Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/a3EraYk05VPEffLc6KjCZtg0uOM.roa
File:                     a3EraYk05VPEffLc6KjCZtg0uOM.roa (raw, json)
Hash identifier:          MkXr1kaZ6Jwr9qIlXjAkJ2Xml1hQyvkyv9rct4pH8co=
Subject key identifier:   6B:71:2B:69:89:34:E5:53:C4:7D:F2:DC:E8:A8:C2:66:D8:34:B8:E3
Certificate issuer:       /CN=b5c7d81ec4c4055c673ff571ccad07c3a699105e
Certificate serial:       01980AB852BF6D2971EB5FFCA197E392062E
Authority key identifier: B5:C7:D8:1E:C4:C4:05:5C:67:3F:F5:71:CC:AD:07:C3:A6:99:10:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/a3EraYk05VPEffLc6KjCZtg0uOM.roa
Signing time:             Mon 14 Jul 2025 20:55:08 +0000
ROA not before:           Mon 14 Jul 2025 20:55:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44559
IP address blocks:        194.88.150.0/24 maxlen: 24
                          194.88.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0a:b8:52:bf:6d:29:71:eb:5f:fc:a1:97:e3:92:06:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5c7d81ec4c4055c673ff571ccad07c3a699105e
        Validity
            Not Before: Jul 14 20:55:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b712b698934e553c47df2dce8a8c266d834b8e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:67:ab:8d:6a:57:2c:a1:f7:30:cc:da:ab:3c:
                    06:43:2f:ba:3f:48:f5:a7:04:ec:54:7c:1a:ff:46:
                    60:65:3f:ab:8e:10:fb:f5:c4:a6:bc:94:8a:a7:18:
                    31:be:b7:37:7f:44:39:20:e8:45:5c:ad:c0:0b:a9:
                    bb:f7:11:bd:31:73:d1:84:40:65:1b:d1:fe:21:0f:
                    30:44:e6:a0:88:ae:6e:c0:80:f1:61:9e:f6:42:ae:
                    3e:c5:a9:68:eb:4e:b7:32:b4:15:53:34:9b:f1:d7:
                    7c:d2:73:6e:e5:93:a4:fa:0f:ca:fb:5d:bf:81:ea:
                    fe:0a:6f:f8:c4:4e:ff:32:bc:37:e8:b8:cf:c4:80:
                    d1:ae:bc:45:d6:e9:dc:fc:68:28:04:d2:92:88:0f:
                    fe:75:f7:a3:0d:01:9b:76:0e:8f:71:eb:65:ec:f0:
                    29:c5:6f:30:d9:ff:ed:f9:02:3e:ae:ff:19:eb:8f:
                    35:f5:fa:d9:ea:26:85:35:5d:7a:c5:a4:96:98:ed:
                    45:fe:4b:f7:3e:55:30:ea:2c:1e:a9:d5:7c:c3:b7:
                    a2:39:71:d1:b1:a6:af:82:d3:9c:ad:f5:74:dc:f0:
                    69:2d:19:5c:3c:d7:b2:fd:37:9d:be:a9:6b:da:70:
                    25:e9:58:54:07:3a:09:72:11:cb:84:7b:af:d2:41:
                    e3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:71:2B:69:89:34:E5:53:C4:7D:F2:DC:E8:A8:C2:66:D8:34:B8:E3
            X509v3 Authority Key Identifier:
