Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/fPNzH31qX0DZ8V4rij7Xo2sRGO8.roa
File:                     fPNzH31qX0DZ8V4rij7Xo2sRGO8.roa (raw, json)
Hash identifier:          fPCz6t8saFe/YCV6Ne6vHfZKosVB2msyYYqQELy/A2o=
Subject key identifier:   7C:F3:73:1F:7D:6A:5F:40:D9:F1:5E:2B:8A:3E:D7:A3:6B:11:18:EF
Certificate issuer:       /CN=63082d6d3a1dc501795737537ca74d27a80265a2
Certificate serial:       0197CAF41241D0716240F011723FC25696FD
Authority key identifier: 63:08:2D:6D:3A:1D:C5:01:79:57:37:53:7C:A7:4D:27:A8:02:65:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/fPNzH31qX0DZ8V4rij7Xo2sRGO8.roa
Signing time:             Wed 02 Jul 2025 11:44:42 +0000
ROA not before:           Wed 02 Jul 2025 11:44:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202650
IP address blocks:        178.213.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/YwgtbTodxQF5VzdTfKdNJ6gCZaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/YwgtbTodxQF5VzdTfKdNJ6gCZaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:f4:12:41:d0:71:62:40:f0:11:72:3f:c2:56:96:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63082d6d3a1dc501795737537ca74d27a80265a2
        Validity
            Not Before: Jul  2 11:44:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cf3731f7d6a5f40d9f15e2b8a3ed7a36b1118ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a9:1e:c7:9d:c1:79:bc:77:ed:73:57:cb:d3:
                    89:e5:3f:85:31:ce:cf:1d:26:db:b9:3b:9d:b9:51:
                    ce:4b:e2:75:98:cf:95:d1:83:fe:d8:53:75:32:83:
                    71:3c:8e:c9:41:f3:03:36:96:e4:03:6e:7e:b7:cf:
                    6f:1d:dd:8d:0f:85:91:86:2b:dc:dc:28:45:20:bc:
                    82:6f:13:2d:75:aa:9b:33:b1:ae:70:5e:9c:a0:9b:
                    0a:6a:50:b9:a0:5b:a9:5a:fd:cb:82:88:ae:27:72:
                    9d:9f:6f:fb:ce:c0:6a:e5:51:b3:9a:20:51:bf:73:
                    8a:76:f2:8f:5c:fc:9d:b7:57:d8:89:3f:3d:c8:ae:
                    aa:54:86:42:52:87:96:95:ef:6d:e6:2e:e7:9f:d4:
                    64:5d:a0:4d:87:40:9c:3b:a7:55:14:18:d3:8d:4f:
                    0e:a7:29:fe:6d:61:3e:bf:fa:0c:51:c8:c2:ac:77:
                    1b:dc:7c:b8:2d:50:fc:4f:c3:00:cb:51:01:58:b2:
                    3e:48:d0:cf:a6:3a:b6:e1:8f:b8:2e:7e:3c:0b:5d:
                    74:e6:cc:1d:0e:49:68:3d:83:98:c5:f7:a5:de:9a:
                    f9:f2:99:6d:5c:59:40:1a:38:59:8c:39:05:c6:5f:
                    b7:f5:65:c8:db:0d:ea:58:fb:d1:f8:ed:8c:c1:3a:
                    f9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F3:73:1F:7D:6A:5F:40:D9:F1:5E:2B:8A:3E:D7:A3:6B:11:18:EF
            X509v3 Authority Key Identifier:
                keyid:63:08:2D:6D:3A:1D:C5:01:79:57:37:53:7C:A7:4D:27:A8:02:65:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/fPNzH31qX0DZ8V4rij7Xo2sRGO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/YwgtbTodxQF5VzdTfKdNJ6gCZaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:98:ad:dd:6b:e0:7e:cb:80:6a:f2:09:60:7d:29:bd:7e:57:
         80:8c:cd:c6:06:70:45:85:80:b5:15:d5:27:c3:0e:ae:af:3a:
         4d:02:ad:42:38:ba:20:7f:d7:ac:3e:52:b8:24:ff:07:2d:4f:
         5a:84:34:45:20:29:fc:92:c9:57:7b:2a:ad:35:f2:f2:da:a4:
         ae:cc:6a:69:24:f6:a5:95:b0:21:e5:58:f8:2e:56:6b:90:a3:
         00:f8:93:27:a3:2b:95:d2:3a:f4:93:86:0f:2d:a8:41:0d:47:
         5d:e4:29:9e:cd:e5:1f:2a:c0:d1:40:61:87:42:89:bb:fc:75:
         4f:58:55:b7:69:9b:fd:55:2c:75:cc:4e:69:d8:aa:a2:bf:bb:
         b4:45:3c:58:64:4d:76:82:8e:29:87:62:d8:10:a6:6f:97:09:
         44:d3:90:7a:64:8a:7c:84:ea:09:b1:a4:74:58:8c:29:98:ae:
         d9:6e:6b:c2:53:79:43:6a:f2:ef:c5:75:3b:53:09:e2:63:d5:
         98:ab:53:27:06:5f:0c:72:5b:87:19:99:92:e8:50:32:0d:05:
         42:2f:d0:82:3f:68:ee:40:fa:b7:3d:9a:50:97:02:15:16:ea:
         a5:9b:23:28:80:32:0f:05:2d:d5:0e:16:9a:8c:bb:66:4d:48:
         32:1e:11:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfK9BJB0HFiQPARcj/CVpb9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMDgyZDZkM2ExZGM1MDE3OTU3Mzc1MzdjYTc0ZDI3YTgw
MjY1YTIwHhcNMjUwNzAyMTE0NDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2YzNzMxZjdkNmE1ZjQwZDlmMTVlMmI4YTNlZDdhMzZiMTExOGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKkex53Bebx37XNXy9OJ5T+FMc7P
HSbbuTuduVHOS+J1mM+V0YP+2FN1MoNxPI7JQfMDNpbkA25+t89vHd2ND4WRhivc
3ChFILyCbxMtdaqbM7GucF6coJsKalC5oFupWv3LgoiuJ3Kdn2/7zsBq5VGzmiBR
v3OKdvKPXPydt1fYiT89yK6qVIZCUoeWle9t5i7nn9RkXaBNh0CcO6dVFBjTjU8O
pyn+bWE+v/oMUcjCrHcb3Hy4LVD8T8MAy1EBWLI+SNDPpjq24Y+4Ln48C1105swd
DkloPYOYxfel3pr58pltXFlAGjhZjDkFxl+39WXI2w3qWPvR+O2MwTr5vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzzcx99al9A2fFeK4o+16NrERjvMB8GA1UdIwQY
MBaAFGMILW06HcUBeVc3U3ynTSeoAmWiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXdndGJUb2R4UUY1VnpkVGZLZE5KNmdDWmFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85N2UxZTItNTY3Zi00MTRlLTliMDMt
YzE4YWQzNmE3YjMwLzEvZlBOekgzMXFYMERaOFY0cmlqN1hvMnNSR084LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85N2UxZTItNTY3Zi00MTRlLTliMDMtYzE4YWQzNmE3YjMw
LzEvWXdndGJUb2R4UUY1VnpkVGZLZE5KNmdDWmFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstVXMA0G
CSqGSIb3DQEBCwUAA4IBAQAcmK3da+B+y4Bq8glgfSm9fleAjM3GBnBFhYC1FdUn
ww6urzpNAq1COLogf9esPlK4JP8HLU9ahDRFICn8kslXeyqtNfLy2qSuzGppJPal
lbAh5Vj4LlZrkKMA+JMnoyuV0jr0k4YPLahBDUdd5CmezeUfKsDRQGGHQom7/HVP
WFW3aZv9VSx1zE5p2Kqiv7u0RTxYZE12go4ph2LYEKZvlwlE05B6ZIp8hOoJsaR0
WIwpmK7ZbmvCU3lDavLvxXU7UwniY9WYq1MnBl8McluHGZmS6FAyDQVCL9CCP2ju
QPq3PZpQlwIVFuqlmyMogDIPBS3VDhaajLtmTUgyHhH8
-----END CERTIFICATE-----