Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/eRiR4NgIZ_-6ixM1jewwpaWhdtk.roa
File:                     eRiR4NgIZ_-6ixM1jewwpaWhdtk.roa (raw, json)
Hash identifier:          WXxK+4k/CLSD9EX98U8J2JMpmdRrgwBoAZnDHy+6A6Q=
Subject key identifier:   79:18:91:E0:D8:08:67:FF:BA:8B:13:35:8D:EC:30:A5:A5:A1:76:D9
Certificate issuer:       /CN=ed30a131718560a34ab3493884e858ec431f6ad1
Certificate serial:       01990E0164F754354694EA229A812DA3004B
Authority key identifier: ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/eRiR4NgIZ_-6ixM1jewwpaWhdtk.roa
Signing time:             Wed 03 Sep 2025 05:16:36 +0000
ROA not before:           Wed 03 Sep 2025 05:16:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136050
IP address blocks:        194.147.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0e:01:64:f7:54:35:46:94:ea:22:9a:81:2d:a3:00:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed30a131718560a34ab3493884e858ec431f6ad1
        Validity
            Not Before: Sep  3 05:16:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=791891e0d80867ffba8b13358dec30a5a5a176d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:11:30:22:d4:cd:5a:05:96:67:98:2f:f1:29:
                    e5:bf:8f:4d:a8:1e:e9:26:23:3a:8b:f3:ee:9d:e7:
                    cd:71:29:f6:a5:1a:9c:5f:51:d6:61:72:2a:ee:8b:
                    30:11:0e:f7:cd:22:f8:13:d1:fe:84:51:f2:fa:06:
                    db:f9:de:20:2b:34:2f:34:96:9a:24:ae:96:d6:ad:
                    85:68:0b:96:0f:c2:11:15:1f:4d:f9:2d:c5:e6:bc:
                    91:11:ed:95:35:35:25:7b:6f:88:e6:8e:ab:2f:2b:
                    25:a0:c7:b4:ae:c5:18:c1:95:96:19:25:29:b6:2b:
                    e8:69:7b:e3:cc:8a:7e:f5:b3:bc:4e:ff:8f:34:e6:
                    3e:e7:11:11:51:d9:0c:28:56:ae:3b:fe:f5:77:c2:
                    3d:03:e4:e9:1d:31:06:1c:0d:68:e5:5f:d8:f5:32:
                    4b:89:cd:59:d0:a2:de:7b:25:60:fe:95:dd:b3:b1:
                    bb:49:42:33:fb:ba:91:e4:99:a5:13:d7:8c:2b:69:
                    c4:94:05:41:42:6b:dd:af:65:71:3e:78:71:b1:46:
                    33:44:23:f3:06:36:9e:0a:e1:78:9d:b7:7d:dc:c5:
                    46:f7:e4:d4:87:c0:70:bb:b3:68:89:0f:9f:36:cd:
                    9a:1c:b7:4a:20:73:91:b1:69:a1:28:cb:4b:87:15:
                    18:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:18:91:E0:D8:08:67:FF:BA:8B:13:35:8D:EC:30:A5:A5:A1:76:D9
            X509v3 Authority Key Identifier:
                keyid:ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/eRiR4NgIZ_-6ixM1jewwpaWhdtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:4e:19:04:a6:78:2f:14:98:33:05:d4:53:4b:27:36:46:46:
         d0:e8:ce:9d:a5:3d:07:3f:95:fb:95:f0:a0:93:c7:5f:7b:d7:
         2b:9f:cd:dd:91:61:08:2e:89:65:fd:60:66:41:f2:59:f9:d5:
         e8:af:15:9c:fb:9b:4f:43:32:3d:ee:fb:e9:ea:f0:8d:bf:4c:
         33:7d:42:45:a7:63:8a:40:ba:0a:58:ce:6a:8c:84:63:37:b8:
         42:d3:76:89:18:fe:b9:05:ce:ad:78:5e:1b:80:27:73:ab:76:
         3d:45:f7:53:f2:11:2f:2a:8a:94:7c:12:70:7e:69:50:1f:98:
         6a:3e:b8:26:58:f7:ee:43:da:57:4f:87:03:57:e9:6f:e5:c3:
         7f:61:db:c2:e2:1e:be:96:91:c0:73:cb:08:e0:01:15:4d:34:
         13:c7:be:ed:64:03:7f:10:77:49:53:8b:d9:38:98:46:32:e5:
         b1:03:67:11:8c:d7:69:31:78:0b:5b:79:c1:a2:7a:93:53:98:
         58:b4:26:6f:f7:cf:cf:9c:44:c0:88:4a:68:4a:b7:15:a3:a9:
         15:f8:27:28:46:68:c2:0e:2f:db:1c:c8:89:a6:db:cb:0a:ea:
         91:b2:e9:81:ac:2f:85:82:79:c4:0a:9b:b4:17:29:ca:7e:70:
         b9:1d:a8:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkOAWT3VDVGlOoimoEtowBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMzBhMTMxNzE4NTYwYTM0YWIzNDkzODg0ZTg1OGVjNDMx
ZjZhZDEwHhcNMjUwOTAzMDUxNjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTE4OTFlMGQ4MDg2N2ZmYmE4YjEzMzU4ZGVjMzBhNWE1YTE3NmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshEwItTNWgWWZ5gv8Snlv49NqB7p
JiM6i/PunefNcSn2pRqcX1HWYXIq7oswEQ73zSL4E9H+hFHy+gbb+d4gKzQvNJaa
JK6W1q2FaAuWD8IRFR9N+S3F5ryREe2VNTUle2+I5o6rLysloMe0rsUYwZWWGSUp
tivoaXvjzIp+9bO8Tv+PNOY+5xERUdkMKFauO/71d8I9A+TpHTEGHA1o5V/Y9TJL
ic1Z0KLeeyVg/pXds7G7SUIz+7qR5JmlE9eMK2nElAVBQmvdr2VxPnhxsUYzRCPz
BjaeCuF4nbd93MVG9+TUh8Bwu7NoiQ+fNs2aHLdKIHORsWmhKMtLhxUY2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkYkeDYCGf/uosTNY3sMKWloXbZMB8GA1UdIwQY
MBaAFO0woTFxhWCjSrNJOIToWOxDH2rRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTkt
NGIzYjFiNjNiNmFiLzEvZVJpUjROZ0laXy02aXhNMWpld3dwYVdoZHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFi
LzEvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpOqMA0G
CSqGSIb3DQEBCwUAA4IBAQAoThkEpngvFJgzBdRTSyc2RkbQ6M6dpT0HP5X7lfCg
k8dfe9crn83dkWEILoll/WBmQfJZ+dXorxWc+5tPQzI97vvp6vCNv0wzfUJFp2OK
QLoKWM5qjIRjN7hC03aJGP65Bc6teF4bgCdzq3Y9RfdT8hEvKoqUfBJwfmlQH5hq
PrgmWPfuQ9pXT4cDV+lv5cN/YdvC4h6+lpHAc8sI4AEVTTQTx77tZAN/EHdJU4vZ
OJhGMuWxA2cRjNdpMXgLW3nBonqTU5hYtCZv98/PnETAiEpoSrcVo6kV+CcoRmjC
Di/bHMiJptvLCuqRsumBrC+FgnnECpu0FynKfnC5Hai2
-----END CERTIFICATE-----