Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/pXPzmZ7587uf17KlMH5G6RSweGc.roa
File:                     pXPzmZ7587uf17KlMH5G6RSweGc.roa (raw, json)
Hash identifier:          mFJ34XrBnXAVHpa2Q/xGlVAxkWyN0y914L5itOEfWCY=
Subject key identifier:   A5:73:F3:99:9E:F9:F3:BB:9F:D7:B2:A5:30:7E:46:E9:14:B0:78:67
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0199BD12AEAF89B9C6C021532AA1DAD0B2A3
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/pXPzmZ7587uf17KlMH5G6RSweGc.roa
Signing time:             Tue 07 Oct 2025 05:09:02 +0000
ROA not before:           Tue 07 Oct 2025 05:09:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        124.198.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 07:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bd:12:ae:af:89:b9:c6:c0:21:53:2a:a1:da:d0:b2:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Oct  7 05:09:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a573f3999ef9f3bb9fd7b2a5307e46e914b07867
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e2:4c:41:4e:ea:d3:15:74:1d:33:6d:e9:c8:
                    c7:e7:4f:01:1a:7f:63:94:3b:f1:dd:98:13:03:66:
                    12:3e:ea:91:12:c9:8b:7c:76:e5:a2:bd:f9:1d:d5:
                    89:36:45:21:dd:67:af:eb:91:1f:46:4e:c3:25:27:
                    18:77:9f:da:54:a1:4e:85:64:82:11:ec:bd:b8:e2:
                    c5:ef:eb:c4:28:b1:3d:80:3f:ba:ac:75:a6:60:a3:
                    36:3f:85:c0:df:09:f1:4e:26:5b:d9:79:3b:de:42:
                    06:4f:14:1c:12:c0:e4:ff:50:c5:27:18:be:21:4a:
                    bf:41:03:f6:25:01:f4:8e:ff:10:25:86:43:3e:8c:
                    74:96:b1:a1:22:53:30:a1:e7:e6:a4:aa:6d:49:0a:
                    ce:5a:25:47:8f:6b:6d:5e:5a:fc:62:6c:be:0b:a4:
                    e4:48:7e:9b:5c:a5:40:62:bd:ed:fd:5c:76:96:16:
                    56:21:ce:6e:11:51:bb:03:0a:cc:8c:0b:3a:dd:5d:
                    f1:c9:1a:70:ab:a7:46:39:94:ba:9f:91:e6:9a:a4:
                    04:33:83:fa:d7:2a:ae:ce:8d:60:9d:3f:32:d9:74:
                    b7:35:79:63:9d:0f:ab:c3:b2:d6:99:87:93:25:f2:
                    62:6d:88:be:1e:ab:a6:90:c8:e0:68:a2:d1:a8:ec:
                    4a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:73:F3:99:9E:F9:F3:BB:9F:D7:B2:A5:30:7E:46:E9:14:B0:78:67
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/pXPzmZ7587uf17KlMH5G6RSweGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.198.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:f5:bf:15:50:3f:6f:6f:a3:7b:21:3d:b8:cb:6d:97:33:c9:
         94:c0:42:08:bc:f5:42:26:1d:dc:e5:d4:97:aa:11:80:06:0d:
         64:5c:51:99:1a:c8:ba:68:a3:63:68:67:52:10:90:52:9e:9e:
         c5:3d:0b:17:f5:7f:8c:ba:a8:31:86:23:c8:ac:7d:38:89:db:
         5d:7d:43:6a:c4:2e:39:d7:99:1b:76:fb:2e:31:55:37:72:29:
         20:3c:c3:fb:ec:11:61:e7:d4:51:d3:7f:57:57:5a:02:40:5b:
         d3:1c:8e:72:05:a4:fa:5c:08:c5:35:79:da:c1:35:63:f4:66:
         e9:c1:91:81:f7:20:b3:5f:19:c8:2f:77:f4:c1:55:32:91:75:
         95:f1:8a:0a:b8:d3:95:4d:d1:01:74:47:a8:67:aa:42:80:dc:
         f1:a5:93:a4:f4:d0:41:b7:67:d1:5a:b8:43:19:a6:85:d4:0f:
         c6:73:87:59:4c:0d:dc:0d:b9:ba:92:60:18:02:74:5f:36:f4:
         3d:8f:ac:81:d9:4e:53:bd:4d:42:a2:31:eb:0f:97:db:75:86:
         eb:8f:12:ac:60:f5:a0:d0:6e:c6:1f:48:a2:d8:55:1a:a4:a6:
         f9:81:6f:c0:80:f4:9a:5f:e2:8d:bd:53:ee:22:f9:99:5b:ee:
         fc:1b:c7:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm9Eq6vibnGwCFTKqHa0LKjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUxMDA3MDUwOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTczZjM5OTllZjlmM2JiOWZkN2IyYTUzMDdlNDZlOTE0YjA3ODY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuJMQU7q0xV0HTNt6cjH508BGn9j
lDvx3ZgTA2YSPuqREsmLfHblor35HdWJNkUh3Wev65EfRk7DJScYd5/aVKFOhWSC
Eey9uOLF7+vEKLE9gD+6rHWmYKM2P4XA3wnxTiZb2Xk73kIGTxQcEsDk/1DFJxi+
IUq/QQP2JQH0jv8QJYZDPox0lrGhIlMwoefmpKptSQrOWiVHj2ttXlr8Ymy+C6Tk
SH6bXKVAYr3t/Vx2lhZWIc5uEVG7AwrMjAs63V3xyRpwq6dGOZS6n5HmmqQEM4P6
1yquzo1gnT8y2XS3NXljnQ+rw7LWmYeTJfJibYi+HqumkMjgaKLRqOxKNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVz85me+fO7n9eypTB+RukUsHhnMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvcFhQem1aNzU4N3VmMTdLbE1INUc2UlN3ZUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCfMaIMA0G
CSqGSIb3DQEBCwUAA4IBAQAh9b8VUD9vb6N7IT24y22XM8mUwEIIvPVCJh3c5dSX
qhGABg1kXFGZGsi6aKNjaGdSEJBSnp7FPQsX9X+MuqgxhiPIrH04idtdfUNqxC45
15kbdvsuMVU3cikgPMP77BFh59RR039XV1oCQFvTHI5yBaT6XAjFNXnawTVj9Gbp
wZGB9yCzXxnIL3f0wVUykXWV8YoKuNOVTdEBdEeoZ6pCgNzxpZOk9NBBt2fRWrhD
GaaF1A/Gc4dZTA3cDbm6kmAYAnRfNvQ9j6yB2U5TvU1CojHrD5fbdYbrjxKsYPWg
0G7GH0ii2FUapKb5gW/AgPSaX+KNvVPuIvmZW+78G8el
-----END CERTIFICATE-----