Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/u1_Gd7VlEhZ3QqgjEg2OEC7gm14.roa
File:                     u1_Gd7VlEhZ3QqgjEg2OEC7gm14.roa (raw, json)
Hash identifier:          NHFnan+4Era3/L1csOitqJI62J77zZalfXkxncagMSw=
Subject key identifier:   BB:5F:C6:77:B5:65:12:16:77:42:A8:23:12:0D:8E:10:2E:E0:9B:5E
Certificate issuer:       /CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
Certificate serial:       01973A6096E99BE2F4188DB6A51A5A6D90DD
Authority key identifier: 1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/u1_Gd7VlEhZ3QqgjEg2OEC7gm14.roa
Signing time:             Wed 04 Jun 2025 09:58:17 +0000
ROA not before:           Wed 04 Jun 2025 09:58:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44125
IP address blocks:        185.149.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3a:60:96:e9:9b:e2:f4:18:8d:b6:a5:1a:5a:6d:90:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
        Validity
            Not Before: Jun  4 09:58:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb5fc677b56512167742a823120d8e102ee09b5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7e:33:a2:49:43:75:01:d6:e8:2a:bd:fa:00:
                    84:c8:16:4d:25:53:28:ca:c2:ac:83:b6:e0:9c:61:
                    43:79:db:cc:e5:82:2f:d7:3a:bf:ca:e1:05:11:82:
                    85:f5:c3:9b:b3:a7:98:f2:ef:56:fc:ec:c4:93:35:
                    5a:db:b9:b3:24:96:d6:e0:e1:95:2e:70:f7:31:2a:
                    34:47:16:b9:a0:b1:2d:28:b3:84:e2:d2:95:1b:2d:
                    98:62:b4:7b:50:87:e6:38:a5:c1:ea:1f:11:d5:2d:
                    a3:c0:51:52:b6:44:ec:96:a3:f4:d6:5a:86:00:b6:
                    6e:7f:2a:af:85:10:a8:fa:12:1e:0c:29:fc:b7:af:
                    31:37:63:16:a6:0d:76:63:17:98:73:7c:5a:88:3a:
                    ce:a4:b5:18:a5:3a:4b:d6:80:17:91:4c:85:c0:58:
                    9b:27:1a:3f:16:94:a3:32:7a:a7:70:b2:50:6b:e6:
                    b9:e6:e4:38:2c:b0:d8:bf:6f:33:2b:72:51:ba:27:
                    9e:ad:2c:67:34:4b:a8:ac:66:19:9a:db:8e:a7:1d:
                    bb:b3:04:e2:b7:aa:db:6b:81:77:01:6c:a0:09:6f:
                    dc:e4:0e:cf:b6:82:e8:dc:01:a8:85:a6:0f:b7:f4:
                    34:5e:22:1d:d2:8f:30:36:3d:8b:86:4a:1a:99:6b:
                    7f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:5F:C6:77:B5:65:12:16:77:42:A8:23:12:0D:8E:10:2E:E0:9B:5E
            X509v3 Authority Key Identifier:
                keyid:1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/u1_Gd7VlEhZ3QqgjEg2OEC7gm14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:14:02:14:db:52:a0:52:1e:05:bb:e1:45:8c:16:70:35:fb:
         37:31:ff:d2:ce:6f:d1:d7:75:e0:79:e9:3f:cf:93:d8:db:8c:
         10:99:ef:21:4f:2d:7d:33:17:ad:ff:7e:df:09:77:07:5c:8c:
         1d:bd:99:e4:d1:d3:5a:50:a8:66:cd:18:06:60:98:51:e9:94:
         49:25:58:b6:2c:95:d3:fd:36:83:11:56:44:c1:e2:67:81:44:
         ff:d2:7c:62:62:2e:80:93:53:8a:2a:92:9b:58:22:f8:02:05:
         80:0c:d1:8a:bd:27:b6:03:2e:10:9b:92:d5:d4:f1:40:16:47:
         9b:cd:e1:47:c0:87:ea:21:b0:9e:7b:15:c9:e4:db:82:68:0e:
         16:34:e2:62:f0:07:44:83:d7:35:e5:a2:3d:63:3d:ff:c8:5d:
         35:b1:69:1c:2e:ff:2b:3c:f6:af:f3:5a:92:f6:39:08:80:ed:
         2a:f4:0e:d7:3d:ff:61:71:94:bb:23:1f:fa:d0:7c:31:6e:97:
         b7:11:ec:84:30:fa:32:fa:1a:b9:07:10:53:73:f5:88:a0:1a:
         d2:1f:06:9b:90:19:90:29:17:b8:ee:a1:ba:9b:09:68:e3:66:
         45:d6:bd:47:ec:06:24:d4:6a:7c:ae:30:37:c3:6a:e7:1a:31:
         7d:20:37:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc6YJbpm+L0GI22pRpabZDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOTVhMDY5NjY5ZWQ1YTc2NmVlZThlYmRjMzJlMzlmYjE0
ODQxMGIwHhcNMjUwNjA0MDk1ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjVmYzY3N2I1NjUxMjE2Nzc0MmE4MjMxMjBkOGUxMDJlZTA5YjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtn4zoklDdQHW6Cq9+gCEyBZNJVMo
ysKsg7bgnGFDedvM5YIv1zq/yuEFEYKF9cObs6eY8u9W/OzEkzVa27mzJJbW4OGV
LnD3MSo0Rxa5oLEtKLOE4tKVGy2YYrR7UIfmOKXB6h8R1S2jwFFStkTslqP01lqG
ALZufyqvhRCo+hIeDCn8t68xN2MWpg12YxeYc3xaiDrOpLUYpTpL1oAXkUyFwFib
Jxo/FpSjMnqncLJQa+a55uQ4LLDYv28zK3JRuieerSxnNEuorGYZmtuOpx27swTi
t6rba4F3AWygCW/c5A7PtoLo3AGohaYPt/Q0XiId0o8wNj2LhkoamWt/3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtfxne1ZRIWd0KoIxINjhAu4JteMB8GA1UdIwQY
MBaAFB6VoGlmntWnZu7o69wy45+xSEELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAt
OTMzYmZhNTkyYjFkLzEvdTFfR2Q3VmxFaFozUXFnakVnMk9FQzdnbTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAtOTMzYmZhNTkyYjFk
LzEvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZXEMA0G
CSqGSIb3DQEBCwUAA4IBAQCwFAIU21KgUh4Fu+FFjBZwNfs3Mf/Szm/R13Xgeek/
z5PY24wQme8hTy19Mxet/37fCXcHXIwdvZnk0dNaUKhmzRgGYJhR6ZRJJVi2LJXT
/TaDEVZEweJngUT/0nxiYi6Ak1OKKpKbWCL4AgWADNGKvSe2Ay4Qm5LV1PFAFkeb
zeFHwIfqIbCeexXJ5NuCaA4WNOJi8AdEg9c15aI9Yz3/yF01sWkcLv8rPPav81qS
9jkIgO0q9A7XPf9hcZS7Ix/60Hwxbpe3EeyEMPoy+hq5BxBTc/WIoBrSHwabkBmQ
KRe47qG6mwlo42ZF1r1H7AYk1Gp8rjA3w2rnGjF9IDcw
-----END CERTIFICATE-----