Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/831c79-a88d-41e6-b0a7-1210094a48a3/1/pZiY96ECGZ3enErASsqWJWksnRo.roa
File:                     pZiY96ECGZ3enErASsqWJWksnRo.roa (raw, json)
Hash identifier:          MEeiZ1S6byAdXpmL3x1KNRz/NrRtbh43pA6SZ1saEAo=
Subject key identifier:   A5:98:98:F7:A1:02:19:9D:DE:9C:4A:C0:4A:CA:96:25:69:2C:9D:1A
Certificate issuer:       /CN=265649691591e552a14889439cff70de56c08da9
Certificate serial:       0197F9A2D8D3FB73994098FAB4D6F2FE8E8D
Authority key identifier: 26:56:49:69:15:91:E5:52:A1:48:89:43:9C:FF:70:DE:56:C0:8D:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JlZJaRWR5VKhSIlDnP9w3lbAjak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/831c79-a88d-41e6-b0a7-1210094a48a3/1/pZiY96ECGZ3enErASsqWJWksnRo.roa
Signing time:             Fri 11 Jul 2025 13:18:08 +0000
ROA not before:           Fri 11 Jul 2025 13:18:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41755
IP address blocks:        130.43.162.0/24 maxlen: 24
                          2a06:4e00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/831c79-a88d-41e6-b0a7-1210094a48a3/1/JlZJaRWR5VKhSIlDnP9w3lbAjak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/831c79-a88d-41e6-b0a7-1210094a48a3/1/JlZJaRWR5VKhSIlDnP9w3lbAjak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JlZJaRWR5VKhSIlDnP9w3lbAjak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:a2:d8:d3:fb:73:99:40:98:fa:b4:d6:f2:fe:8e:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=265649691591e552a14889439cff70de56c08da9
        Validity
            Not Before: Jul 11 13:18:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a59898f7a102199dde9c4ac04aca9625692c9d1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e1:39:d1:40:54:9d:5c:ec:c1:7b:db:87:c5:
                    71:59:b3:2c:12:3c:4e:a8:89:10:71:86:a0:03:be:
                    a2:e2:e1:2d:83:17:f7:b8:e4:d8:4c:f5:8e:fc:f1:
                    b4:ac:6e:62:4b:cb:94:9a:55:78:e4:86:43:27:e8:
                    d0:08:a0:dc:23:39:f7:28:e9:c8:a6:cc:9a:6d:85:
                    be:34:b5:72:36:58:9f:cf:73:8f:81:b6:92:ec:34:
                    d4:8d:23:31:96:16:fd:cd:fa:69:ce:e3:18:87:c2:
                    4d:1a:31:4c:e8:6e:c3:3b:7e:64:e8:cc:df:72:92:
                    72:c1:da:37:88:62:25:0a:93:ed:11:2e:5e:ee:8e:
                    5a:34:15:a7:ff:97:07:4b:2a:1b:c3:24:55:0b:ed:
                    ab:b0:b6:cb:97:1a:2f:07:d9:78:b1:5c:09:56:bd:
                    09:c8:27:84:f3:97:9e:9d:81:20:7c:2d:62:8f:b6:
                    d4:2e:29:c6:24:d1:0c:de:77:c1:2f:ea:c8:a9:b8:
                    f2:b9:83:f2:45:36:fa:c4:fa:7c:51:7b:db:0b:7b:
                    20:a5:06:d5:1e:f5:ad:70:00:14:18:a9:6c:18:e0:
                    dd:d5:14:2e:20:6a:09:4e:2e:02:93:79:fd:3a:c3:
                    ee:d1:93:1a:c2:3f:e6:e6:0f:5e:2d:37:32:8c:c8:
                    31:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:98:98:F7:A1:02:19:9D:DE:9C:4A:C0:4A:CA:96:25:69:2C:9D:1A
            X509v3 Authority Key Identifier:
