Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/0K5GjqLFd-gDt5ZKucB58DrHcF4.roa
File:                     0K5GjqLFd-gDt5ZKucB58DrHcF4.roa (raw, json)
Hash identifier:          ZSi/SazrmD05aFXIwhjXofb8ZyWKGPGKoVBhBJoxyz4=
Subject key identifier:   D0:AE:46:8E:A2:C5:77:E8:03:B7:96:4A:B9:C0:79:F0:3A:C7:70:5E
Certificate issuer:       /CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Certificate serial:       01997B0BA290537AE9E4C1E31928DF97C719
Authority key identifier: 84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/0K5GjqLFd-gDt5ZKucB58DrHcF4.roa
Signing time:             Wed 24 Sep 2025 09:26:23 +0000
ROA not before:           Wed 24 Sep 2025 09:26:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        217.173.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 10:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:0b:a2:90:53:7a:e9:e4:c1:e3:19:28:df:97:c7:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
        Validity
            Not Before: Sep 24 09:26:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0ae468ea2c577e803b7964ab9c079f03ac7705e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:95:e2:f8:25:6c:f2:a4:26:21:bd:a7:a4:a3:
                    f1:66:82:dd:03:30:02:cb:3f:69:46:44:1e:e9:64:
                    da:83:18:c6:e7:30:bb:43:c2:27:36:41:dd:0a:5e:
                    e0:eb:18:f1:e8:1a:97:b8:e6:6b:57:02:60:58:66:
                    66:76:c5:ca:ee:8a:b7:37:7e:76:4a:c5:28:e3:8f:
                    75:1b:d9:c2:f2:42:9e:67:fe:bf:20:84:4d:d5:b7:
                    e1:1e:9d:54:69:dd:cc:ca:9e:a6:b6:7d:d1:74:64:
                    da:4f:39:66:57:74:b8:7a:36:3b:27:d9:37:3d:08:
                    36:3f:7f:ca:74:ce:aa:85:5a:f5:94:42:08:99:70:
                    9f:fb:0b:41:c3:18:b5:44:af:27:27:6b:e5:7d:a2:
                    bc:b6:d1:b2:21:c9:3f:82:53:8b:18:e7:0b:97:5b:
                    d3:c5:7a:8d:fd:04:df:eb:9d:a2:da:82:60:e7:78:
                    72:7b:89:d9:72:e8:b4:c0:46:ca:d4:55:39:ca:0c:
                    da:18:e3:0a:1b:24:47:21:c9:e7:ce:63:1e:d3:ef:
                    be:fc:b3:fb:be:12:6d:15:a3:09:57:bc:32:bd:28:
                    f2:79:64:1c:5e:45:25:89:74:40:20:a3:d3:59:f2:
                    09:af:3d:e2:ea:32:df:4b:cc:c2:13:dc:0d:32:3f:
                    6e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:AE:46:8E:A2:C5:77:E8:03:B7:96:4A:B9:C0:79:F0:3A:C7:70:5E
            X509v3 Authority Key Identifier:
                keyid:84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/0K5GjqLFd-gDt5ZKucB58DrHcF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.173.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:4f:2b:e4:3f:b4:3d:03:74:a5:92:7b:9c:35:04:36:d5:3d:
         da:aa:00:89:20:8b:58:c5:69:a6:2e:32:f2:2d:b6:02:24:1d:
         1c:40:6e:0e:e7:d8:40:f8:69:90:a3:83:b1:60:60:63:ef:29:
         f7:ff:31:47:e2:5b:1f:e0:c6:4e:34:f2:68:2f:c1:bd:a2:a0:
         d2:21:c6:ca:0b:73:7f:44:0f:4d:b9:15:45:5d:7f:03:7c:2b:
         d4:d1:9c:55:a4:8c:0e:34:7d:b2:b4:9c:bc:35:03:6b:0d:40:
         d2:d9:3d:76:16:59:f1:7d:88:82:49:f2:c6:71:05:51:28:90:
         aa:8a:46:53:1b:77:39:18:c6:11:4b:b2:d1:9d:75:ba:8c:a6:
         4e:f8:bf:7d:12:a2:47:0a:c2:b2:59:bc:ab:2b:3f:cf:89:f4:
         b2:ff:0a:56:de:55:2d:6f:61:0b:0b:de:d6:6c:e4:01:42:26:
         00:c9:8e:6a:6e:87:17:62:b1:f4:8e:a4:ca:d9:8b:aa:4d:8f:
         d2:c0:2e:9a:80:82:e4:a0:7c:3d:06:4c:01:46:80:a5:f5:f6:
         a7:b4:e0:95:31:d5:5d:7c:4e:06:bf:eb:3f:ad:4d:30:fa:7d:
         7f:e7:bb:60:ed:c6:f6:49:2a:8f:28:4a:1b:93:34:50:9e:1d:
         e8:b2:5b:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl7C6KQU3rp5MHjGSjfl8cZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDcwYWYwZDg5ZDc4NWJhMThiYTYxN2RjMDllM2Y3MmM1
OTk2ZjMwHhcNMjUwOTI0MDkyNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGFlNDY4ZWEyYzU3N2U4MDNiNzk2NGFiOWMwNzlmMDNhYzc3MDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5Xi+CVs8qQmIb2npKPxZoLdAzAC
yz9pRkQe6WTagxjG5zC7Q8InNkHdCl7g6xjx6BqXuOZrVwJgWGZmdsXK7oq3N352
SsUo4491G9nC8kKeZ/6/IIRN1bfhHp1Uad3Myp6mtn3RdGTaTzlmV3S4ejY7J9k3
PQg2P3/KdM6qhVr1lEIImXCf+wtBwxi1RK8nJ2vlfaK8ttGyIck/glOLGOcLl1vT
xXqN/QTf652i2oJg53hye4nZcui0wEbK1FU5ygzaGOMKGyRHIcnnzmMe0+++/LP7
vhJtFaMJV7wyvSjyeWQcXkUliXRAIKPTWfIJrz3i6jLfS8zCE9wNMj9uJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNCuRo6ixXfoA7eWSrnAefA6x3BeMB8GA1UdIwQY
MBaAFIRHCvDYnXhboYumF9wJ4/csWZbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDIt
ZTc2ZTNlMjkzZTAyLzEvMEs1R2pxTEZkLWdEdDVaS3VjQjU4RHJIY0Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDItZTc2ZTNlMjkzZTAy
LzEvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2a2dMA0G
CSqGSIb3DQEBCwUAA4IBAQAcTyvkP7Q9A3SlknucNQQ21T3aqgCJIItYxWmmLjLy
LbYCJB0cQG4O59hA+GmQo4OxYGBj7yn3/zFH4lsf4MZONPJoL8G9oqDSIcbKC3N/
RA9NuRVFXX8DfCvU0ZxVpIwONH2ytJy8NQNrDUDS2T12FlnxfYiCSfLGcQVRKJCq
ikZTG3c5GMYRS7LRnXW6jKZO+L99EqJHCsKyWbyrKz/PifSy/wpW3lUtb2ELC97W
bOQBQiYAyY5qbocXYrH0jqTK2YuqTY/SwC6agILkoHw9BkwBRoCl9fantOCVMdVd
fE4Gv+s/rU0w+n1/57tg7cb2SSqPKEobkzRQnh3osluO
-----END CERTIFICATE-----