Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/q56DpE6SjT4lDV119A67V9CrQMI.roa
File:                     q56DpE6SjT4lDV119A67V9CrQMI.roa (raw, json)
Hash identifier:          sEJe90A/qwDILaO38ksc6uM3fs95yXl9fIcKPIheClI=
Subject key identifier:   AB:9E:83:A4:4E:92:8D:3E:25:0D:5D:75:F4:0E:BB:57:D0:AB:40:C2
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0198E4AEE7DD151613B3C8576C8640B34E50
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/q56DpE6SjT4lDV119A67V9CrQMI.roa
Signing time:             Tue 26 Aug 2025 04:42:04 +0000
ROA not before:           Tue 26 Aug 2025 04:42:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49805
IP address blocks:        213.137.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 19:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e4:ae:e7:dd:15:16:13:b3:c8:57:6c:86:40:b3:4e:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Aug 26 04:42:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab9e83a44e928d3e250d5d75f40ebb57d0ab40c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:97:bf:2b:8c:a3:bf:8c:d0:f2:64:27:15:54:
                    61:aa:8c:10:f8:07:0b:b6:25:a2:d4:e6:db:28:39:
                    88:25:03:7a:67:e4:75:5f:d5:0b:1d:62:41:f8:43:
                    5c:0e:db:70:31:ca:28:2e:df:85:c8:2b:27:81:03:
                    0b:3d:4a:b3:e8:9a:34:c4:99:97:04:1b:0d:cb:78:
                    67:b2:95:44:67:54:b0:f9:cc:ab:62:de:8d:86:79:
                    77:4f:80:78:0e:9d:95:e2:0c:e3:71:59:16:b0:61:
                    93:4f:d2:d8:cb:99:57:03:04:cc:a7:92:bf:bf:2d:
                    36:57:1b:1c:53:c1:e1:3b:75:92:3e:53:4c:71:f6:
                    99:5e:49:4b:d0:0a:97:72:de:27:1c:5f:38:e0:9d:
                    f3:ee:07:81:29:0f:ac:47:3c:f9:24:a3:2e:2b:c5:
                    b4:bf:32:21:f2:08:68:3c:45:ac:cd:0d:d1:35:7d:
                    5d:75:62:31:7b:f7:dd:16:1e:b2:65:91:88:88:fc:
                    d3:72:9b:bc:01:30:13:07:00:84:a8:8d:36:7e:d1:
                    56:81:09:68:ab:bf:d4:85:2a:7c:04:c2:dd:b4:83:
                    ab:e7:ef:6d:29:f7:41:32:bd:25:e6:8d:64:ec:93:
                    1e:df:54:e8:38:60:03:6c:46:7c:4b:d0:b1:02:b4:
                    d9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:9E:83:A4:4E:92:8D:3E:25:0D:5D:75:F4:0E:BB:57:D0:AB:40:C2
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/q56DpE6SjT4lDV119A67V9CrQMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:64:66:37:ca:58:5e:ce:31:f5:8e:a8:d9:e5:b0:78:2b:4d:
         6a:d8:a8:fd:2c:10:78:13:21:6c:75:af:a1:cd:10:bd:12:11:
         9b:47:63:58:51:bb:44:ca:85:ee:3d:08:8e:0c:fc:c0:60:c1:
         49:1d:28:c1:23:d6:42:e6:be:ff:3e:02:c3:43:bc:85:a0:b6:
         bd:4e:aa:52:e9:8c:ff:1f:7e:82:7e:b2:2e:28:bc:4d:2f:ea:
         7c:de:d6:97:4c:2f:8d:fe:35:e8:80:2c:9f:2e:93:70:19:87:
         94:74:35:28:02:08:4b:05:17:fb:db:8d:01:97:05:54:cb:a2:
         21:50:86:22:05:cd:5a:f8:96:c8:b8:8c:91:23:90:39:10:96:
         39:bb:dc:ae:98:51:e4:70:23:b1:2b:3b:45:37:b8:21:c0:b1:
         9c:43:ad:68:48:67:d6:9a:af:57:f2:db:5f:c3:d5:0e:4e:14:
         d5:a5:c2:41:57:73:ce:cd:dd:78:ef:14:09:7d:ab:26:16:3e:
         a9:b1:89:4a:1a:a8:25:63:e2:f4:14:1a:62:b0:a8:e1:43:98:
         a2:a2:be:de:ec:0e:40:54:6a:fe:fb:d0:30:49:cc:38:c0:fe:
         8a:6d:a3:91:6a:e9:13:dd:66:8d:08:78:63:14:af:a3:6c:45:
         0d:26:b1:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjkrufdFRYTs8hXbIZAs05QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUwODI2MDQ0MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjllODNhNDRlOTI4ZDNlMjUwZDVkNzVmNDBlYmI1N2QwYWI0MGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZe/K4yjv4zQ8mQnFVRhqowQ+AcL
tiWi1ObbKDmIJQN6Z+R1X9ULHWJB+ENcDttwMcooLt+FyCsngQMLPUqz6Jo0xJmX
BBsNy3hnspVEZ1Sw+cyrYt6Nhnl3T4B4Dp2V4gzjcVkWsGGTT9LYy5lXAwTMp5K/
vy02VxscU8HhO3WSPlNMcfaZXklL0AqXct4nHF844J3z7geBKQ+sRzz5JKMuK8W0
vzIh8ghoPEWszQ3RNX1ddWIxe/fdFh6yZZGIiPzTcpu8ATATBwCEqI02ftFWgQlo
q7/UhSp8BMLdtIOr5+9tKfdBMr0l5o1k7JMe31ToOGADbEZ8S9CxArTZ9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKueg6ROko0+JQ1ddfQOu1fQq0DCMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvcTU2RHBFNlNqVDRsRFYxMTlBNjdWOUNyUU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YlTMA0G
CSqGSIb3DQEBCwUAA4IBAQB2ZGY3ylhezjH1jqjZ5bB4K01q2Kj9LBB4EyFsda+h
zRC9EhGbR2NYUbtEyoXuPQiODPzAYMFJHSjBI9ZC5r7/PgLDQ7yFoLa9TqpS6Yz/
H36CfrIuKLxNL+p83taXTC+N/jXogCyfLpNwGYeUdDUoAghLBRf7240BlwVUy6Ih
UIYiBc1a+JbIuIyRI5A5EJY5u9yumFHkcCOxKztFN7ghwLGcQ61oSGfWmq9X8ttf
w9UOThTVpcJBV3POzd147xQJfasmFj6psYlKGqglY+L0FBpisKjhQ5iior7e7A5A
VGr++9AwScw4wP6KbaORaukT3WaNCHhjFK+jbEUNJrFr
-----END CERTIFICATE-----