                keyid:26:56:49:69:15:91:E5:52:A1:48:89:43:9C:FF:70:DE:56:C0:8D:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JlZJaRWR5VKhSIlDnP9w3lbAjak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/831c79-a88d-41e6-b0a7-1210094a48a3/1/pZiY96ECGZ3enErASsqWJWksnRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/831c79-a88d-41e6-b0a7-1210094a48a3/1/JlZJaRWR5VKhSIlDnP9w3lbAjak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.43.162.0/24
                IPv6:
                  2a06:4e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:38:b2:5d:eb:7e:66:e3:20:da:c0:43:65:62:44:78:77:51:
         91:c3:ee:a1:02:7a:b1:fb:9b:44:cb:4b:01:f4:c9:b2:1b:6b:
         ad:6e:ad:32:dd:8a:8c:53:7b:a8:01:ce:7d:1f:67:bb:e9:b7:
         f5:96:4a:1a:c0:9a:17:91:96:7b:11:d9:da:51:d4:f5:38:80:
         c2:b3:b8:74:a1:5a:10:73:28:2a:2c:e8:c6:cb:ca:a8:34:65:
         fe:f5:9b:8f:73:e6:32:39:1c:54:d1:cb:83:3c:0c:6b:3e:13:
         c4:73:fb:df:2b:99:75:a0:80:f2:16:69:2c:05:c0:04:9e:59:
         78:80:4b:ac:8e:e4:01:67:a4:c4:81:83:ef:7d:99:18:0d:6f:
         40:55:d2:8f:c8:1d:96:0b:7d:da:7a:9a:34:73:a0:b1:b2:79:
         d4:bb:e8:7e:70:f3:99:dc:e3:be:21:c8:81:39:9f:a3:34:ef:
         49:6c:26:b4:9b:57:21:d8:a3:eb:59:da:b5:ec:2d:87:3c:b5:
         0f:5b:07:8a:8e:f6:f3:32:66:c2:cf:0a:a5:98:91:2b:7d:99:
         32:da:20:d6:61:a7:fe:ed:56:43:5d:37:b8:68:74:e2:5e:74:
         6d:15:eb:f6:87:d6:b8:9c:d9:60:1e:2a:20:d1:e7:07:36:6a:
         e4:2d:d3:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZf5otjT+3OZQJj6tNby/o6NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NTY0OTY5MTU5MWU1NTJhMTQ4ODk0MzljZmY3MGRlNTZj
MDhkYTkwHhcNMjUwNzExMTMxODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTk4OThmN2ExMDIxOTlkZGU5YzRhYzA0YWNhOTYyNTY5MmM5ZDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouE50UBUnVzswXvbh8VxWbMsEjxO
qIkQcYagA76i4uEtgxf3uOTYTPWO/PG0rG5iS8uUmlV45IZDJ+jQCKDcIzn3KOnI
psyabYW+NLVyNlifz3OPgbaS7DTUjSMxlhb9zfppzuMYh8JNGjFM6G7DO35k6Mzf
cpJywdo3iGIlCpPtES5e7o5aNBWn/5cHSyobwyRVC+2rsLbLlxovB9l4sVwJVr0J
yCeE85eenYEgfC1ij7bULinGJNEM3nfBL+rIqbjyuYPyRTb6xPp8UXvbC3sgpQbV
HvWtcAAUGKlsGODd1RQuIGoJTi4Ck3n9OsPu0ZMawj/m5g9eLTcyjMgxhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKWYmPehAhmd3pxKwErKliVpLJ0aMB8GA1UdIwQY
MBaAFCZWSWkVkeVSoUiJQ5z/cN5WwI2pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmxaSmFSV1I1VktoU0lsRG5QOXczbGJBamFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS84MzFjNzktYTg4ZC00MWU2LWIwYTct
MTIxMDA5NGE0OGEzLzEvcFppWTk2RUNHWjNlbkVyQVNzcVdKV2tzblJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS84MzFjNzktYTg4ZC00MWU2LWIwYTctMTIxMDA5NGE0OGEz
LzEvSmxaSmFSV1I1VktoU0lsRG5QOXczbGJBamFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAgiuiMA0E
AgACMAcDBQMqBk4AMA0GCSqGSIb3DQEBCwUAA4IBAQBROLJd635m4yDawENlYkR4
d1GRw+6hAnqx+5tEy0sB9MmyG2utbq0y3YqMU3uoAc59H2e76bf1lkoawJoXkZZ7
EdnaUdT1OIDCs7h0oVoQcygqLOjGy8qoNGX+9ZuPc+YyORxU0cuDPAxrPhPEc/vf
K5l1oIDyFmksBcAEnll4gEusjuQBZ6TEgYPvfZkYDW9AVdKPyB2WC33aepo0c6Cx
snnUu+h+cPOZ3OO+IciBOZ+jNO9JbCa0m1ch2KPrWdq17C2HPLUPWweKjvbzMmbC
zwqlmJErfZky2iDWYaf+7VZDXTe4aHTiXnRtFev2h9a4nNlgHiog0ecHNmrkLdM5
-----END CERTIFICATE-----