Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/5sCkK7bklit8UCUa80RZqIi-t9k.roa
File:                     5sCkK7bklit8UCUa80RZqIi-t9k.roa (raw, json)
Hash identifier:          x447DPcTaj4M634Ku+wuq5YFVtP2ChxFRDLcvpSmPLg=
Subject key identifier:   E6:C0:A4:2B:B6:E4:96:2B:7C:50:25:1A:F3:44:59:A8:88:BE:B7:D9
Certificate issuer:       /CN=177e11f5233e933999a2a0c68903fc275ae459e6
Certificate serial:       0197F5DFB63F2D82017E53A793CC36AEB7DB
Authority key identifier: 17:7E:11:F5:23:3E:93:39:99:A2:A0:C6:89:03:FC:27:5A:E4:59:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F34R9SM-kzmZoqDGiQP8J1rkWeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/5sCkK7bklit8UCUa80RZqIi-t9k.roa
Signing time:             Thu 10 Jul 2025 19:46:08 +0000
ROA not before:           Thu 10 Jul 2025 19:46:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34636
IP address blocks:        185.63.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/F34R9SM-kzmZoqDGiQP8J1rkWeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/F34R9SM-kzmZoqDGiQP8J1rkWeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F34R9SM-kzmZoqDGiQP8J1rkWeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f5:df:b6:3f:2d:82:01:7e:53:a7:93:cc:36:ae:b7:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=177e11f5233e933999a2a0c68903fc275ae459e6
        Validity
            Not Before: Jul 10 19:46:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6c0a42bb6e4962b7c50251af34459a888beb7d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a2:66:2e:b9:e2:04:98:f8:ec:eb:f8:ed:36:
                    50:49:b0:f3:cc:d3:ef:1d:58:cb:9e:9c:1b:ba:38:
                    ea:ff:e4:50:ce:47:04:18:56:57:f5:88:c8:86:92:
                    46:cb:a0:79:4e:77:25:34:69:58:78:32:ac:af:3e:
                    5e:c4:06:09:25:c7:b8:99:6f:a1:fc:0a:3d:fc:d5:
                    f6:ae:e7:c7:2c:5a:34:cb:e3:8e:d8:56:fc:00:b6:
                    eb:85:b0:d6:44:d8:d6:86:63:de:f5:c4:e3:aa:74:
                    c7:4a:5c:27:61:47:73:de:a2:22:ad:25:2f:48:a8:
                    ee:a3:d3:ec:ed:29:ff:15:34:4c:40:46:1b:e2:7a:
                    96:d7:d2:09:83:70:bf:4e:45:55:ec:27:a6:53:d9:
                    a2:62:3d:6e:3f:60:01:ce:a1:cb:c6:db:e6:b9:46:
                    3a:48:3e:0a:82:4b:36:ce:1d:16:df:19:cf:95:c6:
                    69:73:5e:11:8b:0e:4a:d9:f8:ee:54:4f:a1:85:1f:
                    51:a7:e0:82:1f:61:c2:ec:3f:1f:9f:07:41:a1:9a:
                    52:14:5c:1b:ce:de:0a:19:98:7d:23:b5:00:cf:0c:
                    12:a5:00:57:16:89:67:ab:c5:f5:44:72:9e:dc:87:
                    f7:50:5f:c9:7d:84:61:35:bf:ad:89:37:db:4b:ea:
                    23:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:C0:A4:2B:B6:E4:96:2B:7C:50:25:1A:F3:44:59:A8:88:BE:B7:D9
            X509v3 Authority Key Identifier:
