Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/AqlAoh2mHTGBQZiQ4Qu8bU198w8.roa
File:                     AqlAoh2mHTGBQZiQ4Qu8bU198w8.roa (raw, json)
Hash identifier:          QPQqaQ0W7/zxzqNuDuEf1YEVzGuiOziERZ9FXquvCOY=
Subject key identifier:   02:A9:40:A2:1D:A6:1D:31:81:41:98:90:E1:0B:BC:6D:4D:7D:F3:0F
Certificate issuer:       /CN=0f6363d428b7915c108825f09706004b8ea3d4b5
Certificate serial:       01981C7B1727B5C2EDA56F8CD772D523737D
Authority key identifier: 0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/AqlAoh2mHTGBQZiQ4Qu8bU198w8.roa
Signing time:             Fri 18 Jul 2025 07:41:25 +0000
ROA not before:           Fri 18 Jul 2025 07:41:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        37.143.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1c:7b:17:27:b5:c2:ed:a5:6f:8c:d7:72:d5:23:73:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f6363d428b7915c108825f09706004b8ea3d4b5
        Validity
            Not Before: Jul 18 07:41:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02a940a21da61d3181419890e10bbc6d4d7df30f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:bb:0a:5b:7e:de:48:0a:73:0c:6b:54:12:58:
                    be:77:df:a4:34:7c:a3:ce:02:d0:e0:da:cd:5d:b4:
                    cb:16:75:2d:23:ac:42:c2:8e:45:a3:de:fa:c4:36:
                    06:af:82:27:fc:6d:d9:e9:8c:9d:e1:88:7a:3c:4e:
                    46:7b:17:0d:09:03:17:67:96:d8:c3:11:7d:d8:3d:
                    ec:1a:2f:75:8c:69:17:04:73:f1:63:9d:10:23:b4:
                    92:6a:d7:0a:88:b8:af:ae:5a:9b:f5:06:dd:59:0b:
                    4d:ce:f6:8f:9c:39:d5:ea:a8:11:1f:a0:34:2d:a6:
                    db:b7:7d:d7:4c:30:09:af:29:5c:9e:a3:da:78:9e:
                    54:6c:6f:4f:22:d3:62:3f:a0:c7:5e:60:74:9d:d2:
                    19:f0:7b:3a:88:79:f7:48:a4:b3:38:ad:6e:06:17:
                    af:91:13:4f:93:a0:e0:2c:64:93:70:6d:8c:37:ee:
                    5d:49:b7:ad:db:8a:a7:58:58:25:d6:9a:1f:5f:44:
                    a8:93:c0:8c:6c:97:5d:58:c5:cb:af:32:17:5c:39:
                    66:89:bc:7e:1a:69:75:8e:b1:d4:d6:52:3e:c0:06:
                    58:0e:ca:9b:1c:6d:23:c9:54:01:c3:09:9f:72:6e:
                    73:81:8d:94:9a:6c:9f:12:9e:f3:3e:a3:a3:db:60:
                    68:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A9:40:A2:1D:A6:1D:31:81:41:98:90:E1:0B:BC:6D:4D:7D:F3:0F
            X509v3 Authority Key Identifier:
                keyid:0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/AqlAoh2mHTGBQZiQ4Qu8bU198w8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:2f:87:4e:bb:fd:c9:16:81:66:8a:18:28:f2:39:46:ac:2d:
         80:f1:46:c6:84:d1:99:22:7c:e1:b2:fc:eb:ac:bf:e4:46:e0:
         40:49:8d:81:81:dd:66:96:4c:b2:3f:8c:c6:fc:d9:8b:41:12:
         d3:67:6e:63:fa:05:9f:eb:ce:35:d8:e9:be:27:29:24:68:36:
         26:44:1f:77:ff:38:b3:43:ae:de:7c:94:da:41:94:4a:b8:9c:
         f5:a5:af:a2:20:bf:62:83:77:5b:00:63:7a:0f:28:5a:0e:71:
         69:de:a9:ef:cd:26:7f:3c:1f:c7:73:8d:6a:e1:c2:0e:d2:00:
         c7:1b:94:a4:04:23:cc:01:15:63:aa:c4:6b:bf:e6:1f:42:7f:
         39:e5:1d:dc:b6:79:36:0f:95:02:d4:2e:c2:5d:07:00:3e:75:
         dc:a7:40:f8:25:db:d6:2b:5f:6b:ae:57:e0:61:63:f1:6c:3d:
         45:65:62:1f:03:8d:eb:27:18:ff:e0:37:4d:6e:55:95:54:c9:
         07:f5:f9:df:c4:3b:a0:e3:d2:dc:78:3e:ed:78:ff:57:17:fc:
         06:db:8b:ed:54:20:51:cb:7a:62:43:0f:a5:35:55:f5:9c:c7:
         74:6e:1f:66:69:f3:40:89:df:ea:01:ba:d1:16:77:a1:f3:f6:
         7d:c6:5d:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgcexcntcLtpW+M13LVI3N9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjM2M2Q0MjhiNzkxNWMxMDg4MjVmMDk3MDYwMDRiOGVh
M2Q0YjUwHhcNMjUwNzE4MDc0MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmE5NDBhMjFkYTYxZDMxODE0MTk4OTBlMTBiYmM2ZDRkN2RmMzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7sKW37eSApzDGtUEli+d9+kNHyj
zgLQ4NrNXbTLFnUtI6xCwo5Fo976xDYGr4In/G3Z6Yyd4Yh6PE5GexcNCQMXZ5bY
wxF92D3sGi91jGkXBHPxY50QI7SSatcKiLivrlqb9QbdWQtNzvaPnDnV6qgRH6A0
Labbt33XTDAJrylcnqPaeJ5UbG9PItNiP6DHXmB0ndIZ8Hs6iHn3SKSzOK1uBhev
kRNPk6DgLGSTcG2MN+5dSbet24qnWFgl1pofX0Sok8CMbJddWMXLrzIXXDlmibx+
Gml1jrHU1lI+wAZYDsqbHG0jyVQBwwmfcm5zgY2UmmyfEp7zPqOj22Bo9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKpQKIdph0xgUGYkOELvG1NffMPMB8GA1UdIwQY
MBaAFA9jY9Qot5FcEIgl8JcGAEuOo9S1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEt
MmUxYzBhZjRmYWE0LzEvQXFsQW9oMm1IVEdCUVppUTRRdThiVTE5OHc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEtMmUxYzBhZjRmYWE0
LzEvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJY8AMA0G
CSqGSIb3DQEBCwUAA4IBAQCgL4dOu/3JFoFmihgo8jlGrC2A8UbGhNGZInzhsvzr
rL/kRuBASY2Bgd1mlkyyP4zG/NmLQRLTZ25j+gWf68412Om+JykkaDYmRB93/ziz
Q67efJTaQZRKuJz1pa+iIL9ig3dbAGN6DyhaDnFp3qnvzSZ/PB/Hc41q4cIO0gDH
G5SkBCPMARVjqsRrv+YfQn855R3ctnk2D5UC1C7CXQcAPnXcp0D4JdvWK19rrlfg
YWPxbD1FZWIfA43rJxj/4DdNblWVVMkH9fnfxDug49LceD7teP9XF/wG24vtVCBR
y3piQw+lNVX1nMd0bh9mafNAid/qAbrRFneh8/Z9xl1C
-----END CERTIFICATE-----