Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/s8_NtbGTu8kgBV4HuDM2-AUVj2Q.roa
File:                     s8_NtbGTu8kgBV4HuDM2-AUVj2Q.roa (raw, json)
Hash identifier:          E+MCsmGddUOCxHp7ENUlFyd8Du3D6Rxe6k6mioQYpr4=
Subject key identifier:   B3:CF:CD:B5:B1:93:BB:C9:20:05:5E:07:B8:33:36:F8:05:15:8F:64
Certificate issuer:       /CN=29f6a300bf7d40b7f8d6181c5b8a7dbc71b7d123
Certificate serial:       019841B73FF15EE59C6049FFEAC15C7E8783
Authority key identifier: 29:F6:A3:00:BF:7D:40:B7:F8:D6:18:1C:5B:8A:7D:BC:71:B7:D1:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/s8_NtbGTu8kgBV4HuDM2-AUVj2Q.roa
Signing time:             Fri 25 Jul 2025 13:13:05 +0000
ROA not before:           Fri 25 Jul 2025 13:13:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11300
IP address blocks:        213.187.128.0/22 maxlen: 24
                          213.187.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:41:b7:3f:f1:5e:e5:9c:60:49:ff:ea:c1:5c:7e:87:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29f6a300bf7d40b7f8d6181c5b8a7dbc71b7d123
        Validity
            Not Before: Jul 25 13:13:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3cfcdb5b193bbc920055e07b83336f805158f64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3f:5b:1d:2d:5e:ea:7b:70:a9:1a:f9:63:3b:
                    a4:57:fa:7f:0e:9c:4c:88:eb:18:6e:98:ac:79:61:
                    ae:06:ce:1e:ef:2c:1e:10:8d:49:99:b4:fb:5c:8f:
                    a9:de:c9:3b:ee:29:7c:eb:70:19:9c:64:8c:2d:a6:
                    62:b3:07:ef:aa:29:d1:32:d8:e1:1b:1d:38:9a:61:
                    7e:6e:93:37:52:54:c6:24:58:99:1e:12:c5:ae:75:
                    bb:90:8c:9e:ea:33:1d:ba:65:54:91:a6:79:44:45:
                    c4:72:f3:8d:3a:de:ad:72:7d:a4:ea:c7:62:28:3e:
                    4a:8b:ab:45:bc:90:e6:3f:b2:5c:1e:7a:35:a7:10:
                    94:93:c1:d2:94:59:9c:6e:9a:2b:be:aa:4c:0a:81:
                    76:2f:ad:3b:d0:ef:d1:6a:2f:ed:c7:d1:a3:8f:96:
                    60:5a:64:f1:9f:22:00:1d:f3:94:99:c4:a4:8e:51:
                    45:21:9e:cc:2a:f2:07:ec:29:d6:a4:91:60:e8:ca:
                    83:c2:f5:64:be:a6:21:ea:24:73:ef:4e:6b:f7:b7:
                    50:e1:8b:80:d4:5c:26:7f:f5:ea:5d:19:35:f1:93:
                    1d:fe:d6:48:06:fa:15:2a:5d:ae:5b:aa:8e:d2:0d:
                    fe:57:3b:c5:87:63:12:b0:70:76:cc:fc:ff:b8:a5:
                    3d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:CF:CD:B5:B1:93:BB:C9:20:05:5E:07:B8:33:36:F8:05:15:8F:64
            X509v3 Authority Key Identifier:
