Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/AWQr6v7bqgNhObGwcUZZPxZgTwc.roa
File:                     AWQr6v7bqgNhObGwcUZZPxZgTwc.roa (raw, json)
Hash identifier:          n7DDrfy5/5YOwq4RESmuSdVx+Pa2q1xl7MiHeeR3d4Y=
Subject key identifier:   01:64:2B:EA:FE:DB:AA:03:61:39:B1:B0:71:46:59:3F:16:60:4F:07
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019836A26BDE00F3DD81FF8C878691557601
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/AWQr6v7bqgNhObGwcUZZPxZgTwc.roa
Signing time:             Wed 23 Jul 2025 09:34:30 +0000
ROA not before:           Wed 23 Jul 2025 09:34:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211868
IP address blocks:        193.29.180.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:36:a2:6b:de:00:f3:dd:81:ff:8c:87:86:91:55:76:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Jul 23 09:34:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01642beafedbaa036139b1b07146593f16604f07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:83:f3:56:ab:0d:8b:c6:db:6f:f3:bf:e3:30:
                    22:ad:9f:78:9f:b1:12:aa:60:86:76:2c:9e:17:c8:
                    e1:40:35:e8:bc:f9:f1:21:9d:ac:46:39:5c:fc:c5:
                    5b:cb:69:ab:37:fd:1a:fd:1b:bc:27:39:a3:d2:75:
                    ea:d3:67:be:26:88:9a:64:66:88:d7:6e:73:53:43:
                    39:9e:1e:85:a8:86:ca:54:bd:db:62:d8:58:a1:9e:
                    6b:39:fe:61:44:4a:9a:39:8c:9a:08:c8:ba:38:5f:
                    6b:55:5d:bf:8f:db:46:6c:f3:31:8a:86:ad:f1:ff:
                    0f:74:f9:e2:a0:57:34:96:87:3e:b3:cc:43:33:a4:
                    ff:85:a2:c8:e1:ae:bf:8d:31:15:43:d2:bc:51:91:
                    eb:0a:90:9a:cc:88:96:b2:21:c7:28:90:1c:45:9f:
                    86:bc:10:f3:38:a2:8f:4d:cb:28:7e:43:d6:c2:58:
                    85:72:7a:6b:18:ae:01:ca:f8:55:02:f3:c6:c4:5b:
                    41:38:92:33:ca:bc:a7:91:c9:bd:86:6b:87:b8:2b:
                    96:b5:1e:ab:6e:9b:84:70:8d:95:8e:0f:dc:d3:e5:
                    6e:90:65:dc:0e:68:3a:e1:eb:5c:d6:33:54:38:13:
                    8d:52:e4:de:3e:72:fd:2a:a0:da:78:e1:0d:a6:11:
                    64:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:64:2B:EA:FE:DB:AA:03:61:39:B1:B0:71:46:59:3F:16:60:4F:07
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/AWQr6v7bqgNhObGwcUZZPxZgTwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:c3:93:47:92:25:21:c0:9e:4c:51:69:21:e3:14:d7:7e:b2:
         3b:c0:da:8e:75:40:f5:cd:6c:32:3f:59:54:07:4f:15:f2:d1:
         ef:94:58:53:65:ec:3f:c4:4e:f4:c0:3e:aa:b5:2d:48:fe:90:
         5f:c6:be:b4:dc:0e:66:6c:31:cc:a6:d3:d3:8e:43:eb:81:51:
         aa:db:5b:32:a7:a6:8b:97:09:e0:76:30:45:8e:a2:bb:9e:75:
         7e:6a:79:36:af:62:39:ac:e4:3d:03:3c:4a:5a:c8:05:8b:86:
         2a:1a:8b:d4:d4:3d:95:e5:8d:c6:36:2d:56:3c:3b:f7:75:37:
         2c:49:84:93:82:a6:af:79:94:de:fe:25:c1:66:65:cb:cc:45:
         bf:a0:7e:0a:5f:49:ff:56:a8:66:ba:94:fa:da:f2:b0:58:a3:
         78:77:9a:57:76:08:89:c3:23:ee:33:96:f2:56:82:08:70:a9:
         da:28:9e:75:57:34:0f:1a:d5:61:20:93:8b:6a:8e:43:a1:6c:
         b0:2b:74:89:6e:73:70:93:d9:df:22:9f:0c:ae:5c:53:e4:0b:
         dc:8d:fd:dd:07:c7:15:b1:19:94:2d:d5:f5:b0:a2:f5:f3:0f:
         b7:ce:50:08:45:51:55:97:9b:fa:79:28:e4:ce:9d:8c:f6:e3:
         ab:6d:b3:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg2omveAPPdgf+Mh4aRVXYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjUwNzIzMDkzNDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTY0MmJlYWZlZGJhYTAzNjEzOWIxYjA3MTQ2NTkzZjE2NjA0ZjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oPzVqsNi8bbb/O/4zAirZ94n7ES
qmCGdiyeF8jhQDXovPnxIZ2sRjlc/MVby2mrN/0a/Ru8Jzmj0nXq02e+JoiaZGaI
125zU0M5nh6FqIbKVL3bYthYoZ5rOf5hREqaOYyaCMi6OF9rVV2/j9tGbPMxioat
8f8PdPnioFc0loc+s8xDM6T/haLI4a6/jTEVQ9K8UZHrCpCazIiWsiHHKJAcRZ+G
vBDzOKKPTcsofkPWwliFcnprGK4ByvhVAvPGxFtBOJIzyrynkcm9hmuHuCuWtR6r
bpuEcI2Vjg/c0+VukGXcDmg64etc1jNUOBONUuTePnL9KqDaeOENphFkxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFkK+r+26oDYTmxsHFGWT8WYE8HMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvQVdRcjZ2N2JxZ05oT2JHd2NVWlpQeFpnVHdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR20MA0G
CSqGSIb3DQEBCwUAA4IBAQCYw5NHkiUhwJ5MUWkh4xTXfrI7wNqOdUD1zWwyP1lU
B08V8tHvlFhTZew/xE70wD6qtS1I/pBfxr603A5mbDHMptPTjkPrgVGq21syp6aL
lwngdjBFjqK7nnV+ank2r2I5rOQ9AzxKWsgFi4YqGovU1D2V5Y3GNi1WPDv3dTcs
SYSTgqaveZTe/iXBZmXLzEW/oH4KX0n/VqhmupT62vKwWKN4d5pXdgiJwyPuM5by
VoIIcKnaKJ51VzQPGtVhIJOLao5DoWywK3SJbnNwk9nfIp8MrlxT5Avcjf3dB8cV
sRmULdX1sKL18w+3zlAIRVFVl5v6eSjkzp2M9uOrbbNS
-----END CERTIFICATE-----