Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/3CaVGaLlRCBtJGBXfSGA7zW-rCs.roa
File:                     3CaVGaLlRCBtJGBXfSGA7zW-rCs.roa (raw, json)
Hash identifier:          /HyApflaldYM3wui8EYCuzUIG18+LCBycHK+Nr4v5s8=
Subject key identifier:   DC:26:95:19:A2:E5:44:20:6D:24:60:57:7D:21:80:EF:35:BE:AC:2B
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       01990CADBBC510B34E0AA0EDFD2D31880038
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/3CaVGaLlRCBtJGBXfSGA7zW-rCs.roa
Signing time:             Tue 02 Sep 2025 23:05:36 +0000
ROA not before:           Tue 02 Sep 2025 23:05:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7922
IP address blocks:        138.226.0.0/20 maxlen: 20
                          138.226.88.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0c:ad:bb:c5:10:b3:4e:0a:a0:ed:fd:2d:31:88:00:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Sep  2 23:05:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc269519a2e544206d2460577d2180ef35beac2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:71:56:bb:6d:8f:f1:3f:e1:9c:ad:84:a0:4b:
                    81:9d:83:c0:f3:41:58:81:ce:56:2d:d8:62:71:8d:
                    a2:b8:12:35:56:93:02:8c:c0:14:e0:d0:a8:aa:2c:
                    e9:58:1a:9f:e9:a9:c0:96:8d:68:38:5a:d2:3a:37:
                    dc:7c:dd:04:e7:35:42:7f:6b:2b:89:7f:30:64:df:
                    29:34:92:15:f3:b8:98:c7:76:6f:ce:6c:1c:08:56:
                    01:d1:3a:91:7e:fe:6f:64:0b:e7:6a:00:bf:da:f7:
                    3d:cd:28:72:d2:7c:2f:c7:88:11:5b:bf:a8:a9:13:
                    c3:75:71:2b:db:1e:b1:48:bf:b2:a8:e1:5d:4c:db:
                    77:54:b9:36:50:ec:cb:34:ea:9f:b7:d6:8d:4e:c1:
                    13:4c:e7:07:7d:1b:37:15:2d:87:76:1b:32:5d:1c:
                    8e:60:64:2a:2f:f3:fd:b6:47:76:a5:44:df:a6:24:
                    c2:a1:26:9f:f2:35:af:dd:81:43:8a:a0:e1:46:5d:
                    c2:22:39:01:0d:36:60:8c:e4:27:6d:5b:28:b6:bc:
                    5c:0d:c1:94:54:03:1a:35:0c:b3:32:2f:cf:8b:93:
                    77:93:47:d5:fd:7c:27:e0:b0:7a:cd:fb:03:82:a3:
                    71:5d:97:3c:00:ee:01:bf:de:dc:d0:ec:16:02:ca:
                    59:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:26:95:19:A2:E5:44:20:6D:24:60:57:7D:21:80:EF:35:BE:AC:2B
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/3CaVGaLlRCBtJGBXfSGA7zW-rCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.226.0.0/20
                  138.226.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         95:17:ab:94:8f:78:cc:a1:b2:32:92:79:2d:ff:1c:b2:4c:0c:
         b7:39:0f:48:c6:e5:80:6f:4f:b8:c1:e3:56:9f:d3:b0:78:da:
         06:0b:4a:90:d0:3a:17:4a:13:3c:8c:9e:25:a2:70:c3:b5:9b:
         d8:41:2e:4c:59:6b:82:07:2d:69:12:8b:62:30:ad:f1:0d:02:
         d6:07:4d:4d:1d:8f:5c:69:33:5d:be:22:56:ea:d3:55:88:ab:
         4b:49:bd:63:ed:d9:1e:cf:c4:50:c3:62:99:19:f5:68:41:ab:
         94:56:dd:a6:91:a5:1f:e3:1c:d1:fe:f3:e6:71:e2:75:55:9b:
         08:ad:85:3b:a5:3b:21:17:88:87:65:91:c3:89:5a:ce:99:92:
         bc:4d:ac:10:7d:48:f8:4a:0f:1d:b1:8d:d1:00:b4:4b:56:a9:
         9e:44:36:51:bc:d1:3c:eb:37:cf:43:31:25:f8:72:5f:ed:c9:
         8a:af:0c:d7:5a:57:95:c0:9d:fe:a3:2d:6d:a3:52:a3:56:b9:
         6a:58:4b:1a:36:eb:e9:8b:12:0e:9e:25:7b:01:f1:e0:3b:a8:
         ba:8b:73:a0:67:4c:82:20:e0:6b:ce:8f:06:b3:09:26:31:12:
         da:ab:86:68:c0:c2:08:71:a2:f7:e8:e9:38:ad:d9:6e:6c:77:
         a6:45:63:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkMrbvFELNOCqDt/S0xiAA4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjUwOTAyMjMwNTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzI2OTUxOWEyZTU0NDIwNmQyNDYwNTc3ZDIxODBlZjM1YmVhYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHFWu22P8T/hnK2EoEuBnYPA80FY
gc5WLdhicY2iuBI1VpMCjMAU4NCoqizpWBqf6anAlo1oOFrSOjfcfN0E5zVCf2sr
iX8wZN8pNJIV87iYx3ZvzmwcCFYB0TqRfv5vZAvnagC/2vc9zShy0nwvx4gRW7+o
qRPDdXEr2x6xSL+yqOFdTNt3VLk2UOzLNOqft9aNTsETTOcHfRs3FS2HdhsyXRyO
YGQqL/P9tkd2pUTfpiTCoSaf8jWv3YFDiqDhRl3CIjkBDTZgjOQnbVsotrxcDcGU
VAMaNQyzMi/Pi5N3k0fV/Xwn4LB6zfsDgqNxXZc8AO4Bv97c0OwWAspZGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNwmlRmi5UQgbSRgV30hgO81vqwrMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvM0NhVkdhTGxSQ0J0SkdCWGZTR0E3elctckNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEiuIAAwQD
iuJYMA0GCSqGSIb3DQEBCwUAA4IBAQCVF6uUj3jMobIyknkt/xyyTAy3OQ9IxuWA
b0+4weNWn9OweNoGC0qQ0DoXShM8jJ4lonDDtZvYQS5MWWuCBy1pEotiMK3xDQLW
B01NHY9caTNdviJW6tNViKtLSb1j7dkez8RQw2KZGfVoQauUVt2mkaUf4xzR/vPm
ceJ1VZsIrYU7pTshF4iHZZHDiVrOmZK8TawQfUj4Sg8dsY3RALRLVqmeRDZRvNE8
6zfPQzEl+HJf7cmKrwzXWleVwJ3+oy1to1KjVrlqWEsaNuvpixIOniV7AfHgO6i6
i3OgZ0yCIOBrzo8GswkmMRLaq4ZowMIIcaL36Ok4rdlubHemRWP8
-----END CERTIFICATE-----