Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/k3nz4zVDnUi6AYeJJc8B5EL8uIQ.roa
File:                     k3nz4zVDnUi6AYeJJc8B5EL8uIQ.roa (raw, json)
Hash identifier:          KpAbMgMDHdAyfnvJyW/aRDyPdMpZx9EbM+CrASXLP+A=
Subject key identifier:   93:79:F3:E3:35:43:9D:48:BA:01:87:89:25:CF:01:E4:42:FC:B8:84
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       0197FEAEAC663F4EAC63A13A7FFC96989BEC
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/k3nz4zVDnUi6AYeJJc8B5EL8uIQ.roa
Signing time:             Sat 12 Jul 2025 12:49:09 +0000
ROA not before:           Sat 12 Jul 2025 12:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198584
IP address blocks:        87.248.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fe:ae:ac:66:3f:4e:ac:63:a1:3a:7f:fc:96:98:9b:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Jul 12 12:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9379f3e335439d48ba01878925cf01e442fcb884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:86:ce:58:06:f2:8f:3f:ad:cd:ec:3e:3d:98:
                    c7:e6:d3:83:72:b1:0c:dd:4a:78:0f:d8:75:a8:23:
                    20:7b:ce:60:4a:62:3f:e9:d8:a0:17:73:3a:69:71:
                    9a:93:9a:b5:2f:5c:a1:26:46:71:03:eb:a6:c0:6b:
                    1f:3a:46:4b:7e:bc:cf:d0:6f:55:eb:28:e5:79:a4:
                    5a:a8:80:a2:31:45:1d:51:28:84:fa:83:49:fb:7d:
                    2c:1a:02:6d:99:b2:d9:f6:4a:5d:a6:0f:a5:6a:3d:
                    ce:bf:e3:f4:22:bc:53:71:97:67:6a:f9:d5:c0:9b:
                    63:b6:0d:33:b2:69:e9:bb:6e:71:8b:97:5f:d7:6d:
                    b6:93:8c:30:45:06:56:fd:fd:e5:2e:cc:5d:f4:7f:
                    f4:d6:af:a1:47:37:c2:a4:04:f2:85:6b:a8:69:67:
                    95:63:0e:6e:df:c2:50:a6:6c:0f:18:32:29:17:23:
                    65:22:50:de:65:a8:c6:b3:0e:22:84:91:88:9c:45:
                    6f:ba:d5:9d:13:93:ae:bc:8f:8c:77:8f:20:11:82:
                    1d:ee:57:a4:90:e9:11:08:9c:e5:bb:1d:cb:a9:ab:
                    b7:8c:0d:dc:bf:97:4f:32:e8:12:9d:54:5b:91:54:
                    33:f8:16:dd:45:89:04:23:49:a2:09:17:be:67:40:
                    48:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:79:F3:E3:35:43:9D:48:BA:01:87:89:25:CF:01:E4:42:FC:B8:84
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/k3nz4zVDnUi6AYeJJc8B5EL8uIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:e9:98:24:cd:4c:1d:64:1f:be:44:2d:4f:a5:ce:59:53:0d:
         75:13:e4:11:c7:72:88:e1:39:f1:1f:64:be:2f:70:4e:98:0a:
         4b:07:27:52:55:ac:dc:94:86:d3:af:a7:58:cb:b0:50:35:71:
         ce:83:e5:bc:b0:40:f4:69:77:05:81:01:82:d6:20:4c:26:5d:
         5a:84:1a:92:47:c9:cf:a8:84:45:4e:95:58:5f:8d:6d:1a:ab:
         93:af:42:48:a0:7d:4f:68:cf:b0:cd:75:41:21:fb:33:8e:ae:
         07:40:e6:b7:8a:c0:8b:1f:23:ad:a9:73:6d:a0:71:a7:90:e8:
         6f:a4:30:c3:ba:0b:fa:7e:9d:4c:a6:3e:ed:d0:c9:c3:92:32:
         c5:be:78:af:0f:f5:1b:71:42:80:ce:65:19:37:d1:18:01:0a:
         bb:18:fb:f1:38:2a:92:44:28:1e:ba:a7:f5:12:d8:a1:18:c0:
         cc:d1:55:7b:5e:06:24:88:c0:5e:01:28:f2:ca:9e:39:d1:cf:
         41:4d:c5:ca:ff:b3:75:94:7b:c1:14:5f:30:ed:ea:1f:cd:d3:
         83:f8:a0:c2:6a:2d:0b:2f:fe:4d:bc:9d:09:f0:80:3c:64:b8:
         ab:b3:6b:1f:1c:c9:09:47:6e:64:65:d5:52:db:4e:28:ea:ab:
         6a:bd:34:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf+rqxmP06sY6E6f/yWmJvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjUwNzEyMTI0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzc5ZjNlMzM1NDM5ZDQ4YmEwMTg3ODkyNWNmMDFlNDQyZmNiODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IbOWAbyjz+tzew+PZjH5tODcrEM
3Up4D9h1qCMge85gSmI/6digF3M6aXGak5q1L1yhJkZxA+umwGsfOkZLfrzP0G9V
6yjleaRaqICiMUUdUSiE+oNJ+30sGgJtmbLZ9kpdpg+laj3Ov+P0IrxTcZdnavnV
wJtjtg0zsmnpu25xi5df1222k4wwRQZW/f3lLsxd9H/01q+hRzfCpATyhWuoaWeV
Yw5u38JQpmwPGDIpFyNlIlDeZajGsw4ihJGInEVvutWdE5OuvI+Md48gEYId7lek
kOkRCJzlux3Lqau3jA3cv5dPMugSnVRbkVQz+BbdRYkEI0miCRe+Z0BIgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJN58+M1Q51IugGHiSXPAeRC/LiEMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvazNuejR6VkRuVWk2QVllSkpjOEI1RUw4dUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iEMA0G
CSqGSIb3DQEBCwUAA4IBAQBm6ZgkzUwdZB++RC1Ppc5ZUw11E+QRx3KI4TnxH2S+
L3BOmApLBydSVazclIbTr6dYy7BQNXHOg+W8sED0aXcFgQGC1iBMJl1ahBqSR8nP
qIRFTpVYX41tGquTr0JIoH1PaM+wzXVBIfszjq4HQOa3isCLHyOtqXNtoHGnkOhv
pDDDugv6fp1Mpj7t0MnDkjLFvnivD/UbcUKAzmUZN9EYAQq7GPvxOCqSRCgeuqf1
EtihGMDM0VV7XgYkiMBeASjyyp450c9BTcXK/7N1lHvBFF8w7eofzdOD+KDCai0L
L/5NvJ0J8IA8ZLirs2sfHMkJR25kZdVS204o6qtqvTSC
-----END CERTIFICATE-----