Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oZLJxPNEFauwno6vaDy4hei9FoA.roa
File:                     oZLJxPNEFauwno6vaDy4hei9FoA.roa (raw, json)
Hash identifier:          jE6uNod7deWtk1VOAkf6V1XZjTLm/drnBzVBArp2ZpM=
Subject key identifier:   A1:92:C9:C4:F3:44:15:AB:B0:9E:8E:AF:68:3C:B8:85:E8:BD:16:80
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0198E512B34E271BC0A9BD10965654DAEE85
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oZLJxPNEFauwno6vaDy4hei9FoA.roa
Signing time:             Tue 26 Aug 2025 06:31:04 +0000
ROA not before:           Tue 26 Aug 2025 06:31:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215081
IP address blocks:        178.173.240.0/24 maxlen: 24
                          193.36.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e5:12:b3:4e:27:1b:c0:a9:bd:10:96:56:54:da:ee:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Aug 26 06:31:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a192c9c4f34415abb09e8eaf683cb885e8bd1680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:76:24:33:24:ad:a0:d4:aa:f8:91:a1:38:46:
                    42:49:e3:85:a3:ec:57:09:b3:e9:b5:1f:69:5e:06:
                    4b:dc:58:59:53:98:c0:a6:a5:0a:4c:d6:31:59:60:
                    b7:37:f2:fe:b2:19:39:b0:97:31:45:c1:22:a0:41:
                    14:9c:44:e7:ac:8d:4f:12:46:2c:2e:dc:f8:cf:8b:
                    25:9d:da:fe:4b:56:96:3b:c4:6a:36:2d:bb:9b:cf:
                    9e:8d:a2:a7:38:40:6b:4e:4a:de:9a:93:bd:4e:5c:
                    ac:c5:14:e9:cb:71:74:cb:a3:e3:56:b3:32:06:7a:
                    ca:ee:ed:07:e5:39:e0:9b:57:d6:fa:9c:1f:4f:4c:
                    68:f9:2d:26:c6:3e:9b:a8:81:4e:c7:90:ee:ae:90:
                    ac:94:7d:da:76:a3:ab:4a:4d:6a:f7:53:d3:ee:0f:
                    19:a6:d9:b2:da:bf:85:59:aa:57:3a:a8:ed:c7:77:
                    d1:97:0d:d8:85:49:f2:d6:04:6b:fb:29:ff:92:b1:
                    82:c1:31:58:b7:13:b4:4b:0e:39:98:8e:47:16:01:
                    f8:74:b8:05:1c:c4:43:e2:62:3b:44:34:c4:be:1a:
                    a0:14:c4:b5:fc:e0:04:b9:a2:a6:6b:e0:1b:32:6a:
                    e7:c4:7e:49:91:19:4a:45:a3:c8:3f:f0:ff:ba:fa:
                    49:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:92:C9:C4:F3:44:15:AB:B0:9E:8E:AF:68:3C:B8:85:E8:BD:16:80
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oZLJxPNEFauwno6vaDy4hei9FoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.173.240.0/24
                  193.36.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:1e:80:29:db:28:8b:33:4b:65:2d:d8:af:7d:7c:85:d2:66:
         cf:21:46:4b:13:ec:14:2e:a1:b9:ba:c8:bc:9f:73:3a:34:01:
         e1:e3:84:f1:9b:35:6f:85:d6:31:c6:e9:7c:f1:0c:24:f5:63:
         8f:50:87:97:17:c9:f4:8c:43:38:23:33:cd:f4:a6:d0:64:a7:
         5a:b7:6e:17:16:77:d0:82:2d:8e:4c:64:3a:f4:14:e2:21:78:
         b7:bd:10:fa:85:81:0b:00:c4:d7:d6:1a:48:8d:31:ff:86:f8:
         dd:22:b8:d1:94:06:86:34:a3:e0:07:c9:8c:c0:b1:30:5f:0a:
         68:45:77:7f:9e:c9:07:6f:e8:7b:97:11:fa:ad:17:9b:e3:13:
         d8:9f:84:a6:2c:c9:cd:e7:b2:b6:91:24:00:64:c8:0b:c3:92:
         ba:80:14:9d:a2:88:57:3e:29:b8:4f:8d:76:6a:f1:36:cd:46:
         3f:5c:07:a0:b0:db:aa:ac:0b:df:4e:46:97:30:96:86:a1:81:
         c4:02:94:70:30:19:50:6c:b4:ff:49:aa:f4:07:84:bc:ae:71:
         e7:a2:b7:52:65:7f:3f:46:83:2f:07:9f:9a:49:3b:40:a0:a2:
         4a:5b:0b:92:52:df:c2:64:f5:c1:1b:30:17:70:b3:5c:b6:ee:
         a8:72:6c:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjlErNOJxvAqb0QllZU2u6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwODI2MDYzMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTkyYzljNGYzNDQxNWFiYjA5ZThlYWY2ODNjYjg4NWU4YmQxNjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA73YkMyStoNSq+JGhOEZCSeOFo+xX
CbPptR9pXgZL3FhZU5jApqUKTNYxWWC3N/L+shk5sJcxRcEioEEUnETnrI1PEkYs
Ltz4z4slndr+S1aWO8RqNi27m8+ejaKnOEBrTkrempO9TlysxRTpy3F0y6PjVrMy
BnrK7u0H5Tngm1fW+pwfT0xo+S0mxj6bqIFOx5DurpCslH3adqOrSk1q91PT7g8Z
ptmy2r+FWapXOqjtx3fRlw3YhUny1gRr+yn/krGCwTFYtxO0Sw45mI5HFgH4dLgF
HMRD4mI7RDTEvhqgFMS1/OAEuaKma+AbMmrnxH5JkRlKRaPIP/D/uvpJiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKGSycTzRBWrsJ6Or2g8uIXovRaAMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvb1pMSnhQTkVGYXV3bm82dmFEeTRoZWk5Rm9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsq3wAwQA
wSRJMA0GCSqGSIb3DQEBCwUAA4IBAQC2HoAp2yiLM0tlLdivfXyF0mbPIUZLE+wU
LqG5usi8n3M6NAHh44TxmzVvhdYxxul88Qwk9WOPUIeXF8n0jEM4IzPN9KbQZKda
t24XFnfQgi2OTGQ69BTiIXi3vRD6hYELAMTX1hpIjTH/hvjdIrjRlAaGNKPgB8mM
wLEwXwpoRXd/nskHb+h7lxH6rReb4xPYn4SmLMnN57K2kSQAZMgLw5K6gBSdoohX
Pim4T412avE2zUY/XAegsNuqrAvfTkaXMJaGoYHEApRwMBlQbLT/Sar0B4S8rnHn
ordSZX8/RoMvB5+aSTtAoKJKWwuSUt/CZPXBGzAXcLNctu6ocmwc
-----END CERTIFICATE-----