Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aRq03uMptDnEzSt_Jce7KUrr8R4.roa
File:                     aRq03uMptDnEzSt_Jce7KUrr8R4.roa (raw, json)
Hash identifier:          wqqPdM2I9ilezKGYM3oj8JKirkYPFXz3XjxhzE6A1l4=
Subject key identifier:   69:1A:B4:DE:E3:29:B4:39:C4:CD:2B:7F:25:C7:BB:29:4A:EB:F1:1E
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019736F55927B9B7A0480942BF154DA2CEE6
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aRq03uMptDnEzSt_Jce7KUrr8R4.roa
Signing time:             Tue 03 Jun 2025 18:02:18 +0000
ROA not before:           Tue 03 Jun 2025 18:02:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198953
IP address blocks:        194.107.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 10:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:f5:59:27:b9:b7:a0:48:09:42:bf:15:4d:a2:ce:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jun  3 18:02:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=691ab4dee329b439c4cd2b7f25c7bb294aebf11e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:02:2d:dd:24:eb:1f:74:ae:f0:1a:a9:a1:80:
                    e5:a3:57:c9:64:93:3e:15:43:53:7a:a2:16:5d:4a:
                    27:99:00:b6:93:a4:a2:5c:26:fa:b2:88:de:ce:a8:
                    cb:9d:f2:02:20:3b:d0:8e:ec:4d:a5:92:86:13:52:
                    c4:78:41:67:6d:1f:0d:04:4a:06:17:78:f1:66:49:
                    43:ba:09:2f:e9:44:2e:2a:a0:fb:74:0a:27:a3:57:
                    fe:a0:61:fb:78:be:7d:d9:da:3d:92:15:33:cb:6a:
                    63:bd:a5:c2:9c:98:d9:b6:df:24:28:89:b7:ef:87:
                    a8:c0:4c:64:bc:1b:f8:4b:95:e9:ef:f6:4c:a5:e2:
                    98:4d:54:2f:76:94:a4:37:a2:ea:73:e1:40:a5:12:
                    30:3a:8e:93:d4:66:42:32:b5:0a:55:a8:85:18:c3:
                    68:43:2a:57:4b:bd:6c:06:d2:27:33:a3:88:98:62:
                    35:c2:f1:f1:0f:c0:20:56:ed:61:45:a4:05:33:3a:
                    df:07:2e:fd:58:36:7f:dc:37:86:51:3c:7a:51:3f:
                    72:33:b6:1a:cd:18:ed:1b:ad:bb:d5:61:59:1b:81:
                    6c:05:e9:60:24:c4:cc:aa:a1:a3:c5:8a:f4:aa:1f:
                    a0:20:f9:29:09:6a:c8:ef:e4:a2:e7:05:32:9c:ad:
                    aa:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:1A:B4:DE:E3:29:B4:39:C4:CD:2B:7F:25:C7:BB:29:4A:EB:F1:1E
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aRq03uMptDnEzSt_Jce7KUrr8R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.107.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:d6:fe:09:00:6e:04:1c:20:e9:69:6a:f9:a7:9f:04:01:e5:
         51:1f:65:0f:cb:7d:13:95:74:d4:5f:01:84:de:1c:fb:30:0a:
         ee:09:0b:fb:30:df:90:59:05:c0:57:bd:d8:55:47:b7:cb:11:
         9c:85:73:f6:71:1b:5d:2d:7f:eb:c7:4e:b2:98:98:16:00:ad:
         43:be:f8:ae:b0:a6:26:e5:eb:90:c2:3d:c1:82:61:f1:5b:93:
         4f:75:da:61:75:28:ad:a6:43:47:c5:74:16:1d:69:89:7f:04:
         cc:54:c8:6e:8e:31:47:84:88:e2:c9:b0:4f:82:55:08:eb:40:
         eb:d3:a7:25:02:65:4f:a0:4f:69:5b:2e:af:81:ac:16:b9:07:
         52:ef:b9:c5:bb:4c:cd:bc:02:a9:2a:28:01:69:ea:68:6e:48:
         1d:ba:d2:ea:2c:26:71:37:8b:06:cb:d5:cc:78:ca:1c:64:12:
         70:de:19:d8:d0:6d:fa:ac:80:ca:8b:e2:19:dd:eb:e1:6e:f3:
         8f:f3:e4:ca:1a:8f:29:44:75:1e:8c:b4:ba:ed:a7:92:c6:77:
         99:d8:5d:80:16:67:c2:da:06:dd:98:7b:ef:11:f3:93:62:bf:
         36:1e:08:70:cd:9b:72:5a:b5:75:8f:51:bc:cd:79:f0:70:44:
         3a:db:11:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc29VknubegSAlCvxVNos7mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwNjAzMTgwMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTFhYjRkZWUzMjliNDM5YzRjZDJiN2YyNWM3YmIyOTRhZWJmMTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAIt3STrH3Su8BqpoYDlo1fJZJM+
FUNTeqIWXUonmQC2k6SiXCb6sojezqjLnfICIDvQjuxNpZKGE1LEeEFnbR8NBEoG
F3jxZklDugkv6UQuKqD7dAono1f+oGH7eL592do9khUzy2pjvaXCnJjZtt8kKIm3
74eowExkvBv4S5Xp7/ZMpeKYTVQvdpSkN6Lqc+FApRIwOo6T1GZCMrUKVaiFGMNo
QypXS71sBtInM6OImGI1wvHxD8AgVu1hRaQFMzrfBy79WDZ/3DeGUTx6UT9yM7Ya
zRjtG6271WFZG4FsBelgJMTMqqGjxYr0qh+gIPkpCWrI7+Si5wUynK2q3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkatN7jKbQ5xM0rfyXHuylK6/EeMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvYVJxMDN1TXB0RG5FelN0X0pjZTdLVXJyOFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmvIMA0G
CSqGSIb3DQEBCwUAA4IBAQAz1v4JAG4EHCDpaWr5p58EAeVRH2UPy30TlXTUXwGE
3hz7MAruCQv7MN+QWQXAV73YVUe3yxGchXP2cRtdLX/rx06ymJgWAK1DvviusKYm
5euQwj3BgmHxW5NPddphdSitpkNHxXQWHWmJfwTMVMhujjFHhIjiybBPglUI60Dr
06clAmVPoE9pWy6vgawWuQdS77nFu0zNvAKpKigBaepobkgdutLqLCZxN4sGy9XM
eMocZBJw3hnY0G36rIDKi+IZ3evhbvOP8+TKGo8pRHUejLS67aeSxneZ2F2AFmfC
2gbdmHvvEfOTYr82HghwzZtyWrV1j1G8zXnwcEQ62xHW
-----END CERTIFICATE-----