                keyid:17:7E:11:F5:23:3E:93:39:99:A2:A0:C6:89:03:FC:27:5A:E4:59:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F34R9SM-kzmZoqDGiQP8J1rkWeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/5sCkK7bklit8UCUa80RZqIi-t9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/F34R9SM-kzmZoqDGiQP8J1rkWeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:fd:ec:00:8f:40:a1:d9:d5:bf:d5:e8:cb:16:0c:87:b5:35:
         50:fd:8f:4c:5a:29:e8:1b:a0:c6:07:cb:b4:9e:66:97:be:17:
         fa:d3:e5:b2:d6:d8:aa:54:98:40:93:d0:49:69:4b:a1:c7:b6:
         13:ee:2b:bd:9f:76:d6:73:2a:48:cc:53:a8:e5:dd:c8:b7:ac:
         e0:f8:de:65:35:d4:7b:64:11:7c:64:24:33:c0:6f:0a:7f:42:
         10:4c:42:11:1d:34:1a:cf:2b:00:76:44:70:c6:d9:a8:41:b9:
         d8:64:13:72:da:52:12:f7:82:62:88:38:f7:79:66:83:f9:ff:
         98:fc:1e:89:87:d8:9d:58:26:07:6e:00:79:31:c5:35:79:30:
         71:6b:ae:fd:d3:0f:6e:45:df:89:89:37:57:72:9c:cd:1b:4b:
         e6:26:37:7c:8c:79:29:ce:c9:b0:9e:36:46:9e:dc:f2:9c:d7:
         93:64:e5:cf:01:f9:31:3f:44:6e:d0:c1:ef:f2:f8:c3:bc:2d:
         36:61:8f:79:12:e8:71:53:52:05:52:78:65:bc:dd:8e:78:70:
         e6:e4:39:2d:d5:48:13:79:6f:58:e4:32:f5:3e:f3:92:cd:66:
         a0:9a:cc:08:4a:7d:95:bb:5f:4e:26:bb:81:f3:1f:a8:c0:a4:
         0b:07:dd:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf137Y/LYIBflOnk8w2rrfbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3N2UxMWY1MjMzZTkzMzk5OWEyYTBjNjg5MDNmYzI3NWFl
NDU5ZTYwHhcNMjUwNzEwMTk0NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmMwYTQyYmI2ZTQ5NjJiN2M1MDI1MWFmMzQ0NTlhODg4YmViN2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqJmLrniBJj47Ov47TZQSbDzzNPv
HVjLnpwbujjq/+RQzkcEGFZX9YjIhpJGy6B5TnclNGlYeDKsrz5exAYJJce4mW+h
/Ao9/NX2rufHLFo0y+OO2Fb8ALbrhbDWRNjWhmPe9cTjqnTHSlwnYUdz3qIirSUv
SKjuo9Ps7Sn/FTRMQEYb4nqW19IJg3C/TkVV7CemU9miYj1uP2ABzqHLxtvmuUY6
SD4Kgks2zh0W3xnPlcZpc14Riw5K2fjuVE+hhR9Rp+CCH2HC7D8fnwdBoZpSFFwb
zt4KGZh9I7UAzwwSpQBXFolnq8X1RHKe3If3UF/JfYRhNb+tiTfbS+oj2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObApCu25JYrfFAlGvNEWaiIvrfZMB8GA1UdIwQY
MBaAFBd+EfUjPpM5maKgxokD/Cda5FnmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjM0UjlTTS1rem1ab3FER2lRUDhKMXJrV2VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xMTlkY2QtODRlMS00OGQ1LWEyODAt
YWEwOWQ2ZTFmZmVlLzEvNXNDa0s3YmtsaXQ4VUNVYTgwUlpxSWktdDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xMTlkY2QtODRlMS00OGQ1LWEyODAtYWEwOWQ2ZTFmZmVl
LzEvRjM0UjlTTS1rem1ab3FER2lRUDhKMXJrV2VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT9xMA0G
CSqGSIb3DQEBCwUAA4IBAQDa/ewAj0Ch2dW/1ejLFgyHtTVQ/Y9MWinoG6DGB8u0
nmaXvhf60+Wy1tiqVJhAk9BJaUuhx7YT7iu9n3bWcypIzFOo5d3It6zg+N5lNdR7
ZBF8ZCQzwG8Kf0IQTEIRHTQazysAdkRwxtmoQbnYZBNy2lIS94JiiDj3eWaD+f+Y
/B6Jh9idWCYHbgB5McU1eTBxa6790w9uRd+JiTdXcpzNG0vmJjd8jHkpzsmwnjZG
ntzynNeTZOXPAfkxP0Ru0MHv8vjDvC02YY95EuhxU1IFUnhlvN2OeHDm5Dkt1UgT
eW9Y5DL1PvOSzWagmswISn2Vu19OJruB8x+owKQLB939
-----END CERTIFICATE-----