Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/aLDoJgH4Nlxid6F2i52QQmHATOU.roa
File:                     aLDoJgH4Nlxid6F2i52QQmHATOU.roa (raw, json)
Hash identifier:          Upqlw/+QOVJ6e0/cJB4hrSuWN2UHeQkpcuVHfS+Mr/0=
Subject key identifier:   68:B0:E8:26:01:F8:36:5C:62:77:A1:76:8B:9D:90:42:61:C0:4C:E5
Certificate issuer:       /CN=07bca0482d605587eb0e0c851c38e807755f9017
Certificate serial:       0197C60FA1565BF847C492FD2C0697ADF210
Authority key identifier: 07:BC:A0:48:2D:60:55:87:EB:0E:0C:85:1C:38:E8:07:75:5F:90:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B7ygSC1gVYfrDgyFHDjoB3VfkBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/aLDoJgH4Nlxid6F2i52QQmHATOU.roa
Signing time:             Tue 01 Jul 2025 12:56:42 +0000
ROA not before:           Tue 01 Jul 2025 12:56:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213644
IP address blocks:        185.84.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/B7ygSC1gVYfrDgyFHDjoB3VfkBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/B7ygSC1gVYfrDgyFHDjoB3VfkBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B7ygSC1gVYfrDgyFHDjoB3VfkBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c6:0f:a1:56:5b:f8:47:c4:92:fd:2c:06:97:ad:f2:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07bca0482d605587eb0e0c851c38e807755f9017
        Validity
            Not Before: Jul  1 12:56:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68b0e82601f8365c6277a1768b9d904261c04ce5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:99:0f:2a:c4:09:d7:be:64:cf:d1:10:3d:a2:
                    5f:de:80:66:a8:b9:b2:f7:26:74:2d:ff:da:82:e2:
                    e0:46:be:0b:1e:c1:bd:94:6a:97:53:1b:20:e8:32:
                    ec:ca:6b:f9:38:67:43:dd:7d:7b:f6:aa:ff:72:c7:
                    0e:86:01:70:89:eb:a3:18:8b:76:4a:4f:32:fc:04:
                    87:f2:4d:4f:b8:6a:35:db:ba:24:60:bb:51:f3:69:
                    23:0f:8c:6e:88:9c:42:83:f0:89:b1:31:7c:cf:4e:
                    18:c6:a7:32:55:c5:d9:16:69:85:d9:47:f3:42:36:
                    f1:95:39:ce:6e:3d:c8:c0:34:47:db:12:6e:d0:50:
                    53:9e:8d:ed:14:03:b1:01:ce:0e:9a:2d:24:e2:0d:
                    92:ac:84:d4:f1:63:57:0b:26:09:7f:5a:65:d1:29:
                    a3:cf:b5:ae:94:82:f2:6c:a5:63:e0:f9:03:d8:fa:
                    c5:20:58:04:c7:d5:d6:2d:c7:83:e5:39:54:fe:15:
                    24:84:22:48:86:cd:41:5a:f9:a0:2b:8f:7c:39:29:
                    85:e0:4a:32:85:18:e5:0a:8d:1f:80:94:37:05:29:
                    ed:de:81:09:f6:11:f2:cb:e1:2c:35:33:29:d6:86:
                    0d:89:82:85:a8:2d:18:d4:9b:97:f1:16:03:be:f7:
                    6a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:B0:E8:26:01:F8:36:5C:62:77:A1:76:8B:9D:90:42:61:C0:4C:E5
            X509v3 Authority Key Identifier:
