Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/S2jgawU4O4lAQY3k_J8atrvplk0.roa
File:                     S2jgawU4O4lAQY3k_J8atrvplk0.roa (raw, json)
Hash identifier:          Gu1Ybtp4wCgWfzQBSFjC6We3LxlOwc2bmLBX7Ly8Y7s=
Subject key identifier:   4B:68:E0:6B:05:38:3B:89:40:41:8D:E4:FC:9F:1A:B6:BB:E9:96:4D
Certificate issuer:       /CN=0c7887582d83d3f087682af8780a324a353ce782
Certificate serial:       0199578B1059390FD2F44AB10B227867F17C
Authority key identifier: 0C:78:87:58:2D:83:D3:F0:87:68:2A:F8:78:0A:32:4A:35:3C:E7:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/S2jgawU4O4lAQY3k_J8atrvplk0.roa
Signing time:             Wed 17 Sep 2025 11:59:15 +0000
ROA not before:           Wed 17 Sep 2025 11:59:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        213.179.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 13:49:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:57:8b:10:59:39:0f:d2:f4:4a:b1:0b:22:78:67:f1:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c7887582d83d3f087682af8780a324a353ce782
        Validity
            Not Before: Sep 17 11:59:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b68e06b05383b8940418de4fc9f1ab6bbe9964d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:36:83:95:ad:00:4c:07:77:4a:46:c5:5d:ed:
                    a4:bf:0b:32:d3:66:07:2e:5b:21:cf:41:e8:39:4b:
                    e9:23:4c:20:ae:35:2d:40:e9:d7:d1:df:b6:42:bb:
                    76:71:cf:af:65:89:95:6d:d1:b3:01:e0:27:f6:ce:
                    31:ab:f4:29:d4:5c:a6:f3:db:4f:45:90:00:a9:cf:
                    fa:50:0d:27:c2:e6:19:1d:1e:aa:a4:7f:db:09:38:
                    55:5b:ed:ba:39:d0:03:14:b1:31:88:42:a0:b9:16:
                    d8:52:ff:47:24:ee:d2:cc:7b:57:3c:49:d5:58:36:
                    a8:0f:53:71:84:2b:f6:a0:9b:44:e0:f2:f5:ee:62:
                    6d:f0:02:58:bf:f7:0d:70:94:f5:45:bf:47:b8:f7:
                    6e:75:e7:0d:b5:c7:c5:34:1a:68:75:36:40:db:af:
                    45:3d:a1:76:2d:62:ee:88:71:91:7d:e2:c8:ec:56:
                    9b:65:bd:bd:88:d4:a4:f8:1b:5f:d5:bc:3d:b5:ad:
                    e0:eb:6a:6d:41:a8:a9:3c:c8:8c:2f:b3:7a:f2:61:
                    de:0e:ff:5e:2b:7e:d1:e0:af:e3:a0:ea:b7:09:e2:
                    6b:b7:a7:bf:cb:81:10:f3:61:31:40:2e:c8:d5:b2:
                    29:58:2a:86:91:a9:6e:ed:4a:81:e0:e4:ff:19:80:
                    3b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:68:E0:6B:05:38:3B:89:40:41:8D:E4:FC:9F:1A:B6:BB:E9:96:4D
            X509v3 Authority Key Identifier:
