Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/de76rG8nL4tZzOssRD1ykxkBwJQ.roa
File:                     de76rG8nL4tZzOssRD1ykxkBwJQ.roa (raw, json)
Hash identifier:          PZ6Gs/7Ric8QzvgdkQxDNgPGEbYADwXFDmxjygY8QME=
Subject key identifier:   75:EE:FA:AC:6F:27:2F:8B:59:CC:EB:2C:44:3D:72:93:19:01:C0:94
Certificate issuer:       /CN=c86406264e49cf6f89ca5d2c6af750b36e156564
Certificate serial:       01985016C04934387E4E9D38E48C43EB95C8
Authority key identifier: C8:64:06:26:4E:49:CF:6F:89:CA:5D:2C:6A:F7:50:B3:6E:15:65:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yGQGJk5Jz2-Jyl0savdQs24VZWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/de76rG8nL4tZzOssRD1ykxkBwJQ.roa
Signing time:             Mon 28 Jul 2025 08:12:04 +0000
ROA not before:           Mon 28 Jul 2025 08:12:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20929
IP address blocks:        194.50.174.0/24 maxlen: 24
                          2001:67c:f4c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/yGQGJk5Jz2-Jyl0savdQs24VZWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/yGQGJk5Jz2-Jyl0savdQs24VZWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yGQGJk5Jz2-Jyl0savdQs24VZWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Jul 2025 11:09:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:16:c0:49:34:38:7e:4e:9d:38:e4:8c:43:eb:95:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c86406264e49cf6f89ca5d2c6af750b36e156564
        Validity
            Not Before: Jul 28 08:12:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75eefaac6f272f8b59cceb2c443d72931901c094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:41:b9:b5:8e:b6:29:24:23:53:42:09:f4:84:
                    85:44:b8:02:ff:fe:9b:3d:11:c4:cf:9d:64:fe:af:
                    b8:8b:de:29:a1:3d:64:47:b4:53:cc:fb:ef:f0:32:
                    d4:15:14:28:93:58:a8:fb:e9:74:67:d6:f3:de:c7:
                    8c:a1:1b:93:8f:b1:ea:0e:6f:bd:f9:7c:42:64:58:
                    09:0f:1b:6f:d5:e1:25:88:25:22:4f:43:29:13:e6:
                    e4:53:8e:73:54:03:22:50:e5:a1:47:35:33:82:78:
                    43:3c:22:87:a8:74:13:4f:dc:00:22:8c:5e:fd:5f:
                    4f:66:3d:60:d4:74:64:2d:fc:28:cc:52:4d:14:b5:
                    d8:e2:fd:ae:53:57:09:66:d6:76:c6:c9:b4:0a:f4:
                    02:59:40:07:fa:8e:b5:e0:83:2d:37:9b:83:b7:16:
                    7e:02:bf:cd:10:95:1b:73:ee:06:a5:36:6f:21:e6:
                    a1:ba:24:f1:43:94:76:46:cb:65:b6:23:ee:32:9b:
                    92:7d:a7:6d:06:8d:dc:48:97:90:c4:20:c5:8e:b7:
                    1a:32:c9:7f:bc:9d:22:14:b7:10:45:3a:e9:35:42:
                    91:6b:ad:bd:b7:02:97:f9:75:49:ab:2b:f2:d6:57:
                    9a:7e:64:61:4e:31:fd:bd:22:c1:7e:22:23:59:d4:
                    5c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:EE:FA:AC:6F:27:2F:8B:59:CC:EB:2C:44:3D:72:93:19:01:C0:94
            X509v3 Authority Key Identifier:
