Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/_urUnPm3dxe0dhHO4I67DMxNM8w.roa
File:                     _urUnPm3dxe0dhHO4I67DMxNM8w.roa (raw, json)
Hash identifier:          peMugiexGfIHSWdQB0rJ+olLWcWf0//IWy/3iCQCuZI=
Subject key identifier:   FE:EA:D4:9C:F9:B7:77:17:B4:76:11:CE:E0:8E:BB:0C:CC:4D:33:CC
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       0198A4887C3C430AFC1D64D9FB4D9CC974B2
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/_urUnPm3dxe0dhHO4I67DMxNM8w.roa
Signing time:             Wed 13 Aug 2025 17:44:24 +0000
ROA not before:           Wed 13 Aug 2025 17:44:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        138.226.16.0/20 maxlen: 20
                          138.226.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 03:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a4:88:7c:3c:43:0a:fc:1d:64:d9:fb:4d:9c:c9:74:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Aug 13 17:44:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=feead49cf9b77717b47611cee08ebb0ccc4d33cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8a:8e:40:7d:49:74:ac:f3:2c:e3:9d:50:05:
                    f5:3e:ec:b3:af:75:1c:dc:7d:50:89:a8:16:76:80:
                    d4:ca:12:6d:d5:d8:14:58:25:3f:f0:59:aa:f4:26:
                    8e:fe:bb:0a:bc:6e:a8:2c:a5:94:df:0d:90:6d:e6:
                    43:1c:d0:4b:28:c1:49:47:bc:0b:1c:18:99:4e:8a:
                    9d:ec:42:87:be:95:f6:a6:13:a7:1c:8a:f0:c9:8e:
                    0c:e8:f3:2f:b9:27:87:ae:b1:dd:39:2e:70:e1:e5:
                    cd:fb:25:32:60:40:c5:ee:03:dc:43:63:78:e4:32:
                    c0:b3:2e:f7:d1:27:f6:8a:a0:e1:94:34:c2:bb:45:
                    99:7d:20:a2:9a:66:66:43:2a:8b:de:61:01:cb:04:
                    36:44:40:ed:dc:14:58:24:66:63:a9:06:1c:e2:30:
                    02:52:86:85:1e:45:4a:5c:66:e5:51:7f:e9:0a:56:
                    d8:8a:f2:be:54:d8:a6:c9:fa:40:2d:ad:5d:83:1b:
                    a2:0e:30:6d:bd:e1:13:24:1b:ce:ed:e4:04:c3:39:
                    e4:43:f8:69:76:13:cf:b6:99:0d:be:9a:1e:38:77:
                    7b:98:1b:11:ab:b9:2c:18:c3:1f:77:be:5c:86:5e:
                    83:be:e4:8f:0a:1d:c5:23:ab:0f:06:8b:e5:7a:ec:
                    ea:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:EA:D4:9C:F9:B7:77:17:B4:76:11:CE:E0:8E:BB:0C:CC:4D:33:CC
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/_urUnPm3dxe0dhHO4I67DMxNM8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.226.16.0/20
                  138.226.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         25:c6:c6:07:50:f6:db:f1:bd:2e:34:e8:7b:54:ee:07:09:f5:
         59:f5:ee:8c:ee:37:9e:3c:c2:7e:d0:d5:83:41:30:d9:b9:ac:
         07:3f:d0:78:39:bb:1f:f2:cd:1c:7d:7d:f3:c5:1b:94:ab:b2:
         1b:5b:65:8c:35:67:dd:2f:f5:75:47:0e:63:96:e2:9a:1a:35:
         4e:fc:6a:4a:bd:9e:79:a8:4f:b8:a6:64:83:cb:fb:ae:f2:f3:
         00:37:69:02:42:16:83:48:f7:3e:70:d1:dd:a2:08:fb:33:b1:
         05:7f:1c:52:a5:c5:e0:cc:a0:ee:fa:b0:fd:14:d4:66:24:f8:
         83:25:ed:01:25:e9:ee:f0:ee:fc:1b:82:f8:e9:2b:94:a5:a5:
         78:03:99:d7:40:b8:16:78:f9:34:0e:1b:98:7e:7c:25:d9:48:
         b2:bb:cf:3d:44:4e:fd:b6:8f:27:90:8a:6f:ec:be:84:6a:e8:
         31:cf:de:55:d3:d8:97:af:db:a3:aa:b5:99:e9:22:4c:59:51:
         45:a7:ad:ec:d8:c9:6e:fc:6c:c7:2e:8d:7c:3e:da:ac:e0:9f:
         e1:91:cd:9d:6a:15:43:ae:4d:0c:f1:66:f6:dc:96:cf:b2:4f:
         57:63:dd:be:98:c5:ca:20:2a:a3:74:3b:50:96:48:a5:46:b5:
         1c:fc:bf:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZikiHw8Qwr8HWTZ+02cyXSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjUwODEzMTc0NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWVhZDQ5Y2Y5Yjc3NzE3YjQ3NjExY2VlMDhlYmIwY2NjNGQzM2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIqOQH1JdKzzLOOdUAX1Puyzr3Uc
3H1QiagWdoDUyhJt1dgUWCU/8Fmq9CaO/rsKvG6oLKWU3w2QbeZDHNBLKMFJR7wL
HBiZToqd7EKHvpX2phOnHIrwyY4M6PMvuSeHrrHdOS5w4eXN+yUyYEDF7gPcQ2N4
5DLAsy730Sf2iqDhlDTCu0WZfSCimmZmQyqL3mEBywQ2REDt3BRYJGZjqQYc4jAC
UoaFHkVKXGblUX/pClbYivK+VNimyfpALa1dgxuiDjBtveETJBvO7eQEwznkQ/hp
dhPPtpkNvpoeOHd7mBsRq7ksGMMfd75chl6DvuSPCh3FI6sPBovleuzqhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP7q1Jz5t3cXtHYRzuCOuwzMTTPMMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvX3VyVW5QbTNkeGUwZGhITzRJNjdETXhOTTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEiuIQAwQE
iuJgMA0GCSqGSIb3DQEBCwUAA4IBAQAlxsYHUPbb8b0uNOh7VO4HCfVZ9e6M7jee
PMJ+0NWDQTDZuawHP9B4Obsf8s0cfX3zxRuUq7IbW2WMNWfdL/V1Rw5jluKaGjVO
/GpKvZ55qE+4pmSDy/uu8vMAN2kCQhaDSPc+cNHdogj7M7EFfxxSpcXgzKDu+rD9
FNRmJPiDJe0BJenu8O78G4L46SuUpaV4A5nXQLgWePk0DhuYfnwl2Uiyu889RE79
to8nkIpv7L6Eaugxz95V09iXr9ujqrWZ6SJMWVFFp63s2Mlu/GzHLo18Ptqs4J/h
kc2dahVDrk0M8Wb23JbPsk9XY92+mMXKICqjdDtQlkilRrUc/L9k
-----END CERTIFICATE-----