Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/7ab626-de1a-4dcf-a10e-8cc38718d219/1/OmQLRQDa519JAOcRQ-0IoYAc07g.roa
File:                     OmQLRQDa519JAOcRQ-0IoYAc07g.roa (raw, json)
Hash identifier:          r2MtseM7TYgvO+fc3i4czAoe5mksWI3VGSC01KSdHT0=
Subject key identifier:   3A:64:0B:45:00:DA:E7:5F:49:00:E7:11:43:ED:08:A1:80:1C:D3:B8
Certificate issuer:       /CN=67565dfdf66b212e17a1d98a7f5e2b0b3264cdae
Certificate serial:       0198E12F83BD2E083A62BBD3A796164022DB
Authority key identifier: 67:56:5D:FD:F6:6B:21:2E:17:A1:D9:8A:7F:5E:2B:0B:32:64:CD:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z1Zd_fZrIS4XodmKf14rCzJkza4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/7ab626-de1a-4dcf-a10e-8cc38718d219/1/OmQLRQDa519JAOcRQ-0IoYAc07g.roa
Signing time:             Mon 25 Aug 2025 12:24:04 +0000
ROA not before:           Mon 25 Aug 2025 12:24:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        188.116.50.0/24 maxlen: 24
                          188.116.51.0/24 maxlen: 24
                          2a0a:7180:80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/7ab626-de1a-4dcf-a10e-8cc38718d219/1/Z1Zd_fZrIS4XodmKf14rCzJkza4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/7ab626-de1a-4dcf-a10e-8cc38718d219/1/Z1Zd_fZrIS4XodmKf14rCzJkza4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z1Zd_fZrIS4XodmKf14rCzJkza4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Sep 2025 11:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e1:2f:83:bd:2e:08:3a:62:bb:d3:a7:96:16:40:22:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67565dfdf66b212e17a1d98a7f5e2b0b3264cdae
        Validity
            Not Before: Aug 25 12:24:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a640b4500dae75f4900e71143ed08a1801cd3b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7d:ca:f9:8d:22:a0:14:b2:4e:d5:ef:b1:fb:
                    26:c8:37:57:4f:92:11:8a:fc:87:63:37:4e:2a:70:
                    73:28:e2:de:08:4c:ae:46:4c:e6:ff:0a:79:8d:b0:
                    f6:d0:46:46:77:c0:08:7d:53:b9:be:0b:3e:c7:50:
                    0f:d0:a1:f7:7a:4f:cf:c1:80:27:df:a0:d9:22:eb:
                    e9:28:90:d5:ff:56:6c:17:6a:d4:1d:87:fa:02:31:
                    23:15:2e:d6:22:c9:6d:f7:b1:5b:24:93:03:a0:ea:
                    b8:f0:97:f7:bc:16:3c:86:f0:f0:0a:32:da:11:4f:
                    f6:fa:07:00:33:04:ef:e1:a4:5e:48:d4:f0:3f:ba:
                    b5:de:63:98:a5:6d:fd:8f:17:61:0a:06:06:10:f1:
                    a7:52:51:93:5b:84:08:da:89:35:2e:3a:9d:8e:37:
                    dd:fc:9c:ee:c4:40:85:6d:6c:50:67:23:4c:aa:de:
                    e5:b2:1a:5b:c8:35:06:88:f6:d1:97:bb:23:21:a8:
                    b9:27:66:2f:5d:12:5c:cb:0e:98:a2:76:cb:52:bf:
                    5f:23:0a:51:06:54:29:6e:32:32:8d:92:87:11:dd:
                    30:bc:6e:75:10:9c:4c:12:d6:a2:ad:ae:c7:76:ea:
                    73:d7:17:2d:dd:f1:46:09:52:96:1b:8a:05:9d:04:
                    51:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:64:0B:45:00:DA:E7:5F:49:00:E7:11:43:ED:08:A1:80:1C:D3:B8
            X509v3 Authority Key Identifier:
                keyid:67:56:5D:FD:F6:6B:21:2E:17:A1:D9:8A:7F:5E:2B:0B:32:64:CD:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z1Zd_fZrIS4XodmKf14rCzJkza4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/7ab626-de1a-4dcf-a10e-8cc38718d219/1/OmQLRQDa519JAOcRQ-0IoYAc07g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/7ab626-de1a-4dcf-a10e-8cc38718d219/1/Z1Zd_fZrIS4XodmKf14rCzJkza4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.116.50.0/23
                IPv6:
                  2a0a:7180:80::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:66:dc:e3:d6:e1:b8:2e:d7:f6:72:2f:42:9c:19:65:ca:f2:
         a0:9e:c2:e6:7c:5a:e6:9c:7d:24:cf:bc:5b:b1:b3:7d:ad:f6:
         93:27:dc:93:b7:54:6e:17:e1:ba:0d:94:71:20:0a:71:28:f0:
         f8:e4:96:d7:a4:75:e3:c8:cf:97:c9:a4:4b:09:01:df:f7:bb:
         0c:3e:69:55:3d:bd:ad:05:17:84:77:89:14:63:56:24:0a:4c:
         a7:9c:d4:3a:dd:4b:a9:2b:16:27:e4:ba:dd:c5:39:3a:85:7b:
         07:29:00:5a:92:63:a1:c7:b5:e6:60:4c:9a:89:7b:6e:36:64:
         e3:b7:3f:34:48:63:88:c0:87:3b:7d:7b:d7:b7:7e:f9:15:55:
         1d:b7:72:48:fa:95:85:c1:d9:be:3b:38:95:4f:e8:40:e7:2a:
         64:d2:5a:0e:62:2d:83:5c:af:88:38:48:d5:3a:2f:de:44:44:
         8c:d8:07:59:c9:ec:9d:b2:93:41:90:79:ed:62:df:cf:64:f3:
         d6:91:0b:59:fb:ca:e3:f5:b2:9f:68:8b:55:9b:09:b1:5f:b6:
         5c:2b:12:c2:fc:1e:fd:07:15:cc:a6:63:70:b8:89:c9:4e:10:
         e0:5c:ed:28:91:39:6e:98:1b:47:20:9f:31:12:45:8d:2b:64:
         4f:6e:b8:3e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZjhL4O9Lgg6YrvTp5YWQCLbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NTY1ZGZkZjY2YjIxMmUxN2ExZDk4YTdmNWUyYjBiMzI2
NGNkYWUwHhcNMjUwODI1MTIyNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTY0MGI0NTAwZGFlNzVmNDkwMGU3MTE0M2VkMDhhMTgwMWNkM2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwn3K+Y0ioBSyTtXvsfsmyDdXT5IR
ivyHYzdOKnBzKOLeCEyuRkzm/wp5jbD20EZGd8AIfVO5vgs+x1AP0KH3ek/PwYAn
36DZIuvpKJDV/1ZsF2rUHYf6AjEjFS7WIslt97FbJJMDoOq48Jf3vBY8hvDwCjLa
EU/2+gcAMwTv4aReSNTwP7q13mOYpW39jxdhCgYGEPGnUlGTW4QI2ok1Ljqdjjfd
/JzuxECFbWxQZyNMqt7lshpbyDUGiPbRl7sjIai5J2YvXRJcyw6YonbLUr9fIwpR
BlQpbjIyjZKHEd0wvG51EJxMEtaira7Hdupz1xct3fFGCVKWG4oFnQRROQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDpkC0UA2udfSQDnEUPtCKGAHNO4MB8GA1UdIwQY
MBaAFGdWXf32ayEuF6HZin9eKwsyZM2uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjFaZF9mWnJJUzRYb2RtS2YxNHJDekpremE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy83YWI2MjYtZGUxYS00ZGNmLWExMGUt
OGNjMzg3MThkMjE5LzEvT21RTFJRRGE1MTlKQU9jUlEtMElvWUFjMDdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy83YWI2MjYtZGUxYS00ZGNmLWExMGUtOGNjMzg3MThkMjE5
LzEvWjFaZF9mWnJJUzRYb2RtS2YxNHJDekpremE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBvHQyMA8E
AgACMAkDBwAqCnGAAIAwDQYJKoZIhvcNAQELBQADggEBALpm3OPW4bgu1/ZyL0Kc
GWXK8qCewuZ8WuacfSTPvFuxs32t9pMn3JO3VG4X4boNlHEgCnEo8PjkltekdePI
z5fJpEsJAd/3uww+aVU9va0FF4R3iRRjViQKTKec1DrdS6krFifkut3FOTqFewcp
AFqSY6HHteZgTJqJe242ZOO3PzRIY4jAhzt9e9e3fvkVVR23ckj6lYXB2b47OJVP
6EDnKmTSWg5iLYNcr4g4SNU6L95ERIzYB1nJ7J2yk0GQee1i389k89aRC1n7yuP1
sp9oi1WbCbFftlwrEsL8Hv0HFcymY3C4iclOEOBc7SiROW6YG0cgnzESRY0rZE9u
uD4=
-----END CERTIFICATE-----