Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/vnG5yW1sgiONDKxqTnC980HG4IE.roa
File:                     vnG5yW1sgiONDKxqTnC980HG4IE.roa (raw, json)
Hash identifier:          jpE7nvDDH9+I0CbcSt4XW0/KFv4rRB0tFtOwQMEBy1Y=
Subject key identifier:   BE:71:B9:C9:6D:6C:82:23:8D:0C:AC:6A:4E:70:BD:F3:41:C6:E0:81
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0197E5340B7C4E7D4C0C2F4076E340A8D5BA
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/vnG5yW1sgiONDKxqTnC980HG4IE.roa
Signing time:             Mon 07 Jul 2025 14:04:42 +0000
ROA not before:           Mon 07 Jul 2025 14:04:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34702
IP address blocks:        37.252.4.0/23 maxlen: 23
                          114.129.9.0/24 maxlen: 24
                          176.97.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e5:34:0b:7c:4e:7d:4c:0c:2f:40:76:e3:40:a8:d5:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jul  7 14:04:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be71b9c96d6c82238d0cac6a4e70bdf341c6e081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:19:50:f2:01:b7:9e:e3:58:2e:ed:76:55:bf:
                    2a:14:02:9f:9e:8b:0a:22:03:b8:1c:ef:35:8e:65:
                    a0:b0:b9:75:88:b8:f5:a9:1a:7f:41:9e:f9:6e:6f:
                    0c:30:f6:9f:e5:80:9d:38:db:14:44:5c:f2:68:bd:
                    76:e5:03:6c:4e:93:b3:c3:0e:82:95:ac:1f:87:cd:
                    29:bc:91:76:ca:ed:0e:5f:80:72:80:5d:f9:6b:0a:
                    c3:39:20:dc:49:29:73:df:27:ab:5d:06:3f:4a:b6:
                    26:58:b3:d4:18:61:ec:5c:d8:74:d8:32:56:58:5f:
                    ac:9e:14:36:bb:dd:f4:dc:19:01:3b:d4:9f:63:65:
                    d2:c1:9b:50:ad:e2:94:fa:72:85:13:71:db:f3:84:
                    4e:eb:73:d2:53:03:e5:08:1a:14:1b:1e:f0:2f:88:
                    16:02:d0:b6:a4:02:0b:76:f7:0c:a3:c2:69:da:18:
                    f5:52:91:1d:a1:c3:84:1c:45:fa:c7:e1:92:82:42:
                    04:77:ec:3c:68:9d:f4:1e:09:dd:b6:ed:98:ed:3d:
                    f2:a8:6f:5e:e1:e1:a7:53:c7:57:29:a9:ed:85:45:
                    6a:db:b1:49:b4:de:f8:1d:2e:85:d8:71:5c:be:f8:
                    3b:dd:3f:c1:01:95:86:7e:ee:8b:63:65:30:b6:f7:
                    aa:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:71:B9:C9:6D:6C:82:23:8D:0C:AC:6A:4E:70:BD:F3:41:C6:E0:81
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/vnG5yW1sgiONDKxqTnC980HG4IE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.4.0/23
                  114.129.9.0/24
                  176.97.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:42:70:e7:9e:75:20:84:bb:b3:b8:c6:e0:b1:30:9b:5c:9c:
         3d:e7:83:fa:9a:06:74:1c:f8:53:33:38:60:dc:9c:c5:93:95:
         1d:13:7d:e4:35:ac:f8:97:d2:5b:46:23:c3:36:05:2e:1c:ec:
         a3:9a:62:db:01:17:69:c8:ca:d8:c4:0a:92:52:33:f5:4c:09:
         67:25:18:9a:d7:c0:17:2c:e8:bc:42:07:19:38:76:66:db:a5:
         d5:06:d2:80:de:f0:73:77:43:b4:dd:a1:e7:52:c6:f6:1e:51:
         9b:15:87:a2:0e:48:66:de:b5:91:36:70:08:d5:71:aa:c9:8c:
         59:f8:7e:f9:19:fd:6d:1f:93:ac:d0:8a:20:5b:74:8b:33:e5:
         a7:fb:6b:55:fb:0d:74:f4:9d:3f:b9:1e:01:45:b8:b7:97:49:
         8d:bd:23:a2:7a:8a:99:6c:77:92:e7:f1:84:56:ca:d6:72:b9:
         51:6e:ab:4a:a9:0f:11:2e:b6:e1:03:25:11:07:86:50:d9:61:
         ee:10:60:ad:df:14:5b:a2:85:78:82:c2:f8:f2:f9:8d:5f:5c:
         ba:28:15:01:b5:f1:fb:db:80:09:6c:df:68:30:34:4f:da:d3:
         39:7c:f2:73:f3:51:38:65:b7:f2:2e:73:71:7c:7c:55:17:08:
         cb:bf:7a:ca
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZflNAt8Tn1MDC9AduNAqNW6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjUwNzA3MTQwNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTcxYjljOTZkNmM4MjIzOGQwY2FjNmE0ZTcwYmRmMzQxYzZlMDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRlQ8gG3nuNYLu12Vb8qFAKfnosK
IgO4HO81jmWgsLl1iLj1qRp/QZ75bm8MMPaf5YCdONsURFzyaL125QNsTpOzww6C
lawfh80pvJF2yu0OX4BygF35awrDOSDcSSlz3yerXQY/SrYmWLPUGGHsXNh02DJW
WF+snhQ2u9303BkBO9SfY2XSwZtQreKU+nKFE3Hb84RO63PSUwPlCBoUGx7wL4gW
AtC2pAILdvcMo8Jp2hj1UpEdocOEHEX6x+GSgkIEd+w8aJ30Hgndtu2Y7T3yqG9e
4eGnU8dXKanthUVq27FJtN74HS6F2HFcvvg73T/BAZWGfu6LY2Uwtveq8wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL5xucltbIIjjQysak5wvfNBxuCBMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvdm5HNXlXMXNnaU9OREt4cVRuQzk4MEhHNElFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBJfwEAwQA
coEJAwQAsGFKMA0GCSqGSIb3DQEBCwUAA4IBAQAMQnDnnnUghLuzuMbgsTCbXJw9
54P6mgZ0HPhTMzhg3JzFk5UdE33kNaz4l9JbRiPDNgUuHOyjmmLbARdpyMrYxAqS
UjP1TAlnJRia18AXLOi8QgcZOHZm26XVBtKA3vBzd0O03aHnUsb2HlGbFYeiDkhm
3rWRNnAI1XGqyYxZ+H75Gf1tH5Os0IogW3SLM+Wn+2tV+w109J0/uR4BRbi3l0mN
vSOieoqZbHeS5/GEVsrWcrlRbqtKqQ8RLrbhAyURB4ZQ2WHuEGCt3xRbooV4gsL4
8vmNX1y6KBUBtfH724AJbN9oMDRP2tM5fPJz81E4ZbfyLnNxfHxVFwjLv3rK
-----END CERTIFICATE-----