                keyid:07:BC:A0:48:2D:60:55:87:EB:0E:0C:85:1C:38:E8:07:75:5F:90:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B7ygSC1gVYfrDgyFHDjoB3VfkBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/aLDoJgH4Nlxid6F2i52QQmHATOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/B7ygSC1gVYfrDgyFHDjoB3VfkBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:fb:60:60:88:00:3f:fd:30:f4:4e:da:ce:2b:78:ac:45:14:
         51:03:09:39:61:af:10:de:ba:8f:1a:ba:61:47:50:e3:1a:e5:
         4f:f1:4a:9c:b5:d9:c3:d8:29:d4:5e:d1:dd:2c:a9:f4:ce:70:
         25:15:c9:84:1f:cf:d7:ac:97:fb:4d:ee:37:f4:a8:05:4e:c9:
         70:ed:3c:8c:a9:75:a4:9d:55:cc:7d:54:16:65:46:83:5e:40:
         b9:74:b5:1b:e4:0d:aa:0e:a2:f1:11:b8:30:7a:b9:5c:27:7d:
         4a:73:2f:97:93:8a:38:96:79:89:33:47:72:a2:48:28:73:77:
         d9:d7:08:31:dd:a6:76:f2:6f:6a:5c:67:1c:e4:56:da:22:f5:
         1b:7c:04:8e:dd:fd:96:99:39:f9:4f:cf:e0:8a:37:96:6b:9b:
         bb:03:c8:f1:c9:84:ec:4b:5f:8d:d6:e2:05:80:88:df:e1:35:
         b2:27:07:0a:be:5e:54:52:4a:68:c1:7d:d1:e5:c0:39:52:df:
         77:1f:b9:c6:3f:f9:da:3f:27:03:e0:33:9a:fa:47:a3:48:36:
         0a:4a:c2:05:83:50:b8:ef:89:a2:c9:ec:07:85:ec:2c:cf:c8:
         cb:7d:06:78:a0:76:ea:84:85:0c:f3:af:a7:bb:e3:be:cd:f2:
         00:3c:13:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfGD6FWW/hHxJL9LAaXrfIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YmNhMDQ4MmQ2MDU1ODdlYjBlMGM4NTFjMzhlODA3NzU1
ZjkwMTcwHhcNMjUwNzAxMTI1NjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGIwZTgyNjAxZjgzNjVjNjI3N2ExNzY4YjlkOTA0MjYxYzA0Y2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZkPKsQJ175kz9EQPaJf3oBmqLmy
9yZ0Lf/aguLgRr4LHsG9lGqXUxsg6DLsymv5OGdD3X179qr/cscOhgFwieujGIt2
Sk8y/ASH8k1PuGo127okYLtR82kjD4xuiJxCg/CJsTF8z04YxqcyVcXZFmmF2Ufz
QjbxlTnObj3IwDRH2xJu0FBTno3tFAOxAc4Omi0k4g2SrITU8WNXCyYJf1pl0Smj
z7WulILybKVj4PkD2PrFIFgEx9XWLceD5TlU/hUkhCJIhs1BWvmgK498OSmF4Eoy
hRjlCo0fgJQ3BSnt3oEJ9hHyy+EsNTMp1oYNiYKFqC0Y1JuX8RYDvvdqhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiw6CYB+DZcYnehdoudkEJhwEzlMB8GA1UdIwQY
MBaAFAe8oEgtYFWH6w4MhRw46Ad1X5AXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjd5Z1NDMWdWWWZyRGd5RkhEam9CM1Zma0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC83NjYzMTEtY2FhNC00Mzk5LThiMzUt
ZmM3OWFmMWY2ZmIzLzEvYUxEb0pnSDRObHhpZDZGMmk1MlFRbUhBVE9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC83NjYzMTEtY2FhNC00Mzk5LThiMzUtZmM3OWFmMWY2ZmIz
LzEvQjd5Z1NDMWdWWWZyRGd5RkhEam9CM1Zma0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVSdMA0G
CSqGSIb3DQEBCwUAA4IBAQBv+2BgiAA//TD0TtrOK3isRRRRAwk5Ya8Q3rqPGrph
R1DjGuVP8UqctdnD2CnUXtHdLKn0znAlFcmEH8/XrJf7Te439KgFTslw7TyMqXWk
nVXMfVQWZUaDXkC5dLUb5A2qDqLxEbgwerlcJ31Kcy+Xk4o4lnmJM0dyokgoc3fZ
1wgx3aZ28m9qXGcc5FbaIvUbfASO3f2WmTn5T8/gijeWa5u7A8jxyYTsS1+N1uIF
gIjf4TWyJwcKvl5UUkpowX3R5cA5Ut93H7nGP/naPycD4DOa+kejSDYKSsIFg1C4
74miyewHhewsz8jLfQZ4oHbqhIUM86+nu+O+zfIAPBMo
-----END CERTIFICATE-----