Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/DbWZRTnz6LFil-_bD4RcIQZUABw.roa
File:                     DbWZRTnz6LFil-_bD4RcIQZUABw.roa (raw, json)
Hash identifier:          YnwSbLYceJjjDIfbx5Afm0V6zBOsDAH0GVDhkuGEdNo=
Subject key identifier:   0D:B5:99:45:39:F3:E8:B1:62:97:EF:DB:0F:84:5C:21:06:54:00:1C
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019811C793CAB6059323B419CFE64375A804
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/DbWZRTnz6LFil-_bD4RcIQZUABw.roa
Signing time:             Wed 16 Jul 2025 05:49:08 +0000
ROA not before:           Wed 16 Jul 2025 05:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210705
IP address blocks:        178.239.149.0/24 maxlen: 24
                          185.124.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 17:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:11:c7:93:ca:b6:05:93:23:b4:19:cf:e6:43:75:a8:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jul 16 05:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0db5994539f3e8b16297efdb0f845c210654001c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a8:47:5e:39:e6:2f:07:9c:36:77:6f:ca:5d:
                    c6:31:98:5a:b3:91:8a:80:ab:45:48:35:5a:dc:f2:
                    8a:ea:dc:b9:9d:01:99:b7:85:45:f0:21:a5:ca:11:
                    e7:fb:1a:d8:57:2f:7f:ad:2c:57:e8:10:e0:31:ea:
                    18:5f:2b:68:be:8a:88:f7:d8:87:da:93:5f:0e:6c:
                    1b:78:46:ff:f9:8a:a5:ec:3e:2e:0f:40:a5:3d:19:
                    43:5d:c4:d2:0c:d8:84:f5:0d:ee:46:49:6a:e7:2e:
                    e9:48:fd:77:e3:47:8d:27:ef:ac:65:67:ec:fd:35:
                    fe:da:55:7e:5e:b4:a4:fd:88:13:bf:fa:25:2a:72:
                    dc:8f:03:ff:ab:a4:37:02:25:45:60:90:9c:f3:77:
                    bd:52:ce:09:f4:d3:29:7c:a3:8a:5e:39:3b:6d:f2:
                    77:5b:2b:3b:6a:81:5d:6e:65:ec:b5:db:3a:27:b7:
                    07:d1:74:ad:26:da:1f:94:5b:a3:a6:44:6f:67:8c:
                    28:fa:55:0a:fb:06:45:1c:21:5d:e4:55:22:cf:75:
                    c1:aa:b5:46:b2:cc:8e:47:33:ee:30:07:de:da:b2:
                    87:93:64:18:bf:e9:d0:0d:ca:f4:52:e9:16:e5:f1:
                    33:34:a3:89:bf:1b:e9:3c:82:70:cb:f3:b9:64:b3:
                    20:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B5:99:45:39:F3:E8:B1:62:97:EF:DB:0F:84:5C:21:06:54:00:1C
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/DbWZRTnz6LFil-_bD4RcIQZUABw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.149.0/24
                  185.124.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:a9:c4:1e:4f:f0:f4:ae:63:39:f1:4a:d0:f7:ac:12:1a:97:
         6b:bb:8a:96:89:bf:5f:df:3b:9c:21:61:f2:8a:96:ff:0a:a9:
         f2:0e:6d:0f:c9:f9:37:7b:36:3f:45:0b:d8:dd:aa:96:99:9b:
         d3:23:c7:c5:9c:fd:fe:4a:c8:91:2a:01:d2:9d:de:88:63:21:
         13:35:be:e9:67:68:7a:2b:6e:f9:ba:10:0d:a0:d0:80:33:c8:
         b8:7f:f7:9a:a4:ae:af:fc:0f:b0:88:0a:27:4d:b4:17:29:74:
         52:33:81:00:81:f8:d1:32:00:b9:ad:45:80:e2:e8:3c:eb:0b:
         42:e9:d6:12:37:de:66:a0:34:9a:57:a3:92:ab:6c:08:6b:20:
         ef:b8:e3:3d:b9:34:ca:51:12:cf:a1:c9:59:70:1e:6f:c3:ea:
         76:02:c5:e4:26:b9:75:36:4b:a2:13:04:08:46:67:53:b4:78:
         d2:02:a2:e6:b3:e2:5c:cb:00:2d:64:fc:55:ba:6c:b6:62:ef:
         9c:b9:75:c0:0a:0c:71:f8:e2:ee:dc:02:e9:2b:5f:ea:f9:51:
         fb:1c:b9:f7:7a:c4:23:df:87:1f:3d:68:fe:4b:33:4a:42:ca:
         bb:32:aa:70:13:fb:38:b0:0d:d8:21:86:2c:3e:7c:58:08:53:
         65:2f:ea:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgRx5PKtgWTI7QZz+ZDdagEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNzE2MDU0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI1OTk0NTM5ZjNlOGIxNjI5N2VmZGIwZjg0NWMyMTA2NTQwMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6hHXjnmLwecNndvyl3GMZhas5GK
gKtFSDVa3PKK6ty5nQGZt4VF8CGlyhHn+xrYVy9/rSxX6BDgMeoYXytovoqI99iH
2pNfDmwbeEb/+Yql7D4uD0ClPRlDXcTSDNiE9Q3uRklq5y7pSP1340eNJ++sZWfs
/TX+2lV+XrSk/YgTv/olKnLcjwP/q6Q3AiVFYJCc83e9Us4J9NMpfKOKXjk7bfJ3
Wys7aoFdbmXstds6J7cH0XStJtoflFujpkRvZ4wo+lUK+wZFHCFd5FUiz3XBqrVG
ssyORzPuMAfe2rKHk2QYv+nQDcr0UukW5fEzNKOJvxvpPIJwy/O5ZLMgawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA21mUU58+ixYpfv2w+EXCEGVAAcMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvRGJXWlJUbno2TEZpbC1fYkQ0UmNJUVpVQUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsu+VAwQA
uXyvMA0GCSqGSIb3DQEBCwUAA4IBAQB4qcQeT/D0rmM58UrQ96wSGpdru4qWib9f
3zucIWHyipb/CqnyDm0Pyfk3ezY/RQvY3aqWmZvTI8fFnP3+SsiRKgHSnd6IYyET
Nb7pZ2h6K275uhANoNCAM8i4f/eapK6v/A+wiAonTbQXKXRSM4EAgfjRMgC5rUWA
4ug86wtC6dYSN95moDSaV6OSq2wIayDvuOM9uTTKURLPoclZcB5vw+p2AsXkJrl1
NkuiEwQIRmdTtHjSAqLms+JcywAtZPxVumy2Yu+cuXXACgxx+OLu3ALpK1/q+VH7
HLn3esQj34cfPWj+SzNKQsq7MqpwE/s4sA3YIYYsPnxYCFNlL+pg
-----END CERTIFICATE-----