Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/iLJZ457a-7z02PhFWjv4cGHT93U.roa
File:                     iLJZ457a-7z02PhFWjv4cGHT93U.roa (raw, json)
Hash identifier:          NESsCi8hLaoKvM16NOOEv6MVC+cF28ZWv23JeL3C9tw=
Subject key identifier:   88:B2:59:E3:9E:DA:FB:BC:F4:D8:F8:45:5A:3B:F8:70:61:D3:F7:75
Certificate issuer:       /CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
Certificate serial:       01980A7F8F1ACD48EBE1B37478741EDD0C04
Authority key identifier: 93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/iLJZ457a-7z02PhFWjv4cGHT93U.roa
Signing time:             Mon 14 Jul 2025 19:53:08 +0000
ROA not before:           Mon 14 Jul 2025 19:53:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210707
IP address blocks:        95.128.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0a:7f:8f:1a:cd:48:eb:e1:b3:74:78:74:1e:dd:0c:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
        Validity
            Not Before: Jul 14 19:53:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88b259e39edafbbcf4d8f8455a3bf87061d3f775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9e:cc:49:84:1e:4f:86:4f:6d:93:cd:07:a1:
                    30:f3:b7:b4:2f:2a:53:a3:32:a3:b5:88:ce:d8:c2:
                    ef:ad:8e:5e:1b:1b:dd:51:2e:8e:f3:d9:9c:9c:c7:
                    fe:fa:72:ac:cd:9e:3b:d6:f2:dc:49:2b:7a:f9:b4:
                    b6:60:92:04:e0:b0:56:15:4b:76:48:76:1b:f1:3f:
                    bb:49:58:e8:62:c9:ca:5d:4a:b7:d1:86:20:7f:90:
                    22:c7:95:d4:9d:db:5a:d7:88:38:23:d9:ae:96:92:
                    e7:45:f4:68:aa:4b:64:3f:02:44:8e:84:da:bb:e1:
                    76:c7:16:59:c0:a8:30:65:a4:58:bf:40:2f:2c:f4:
                    22:33:03:89:d4:e7:e3:ab:c5:54:fa:9e:b9:53:43:
                    84:c9:24:33:19:42:44:f2:80:58:56:27:95:ae:8d:
                    6d:80:63:ec:db:aa:32:b4:5e:a1:db:3b:fe:c8:5e:
                    32:fc:b7:5c:93:73:89:c3:2c:c4:20:0f:a7:af:aa:
                    fa:87:d0:f4:ec:bc:94:eb:22:c5:42:91:34:b6:00:
                    d0:76:ca:44:30:78:f2:1d:73:37:12:f7:d6:d1:00:
                    cf:f2:e9:11:72:cc:94:83:5a:1e:28:e0:e0:7e:f4:
                    cf:8b:a1:5e:d9:48:ea:8b:eb:82:03:ba:01:f5:36:
                    6d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:B2:59:E3:9E:DA:FB:BC:F4:D8:F8:45:5A:3B:F8:70:61:D3:F7:75
            X509v3 Authority Key Identifier:
                keyid:93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/iLJZ457a-7z02PhFWjv4cGHT93U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:93:af:7c:f5:a3:b6:3c:f4:e7:e1:da:5f:89:34:83:86:17:
         17:e0:52:17:54:52:9e:31:51:da:7f:52:8e:97:26:33:33:11:
         f3:c6:2c:f0:4f:d5:a6:f5:89:03:cd:20:85:0c:3f:62:74:ca:
         27:36:64:43:d2:43:d2:5c:01:4b:70:be:1a:9f:aa:77:e8:92:
         c7:5a:1b:f7:7b:c8:e4:e0:4f:32:b3:83:cf:5b:5f:ee:a1:1c:
         a9:c9:93:f3:c3:66:06:57:cc:0a:13:17:e1:1f:62:cc:da:bf:
         f4:36:b9:b5:5a:c4:a2:34:e3:20:16:01:e1:db:53:01:e4:9c:
         64:2c:82:4f:22:54:d7:05:36:ea:ce:e4:8b:df:f3:96:47:e1:
         aa:e1:a4:21:c0:e8:a8:fd:30:43:e6:aa:bb:1d:51:36:33:b5:
         28:d2:51:f7:71:7f:ef:5d:1b:78:3b:e5:19:ec:28:58:f8:a7:
         55:62:f3:10:71:0c:f3:61:fc:2e:7f:09:86:89:cc:94:24:95:
         93:61:fc:ee:31:98:76:e4:0d:fe:3a:47:b2:78:69:17:a2:30:
         a3:26:96:57:73:06:0e:39:1f:fd:46:25:98:aa:cf:14:76:39:
         8b:46:19:7d:d9:00:82:3e:2c:a2:ba:6b:87:c3:00:62:a0:c3:
         16:0d:2e:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgKf48azUjr4bN0eHQe3QwEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNzRiODUzZGZkOTk3M2YyY2Q5OTRiMmUzYjc1NDYxZDlh
M2ZjNDQwHhcNMjUwNzE0MTk1MzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGIyNTllMzllZGFmYmJjZjRkOGY4NDU1YTNiZjg3MDYxZDNmNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZ7MSYQeT4ZPbZPNB6Ew87e0LypT
ozKjtYjO2MLvrY5eGxvdUS6O89mcnMf++nKszZ471vLcSSt6+bS2YJIE4LBWFUt2
SHYb8T+7SVjoYsnKXUq30YYgf5Aix5XUndta14g4I9mulpLnRfRoqktkPwJEjoTa
u+F2xxZZwKgwZaRYv0AvLPQiMwOJ1Ofjq8VU+p65U0OEySQzGUJE8oBYVieVro1t
gGPs26oytF6h2zv+yF4y/Ldck3OJwyzEIA+nr6r6h9D07LyU6yLFQpE0tgDQdspE
MHjyHXM3EvfW0QDP8ukRcsyUg1oeKODgfvTPi6Fe2Ujqi+uCA7oB9TZtUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiyWeOe2vu89Nj4RVo7+HBh0/d1MB8GA1UdIwQY
MBaAFJN0uFPf2Zc/LNmUsuO3VGHZo/xEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQt
NjViY2M4Y2VmZGQyLzEvaUxKWjQ1N2EtN3owMlBoRldqdjRjR0hUOTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQtNjViY2M4Y2VmZGQy
LzEvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DGMA0G
CSqGSIb3DQEBCwUAA4IBAQB7k6989aO2PPTn4dpfiTSDhhcX4FIXVFKeMVHaf1KO
lyYzMxHzxizwT9Wm9YkDzSCFDD9idMonNmRD0kPSXAFLcL4an6p36JLHWhv3e8jk
4E8ys4PPW1/uoRypyZPzw2YGV8wKExfhH2LM2r/0Nrm1WsSiNOMgFgHh21MB5Jxk
LIJPIlTXBTbqzuSL3/OWR+Gq4aQhwOio/TBD5qq7HVE2M7Uo0lH3cX/vXRt4O+UZ
7ChY+KdVYvMQcQzzYfwufwmGicyUJJWTYfzuMZh25A3+OkeyeGkXojCjJpZXcwYO
OR/9RiWYqs8UdjmLRhl92QCCPiyiumuHwwBioMMWDS5v
-----END CERTIFICATE-----