Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/moTDq53FtqLZAk0AGJnD6LpxpL4.roa
File:                     moTDq53FtqLZAk0AGJnD6LpxpL4.roa (raw, json)
Hash identifier:          yDXZvfMOXGpBwTjMd4JFoseeDN5zwWwTjLyIqfnezgg=
Subject key identifier:   9A:84:C3:AB:9D:C5:B6:A2:D9:02:4D:00:18:99:C3:E8:BA:71:A4:BE
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0198A246C8BB8C5A205C7E8C077DC47F5A4C
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/moTDq53FtqLZAk0AGJnD6LpxpL4.roa
Signing time:             Wed 13 Aug 2025 07:13:24 +0000
ROA not before:           Wed 13 Aug 2025 07:13:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        5.102.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 08:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:46:c8:bb:8c:5a:20:5c:7e:8c:07:7d:c4:7f:5a:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Aug 13 07:13:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a84c3ab9dc5b6a2d9024d001899c3e8ba71a4be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:02:55:b2:d9:ee:01:fe:a7:76:ac:a0:94:57:
                    5c:3c:dc:92:ce:0f:5d:04:43:ac:7d:8a:d8:0e:9c:
                    4d:2e:57:24:ba:f7:ee:4e:6d:54:35:83:0a:46:20:
                    4f:50:72:f7:8b:c5:ca:50:6d:41:4e:25:f2:d4:10:
                    95:5a:52:d8:b7:cf:a3:49:0f:5e:83:7b:f9:1e:71:
                    bd:43:3a:e4:5d:b9:36:49:4c:8c:8e:3f:dd:8b:cb:
                    3d:87:63:32:c4:da:4f:cb:39:22:af:99:a0:e7:21:
                    3e:76:de:d2:ba:db:51:0c:58:40:f3:1f:27:d6:de:
                    04:88:88:57:5a:c9:ec:bd:da:10:27:64:46:11:f3:
                    27:b5:2e:c1:d4:3c:84:33:03:66:bf:cc:2a:9c:fd:
                    45:53:4e:b2:87:02:5f:d2:fe:ea:14:0f:0d:43:56:
                    f4:17:81:e5:b4:ea:22:65:f3:9e:ac:78:9b:d0:d3:
                    36:60:3a:c4:ab:20:91:1c:df:46:bd:d5:08:55:50:
                    04:a0:cb:b0:09:58:38:ea:a5:b0:d5:be:86:88:26:
                    29:7d:e3:2a:8a:e7:81:f3:ff:3b:3d:d2:c2:a2:ab:
                    ed:fa:e2:f0:b1:c0:fa:41:16:61:de:17:f9:37:e0:
                    af:83:7c:c5:29:1c:ca:28:56:50:e6:25:ab:e1:6d:
                    ff:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:84:C3:AB:9D:C5:B6:A2:D9:02:4D:00:18:99:C3:E8:BA:71:A4:BE
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/moTDq53FtqLZAk0AGJnD6LpxpL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:bc:99:81:5a:24:ac:7f:c5:e9:a1:c6:b0:16:d8:22:64:cc:
         96:01:fb:84:9b:72:6e:0e:6b:5a:cb:b0:2a:10:d2:5e:82:57:
         15:75:84:a8:d9:34:bf:d2:55:6d:53:dc:71:f0:b2:9a:3d:dd:
         86:a4:bc:6d:32:d5:8e:f6:54:ec:4a:79:23:c3:3b:7d:82:47:
         44:c7:07:9a:d5:6e:24:19:02:46:de:b2:40:2e:70:40:75:f9:
         7a:00:0a:e5:89:7c:d2:a0:6c:1f:69:8e:f9:d9:6b:41:01:ce:
         a6:0d:fd:c4:ad:6c:5e:b9:a7:6d:f3:3e:ed:8f:22:8e:28:0d:
         09:92:a1:f7:7b:0b:ed:17:aa:ab:31:05:af:16:b5:b4:e3:96:
         ee:14:d5:22:a3:41:fd:bc:71:b4:d5:79:0b:b8:dc:1d:b1:81:
         90:1b:41:cb:eb:e0:81:96:91:4d:4a:5f:d0:3f:67:f2:3f:15:
         51:08:e7:6f:a7:33:49:c1:a4:33:70:fe:aa:d9:fd:fa:e3:17:
         c3:fc:1b:73:fc:7b:1e:31:20:50:25:c6:41:71:55:62:75:cf:
         47:09:76:c8:01:25:cf:ce:87:8e:d0:e2:02:52:02:5c:8f:08:
         49:85:15:67:96:12:ed:9d:c2:a6:6a:dc:1d:89:2a:dd:12:3f:
         a8:55:42:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiiRsi7jFogXH6MB33Ef1pMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwODEzMDcxMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTg0YzNhYjlkYzViNmEyZDkwMjRkMDAxODk5YzNlOGJhNzFhNGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgJVstnuAf6ndqyglFdcPNySzg9d
BEOsfYrYDpxNLlckuvfuTm1UNYMKRiBPUHL3i8XKUG1BTiXy1BCVWlLYt8+jSQ9e
g3v5HnG9QzrkXbk2SUyMjj/di8s9h2MyxNpPyzkir5mg5yE+dt7SuttRDFhA8x8n
1t4EiIhXWsnsvdoQJ2RGEfMntS7B1DyEMwNmv8wqnP1FU06yhwJf0v7qFA8NQ1b0
F4HltOoiZfOerHib0NM2YDrEqyCRHN9GvdUIVVAEoMuwCVg46qWw1b6GiCYpfeMq
iueB8/87PdLCoqvt+uLwscD6QRZh3hf5N+Cvg3zFKRzKKFZQ5iWr4W3/QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqEw6udxbai2QJNABiZw+i6caS+MB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvbW9URHE1M0Z0cUxaQWswQUdKbkQ2THB4cEw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZoMA0G
CSqGSIb3DQEBCwUAA4IBAQCCvJmBWiSsf8XpocawFtgiZMyWAfuEm3JuDmtay7Aq
ENJeglcVdYSo2TS/0lVtU9xx8LKaPd2GpLxtMtWO9lTsSnkjwzt9gkdExwea1W4k
GQJG3rJALnBAdfl6AArliXzSoGwfaY752WtBAc6mDf3ErWxeuadt8z7tjyKOKA0J
kqH3ewvtF6qrMQWvFrW045buFNUio0H9vHG01XkLuNwdsYGQG0HL6+CBlpFNSl/Q
P2fyPxVRCOdvpzNJwaQzcP6q2f364xfD/Btz/HseMSBQJcZBcVVidc9HCXbIASXP
zoeO0OICUgJcjwhJhRVnlhLtncKmatwdiSrdEj+oVUIk
-----END CERTIFICATE-----