Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/h1XtrgQS4y6F2QyLyCE8H5yVgX0.roa
File:                     h1XtrgQS4y6F2QyLyCE8H5yVgX0.roa (raw, json)
Hash identifier:          nBro9lqJpw++Y/bB5Bh7ukI6Oz6bg0ejSLEPfy18Wfs=
Subject key identifier:   87:55:ED:AE:04:12:E3:2E:85:D9:0C:8B:C8:21:3C:1F:9C:95:81:7D
Certificate issuer:       /CN=8046e33860171ef6ec60ebcfc5ec5ac91c25757c
Certificate serial:       0198E067038DF8AB6D762EF7F6FE9568E878
Authority key identifier: 80:46:E3:38:60:17:1E:F6:EC:60:EB:CF:C5:EC:5A:C9:1C:25:75:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gEbjOGAXHvbsYOvPxexayRwldXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/h1XtrgQS4y6F2QyLyCE8H5yVgX0.roa
Signing time:             Mon 25 Aug 2025 08:45:04 +0000
ROA not before:           Mon 25 Aug 2025 08:45:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211408
IP address blocks:        217.198.190.0/24 maxlen: 24
                          2a11:fe40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/gEbjOGAXHvbsYOvPxexayRwldXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/gEbjOGAXHvbsYOvPxexayRwldXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gEbjOGAXHvbsYOvPxexayRwldXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 21:45:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e0:67:03:8d:f8:ab:6d:76:2e:f7:f6:fe:95:68:e8:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8046e33860171ef6ec60ebcfc5ec5ac91c25757c
        Validity
            Not Before: Aug 25 08:45:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8755edae0412e32e85d90c8bc8213c1f9c95817d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6a:f6:94:c8:9d:93:1e:59:fb:02:c8:fb:a6:
                    66:78:94:93:1e:e2:85:5f:8d:2a:88:64:84:9b:a7:
                    db:ac:a7:cd:35:b2:da:4e:94:a8:86:53:b1:01:ab:
                    96:9f:cd:bd:e0:d1:a4:96:5a:a8:65:84:57:6c:d5:
                    3b:90:a1:d2:ec:c6:e3:19:8e:5f:b0:f8:1b:6e:de:
                    9b:c0:26:5b:5e:5d:fe:b0:7e:41:e3:3c:ef:04:23:
                    6c:29:69:b1:70:86:27:33:39:7b:d1:2f:6f:db:32:
                    05:a4:0b:02:db:9a:c1:df:32:6c:40:0b:d1:db:2a:
                    28:fc:e9:40:99:fe:cc:4e:2d:35:ef:8a:3c:ac:e7:
                    09:7c:42:30:a6:36:02:97:82:9d:1f:52:ae:02:2d:
                    ea:39:60:01:da:0c:eb:e0:e1:80:32:a6:30:c5:0e:
                    38:e8:3c:5f:5e:23:83:b4:eb:0b:97:9d:82:d3:8a:
                    8a:2b:9b:88:f7:26:f9:c4:8d:5b:96:63:e3:fc:a5:
                    ad:4f:41:e8:63:10:9d:8f:4e:5e:d1:c5:1a:02:5a:
                    13:70:e0:30:a9:8c:43:58:75:ec:89:cb:89:67:f4:
                    32:f1:61:13:0c:ea:b8:f7:ed:5b:63:aa:f0:a1:cc:
                    c2:aa:41:e1:61:2b:bf:8d:08:6a:25:24:07:74:ef:
                    45:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:55:ED:AE:04:12:E3:2E:85:D9:0C:8B:C8:21:3C:1F:9C:95:81:7D
            X509v3 Authority Key Identifier:
                keyid:80:46:E3:38:60:17:1E:F6:EC:60:EB:CF:C5:EC:5A:C9:1C:25:75:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gEbjOGAXHvbsYOvPxexayRwldXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/h1XtrgQS4y6F2QyLyCE8H5yVgX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/gEbjOGAXHvbsYOvPxexayRwldXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.190.0/24
                IPv6:
                  2a11:fe40::/29

    Signature Algorithm: sha256WithRSAEncryption
         e6:8a:52:47:51:69:4f:aa:e4:7c:44:02:f7:cf:79:a5:75:b1:
         10:8e:88:4d:7a:bd:b9:16:ec:e4:47:77:3f:f3:63:9c:7a:87:
         c1:60:eb:75:80:bb:74:74:b2:ac:ef:ff:6b:5d:5b:78:9c:5b:
         31:8c:50:65:4a:12:2e:8a:32:be:53:72:35:bd:87:e7:a4:90:
         cc:cb:9c:41:c9:e1:9a:64:45:4e:89:8c:9d:2e:c7:2d:32:62:
         83:23:70:43:87:d1:88:95:e4:37:e1:36:a4:c9:ae:fd:24:aa:
         e1:28:e1:eb:75:33:ae:f2:f0:f0:d6:ec:29:45:f8:7e:4f:77:
         37:db:1f:78:65:a0:65:b0:45:26:91:de:2d:74:b4:23:8a:aa:
         80:92:52:9d:46:fe:d8:33:ab:3e:19:48:9a:7e:9e:14:5f:6e:
         e1:9e:9f:87:c3:2e:c8:17:00:a4:88:e8:75:4f:f0:f1:cd:05:
         b4:e4:d3:1c:e6:70:74:da:76:f2:51:78:d6:04:37:61:8d:b1:
         c3:9c:b0:0f:3b:1e:df:68:4e:3e:fa:74:06:2f:fe:eb:f0:0a:
         e5:3d:73:31:34:3d:a1:92:fc:33:45:1e:35:de:5c:fc:84:2f:
         7e:fd:da:17:ca:9d:73:d1:96:77:d0:45:a6:8f:c5:6e:c0:c3:
         16:f7:83:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZjgZwON+Kttdi739v6VaOh4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNDZlMzM4NjAxNzFlZjZlYzYwZWJjZmM1ZWM1YWM5MWMy
NTc1N2MwHhcNMjUwODI1MDg0NTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzU1ZWRhZTA0MTJlMzJlODVkOTBjOGJjODIxM2MxZjljOTU4MTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmr2lMidkx5Z+wLI+6ZmeJSTHuKF
X40qiGSEm6fbrKfNNbLaTpSohlOxAauWn8294NGkllqoZYRXbNU7kKHS7MbjGY5f
sPgbbt6bwCZbXl3+sH5B4zzvBCNsKWmxcIYnMzl70S9v2zIFpAsC25rB3zJsQAvR
2yoo/OlAmf7MTi0174o8rOcJfEIwpjYCl4KdH1KuAi3qOWAB2gzr4OGAMqYwxQ44
6DxfXiODtOsLl52C04qKK5uI9yb5xI1blmPj/KWtT0HoYxCdj05e0cUaAloTcOAw
qYxDWHXsicuJZ/Qy8WETDOq49+1bY6rwoczCqkHhYSu/jQhqJSQHdO9FUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIdV7a4EEuMuhdkMi8ghPB+clYF9MB8GA1UdIwQY
MBaAFIBG4zhgFx727GDrz8XsWskcJXV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0Viak9HQVhIdmJzWU92UHhleGF5UndsZFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83ODhkMTAtZThkZi00ZGFjLWFhOGYt
ZDM5ZmZjMTZlZjg5LzEvaDFYdHJnUVM0eTZGMlF5THlDRThINXlWZ1gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83ODhkMTAtZThkZi00ZGFjLWFhOGYtZDM5ZmZjMTZlZjg5
LzEvZ0Viak9HQVhIdmJzWU92UHhleGF5UndsZFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2ca+MA0E
AgACMAcDBQMqEf5AMA0GCSqGSIb3DQEBCwUAA4IBAQDmilJHUWlPquR8RAL3z3ml
dbEQjohNer25FuzkR3c/82OceofBYOt1gLt0dLKs7/9rXVt4nFsxjFBlShIuijK+
U3I1vYfnpJDMy5xByeGaZEVOiYydLsctMmKDI3BDh9GIleQ34Takya79JKrhKOHr
dTOu8vDw1uwpRfh+T3c32x94ZaBlsEUmkd4tdLQjiqqAklKdRv7YM6s+GUiafp4U
X27hnp+Hwy7IFwCkiOh1T/DxzQW05NMc5nB02nbyUXjWBDdhjbHDnLAPOx7faE4+
+nQGL/7r8ArlPXMxND2hkvwzRR413lz8hC9+/doXyp1z0ZZ30EWmj8VuwMMW94ML
-----END CERTIFICATE-----