Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/z1lDJAYiSGQWP0hQT2qsq0NQckw.roa
File:                     z1lDJAYiSGQWP0hQT2qsq0NQckw.roa (raw, json)
Hash identifier:          +w84SriAFLfwafgawze6gO/oCWYDdlLPo2xuwocy9KU=
Subject key identifier:   CF:59:43:24:06:22:48:64:16:3F:48:50:4F:6A:AC:AB:43:50:72:4C
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       0197FEAF9707A8F48165129CB0D36F5A650F
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/z1lDJAYiSGQWP0hQT2qsq0NQckw.roa
Signing time:             Sat 12 Jul 2025 12:50:09 +0000
ROA not before:           Sat 12 Jul 2025 12:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400040
IP address blocks:        87.248.135.0/24 maxlen: 24
                          87.248.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 04:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fe:af:97:07:a8:f4:81:65:12:9c:b0:d3:6f:5a:65:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Jul 12 12:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf59432406224864163f48504f6aacab4350724c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:22:ed:ed:fe:6f:7c:29:26:c1:a4:e3:cd:30:
                    4d:91:c2:33:74:54:23:10:2b:99:b2:7d:f5:bb:ce:
                    4c:43:a9:b2:03:58:8a:76:bc:86:ee:f3:4e:1f:cc:
                    3f:6d:7b:18:b5:e9:5c:ce:ce:70:ff:68:82:28:ad:
                    a7:08:00:13:c5:49:69:c6:83:b6:c2:f0:97:0b:c3:
                    4a:19:64:c8:af:82:5f:cc:14:24:f4:74:ca:27:a6:
                    2c:92:a1:bf:8a:a4:62:c9:59:68:33:2a:b4:6e:88:
                    7f:bf:6d:42:f6:18:3d:11:9f:8e:27:53:77:7a:52:
                    30:a3:90:27:d3:a6:99:d8:2d:d8:24:af:43:88:b1:
                    1b:5e:4f:21:04:65:41:c7:d1:4f:44:22:3b:55:d2:
                    5c:3c:f5:dd:1a:6e:4f:c4:d3:69:b8:b4:e4:b9:62:
                    80:55:d8:18:bf:63:f0:2b:a3:3f:4d:5c:71:81:16:
                    73:9d:e9:80:b2:19:6a:61:45:58:b9:91:03:f1:66:
                    93:b2:d0:2f:95:95:76:99:55:56:b8:55:fb:4f:13:
                    2c:7a:d5:cc:da:99:ba:81:0a:bb:ed:e5:0a:88:e6:
                    f2:90:47:4e:6c:13:69:f6:98:31:f0:37:4e:42:8c:
                    8b:76:4d:2c:e2:de:ae:d6:0a:b1:d6:1e:95:11:94:
                    da:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:59:43:24:06:22:48:64:16:3F:48:50:4F:6A:AC:AB:43:50:72:4C
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/z1lDJAYiSGQWP0hQT2qsq0NQckw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.135.0/24
                  87.248.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c6:06:f4:e0:1e:a6:31:6a:37:58:e8:48:ca:fa:3e:4d:bd:
         37:d0:b4:d9:00:4d:55:64:b3:a0:9a:7c:2e:92:3b:80:f1:50:
         8c:41:44:02:c0:b7:7b:f0:ff:12:c8:7e:71:06:c6:c4:92:22:
         ec:e3:13:de:69:bc:f1:df:8d:d6:b0:25:eb:cd:b6:74:31:95:
         95:99:45:78:34:2b:20:9b:77:ef:b7:9c:f9:0d:64:aa:3e:9b:
         44:29:8d:dd:99:de:01:d9:f4:a8:ab:eb:99:cc:17:77:06:94:
         3d:97:bf:c4:98:9c:5c:37:f5:2c:91:82:fd:95:55:8f:8b:ee:
         60:f3:b5:25:f9:15:c3:b7:c8:d6:1a:de:e9:d0:39:4c:2b:3f:
         56:e9:f0:03:c8:f8:17:85:96:3c:31:ad:82:8c:d8:16:86:86:
         0e:3d:b6:1c:cf:89:bc:ae:77:26:22:3b:78:ec:78:2f:30:52:
         b3:4e:75:e3:fc:b5:b4:ee:b7:e6:ed:85:08:83:ae:64:ee:1d:
         31:43:d6:81:40:4e:d3:b8:bb:a9:48:5b:06:6f:c6:2e:fb:ef:
         e8:f7:56:e1:45:c4:5b:34:26:cf:83:56:72:96:1d:2d:9d:54:
         be:c0:98:25:2c:85:7c:a6:94:1d:55:df:46:ef:e1:e0:5d:6f:
         29:1b:d5:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZf+r5cHqPSBZRKcsNNvWmUPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjUwNzEyMTI1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjU5NDMyNDA2MjI0ODY0MTYzZjQ4NTA0ZjZhYWNhYjQzNTA3MjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyLt7f5vfCkmwaTjzTBNkcIzdFQj
ECuZsn31u85MQ6myA1iKdryG7vNOH8w/bXsYtelczs5w/2iCKK2nCAATxUlpxoO2
wvCXC8NKGWTIr4JfzBQk9HTKJ6YskqG/iqRiyVloMyq0boh/v21C9hg9EZ+OJ1N3
elIwo5An06aZ2C3YJK9DiLEbXk8hBGVBx9FPRCI7VdJcPPXdGm5PxNNpuLTkuWKA
VdgYv2PwK6M/TVxxgRZznemAshlqYUVYuZED8WaTstAvlZV2mVVWuFX7TxMsetXM
2pm6gQq77eUKiObykEdObBNp9pgx8DdOQoyLdk0s4t6u1gqx1h6VEZTauQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM9ZQyQGIkhkFj9IUE9qrKtDUHJMMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvejFsREpBWWlTR1FXUDBoUVQycXNxME5RY2t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/iHAwQA
V/iQMA0GCSqGSIb3DQEBCwUAA4IBAQAfxgb04B6mMWo3WOhIyvo+Tb030LTZAE1V
ZLOgmnwukjuA8VCMQUQCwLd78P8SyH5xBsbEkiLs4xPeabzx343WsCXrzbZ0MZWV
mUV4NCsgm3fvt5z5DWSqPptEKY3dmd4B2fSoq+uZzBd3BpQ9l7/EmJxcN/UskYL9
lVWPi+5g87Ul+RXDt8jWGt7p0DlMKz9W6fADyPgXhZY8Ma2CjNgWhoYOPbYcz4m8
rncmIjt47HgvMFKzTnXj/LW07rfm7YUIg65k7h0xQ9aBQE7TuLupSFsGb8Yu++/o
91bhRcRbNCbPg1Zylh0tnVS+wJglLIV8ppQdVd9G7+HgXW8pG9Uy
-----END CERTIFICATE-----