                keyid:C8:64:06:26:4E:49:CF:6F:89:CA:5D:2C:6A:F7:50:B3:6E:15:65:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yGQGJk5Jz2-Jyl0savdQs24VZWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/de76rG8nL4tZzOssRD1ykxkBwJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/yGQGJk5Jz2-Jyl0savdQs24VZWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.174.0/24
                IPv6:
                  2001:67c:f4c::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:5c:92:51:dc:e2:17:07:38:9e:3a:1e:e8:69:01:0b:8d:75:
         6b:3a:6f:21:8d:07:ac:76:f0:ed:bd:53:ac:cb:53:87:85:f7:
         f6:7d:41:29:ef:d5:a3:0c:41:97:07:b9:2a:20:90:6f:ff:cb:
         74:98:d1:6c:a5:88:56:61:28:c5:c1:7b:95:74:40:45:f3:46:
         95:60:f5:13:88:2f:61:49:80:6e:68:0a:b9:c8:ae:fa:fa:05:
         e1:d3:3f:74:8c:37:ed:d2:27:c4:53:fa:04:48:b6:b7:d6:9c:
         67:22:d5:45:3f:48:d5:9c:b9:83:a2:22:14:c7:e2:60:10:a3:
         7b:9e:ef:33:8c:c8:0a:91:f6:ff:a5:56:5a:94:ee:79:9c:fc:
         c4:18:84:69:95:1f:72:94:73:1f:84:f5:3b:e8:1a:78:51:6e:
         c8:b5:61:e4:df:a4:d7:ad:19:4f:fe:32:6a:59:d9:36:38:05:
         fa:83:c8:14:99:00:a7:99:8a:f1:ed:ca:c0:d9:bd:08:f0:e0:
         2e:47:22:ab:ab:a2:6f:4c:ca:8f:12:81:be:86:ab:86:97:52:
         83:27:76:c4:34:5e:56:92:e4:85:08:52:b5:ac:fc:5b:0d:2c:
         9a:fb:6c:d4:fb:38:9d:0d:83:fa:d3:55:ac:a3:37:ce:84:71:
         f7:f4:38:67
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZhQFsBJNDh+Tp045IxD65XIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NjQwNjI2NGU0OWNmNmY4OWNhNWQyYzZhZjc1MGIzNmUx
NTY1NjQwHhcNMjUwNzI4MDgxMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWVlZmFhYzZmMjcyZjhiNTljY2ViMmM0NDNkNzI5MzE5MDFjMDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UG5tY62KSQjU0IJ9ISFRLgC//6b
PRHEz51k/q+4i94poT1kR7RTzPvv8DLUFRQok1io++l0Z9bz3seMoRuTj7HqDm+9
+XxCZFgJDxtv1eEliCUiT0MpE+bkU45zVAMiUOWhRzUzgnhDPCKHqHQTT9wAIoxe
/V9PZj1g1HRkLfwozFJNFLXY4v2uU1cJZtZ2xsm0CvQCWUAH+o614IMtN5uDtxZ+
Ar/NEJUbc+4GpTZvIeahuiTxQ5R2RstltiPuMpuSfadtBo3cSJeQxCDFjrcaMsl/
vJ0iFLcQRTrpNUKRa629twKX+XVJqyvy1leafmRhTjH9vSLBfiIjWdRclwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHXu+qxvJy+LWczrLEQ9cpMZAcCUMB8GA1UdIwQY
MBaAFMhkBiZOSc9vicpdLGr3ULNuFWVkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUdRR0prNUp6Mi1KeWwwc2F2ZFFzMjRWWldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC84NzRiM2ItNjdkZS00OWVmLThmYzEt
NjJkZDZlY2ZlNzI1LzEvZGU3NnJHOG5MNHRaek9zc1JEMXlreGtCd0pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC84NzRiM2ItNjdkZS00OWVmLThmYzEtNjJkZDZlY2ZlNzI1
LzEveUdRR0prNUp6Mi1KeWwwc2F2ZFFzMjRWWldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwjKuMA8E
AgACMAkDBwAgAQZ8D0wwDQYJKoZIhvcNAQELBQADggEBAEpcklHc4hcHOJ46Huhp
AQuNdWs6byGNB6x28O29U6zLU4eF9/Z9QSnv1aMMQZcHuSogkG//y3SY0WyliFZh
KMXBe5V0QEXzRpVg9ROIL2FJgG5oCrnIrvr6BeHTP3SMN+3SJ8RT+gRItrfWnGci
1UU/SNWcuYOiIhTH4mAQo3ue7zOMyAqR9v+lVlqU7nmc/MQYhGmVH3KUcx+E9Tvo
GnhRbsi1YeTfpNetGU/+MmpZ2TY4BfqDyBSZAKeZivHtysDZvQjw4C5HIqurom9M
yo8Sgb6Gq4aXUoMndsQ0XlaS5IUIUrWs/FsNLJr7bNT7OJ0Ng/rTVayjN86Ecff0
OGc=
-----END CERTIFICATE-----