Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5af4ce-0eee-4182-9094-9f52c730acdf/1/4hrax96C0YsCzZ7N3cD-vhrr54E.roa
File:                     4hrax96C0YsCzZ7N3cD-vhrr54E.roa (raw, json)
Hash identifier:          p2Xi036U7l5VIBvQc3SfD5E2iNcExLoqMhnCDdE1HDs=
Subject key identifier:   E2:1A:DA:C7:DE:82:D1:8B:02:CD:9E:CD:DD:C0:FE:BE:1A:EB:E7:81
Certificate issuer:       /CN=e939540fd16b633501fbf7441a746fc56f9f59bf
Certificate serial:       019822E84AA8459C116FD52C5E8F6435AC1C
Authority key identifier: E9:39:54:0F:D1:6B:63:35:01:FB:F7:44:1A:74:6F:C5:6F:9F:59:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6TlUD9FrYzUB-_dEGnRvxW-fWb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/5af4ce-0eee-4182-9094-9f52c730acdf/1/4hrax96C0YsCzZ7N3cD-vhrr54E.roa
Signing time:             Sat 19 Jul 2025 13:38:25 +0000
ROA not before:           Sat 19 Jul 2025 13:38:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210705
IP address blocks:        176.120.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/5af4ce-0eee-4182-9094-9f52c730acdf/1/6TlUD9FrYzUB-_dEGnRvxW-fWb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/5af4ce-0eee-4182-9094-9f52c730acdf/1/6TlUD9FrYzUB-_dEGnRvxW-fWb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6TlUD9FrYzUB-_dEGnRvxW-fWb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 10:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:22:e8:4a:a8:45:9c:11:6f:d5:2c:5e:8f:64:35:ac:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e939540fd16b633501fbf7441a746fc56f9f59bf
        Validity
            Not Before: Jul 19 13:38:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e21adac7de82d18b02cd9ecdddc0febe1aebe781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:9f:cb:09:b3:a7:cb:a1:0c:7f:64:d0:be:68:
                    66:b1:94:96:b9:b3:11:66:84:0e:a4:a2:9a:95:b3:
                    b1:ab:14:5a:54:6f:46:e5:2c:ed:f7:57:fb:54:70:
                    d4:ee:11:f8:e3:1d:ec:4e:7a:9f:5e:b1:2d:49:5e:
                    a4:7a:f6:b8:89:de:a3:c0:3c:a9:5a:db:65:b8:f5:
                    04:b4:f4:74:fa:a3:86:d6:ef:29:39:6e:da:0d:2a:
                    99:f1:7d:ac:47:5e:97:d6:5a:cf:af:5f:41:08:08:
                    bf:27:e6:8f:1b:63:fe:c8:d0:77:50:6d:06:42:59:
                    f2:a9:c8:8e:0b:66:36:24:90:bc:c5:4e:0d:96:ce:
                    02:b3:2e:d0:4e:db:33:eb:dd:ad:ea:f4:8d:b0:21:
                    46:cf:09:25:c1:6d:86:39:71:98:c1:f9:62:22:a7:
                    a2:ff:f4:3f:f4:d6:c0:0a:b9:d2:bb:11:1a:94:7e:
                    91:80:ea:37:9b:75:a7:b9:ef:25:8d:68:7a:22:0b:
                    4d:07:99:d1:f0:a5:c6:b4:d3:9a:b9:2c:13:42:88:
                    c7:37:09:76:59:fd:21:32:de:30:b4:0b:ba:6d:a2:
                    b7:90:2c:86:a0:ab:5e:54:98:72:aa:4b:08:23:e9:
                    09:df:29:0f:ee:fd:2e:8d:fb:73:c6:78:20:0f:6b:
                    4a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:1A:DA:C7:DE:82:D1:8B:02:CD:9E:CD:DD:C0:FE:BE:1A:EB:E7:81
            X509v3 Authority Key Identifier:
                keyid:E9:39:54:0F:D1:6B:63:35:01:FB:F7:44:1A:74:6F:C5:6F:9F:59:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6TlUD9FrYzUB-_dEGnRvxW-fWb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5af4ce-0eee-4182-9094-9f52c730acdf/1/4hrax96C0YsCzZ7N3cD-vhrr54E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5af4ce-0eee-4182-9094-9f52c730acdf/1/6TlUD9FrYzUB-_dEGnRvxW-fWb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:63:66:86:de:0a:1c:b5:09:ef:d4:b9:c6:7d:40:75:c5:c6:
         0b:50:4d:66:55:0b:02:ba:6b:14:f9:e4:e1:41:da:5e:d6:75:
         e1:44:13:50:7e:34:ba:7b:7a:f2:89:51:ef:cc:ee:95:b0:a1:
         3f:b0:ed:84:75:ee:99:c8:b4:b0:2d:0f:50:82:59:62:36:2e:
         fc:87:df:92:46:f2:47:e8:2f:65:fe:1f:ff:db:e6:91:ba:02:
         fb:41:03:a5:23:27:eb:74:64:e5:6d:ca:7b:64:35:0d:d0:7a:
         65:29:3e:e0:2a:df:9a:c2:3b:9f:a8:55:62:5e:8b:8b:13:44:
         cc:56:82:61:08:be:64:17:c9:bb:66:ea:8e:2b:68:04:2e:72:
         cd:85:24:61:0d:05:05:e7:12:23:f0:5a:36:ff:36:12:19:42:
         c8:1a:fc:65:d9:af:92:3f:87:17:ed:bb:80:a0:af:77:29:a0:
         32:79:1d:09:3e:c1:b1:30:df:a2:78:28:53:61:5b:a5:c0:90:
         21:79:2a:9a:76:d7:e5:71:ae:ec:f3:6f:cf:be:15:60:2c:07:
         50:a9:80:b8:a2:c2:28:03:a9:db:3e:e5:e0:d8:89:11:45:c4:
         5e:fa:62:2f:ac:67:8d:f9:ad:f6:d1:be:24:8c:ea:e3:7b:46:
         82:4f:50:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgi6EqoRZwRb9UsXo9kNawcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5Mzk1NDBmZDE2YjYzMzUwMWZiZjc0NDFhNzQ2ZmM1NmY5
ZjU5YmYwHhcNMjUwNzE5MTMzODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjFhZGFjN2RlODJkMThiMDJjZDllY2RkZGMwZmViZTFhZWJlNzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4p/LCbOny6EMf2TQvmhmsZSWubMR
ZoQOpKKalbOxqxRaVG9G5Szt91f7VHDU7hH44x3sTnqfXrEtSV6keva4id6jwDyp
WttluPUEtPR0+qOG1u8pOW7aDSqZ8X2sR16X1lrPr19BCAi/J+aPG2P+yNB3UG0G
QlnyqciOC2Y2JJC8xU4Nls4Csy7QTtsz692t6vSNsCFGzwklwW2GOXGYwfliIqei
//Q/9NbACrnSuxEalH6RgOo3m3Wnue8ljWh6IgtNB5nR8KXGtNOauSwTQojHNwl2
Wf0hMt4wtAu6baK3kCyGoKteVJhyqksII+kJ3ykP7v0ujftzxnggD2tKKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIa2sfegtGLAs2ezd3A/r4a6+eBMB8GA1UdIwQY
MBaAFOk5VA/Ra2M1Afv3RBp0b8Vvn1m/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlRsVUQ5RnJZelVCLV9kRUduUnZ4Vy1mV2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81YWY0Y2UtMGVlZS00MTgyLTkwOTQt
OWY1MmM3MzBhY2RmLzEvNGhyYXg5NkMwWXNDelo3TjNjRC12aHJyNTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81YWY0Y2UtMGVlZS00MTgyLTkwOTQtOWY1MmM3MzBhY2Rm
LzEvNlRsVUQ5RnJZelVCLV9kRUduUnZ4Vy1mV2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHgRMA0G
CSqGSIb3DQEBCwUAA4IBAQB9Y2aG3goctQnv1LnGfUB1xcYLUE1mVQsCumsU+eTh
Qdpe1nXhRBNQfjS6e3ryiVHvzO6VsKE/sO2Ede6ZyLSwLQ9QglliNi78h9+SRvJH
6C9l/h//2+aRugL7QQOlIyfrdGTlbcp7ZDUN0HplKT7gKt+awjufqFViXouLE0TM
VoJhCL5kF8m7ZuqOK2gELnLNhSRhDQUF5xIj8Fo2/zYSGULIGvxl2a+SP4cX7buA
oK93KaAyeR0JPsGxMN+ieChTYVulwJAheSqadtflca7s82/PvhVgLAdQqYC4osIo
A6nbPuXg2IkRRcRe+mIvrGeN+a320b4kjOrje0aCT1AQ
-----END CERTIFICATE-----