                keyid:29:F6:A3:00:BF:7D:40:B7:F8:D6:18:1C:5B:8A:7D:BC:71:B7:D1:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/s8_NtbGTu8kgBV4HuDM2-AUVj2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.187.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:7b:d5:a0:39:8c:1e:7d:2b:65:8d:20:f5:1f:09:b3:27:5c:
         b7:b6:22:ab:a7:d8:e1:9a:f2:b8:5d:e9:eb:46:4b:a4:75:e5:
         28:a1:9f:aa:9e:7d:aa:52:14:ea:c1:aa:3d:15:54:d2:06:cd:
         98:de:b0:96:41:88:8b:e0:56:90:6f:1c:e3:b1:36:0f:60:f9:
         d4:51:f5:b5:57:b0:13:41:85:f5:e9:8e:c7:3b:78:f9:90:cd:
         7e:12:8e:cf:cf:f3:8e:f5:a3:fc:65:41:fe:6f:34:82:e4:39:
         c4:7a:23:81:5d:44:0d:b6:65:43:5f:c1:fa:0a:fa:d6:fa:28:
         2b:2c:dd:e8:9a:4f:07:92:c0:cf:c7:a4:81:ed:a1:67:e4:3e:
         34:db:66:44:c1:03:cd:a7:1a:f3:f3:f7:20:63:fa:43:e9:3f:
         81:2a:c6:7a:e5:be:86:f9:5e:41:4b:1f:1f:20:5f:b2:c3:44:
         10:58:e7:3b:f2:d9:51:92:83:72:0d:6a:74:f4:e7:05:58:08:
         29:43:2c:2a:3a:8a:93:4d:d3:c6:fe:b3:dc:65:bd:1a:51:8a:
         7b:32:b1:52:f4:24:2e:97:6e:7c:4f:53:13:d9:2c:28:32:cf:
         9d:61:b8:ee:d5:8b:48:49:7c:5f:e4:29:66:7f:55:28:a9:a4:
         41:7e:f9:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhBtz/xXuWcYEn/6sFcfoeDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZjZhMzAwYmY3ZDQwYjdmOGQ2MTgxYzViOGE3ZGJjNzFi
N2QxMjMwHhcNMjUwNzI1MTMxMzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2NmY2RiNWIxOTNiYmM5MjAwNTVlMDdiODMzMzZmODA1MTU4ZjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoz9bHS1e6ntwqRr5YzukV/p/DpxM
iOsYbpiseWGuBs4e7yweEI1JmbT7XI+p3sk77il863AZnGSMLaZiswfvqinRMtjh
Gx04mmF+bpM3UlTGJFiZHhLFrnW7kIye6jMdumVUkaZ5REXEcvONOt6tcn2k6sdi
KD5Ki6tFvJDmP7JcHno1pxCUk8HSlFmcbporvqpMCoF2L6070O/Rai/tx9Gjj5Zg
WmTxnyIAHfOUmcSkjlFFIZ7MKvIH7CnWpJFg6MqDwvVkvqYh6iRz705r97dQ4YuA
1Fwmf/XqXRk18ZMd/tZIBvoVKl2uW6qO0g3+VzvFh2MSsHB2zPz/uKU98QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPPzbWxk7vJIAVeB7gzNvgFFY9kMB8GA1UdIwQY
MBaAFCn2owC/fUC3+NYYHFuKfbxxt9EjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZhakFMOTlRTGY0MWhnY1c0cDl2SEczMFNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hYWY0OWMtODNkZC00NmFhLThjZTct
Yjg0YzQxM2RmYWE0LzEvczhfTnRiR1R1OGtnQlY0SHVETTItQVVWajJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hYWY0OWMtODNkZC00NmFhLThjZTctYjg0YzQxM2RmYWE0
LzEvS2ZhakFMOTlRTGY0MWhnY1c0cDl2SEczMFNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1buAMA0G
CSqGSIb3DQEBCwUAA4IBAQCge9WgOYwefStljSD1HwmzJ1y3tiKrp9jhmvK4Xenr
RkukdeUooZ+qnn2qUhTqwao9FVTSBs2Y3rCWQYiL4FaQbxzjsTYPYPnUUfW1V7AT
QYX16Y7HO3j5kM1+Eo7Pz/OO9aP8ZUH+bzSC5DnEeiOBXUQNtmVDX8H6CvrW+igr
LN3omk8HksDPx6SB7aFn5D4022ZEwQPNpxrz8/cgY/pD6T+BKsZ65b6G+V5BSx8f
IF+yw0QQWOc78tlRkoNyDWp09OcFWAgpQywqOoqTTdPG/rPcZb0aUYp7MrFS9CQu
l258T1MT2SwoMs+dYbju1YtISXxf5Clmf1UoqaRBfvlV
-----END CERTIFICATE-----