4xUMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvUlQyYWN0cmVJNHh4a3RlNjQ2VFV6MDJYakZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CEMA0G
CSqGSIb3DQEBCwUAA4IBAQB10ZFOfuswyWGtbkFSfLfDfaklQpVEN01B34NnGeHk
xkcC2/Wd2NpnOG6Zl1rzFUswK39Go6p77sMk20Js4n1QdW9eul20Hqi2vlUHkDpp
+hpfa4U8VIBexkmXkmzJ9hQ/gfllAY0yNonuTbhcFc6/ElzYhq4WAd+sl/JwQlYA
MMzjqfDqC76jCiThNzUcYeUmZLEPV3/+/DlJ+6kW6OATuzjS4BV8u6mucHvFduaA
hHsOFQUKhqzTWwgi1Y+GBgmKDqaZZUgL20uhngj37OZPuikyFsgv2Pq9OH+myvJd
6AgqW95xBraCx3+LBqszGS1HD+MAqMclCn35SCKM8aDd
-----END CERTIFICATE-----