Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/i5JR4X8XkgqUjUR9AqA093RvF_M.roa
File:                     i5JR4X8XkgqUjUR9AqA093RvF_M.roa (raw, json)
Hash identifier:          sRMyH0MzuiMVwqi+BJl4/qjhytl5ZX1P2JdBj/8sRJM=
Subject key identifier:   8B:92:51:E1:7F:17:92:0A:94:8D:44:7D:02:A0:34:F7:74:6F:17:F3
Certificate issuer:       /CN=78e98dee9aadc86b4dfa9e168d921bd80ba3f3a6
Certificate serial:       0198A8B2C2ECE2FEB04DEDCB3FBB4E5C604F
Authority key identifier: 78:E9:8D:EE:9A:AD:C8:6B:4D:FA:9E:16:8D:92:1B:D8:0B:A3:F3:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eOmN7pqtyGtN-p4WjZIb2Auj86Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/i5JR4X8XkgqUjUR9AqA093RvF_M.roa
Signing time:             Thu 14 Aug 2025 13:09:04 +0000
ROA not before:           Thu 14 Aug 2025 13:09:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        138.21.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/eOmN7pqtyGtN-p4WjZIb2Auj86Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/eOmN7pqtyGtN-p4WjZIb2Auj86Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eOmN7pqtyGtN-p4WjZIb2Auj86Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 20 Aug 2025 23:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:b2:c2:ec:e2:fe:b0:4d:ed:cb:3f:bb:4e:5c:60:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78e98dee9aadc86b4dfa9e168d921bd80ba3f3a6
        Validity
            Not Before: Aug 14 13:09:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b9251e17f17920a948d447d02a034f7746f17f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:39:04:ac:74:6d:dc:6b:14:eb:87:3d:7f:51:
                    44:ff:23:48:21:2b:ba:64:c2:36:58:74:4d:aa:a7:
                    c9:93:19:2e:b1:19:fb:93:88:fa:18:5c:a0:7a:fb:
                    95:53:97:6b:7f:24:9c:a3:3c:9b:38:15:70:73:fd:
                    38:99:52:47:30:87:90:54:90:f7:85:ca:2d:d9:57:
                    f3:4f:66:34:c9:02:24:98:c1:f9:d4:c0:00:15:8e:
                    e4:14:b2:bc:04:0a:c8:d9:67:c3:a2:ac:6a:16:9d:
                    ac:f7:bb:7d:40:3c:b8:e7:c6:a1:34:40:13:4e:de:
                    77:d2:4a:39:d6:e5:4f:7d:c6:75:49:e4:8f:d9:79:
                    30:c9:84:46:82:41:69:cc:75:9e:57:d0:32:fa:1d:
                    a3:46:61:f5:27:b1:e7:28:19:f3:46:1f:73:ae:56:
                    db:b6:eb:f5:9a:b1:97:1b:f7:d5:45:bb:6d:8b:5f:
                    49:b6:85:30:f9:48:2b:28:bd:4e:cf:db:b5:bf:43:
                    45:4e:d7:bb:3b:88:14:a3:af:d1:8c:e4:2b:17:b0:
                    9b:75:ea:b4:b2:b7:4a:ec:ba:cc:8f:6e:9c:12:b7:
                    83:71:f9:8b:78:f2:1f:cf:c9:c8:e0:ad:18:c4:53:
                    2e:fb:47:56:0e:49:95:82:d5:e7:a8:40:d5:5b:80:
                    a3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:92:51:E1:7F:17:92:0A:94:8D:44:7D:02:A0:34:F7:74:6F:17:F3
            X509v3 Authority Key Identifier:
                keyid:78:E9:8D:EE:9A:AD:C8:6B:4D:FA:9E:16:8D:92:1B:D8:0B:A3:F3:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eOmN7pqtyGtN-p4WjZIb2Auj86Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/i5JR4X8XkgqUjUR9AqA093RvF_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/eOmN7pqtyGtN-p4WjZIb2Auj86Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.21.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:62:87:2b:36:d2:82:3d:5c:6b:48:58:28:ac:64:a0:4f:22:
         30:6f:44:6f:6c:ed:e4:2a:9c:42:f3:13:9a:55:89:3b:83:f0:
         95:5a:54:43:54:b4:03:ee:a9:6f:c8:32:be:2a:6e:36:bd:c6:
         c0:20:de:3a:c1:24:57:e3:30:6e:57:dd:60:26:41:86:e2:bd:
         ee:6b:c8:96:b4:1a:d7:e2:95:45:df:ec:29:70:7f:11:32:36:
         54:60:56:17:5a:14:87:c7:c6:0e:01:08:0f:89:c9:b0:2b:a8:
         a6:7d:be:76:6c:18:48:ed:2a:25:d0:a9:85:fe:43:51:c3:4d:
         eb:6d:c1:d3:c3:a2:ff:b1:24:a7:52:fd:55:5d:83:dd:7b:87:
         1f:4a:55:ac:46:af:0f:34:57:61:30:1b:78:b6:67:5a:eb:bb:
         2a:44:35:49:26:89:f5:2b:7d:56:71:79:65:51:d2:a5:c5:f8:
         7b:d1:8e:98:69:35:fd:ce:9d:b5:84:65:f2:c3:9d:2f:56:e5:
         aa:6e:82:2c:16:a2:0f:8c:cd:62:6d:36:83:15:2a:f9:16:f4:
         cb:7b:e8:5a:8b:dc:92:05:12:60:66:87:87:bf:14:06:12:01:
         b9:a9:08:a6:d9:86:57:9a:df:55:75:d2:f6:fe:ee:54:97:fa:
         f9:a6:94:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiossLs4v6wTe3LP7tOXGBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZTk4ZGVlOWFhZGM4NmI0ZGZhOWUxNjhkOTIxYmQ4MGJh
M2YzYTYwHhcNMjUwODE0MTMwOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjkyNTFlMTdmMTc5MjBhOTQ4ZDQ0N2QwMmEwMzRmNzc0NmYxN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzkErHRt3GsU64c9f1FE/yNIISu6
ZMI2WHRNqqfJkxkusRn7k4j6GFygevuVU5drfyScozybOBVwc/04mVJHMIeQVJD3
hcot2VfzT2Y0yQIkmMH51MAAFY7kFLK8BArI2WfDoqxqFp2s97t9QDy458ahNEAT
Tt530ko51uVPfcZ1SeSP2XkwyYRGgkFpzHWeV9Ay+h2jRmH1J7HnKBnzRh9zrlbb
tuv1mrGXG/fVRbtti19JtoUw+UgrKL1Oz9u1v0NFTte7O4gUo6/RjOQrF7Cbdeq0
srdK7LrMj26cEreDcfmLePIfz8nI4K0YxFMu+0dWDkmVgtXnqEDVW4CjqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuSUeF/F5IKlI1EfQKgNPd0bxfzMB8GA1UdIwQY
MBaAFHjpje6archrTfqeFo2SG9gLo/OmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU9tTjdwcXR5R3ROLXA0V2paSWIyQXVqODZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9jMWNjOTUtNzUyOS00MjcwLWE2ZWMt
NWM3MTk1NmE1Mzc3LzEvaTVKUjRYOFhrZ3FValVSOUFxQTA5M1J2Rl9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9jMWNjOTUtNzUyOS00MjcwLWE2ZWMtNWM3MTk1NmE1Mzc3
LzEvZU9tTjdwcXR5R3ROLXA0V2paSWIyQXVqODZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAihUlMA0G
CSqGSIb3DQEBCwUAA4IBAQA+YocrNtKCPVxrSFgorGSgTyIwb0RvbO3kKpxC8xOa
VYk7g/CVWlRDVLQD7qlvyDK+Km42vcbAIN46wSRX4zBuV91gJkGG4r3ua8iWtBrX
4pVF3+wpcH8RMjZUYFYXWhSHx8YOAQgPicmwK6imfb52bBhI7Sol0KmF/kNRw03r
bcHTw6L/sSSnUv1VXYPde4cfSlWsRq8PNFdhMBt4tmda67sqRDVJJon1K31WcXll
UdKlxfh70Y6YaTX9zp21hGXyw50vVuWqboIsFqIPjM1ibTaDFSr5FvTLe+hai9yS
BRJgZoeHvxQGEgG5qQim2YZXmt9VddL2/u5Ul/r5ppSE
-----END CERTIFICATE-----