Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/KJY6oxBzeqqBP2M0l4QVxSRfFmw.roa
File:                     KJY6oxBzeqqBP2M0l4QVxSRfFmw.roa (raw, json)
Hash identifier:          3b5ih66Hr4vgpUYnehu4lvciKefhnXprZqp6FfWOUig=
Subject key identifier:   28:96:3A:A3:10:73:7A:AA:81:3F:63:34:97:84:15:C5:24:5F:16:6C
Certificate issuer:       /CN=97530cab3bae5b529fabeb9979bd685f7b2bdab3
Certificate serial:       0198368177B4DEA453045E008FA4F7752F5A
Authority key identifier: 97:53:0C:AB:3B:AE:5B:52:9F:AB:EB:99:79:BD:68:5F:7B:2B:DA:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/KJY6oxBzeqqBP2M0l4QVxSRfFmw.roa
Signing time:             Wed 23 Jul 2025 08:58:30 +0000
ROA not before:           Wed 23 Jul 2025 08:58:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43395
IP address blocks:        164.138.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 06:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:36:81:77:b4:de:a4:53:04:5e:00:8f:a4:f7:75:2f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97530cab3bae5b529fabeb9979bd685f7b2bdab3
        Validity
            Not Before: Jul 23 08:58:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28963aa310737aaa813f6334978415c5245f166c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c0:58:be:76:17:55:37:03:f7:5d:23:d6:77:
                    ae:ac:f0:82:1c:05:1b:b1:74:ae:39:29:2b:f5:c8:
                    22:5b:8e:cd:2f:9e:28:69:fe:76:7f:98:f3:3c:c3:
                    f8:90:87:96:00:e3:52:aa:2e:40:be:a5:b2:16:bb:
                    e7:bd:d4:ea:7e:31:66:e5:44:39:0a:46:27:12:04:
                    d7:2f:8e:57:a3:1a:d1:76:80:90:2a:a0:83:e0:13:
                    f2:d1:18:86:db:45:0a:bd:41:d6:68:8c:38:b9:c4:
                    f0:d6:4e:61:3c:77:2e:19:67:b4:e0:94:1c:0c:67:
                    b3:22:0c:5e:4c:cc:8d:b7:8b:2a:f4:94:70:4c:48:
                    25:31:ea:9e:8e:31:54:a4:77:9a:92:33:44:59:2f:
                    1e:73:ea:d5:94:d6:ad:5f:a1:18:6b:ab:31:52:98:
                    38:a6:97:6f:09:79:15:ab:47:dc:36:00:d5:f5:33:
                    98:54:f7:aa:b8:94:11:fa:89:97:b6:bb:ea:17:e0:
                    77:90:3b:4b:44:da:ff:34:9b:22:28:e4:d4:97:d6:
                    c7:8a:ff:be:b7:d5:54:fc:95:d2:35:bf:fa:14:23:
                    fb:8d:50:00:ea:5f:1f:0c:c8:aa:cd:f7:61:98:4b:
                    4d:37:f9:94:51:98:17:ea:71:cc:1c:5b:cb:f0:cb:
                    0b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:96:3A:A3:10:73:7A:AA:81:3F:63:34:97:84:15:C5:24:5F:16:6C
            X509v3 Authority Key Identifier:
                keyid:97:53:0C:AB:3B:AE:5B:52:9F:AB:EB:99:79:BD:68:5F:7B:2B:DA:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/KJY6oxBzeqqBP2M0l4QVxSRfFmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:82:76:be:e4:92:2a:eb:15:3d:55:8a:b6:99:f6:5e:ba:63:
         7a:15:6e:ec:d5:96:09:81:07:9a:46:96:f9:4c:9f:52:5e:48:
         d1:e7:2b:68:1f:d6:39:e1:df:ba:e9:22:92:f1:dd:ab:39:8a:
         b0:30:77:d0:6a:35:79:d4:a0:7e:78:9c:77:39:00:8a:bd:47:
         19:80:a4:59:ff:65:58:30:04:0a:71:f8:d3:8f:74:84:60:6e:
         5f:6f:ef:33:67:01:9d:2f:2c:f8:a9:1f:5c:49:07:6b:30:7e:
         8d:9f:b2:2b:e6:7a:ba:02:16:b1:f1:15:ef:4e:75:a6:95:78:
         11:24:f0:dc:27:1e:a4:17:07:9d:ea:59:34:aa:9f:3a:ce:cf:
         b1:0f:01:27:af:ba:74:f0:57:1b:da:2f:11:4f:c9:04:18:bf:
         dd:40:9c:5e:fc:ac:88:0f:b6:34:0a:fe:00:80:7c:a4:25:e0:
         eb:12:f4:04:6f:3c:9a:e5:0a:fb:f6:74:ef:fa:ff:ea:bd:d8:
         2c:b3:c9:d5:b1:60:a4:96:7f:5b:31:bb:d3:8c:8d:61:e1:8b:
         fb:f5:42:ee:3a:98:43:7a:da:6c:78:ce:98:d8:6d:be:79:b4:
         f2:84:d4:3e:48:06:3e:3b:85:66:82:5b:e2:4f:0b:80:a7:7e:
         6b:7c:86:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg2gXe03qRTBF4Aj6T3dS9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NTMwY2FiM2JhZTViNTI5ZmFiZWI5OTc5YmQ2ODVmN2Iy
YmRhYjMwHhcNMjUwNzIzMDg1ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODk2M2FhMzEwNzM3YWFhODEzZjYzMzQ5Nzg0MTVjNTI0NWYxNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcBYvnYXVTcD910j1neurPCCHAUb
sXSuOSkr9cgiW47NL54oaf52f5jzPMP4kIeWAONSqi5AvqWyFrvnvdTqfjFm5UQ5
CkYnEgTXL45XoxrRdoCQKqCD4BPy0RiG20UKvUHWaIw4ucTw1k5hPHcuGWe04JQc
DGezIgxeTMyNt4sq9JRwTEglMeqejjFUpHeakjNEWS8ec+rVlNatX6EYa6sxUpg4
ppdvCXkVq0fcNgDV9TOYVPequJQR+omXtrvqF+B3kDtLRNr/NJsiKOTUl9bHiv++
t9VU/JXSNb/6FCP7jVAA6l8fDMiqzfdhmEtNN/mUUZgX6nHMHFvL8MsLwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCiWOqMQc3qqgT9jNJeEFcUkXxZsMB8GA1UdIwQY
MBaAFJdTDKs7rltSn6vrmXm9aF97K9qzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDFNTXF6dXVXMUtmcS11WmViMW9YM3NyMnJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82MjUyZjktNjc4Ny00MDZhLWI5MWYt
OWNmYTJjN2Q4MTZlLzEvS0pZNm94QnplcXFCUDJNMGw0UVZ4U1JmRm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82MjUyZjktNjc4Ny00MDZhLWI5MWYtOWNmYTJjN2Q4MTZl
LzEvbDFNTXF6dXVXMUtmcS11WmViMW9YM3NyMnJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApIrLMA0G
CSqGSIb3DQEBCwUAA4IBAQCigna+5JIq6xU9VYq2mfZeumN6FW7s1ZYJgQeaRpb5
TJ9SXkjR5ytoH9Y54d+66SKS8d2rOYqwMHfQajV51KB+eJx3OQCKvUcZgKRZ/2VY
MAQKcfjTj3SEYG5fb+8zZwGdLyz4qR9cSQdrMH6Nn7Ir5nq6Ahax8RXvTnWmlXgR
JPDcJx6kFwed6lk0qp86zs+xDwEnr7p08Fcb2i8RT8kEGL/dQJxe/KyID7Y0Cv4A
gHykJeDrEvQEbzya5Qr79nTv+v/qvdgss8nVsWCkln9bMbvTjI1h4Yv79ULuOphD
etpseM6Y2G2+ebTyhNQ+SAY+O4VmglviTwuAp35rfIYR
-----END CERTIFICATE-----