                keyid:B5:C7:D8:1E:C4:C4:05:5C:67:3F:F5:71:CC:AD:07:C3:A6:99:10:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/a3EraYk05VPEffLc6KjCZtg0uOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:1b:6d:5e:f7:36:9e:ef:80:b3:69:51:e5:33:7e:c7:75:72:
         93:c2:b9:24:e4:fd:ba:00:26:cd:9e:ef:c4:91:c8:95:d4:2e:
         e5:0f:87:d2:46:53:c3:4a:03:6d:f0:fe:4b:6f:35:dc:93:3f:
         f0:87:5a:fb:a2:e7:02:fb:0a:a2:9c:2a:2f:11:a4:d9:83:dd:
         f5:84:ba:dd:9d:ef:3a:e8:3c:94:2c:93:2d:67:42:63:a8:c8:
         90:25:4b:f3:9c:5a:5a:b9:91:cd:db:f6:2b:28:fd:f0:db:4a:
         12:9c:cb:fc:53:4f:90:9f:e4:68:cb:59:a3:f2:ad:06:c9:88:
         54:27:e2:6a:2b:5d:c8:40:44:a0:ae:76:ab:1c:67:dd:d3:12:
         d6:25:76:78:78:42:aa:88:b0:48:e1:e3:58:c7:81:96:28:c2:
         83:eb:52:47:f6:19:c7:d3:6e:8e:b7:c5:54:ed:c1:d6:f4:fa:
         c2:e8:00:15:ab:a8:3f:4a:c2:db:e7:a1:15:fd:e1:5b:39:65:
         2f:56:82:1b:93:3e:e0:3b:ed:da:5c:36:13:d1:3a:87:77:e9:
         10:7b:bd:88:5b:2d:04:e6:66:81:fe:a6:2b:f4:29:e9:f7:1f:
         cc:cc:d9:b1:72:68:e1:1f:d8:1d:2d:69:1f:ed:e9:5d:5c:f3:
         1e:02:16:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgKuFK/bSlx61/8oZfjkgYuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YzdkODFlYzRjNDA1NWM2NzNmZjU3MWNjYWQwN2MzYTY5
OTEwNWUwHhcNMjUwNzE0MjA1NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjcxMmI2OTg5MzRlNTUzYzQ3ZGYyZGNlOGE4YzI2NmQ4MzRiOGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGerjWpXLKH3MMzaqzwGQy+6P0j1
pwTsVHwa/0ZgZT+rjhD79cSmvJSKpxgxvrc3f0Q5IOhFXK3AC6m79xG9MXPRhEBl
G9H+IQ8wROagiK5uwIDxYZ72Qq4+xalo6063MrQVUzSb8dd80nNu5ZOk+g/K+12/
ger+Cm/4xE7/Mrw36LjPxIDRrrxF1unc/GgoBNKSiA/+dfejDQGbdg6Pcetl7PAp
xW8w2f/t+QI+rv8Z64819frZ6iaFNV16xaSWmO1F/kv3PlUw6iweqdV8w7eiOXHR
saavgtOcrfV03PBpLRlcPNey/Tedvqlr2nAl6VhUBzoJchHLhHuv0kHjjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGtxK2mJNOVTxH3y3OiowmbYNLjjMB8GA1UdIwQY
MBaAFLXH2B7ExAVcZz/1ccytB8OmmRBeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGNmWUhzVEVCVnhuUF9WeHpLMEh3NmFaRUY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi82NzJhMmYtYWMyYi00NjMxLWFiM2Qt
YzJiYzE0NTFmMjcxLzEvYTNFcmFZazA1VlBFZmZMYzZLakNadGcwdU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi82NzJhMmYtYWMyYi00NjMxLWFiM2QtYzJiYzE0NTFmMjcx
LzEvdGNmWUhzVEVCVnhuUF9WeHpLMEh3NmFaRUY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwliWMA0G
CSqGSIb3DQEBCwUAA4IBAQA3G21e9zae74CzaVHlM37HdXKTwrkk5P26ACbNnu/E
kciV1C7lD4fSRlPDSgNt8P5LbzXckz/wh1r7oucC+wqinCovEaTZg931hLrdne86
6DyULJMtZ0JjqMiQJUvznFpauZHN2/YrKP3w20oSnMv8U0+Qn+Roy1mj8q0GyYhU
J+JqK13IQESgrnarHGfd0xLWJXZ4eEKqiLBI4eNYx4GWKMKD61JH9hnH026Ot8VU
7cHW9PrC6AAVq6g/SsLb56EV/eFbOWUvVoIbkz7gO+3aXDYT0TqHd+kQe72IWy0E
5maB/qYr9Cnp9x/MzNmxcmjhH9gdLWkf7eldXPMeAhZD
-----END CERTIFICATE-----