                keyid:0C:78:87:58:2D:83:D3:F0:87:68:2A:F8:78:0A:32:4A:35:3C:E7:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/S2jgawU4O4lAQY3k_J8atrvplk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.179.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:5d:ba:8f:a6:d5:d7:bc:98:8d:35:7a:75:3e:b7:b8:19:9d:
         6f:ea:38:59:18:17:56:33:99:bf:a1:ca:36:96:bb:fb:ab:7e:
         44:60:8a:60:95:5f:79:44:ae:f3:34:be:71:dc:cb:d1:ce:62:
         39:93:15:98:f6:0e:37:0a:9d:62:95:40:44:d5:4c:c2:31:15:
         d4:37:ad:e8:f1:8a:74:2f:d0:61:95:ae:3b:f9:84:2f:08:54:
         52:be:6f:9a:16:96:47:73:95:df:ed:a1:2d:b8:82:4e:b9:d7:
         f4:bb:11:05:7b:8b:14:5f:d1:be:db:f1:f0:e0:c5:49:32:87:
         6d:82:d6:96:7f:05:1e:3c:61:6a:59:30:85:4e:b0:ab:cc:32:
         e6:08:ef:a7:90:e9:29:28:0b:f6:6e:ef:e3:51:50:1a:86:7e:
         97:da:81:06:34:57:11:7b:a2:0f:53:c1:bd:b7:2b:1f:00:a3:
         1e:1a:c0:67:e5:30:0c:51:d4:ed:eb:cd:b6:87:47:c0:f9:f6:
         b5:6e:9b:63:f4:10:61:41:ec:43:89:d1:51:fd:01:c0:77:b1:
         4e:3d:2c:83:08:98:68:74:d1:94:bd:52:79:c9:29:88:12:b6:
         db:41:e0:fb:7b:13:a9:bb:d3:c0:9b:3f:24:f9:41:c4:41:39:
         22:8d:32:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlXixBZOQ/S9EqxCyJ4Z/F8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNzg4NzU4MmQ4M2QzZjA4NzY4MmFmODc4MGEzMjRhMzUz
Y2U3ODIwHhcNMjUwOTE3MTE1OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjY4ZTA2YjA1MzgzYjg5NDA0MThkZTRmYzlmMWFiNmJiZTk5NjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzaDla0ATAd3SkbFXe2kvwsy02YH
Llshz0HoOUvpI0wgrjUtQOnX0d+2Qrt2cc+vZYmVbdGzAeAn9s4xq/Qp1Fym89tP
RZAAqc/6UA0nwuYZHR6qpH/bCThVW+26OdADFLExiEKguRbYUv9HJO7SzHtXPEnV
WDaoD1NxhCv2oJtE4PL17mJt8AJYv/cNcJT1Rb9HuPdudecNtcfFNBpodTZA269F
PaF2LWLuiHGRfeLI7FabZb29iNSk+Btf1bw9ta3g62ptQaipPMiML7N68mHeDv9e
K37R4K/joOq3CeJrt6e/y4EQ82ExQC7I1bIpWCqGkalu7UqB4OT/GYA7LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEto4GsFODuJQEGN5PyfGra76ZZNMB8GA1UdIwQY
MBaAFAx4h1gtg9Pwh2gq+HgKMko1POeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREhpSFdDMkQwX0NIYUNyNGVBb3lTalU4NTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9iZmY0OGYtMGEzMC00NzhkLWIyZGIt
YWQ0YTFkYTM5M2ExLzEvUzJqZ2F3VTRPNGxBUVkza19KOGF0cnZwbGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9iZmY0OGYtMGEzMC00NzhkLWIyZGItYWQ0YTFkYTM5M2Ex
LzEvREhpSFdDMkQwX0NIYUNyNGVBb3lTalU4NTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bNGMA0G
CSqGSIb3DQEBCwUAA4IBAQB7XbqPptXXvJiNNXp1Pre4GZ1v6jhZGBdWM5m/oco2
lrv7q35EYIpglV95RK7zNL5x3MvRzmI5kxWY9g43Cp1ilUBE1UzCMRXUN63o8Yp0
L9Bhla47+YQvCFRSvm+aFpZHc5Xf7aEtuIJOudf0uxEFe4sUX9G+2/Hw4MVJModt
gtaWfwUePGFqWTCFTrCrzDLmCO+nkOkpKAv2bu/jUVAahn6X2oEGNFcRe6IPU8G9
tysfAKMeGsBn5TAMUdTt6822h0fA+fa1bptj9BBhQexDidFR/QHAd7FOPSyDCJho
dNGUvVJ5ySmIErbbQeD7exOpu9PAmz8k+UHEQTkijTIA
-----END CERTIFICATE-----