Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/vIp0YDt7EtU03q1mdCUKKWhrqIM.roa
File:                     vIp0YDt7EtU03q1mdCUKKWhrqIM.roa (raw, json)
Hash identifier:          rr8bWQphKD9e3N2SQUwnTk+k6T5454GEBsy/SxB+o6c=
Subject key identifier:   BC:8A:74:60:3B:7B:12:D5:34:DE:AD:66:74:25:0A:29:68:6B:A8:83
Certificate issuer:       /CN=11e512976b91a2967ebce10ed4052ece12b14155
Certificate serial:       0198091E2B3BB64C66CDF1D40CEDF0B2F073
Authority key identifier: 11:E5:12:97:6B:91:A2:96:7E:BC:E1:0E:D4:05:2E:CE:12:B1:41:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EeUSl2uRopZ-vOEO1AUuzhKxQVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/vIp0YDt7EtU03q1mdCUKKWhrqIM.roa
Signing time:             Mon 14 Jul 2025 13:27:08 +0000
ROA not before:           Mon 14 Jul 2025 13:27:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        185.76.182.0/24 maxlen: 24
                          185.76.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/EeUSl2uRopZ-vOEO1AUuzhKxQVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/EeUSl2uRopZ-vOEO1AUuzhKxQVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EeUSl2uRopZ-vOEO1AUuzhKxQVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:1e:2b:3b:b6:4c:66:cd:f1:d4:0c:ed:f0:b2:f0:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11e512976b91a2967ebce10ed4052ece12b14155
        Validity
            Not Before: Jul 14 13:27:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc8a74603b7b12d534dead6674250a29686ba883
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:b8:32:94:f4:e7:fd:7c:df:0f:18:45:70:f0:
                    54:f7:a3:51:9f:d3:28:da:06:7a:1f:40:d7:fd:42:
                    f2:8e:0a:87:db:fe:16:7e:42:6f:86:cd:b1:7f:d2:
                    1e:06:a1:cc:0e:ec:ca:93:2f:0c:a8:88:e6:f0:32:
                    c6:83:d4:77:49:10:fa:47:ad:59:e8:e1:99:b6:ce:
                    59:ab:1d:8f:27:f7:d1:e7:6c:00:d8:78:3a:31:d6:
                    85:07:c4:86:81:43:9d:65:d0:58:18:6f:76:3b:aa:
                    c5:9f:a7:ec:f4:db:5c:ee:6a:5b:66:7f:f5:33:18:
                    0f:08:f5:3c:53:46:16:ef:2f:9b:c8:24:3c:d8:b7:
                    3e:f0:c4:60:cc:ea:79:f1:ac:81:d9:6e:96:11:62:
                    57:7e:38:ed:34:04:d1:19:fb:dd:8b:1c:6f:5b:42:
                    8d:17:1c:df:92:27:07:a5:78:3d:d5:1d:2a:62:66:
                    9f:2d:14:d7:ec:9b:20:a3:c1:a3:90:9e:73:a7:bc:
                    8a:23:dc:af:91:6b:62:1d:77:62:90:ac:f2:a6:af:
                    3c:53:53:27:4d:b9:ac:c8:ef:2b:0e:2b:5f:04:ed:
                    6d:ba:9a:c2:b1:0b:9a:49:ca:25:05:6f:39:d9:7e:
                    c5:c9:28:5f:da:3b:0b:c1:8e:fd:2a:c6:77:1b:a0:
                    60:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:8A:74:60:3B:7B:12:D5:34:DE:AD:66:74:25:0A:29:68:6B:A8:83
            X509v3 Authority Key Identifier:
                keyid:11:E5:12:97:6B:91:A2:96:7E:BC:E1:0E:D4:05:2E:CE:12:B1:41:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EeUSl2uRopZ-vOEO1AUuzhKxQVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/vIp0YDt7EtU03q1mdCUKKWhrqIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/EeUSl2uRopZ-vOEO1AUuzhKxQVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.76.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:10:1c:b9:6a:51:9c:3b:4c:48:ff:30:32:db:cf:fb:9d:77:
         ca:2a:08:53:58:1c:11:f1:03:02:68:16:57:e7:d1:26:a3:cc:
         dd:0d:73:ed:5e:10:72:a5:aa:47:e9:58:97:8b:70:64:c0:24:
         0d:4b:93:a9:5a:55:39:24:93:fe:70:ac:e1:a9:98:36:71:ea:
         d3:96:e5:0d:7f:7d:c0:f7:05:5c:dc:ad:f2:6d:e2:a2:f9:8c:
         56:5c:79:1b:3b:55:9d:1d:3f:03:af:2f:bb:3c:03:94:c6:9d:
         23:35:b2:c2:e0:f2:13:46:aa:6b:ea:e0:75:bb:61:c6:eb:bb:
         41:bd:e1:fa:76:ea:a0:c2:e6:d8:6a:24:cd:5d:8d:5a:0f:c5:
         64:09:2c:0a:a2:e8:23:dd:32:b3:8f:23:b3:f8:fc:22:57:f5:
         a2:10:a9:0b:ea:f1:8d:c1:70:6e:22:1b:71:21:57:65:52:1d:
         78:19:5a:7e:ab:ab:4e:39:1d:6c:4e:ae:0c:f0:8e:89:26:db:
         10:ab:05:55:db:c6:1d:90:e6:83:a3:a8:d1:40:42:ad:ae:22:
         e7:96:17:9a:3a:fc:d1:41:e2:43:c2:ed:15:91:9b:27:a9:3c:
         82:42:c0:a3:ed:01:1f:11:b0:e8:87:26:e8:09:dd:08:09:70:
         d5:45:db:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJHis7tkxmzfHUDO3wsvBzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZTUxMjk3NmI5MWEyOTY3ZWJjZTEwZWQ0MDUyZWNlMTJi
MTQxNTUwHhcNMjUwNzE0MTMyNzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzhhNzQ2MDNiN2IxMmQ1MzRkZWFkNjY3NDI1MGEyOTY4NmJhODgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4LgylPTn/XzfDxhFcPBU96NRn9Mo
2gZ6H0DX/ULyjgqH2/4WfkJvhs2xf9IeBqHMDuzKky8MqIjm8DLGg9R3SRD6R61Z
6OGZts5Zqx2PJ/fR52wA2Hg6MdaFB8SGgUOdZdBYGG92O6rFn6fs9Ntc7mpbZn/1
MxgPCPU8U0YW7y+byCQ82Lc+8MRgzOp58ayB2W6WEWJXfjjtNATRGfvdixxvW0KN
FxzfkicHpXg91R0qYmafLRTX7Jsgo8GjkJ5zp7yKI9yvkWtiHXdikKzypq88U1Mn
TbmsyO8rDitfBO1tuprCsQuaScolBW852X7FyShf2jsLwY79KsZ3G6BgXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyKdGA7exLVNN6tZnQlCiloa6iDMB8GA1UdIwQY
MBaAFBHlEpdrkaKWfrzhDtQFLs4SsUFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWVVU2wydVJvcFotdk9FTzFBVXV6aEt4UVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xN2EzYzAtZTk3YS00MzA2LWJjZTQt
N2ZmMzJiNmZmZDFlLzEvdklwMFlEdDdFdFUwM3ExbWRDVUtLV2hycUlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xN2EzYzAtZTk3YS00MzA2LWJjZTQtN2ZmMzJiNmZmZDFl
LzEvRWVVU2wydVJvcFotdk9FTzFBVXV6aEt4UVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUy2MA0G
CSqGSIb3DQEBCwUAA4IBAQB9EBy5alGcO0xI/zAy28/7nXfKKghTWBwR8QMCaBZX
59Emo8zdDXPtXhBypapH6ViXi3BkwCQNS5OpWlU5JJP+cKzhqZg2cerTluUNf33A
9wVc3K3ybeKi+YxWXHkbO1WdHT8Dry+7PAOUxp0jNbLC4PITRqpr6uB1u2HG67tB
veH6duqgwubYaiTNXY1aD8VkCSwKougj3TKzjyOz+PwiV/WiEKkL6vGNwXBuIhtx
IVdlUh14GVp+q6tOOR1sTq4M8I6JJtsQqwVV28YdkOaDo6jRQEKtriLnlheaOvzR
QeJDwu0VkZsnqTyCQsCj7QEfEbDohyboCd0ICXDVRdtG
-----END CERTIFICATE-----