Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/mpy8rjwhUPGfrwU4aNyK-9x9FBA.roa
File:                     mpy8rjwhUPGfrwU4aNyK-9x9FBA.roa (raw, json)
Hash identifier:          LExOCoVzbGwBygx3rcSIfApEZE8wTyOT0YOXpiy9v1U=
Subject key identifier:   9A:9C:BC:AE:3C:21:50:F1:9F:AF:05:38:68:DC:8A:FB:DC:7D:14:10
Certificate issuer:       /CN=0f6363d428b7915c108825f09706004b8ea3d4b5
Certificate serial:       01981C7B17B520C4D8E0372CD92929281911
Authority key identifier: 0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/mpy8rjwhUPGfrwU4aNyK-9x9FBA.roa
Signing time:             Fri 18 Jul 2025 07:41:25 +0000
ROA not before:           Fri 18 Jul 2025 07:41:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7843
IP address blocks:        37.143.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1c:7b:17:b5:20:c4:d8:e0:37:2c:d9:29:29:28:19:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f6363d428b7915c108825f09706004b8ea3d4b5
        Validity
            Not Before: Jul 18 07:41:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a9cbcae3c2150f19faf053868dc8afbdc7d1410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a6:2a:14:7e:37:e2:ea:52:0d:bb:22:a1:9b:
                    3f:80:70:9f:22:40:a3:66:34:1a:79:f2:ab:ac:46:
                    43:5b:2c:d4:63:73:f3:0c:d5:41:5e:55:0a:2c:e8:
                    5c:39:b1:75:57:cb:cc:84:48:b6:f8:0f:14:f0:6d:
                    78:85:af:d4:6f:0b:89:8b:7d:ba:d6:4f:e5:7f:f8:
                    93:be:33:30:db:d6:68:86:6e:13:bd:86:f6:95:9f:
                    0c:11:5b:b9:90:22:ac:dc:bf:f1:ba:9e:4c:d0:27:
                    6d:ed:29:57:a0:28:6b:19:fe:ec:7c:a4:f7:ac:12:
                    37:2a:2a:16:cb:55:37:3d:b7:e6:4c:1d:7e:f1:84:
                    46:9e:9d:b4:ff:f8:78:7b:93:7f:b1:d4:d8:df:e1:
                    7c:26:a7:9b:f5:73:7a:a7:15:89:78:a6:86:7a:a7:
                    d0:03:a9:05:36:f1:69:c9:c2:5a:4e:92:bb:38:e4:
                    61:9c:eb:19:9f:e6:42:19:6d:10:93:23:0a:8c:6b:
                    5c:02:ff:ee:59:a7:27:e5:a0:30:e3:fc:37:d5:f1:
                    bc:14:e9:73:fa:e5:29:ba:68:a8:d9:1c:55:5c:8e:
                    a3:ac:c7:ca:0e:6a:6a:8c:db:34:ac:d1:d5:7f:ee:
                    57:27:15:8a:c8:20:7c:2c:11:69:19:15:d0:26:3e:
                    79:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:9C:BC:AE:3C:21:50:F1:9F:AF:05:38:68:DC:8A:FB:DC:7D:14:10
            X509v3 Authority Key Identifier:
                keyid:0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/mpy8rjwhUPGfrwU4aNyK-9x9FBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:80:2b:2f:c7:00:cf:6b:07:ab:f5:06:c3:2d:df:79:84:f4:
         4a:d4:b9:12:c2:cf:c1:71:21:85:6b:12:1c:05:4e:1b:b5:d2:
         31:af:ab:0a:4c:04:44:06:c4:9e:ad:e9:77:c6:86:c0:27:80:
         94:e7:78:1f:54:d7:9f:c2:61:17:be:aa:fc:46:c9:ec:80:2f:
         90:62:03:8d:31:a2:df:e0:df:da:41:bf:c1:b4:fa:f2:e6:8f:
         e9:6e:90:eb:09:30:40:d0:a9:b9:0f:93:e6:7f:c3:2e:55:a6:
         7f:5b:6e:6d:66:e4:0a:1e:29:78:25:a1:00:73:95:a3:c0:9d:
         fe:43:79:49:d0:f2:76:c3:c0:24:d1:a4:c0:c3:7c:11:ce:eb:
         da:f1:02:f6:fc:fa:cb:fa:36:36:70:ca:b6:82:92:f8:d4:32:
         30:8f:73:74:43:48:a9:06:a6:cc:4b:4e:2d:80:8a:79:d2:37:
         a9:8f:d9:21:77:36:54:e4:96:22:31:1a:ec:a2:72:d4:6a:de:
         22:be:72:ae:40:95:3c:2b:23:a7:08:73:96:3a:fe:fd:de:da:
         24:74:ff:82:4a:94:55:de:97:06:7c:f0:c7:a5:6b:76:32:df:
         59:18:b5:14:18:31:2e:a6:4a:c4:56:a8:f6:90:0a:3e:1c:22:
         3d:89:b6:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgcexe1IMTY4Dcs2SkpKBkRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjM2M2Q0MjhiNzkxNWMxMDg4MjVmMDk3MDYwMDRiOGVh
M2Q0YjUwHhcNMjUwNzE4MDc0MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTljYmNhZTNjMjE1MGYxOWZhZjA1Mzg2OGRjOGFmYmRjN2QxNDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqYqFH434upSDbsioZs/gHCfIkCj
ZjQaefKrrEZDWyzUY3PzDNVBXlUKLOhcObF1V8vMhEi2+A8U8G14ha/UbwuJi326
1k/lf/iTvjMw29Zohm4TvYb2lZ8MEVu5kCKs3L/xup5M0Cdt7SlXoChrGf7sfKT3
rBI3KioWy1U3PbfmTB1+8YRGnp20//h4e5N/sdTY3+F8Jqeb9XN6pxWJeKaGeqfQ
A6kFNvFpycJaTpK7OORhnOsZn+ZCGW0QkyMKjGtcAv/uWacn5aAw4/w31fG8FOlz
+uUpumio2RxVXI6jrMfKDmpqjNs0rNHVf+5XJxWKyCB8LBFpGRXQJj55gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqcvK48IVDxn68FOGjcivvcfRQQMB8GA1UdIwQY
MBaAFA9jY9Qot5FcEIgl8JcGAEuOo9S1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEt
MmUxYzBhZjRmYWE0LzEvbXB5OHJqd2hVUEdmcndVNGFOeUstOXg5RkJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEtMmUxYzBhZjRmYWE0
LzEvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJY8AMA0G
CSqGSIb3DQEBCwUAA4IBAQAQgCsvxwDPawer9QbDLd95hPRK1LkSws/BcSGFaxIc
BU4btdIxr6sKTAREBsSerel3xobAJ4CU53gfVNefwmEXvqr8RsnsgC+QYgONMaLf
4N/aQb/BtPry5o/pbpDrCTBA0Km5D5Pmf8MuVaZ/W25tZuQKHil4JaEAc5WjwJ3+
Q3lJ0PJ2w8Ak0aTAw3wRzuva8QL2/PrL+jY2cMq2gpL41DIwj3N0Q0ipBqbMS04t
gIp50jepj9khdzZU5JYiMRrsonLUat4ivnKuQJU8KyOnCHOWOv793tokdP+CSpRV
3pcGfPDHpWt2Mt9ZGLUUGDEupkrEVqj2kAo+HCI9ibZg
-----END CERTIFICATE-----