Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/ln1hG2A3PkzWQchjBBkclFQPY1M.roa
File:                     ln1hG2A3PkzWQchjBBkclFQPY1M.roa (raw, json)
Hash identifier:          uND8iuD27tJ0rLXwCSCHqKAMUP/WcV9IOKDwPBaujsw=
Subject key identifier:   96:7D:61:1B:60:37:3E:4C:D6:41:C8:63:04:19:1C:94:54:0F:63:53
Certificate issuer:       /CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
Certificate serial:       0197CA19426C02B3533104C24BAF02F09C49
Authority key identifier: D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/ln1hG2A3PkzWQchjBBkclFQPY1M.roa
Signing time:             Wed 02 Jul 2025 07:45:42 +0000
ROA not before:           Wed 02 Jul 2025 07:45:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39704
IP address blocks:        185.146.218.0/23 maxlen: 23
                          2a07:52c2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:19:42:6c:02:b3:53:31:04:c2:4b:af:02:f0:9c:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
        Validity
            Not Before: Jul  2 07:45:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=967d611b60373e4cd641c86304191c94540f6353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:5c:96:2d:9c:43:b8:ef:3c:04:49:db:dd:db:
                    1a:47:6d:04:3d:8b:e1:e8:0a:60:20:97:2a:f4:dc:
                    8b:7b:08:34:d4:89:a8:24:89:6e:df:27:cb:a5:53:
                    87:23:42:68:87:8f:c3:23:ee:e6:4c:4c:99:c0:d6:
                    83:c0:db:4a:ef:c7:a0:de:b8:31:7c:41:e4:fc:98:
                    ed:a4:42:ea:9f:14:30:16:ba:15:2b:71:3e:56:a9:
                    15:84:22:4d:36:8b:f1:fc:de:cd:a1:6f:ea:70:9b:
                    82:74:e9:91:2e:9a:90:7e:db:68:fe:8c:d0:a7:14:
                    d6:ec:24:92:27:58:f2:c4:16:04:b2:08:2a:ad:92:
                    86:5d:0f:1c:17:72:26:d3:85:52:f6:30:f7:b4:94:
                    5e:31:76:89:9b:4c:a4:53:bf:ac:47:8b:c9:98:6b:
                    46:74:ed:99:59:d3:20:22:c0:3c:b0:11:19:1b:2a:
                    15:8e:51:f5:08:3a:e2:29:3b:6e:cd:89:86:db:2e:
                    19:46:ad:bc:0a:09:bc:9a:46:bd:42:32:cf:40:9b:
                    d2:5d:11:f3:f4:f2:4d:4d:88:99:bf:a7:89:8d:0d:
                    e1:76:4a:7c:10:23:ab:17:03:34:4e:30:94:70:50:
                    68:be:65:99:3e:a5:75:9e:39:4a:26:a1:3e:a7:41:
                    94:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:7D:61:1B:60:37:3E:4C:D6:41:C8:63:04:19:1C:94:54:0F:63:53
            X509v3 Authority Key Identifier:
                keyid:D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/ln1hG2A3PkzWQchjBBkclFQPY1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.218.0/23
                IPv6:
                  2a07:52c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:71:57:2e:ff:d0:7b:8d:60:7b:fe:a1:2b:62:6d:ad:73:ed:
         c9:ec:08:94:30:50:39:9d:69:03:e8:5e:6e:d2:29:b9:c3:b7:
         51:04:bf:91:98:3d:a4:21:a5:25:18:2f:78:23:fd:a3:ff:d9:
         8f:43:3d:fb:ad:47:d3:de:dc:07:45:15:db:54:42:6b:f2:4b:
         c6:1d:76:47:14:12:66:e2:30:85:a3:0f:6c:0a:1e:b1:71:52:
         7f:51:5b:29:f9:d6:40:77:23:b2:78:7b:b2:e7:c7:d1:b3:82:
         5a:8a:05:2b:93:1a:d2:71:76:d4:f9:a7:21:0b:52:96:28:fb:
         27:e3:83:95:1a:db:f3:ec:f5:87:b0:fd:26:9d:9a:7c:1e:ef:
         09:36:fa:38:b7:76:d2:e8:4c:40:e0:1c:f8:d9:13:6a:56:70:
         e1:f0:97:93:07:8d:e3:eb:a5:34:f7:fc:88:18:af:8a:3c:8f:
         4a:c7:82:30:b1:46:b3:41:d5:70:66:20:ce:07:34:95:51:47:
         89:6a:d8:3d:ed:a2:2a:c6:38:12:d4:d7:59:29:55:e0:37:16:
         f6:29:a9:c6:d1:21:c1:32:d4:37:7c:d4:50:28:2a:f6:68:07:
         7f:37:be:ad:b5:5f:ad:91:aa:64:77:1b:b2:41:2c:be:31:1c:
         ad:50:9a:30
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfKGUJsArNTMQTCS68C8JxJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYWJmOGY0Y2RmODk2M2ExODJkYTBjZGY5MDhjMzg0NDdm
YTdhMDkwHhcNMjUwNzAyMDc0NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjdkNjExYjYwMzczZTRjZDY0MWM4NjMwNDE5MWM5NDU0MGY2MzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VyWLZxDuO88BEnb3dsaR20EPYvh
6ApgIJcq9NyLewg01ImoJIlu3yfLpVOHI0Joh4/DI+7mTEyZwNaDwNtK78eg3rgx
fEHk/JjtpELqnxQwFroVK3E+VqkVhCJNNovx/N7NoW/qcJuCdOmRLpqQftto/ozQ
pxTW7CSSJ1jyxBYEsggqrZKGXQ8cF3Im04VS9jD3tJReMXaJm0ykU7+sR4vJmGtG
dO2ZWdMgIsA8sBEZGyoVjlH1CDriKTtuzYmG2y4ZRq28Cgm8mka9QjLPQJvSXRHz
9PJNTYiZv6eJjQ3hdkp8ECOrFwM0TjCUcFBovmWZPqV1njlKJqE+p0GUbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJZ9YRtgNz5M1kHIYwQZHJRUD2NTMB8GA1UdIwQY
MBaAFNOr+PTN+JY6GC2gzfkIw4RH+noJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTIt
NWMxMGJkYjg2NmUwLzEvbG4xaEcyQTNQa3pXUWNoakJCa2NsRlFQWTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTItNWMxMGJkYjg2NmUw
LzEvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuZLaMA0E
AgACMAcDBQAqB1LCMA0GCSqGSIb3DQEBCwUAA4IBAQBIcVcu/9B7jWB7/qErYm2t
c+3J7AiUMFA5nWkD6F5u0im5w7dRBL+RmD2kIaUlGC94I/2j/9mPQz37rUfT3twH
RRXbVEJr8kvGHXZHFBJm4jCFow9sCh6xcVJ/UVsp+dZAdyOyeHuy58fRs4JaigUr
kxrScXbU+achC1KWKPsn44OVGtvz7PWHsP0mnZp8Hu8JNvo4t3bS6ExA4Bz42RNq
VnDh8JeTB43j66U09/yIGK+KPI9Kx4IwsUazQdVwZiDOBzSVUUeJatg97aIqxjgS
1NdZKVXgNxb2KanG0SHBMtQ3fNRQKCr2aAd/N76ttV+tkapkdxuyQSy+MRytUJow
-----END CERTIFICATE-----