Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/fJY20OuQ1IuJYeyVIHU1EBJ0rFM.roa
File:                     fJY20OuQ1IuJYeyVIHU1EBJ0rFM.roa (raw, json)
Hash identifier:          +X81MlM0oUdVo08v6gDJj1EWTtIWJ/ia51w5FCk6+3U=
Subject key identifier:   7C:96:36:D0:EB:90:D4:8B:89:61:EC:95:20:75:35:10:12:74:AC:53
Certificate issuer:       /CN=b5c7d81ec4c4055c673ff571ccad07c3a699105e
Certificate serial:       01980D4517EC6F3EEEFE0BEA47768D4E825D
Authority key identifier: B5:C7:D8:1E:C4:C4:05:5C:67:3F:F5:71:CC:AD:07:C3:A6:99:10:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/fJY20OuQ1IuJYeyVIHU1EBJ0rFM.roa
Signing time:             Tue 15 Jul 2025 08:48:08 +0000
ROA not before:           Tue 15 Jul 2025 08:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44477
IP address blocks:        194.88.150.0/24 maxlen: 24
                          194.88.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 20:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0d:45:17:ec:6f:3e:ee:fe:0b:ea:47:76:8d:4e:82:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5c7d81ec4c4055c673ff571ccad07c3a699105e
        Validity
            Not Before: Jul 15 08:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c9636d0eb90d48b8961ec95207535101274ac53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ed:65:d4:ee:eb:8f:f9:ca:77:a7:41:65:c9:
                    fd:f0:1a:65:02:09:81:3d:83:82:af:27:af:ad:63:
                    29:53:d4:b4:3c:6e:e7:0f:39:87:15:d8:80:ac:c3:
                    d5:5e:72:38:56:4d:fc:4d:04:1d:ea:28:80:e9:90:
                    ca:c0:16:09:43:b0:ae:21:f4:43:f2:22:2c:d2:0c:
                    4c:63:71:0b:ce:ec:c0:bb:90:44:f9:c5:06:c7:7d:
                    7f:77:86:2f:17:54:36:a1:46:1f:15:ea:d4:fd:d4:
                    47:c6:c5:77:42:79:67:8d:30:df:b5:ee:7a:8b:ee:
                    3c:cb:41:ac:b9:c9:d8:7f:21:6f:a7:bc:4c:92:29:
                    e6:2f:33:a7:c6:a9:1e:94:56:c3:2a:8e:cc:3a:fb:
                    dc:8e:dd:d3:42:fd:18:82:84:90:45:a4:72:f0:88:
                    62:f2:99:43:e3:0e:87:b7:21:9a:cb:f6:2d:bd:2b:
                    0a:b4:0b:3e:20:59:42:e0:ba:48:f2:be:4d:4b:f3:
                    c1:43:a4:87:1c:b1:ce:41:55:18:04:7c:ae:3f:b2:
                    14:43:88:1f:8e:f3:04:2b:89:8c:f3:ef:53:a3:eb:
                    50:01:1d:ca:cd:b3:3e:e2:7d:cf:ab:b0:1d:59:f0:
                    dd:79:2f:a4:48:9d:82:5f:6c:09:be:b4:a0:96:d8:
                    ab:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:96:36:D0:EB:90:D4:8B:89:61:EC:95:20:75:35:10:12:74:AC:53
            X509v3 Authority Key Identifier:
                keyid:B5:C7:D8:1E:C4:C4:05:5C:67:3F:F5:71:CC:AD:07:C3:A6:99:10:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/fJY20OuQ1IuJYeyVIHU1EBJ0rFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/672a2f-ac2b-4631-ab3d-c2bc1451f271/1/tcfYHsTEBVxnP_VxzK0Hw6aZEF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:c4:4a:60:53:18:64:f7:5f:a9:a3:b2:6d:40:f0:c6:e8:7e:
         88:bf:58:11:10:1d:2a:51:09:fa:b1:11:1b:d2:1e:0f:1f:38:
         ac:e3:ee:7f:f4:c5:19:e5:2b:89:ee:3f:f2:65:a8:89:38:4d:
         c3:3e:bc:13:18:61:35:b3:e1:8e:10:09:36:bc:d0:3d:d0:70:
         96:6e:f0:18:2b:ae:08:c2:97:6d:b1:3c:28:59:52:da:6d:53:
         34:cf:97:f6:17:25:22:4b:58:15:fc:67:ac:50:2b:c5:06:b8:
         d3:d1:af:17:80:6e:d6:43:62:50:9e:90:30:18:ab:8d:9e:83:
         c2:f3:0d:38:05:69:fa:1f:27:6d:aa:80:fd:40:55:51:1d:a0:
         8e:6f:46:95:2b:fb:e0:54:ba:8e:fc:6b:c9:63:bf:a2:a1:0f:
         d8:27:86:db:20:eb:ad:95:e1:73:a8:c3:77:37:dd:25:ec:f7:
         e2:dd:58:4d:31:4c:26:37:e8:54:b9:b8:85:a0:dc:e9:0f:9b:
         0f:01:f5:00:28:bb:16:9a:1c:47:bb:d4:c3:05:97:20:ec:c6:
         fc:7f:da:4b:b6:c7:d4:fa:df:eb:71:20:e3:f4:15:06:1e:c8:
         2d:c0:b9:87:87:b1:15:78:2e:36:d0:f4:0a:8d:3f:62:cf:ba:
         e4:63:cf:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgNRRfsbz7u/gvqR3aNToJdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YzdkODFlYzRjNDA1NWM2NzNmZjU3MWNjYWQwN2MzYTY5
OTEwNWUwHhcNMjUwNzE1MDg0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzk2MzZkMGViOTBkNDhiODk2MWVjOTUyMDc1MzUxMDEyNzRhYzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3O1l1O7rj/nKd6dBZcn98BplAgmB
PYOCryevrWMpU9S0PG7nDzmHFdiArMPVXnI4Vk38TQQd6iiA6ZDKwBYJQ7CuIfRD
8iIs0gxMY3ELzuzAu5BE+cUGx31/d4YvF1Q2oUYfFerU/dRHxsV3QnlnjTDfte56
i+48y0GsucnYfyFvp7xMkinmLzOnxqkelFbDKo7MOvvcjt3TQv0YgoSQRaRy8Ihi
8plD4w6HtyGay/YtvSsKtAs+IFlC4LpI8r5NS/PBQ6SHHLHOQVUYBHyuP7IUQ4gf
jvMEK4mM8+9To+tQAR3KzbM+4n3Pq7AdWfDdeS+kSJ2CX2wJvrSgltirfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyWNtDrkNSLiWHslSB1NRASdKxTMB8GA1UdIwQY
MBaAFLXH2B7ExAVcZz/1ccytB8OmmRBeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGNmWUhzVEVCVnhuUF9WeHpLMEh3NmFaRUY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi82NzJhMmYtYWMyYi00NjMxLWFiM2Qt
YzJiYzE0NTFmMjcxLzEvZkpZMjBPdVExSXVKWWV5VklIVTFFQkowckZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi82NzJhMmYtYWMyYi00NjMxLWFiM2QtYzJiYzE0NTFmMjcx
LzEvdGNmWUhzVEVCVnhuUF9WeHpLMEh3NmFaRUY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwliWMA0G
CSqGSIb3DQEBCwUAA4IBAQAFxEpgUxhk91+po7JtQPDG6H6Iv1gREB0qUQn6sREb
0h4PHzis4+5/9MUZ5SuJ7j/yZaiJOE3DPrwTGGE1s+GOEAk2vNA90HCWbvAYK64I
wpdtsTwoWVLabVM0z5f2FyUiS1gV/GesUCvFBrjT0a8XgG7WQ2JQnpAwGKuNnoPC
8w04BWn6HydtqoD9QFVRHaCOb0aVK/vgVLqO/GvJY7+ioQ/YJ4bbIOutleFzqMN3
N90l7Pfi3VhNMUwmN+hUubiFoNzpD5sPAfUAKLsWmhxHu9TDBZcg7Mb8f9pLtsfU
+t/rcSDj9BUGHsgtwLmHh7EVeC420PQKjT9iz7rkY8+G
-----END CERTIFICATE-----