Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/1-fIgH2OXClYAprp6yMiBZPGPE38.roa
File:                     1-fIgH2OXClYAprp6yMiBZPGPE38.roa (raw, json)
Hash identifier:          e5we/EQajJb+AgvvOsSreMp1uArGZobtfniZoWH5T6w=
Subject key identifier:   F9:F2:20:1F:63:97:0A:56:00:A6:BA:7A:C8:C8:81:64:F1:8F:13:7F
Certificate issuer:       /CN=71d83fd8dabfe14b174cccd35b35b80713334ba5
Certificate serial:       0198179A4FB6E7EF6FB1268635DA0530C9A3
Authority key identifier: 71:D8:3F:D8:DA:BF:E1:4B:17:4C:CC:D3:5B:35:B8:07:13:33:4B:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/1-fIgH2OXClYAprp6yMiBZPGPE38.roa
Signing time:             Thu 17 Jul 2025 08:57:25 +0000
ROA not before:           Thu 17 Jul 2025 08:57:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        103.152.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:9a:4f:b6:e7:ef:6f:b1:26:86:35:da:05:30:c9:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d83fd8dabfe14b174cccd35b35b80713334ba5
        Validity
            Not Before: Jul 17 08:57:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9f2201f63970a5600a6ba7ac8c88164f18f137f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6a:91:8a:15:43:3a:9f:99:af:b2:76:54:86:
                    1e:1c:d7:b0:84:32:4a:0c:40:c4:17:29:1e:50:34:
                    2f:c9:3c:9c:1e:90:64:2e:1e:f4:8b:cf:73:1e:65:
                    06:d4:c1:5d:94:42:bd:2d:f7:e8:dc:17:c5:af:f8:
                    43:05:06:c2:61:ef:aa:cb:e3:29:34:f6:64:73:05:
                    c4:c0:36:57:34:80:db:47:1c:f7:8b:f0:1e:84:72:
                    1e:9d:8f:7f:20:be:8e:de:e0:33:e6:aa:b3:9c:f6:
                    25:6d:d3:ed:7d:22:05:1a:12:97:ee:c8:8d:da:5d:
                    b7:4c:7a:14:8f:71:47:67:07:23:17:1e:6d:1e:da:
                    73:43:42:f0:f0:44:f9:bb:08:66:18:e3:2e:66:6c:
                    c3:a5:3a:ae:c0:81:cf:d7:d9:7c:7d:72:22:e3:16:
                    49:1f:ae:97:3b:7f:93:33:40:4b:aa:2e:2c:ca:40:
                    58:db:ac:33:7f:eb:02:6f:6c:f5:e7:70:d9:bf:da:
                    d2:48:c4:e2:e2:d8:d0:17:f2:c3:c0:34:2f:7c:de:
                    ba:ad:c0:2d:8e:aa:ac:35:df:6d:b1:de:61:55:28:
                    96:80:d2:23:7d:7a:c3:3e:a5:5d:2d:84:57:a0:cf:
                    1c:e1:7a:5d:6d:47:55:d6:e1:ae:31:f5:d6:bb:9a:
                    73:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F2:20:1F:63:97:0A:56:00:A6:BA:7A:C8:C8:81:64:F1:8F:13:7F
            X509v3 Authority Key Identifier:
                keyid:71:D8:3F:D8:DA:BF:E1:4B:17:4C:CC:D3:5B:35:B8:07:13:33:4B:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/1-fIgH2OXClYAprp6yMiBZPGPE38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:0f:dc:9e:a0:25:87:a7:60:a3:27:4f:b6:39:6f:dd:98:5d:
         9e:69:94:33:50:0a:6b:66:43:5a:c6:31:40:b5:53:04:a9:67:
         52:8b:03:8f:b5:98:fb:32:9e:c6:15:9b:71:7b:1c:90:91:d8:
         90:e0:e4:ed:12:19:13:6e:ac:5b:77:24:bd:e6:61:4c:03:90:
         6b:41:54:7a:ca:78:5a:0c:bd:c0:ef:84:41:f0:d7:9c:33:86:
         9b:93:de:4a:31:fc:57:3b:35:4c:bb:5a:32:94:50:5f:e2:d7:
         6a:e9:95:05:0d:28:fc:20:a3:88:df:c7:69:99:fc:35:27:50:
         49:0c:d9:51:14:4e:55:1e:e9:7e:57:50:a7:0e:c9:8d:93:22:
         48:f7:e5:a6:f4:dc:2d:b4:44:d3:69:8c:d0:99:39:36:11:e2:
         f0:33:0f:13:67:a8:46:d2:34:0f:37:ce:80:b5:d7:fe:2f:15:
         36:8d:be:5a:47:e0:d2:78:fa:a9:05:91:fb:d2:5c:c6:03:e8:
         6a:50:ef:8b:35:f8:ed:3a:ed:81:eb:1b:9c:58:c5:16:86:eb:
         b0:f5:76:e0:28:3c:07:38:87:12:25:71:ec:91:ab:d4:f6:87:
         44:ab:58:47:87:18:0b:d9:5e:d4:25:98:b2:08:67:53:e1:73:
         c9:90:a3:bd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgXmk+25+9vsSaGNdoFMMmjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxZDgzZmQ4ZGFiZmUxNGIxNzRjY2NkMzViMzViODA3MTMz
MzRiYTUwHhcNMjUwNzE3MDg1NzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWYyMjAxZjYzOTcwYTU2MDBhNmJhN2FjOGM4ODE2NGYxOGYxMzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2qRihVDOp+Zr7J2VIYeHNewhDJK
DEDEFykeUDQvyTycHpBkLh70i89zHmUG1MFdlEK9Lffo3BfFr/hDBQbCYe+qy+Mp
NPZkcwXEwDZXNIDbRxz3i/AehHIenY9/IL6O3uAz5qqznPYlbdPtfSIFGhKX7siN
2l23THoUj3FHZwcjFx5tHtpzQ0Lw8ET5uwhmGOMuZmzDpTquwIHP19l8fXIi4xZJ
H66XO3+TM0BLqi4sykBY26wzf+sCb2z153DZv9rSSMTi4tjQF/LDwDQvfN66rcAt
jqqsNd9tsd5hVSiWgNIjfXrDPqVdLYRXoM8c4XpdbUdV1uGuMfXWu5pzhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnyIB9jlwpWAKa6esjIgWTxjxN/MB8GA1UdIwQY
MBaAFHHYP9jav+FLF0zM01s1uAcTM0ulMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2RnXzJOcV80VXNYVE16VFd6VzRCeE16UzZVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82ZDdlY2YtNGI2Mi00MzY3LTliNTAt
MDY0ZDdhZGY0YmUzLzEvMS1mSWdIMk9YQ2xZQXBycDZ5TWlCWlBHUEUzOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODcvNmQ3ZWNmLTRiNjItNDM2Ny05YjUwLTA2NGQ3YWRmNGJl
My8xL2NkZ18yTnFfNFVzWFRNelRXelc0QnhNelM2VS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGeYATAN
BgkqhkiG9w0BAQsFAAOCAQEAgg/cnqAlh6dgoydPtjlv3ZhdnmmUM1AKa2ZDWsYx
QLVTBKlnUosDj7WY+zKexhWbcXsckJHYkODk7RIZE26sW3ckveZhTAOQa0FUesp4
Wgy9wO+EQfDXnDOGm5PeSjH8Vzs1TLtaMpRQX+LXaumVBQ0o/CCjiN/HaZn8NSdQ
SQzZURROVR7pfldQpw7JjZMiSPflpvTcLbRE02mM0Jk5NhHi8DMPE2eoRtI0DzfO
gLXX/i8VNo2+Wkfg0nj6qQWR+9JcxgPoalDvizX47TrtgesbnFjFFobrsPV24Cg8
BziHEiVx7JGr1PaHRKtYR4cYC9le1CWYsghnU+FzyZCjvQ==
-----END CERTIFICATE-----