Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/4B72C5PV7fqeVjBdU5ceRiPTNhg.roa
File:                     4B72C5PV7fqeVjBdU5ceRiPTNhg.roa (raw, json)
Hash identifier:          pFCtENG1V0wvmJ9u/UiMV0R5c9b/plH5LI5iiczeDJ4=
Subject key identifier:   E0:1E:F6:0B:93:D5:ED:FA:9E:56:30:5D:53:97:1E:46:23:D3:36:18
Certificate issuer:       /CN=8ea26b458ad41d47d261a76d8c5dc0fc8d1a9e2c
Certificate serial:       0196BEBBF22F062847B715B9F9572738EC03
Authority key identifier: 8E:A2:6B:45:8A:D4:1D:47:D2:61:A7:6D:8C:5D:C0:FC:8D:1A:9E:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/4B72C5PV7fqeVjBdU5ceRiPTNhg.roa
Signing time:             Sun 11 May 2025 09:45:10 +0000
ROA not before:           Sun 11 May 2025 09:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43395
IP address blocks:        194.150.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:be:bb:f2:2f:06:28:47:b7:15:b9:f9:57:27:38:ec:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ea26b458ad41d47d261a76d8c5dc0fc8d1a9e2c
        Validity
            Not Before: May 11 09:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e01ef60b93d5edfa9e56305d53971e4623d33618
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:7d:2d:4f:02:87:13:e8:8c:1d:88:a1:bf:3d:
                    6c:4a:d1:ae:44:6f:c2:5f:58:ac:95:21:40:20:65:
                    6e:2f:66:a6:bc:0e:ef:59:b0:5d:80:99:c0:36:4c:
                    1a:73:ab:ba:0a:93:6a:d7:fd:19:2b:ab:3d:a2:42:
                    fe:d6:87:23:9b:ea:6b:fa:43:a2:8b:28:21:0b:96:
                    ba:0f:ec:69:e5:36:86:24:cc:b0:02:aa:f9:8f:9a:
                    21:a0:1c:2b:fa:0a:db:6a:56:dd:28:e4:2f:32:11:
                    d0:54:5f:28:ba:fd:4b:2d:99:ff:ba:a3:4c:7c:0f:
                    c3:d6:08:2f:b9:81:f2:2e:78:92:05:4c:d7:4f:09:
                    5d:8c:b8:f7:bf:3e:9f:9e:59:45:7a:52:7f:93:90:
                    38:0f:dc:c9:32:60:c4:eb:7a:d3:35:66:d7:de:32:
                    24:cb:9a:7a:6b:b4:0c:b3:fc:f0:3a:dd:1b:9d:21:
                    5f:d5:05:56:5d:4f:fe:92:cf:00:e3:71:f7:02:e7:
                    90:a5:1b:37:b7:c8:85:ea:6e:03:31:ef:ec:26:ed:
                    40:65:74:8a:c3:d8:d6:6a:cb:ad:2f:ae:dc:f6:34:
                    4a:6a:b1:42:7f:c9:74:7d:a3:04:eb:af:75:0f:d9:
                    7f:dd:6a:1c:22:ff:82:23:62:ce:07:cc:03:78:0d:
                    71:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:1E:F6:0B:93:D5:ED:FA:9E:56:30:5D:53:97:1E:46:23:D3:36:18
            X509v3 Authority Key Identifier:
                keyid:8E:A2:6B:45:8A:D4:1D:47:D2:61:A7:6D:8C:5D:C0:FC:8D:1A:9E:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/4B72C5PV7fqeVjBdU5ceRiPTNhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:f7:84:be:c8:e5:6d:be:6b:2f:e2:01:0e:fc:c1:1a:b4:c7:
         3d:c6:66:26:ec:29:7d:5e:68:c9:51:dc:15:14:d3:f1:85:38:
         ba:da:c6:a5:b0:65:db:06:b1:b8:f8:47:b8:0f:3d:71:9d:81:
         12:06:4a:21:1d:11:a3:94:85:44:31:ed:35:5b:b0:36:9b:17:
         fb:6f:40:eb:b4:0c:b2:54:46:9b:87:0d:8a:2e:cd:91:a5:75:
         16:78:e0:02:6f:4e:93:1a:fc:62:c4:cb:28:e8:1d:6f:f8:c7:
         fd:ea:89:f7:33:84:90:52:d7:74:4a:b5:ab:23:49:77:2e:d3:
         84:e5:5f:ed:ca:27:6b:06:9e:51:5c:d2:77:be:33:fc:06:26:
         a2:e9:36:3d:3c:fb:c7:28:1e:b6:8c:5f:33:ef:06:c7:45:ff:
         41:e6:30:ce:73:de:51:a6:55:17:c5:54:f2:36:5a:5c:9b:9d:
         ed:8a:c8:5e:81:50:37:4f:3a:2e:86:6c:24:19:b1:15:4f:67:
         3d:50:63:04:44:08:a7:52:42:70:17:75:c2:69:c9:3f:12:5c:
         53:dd:20:a0:ae:80:3b:b0:34:5c:b7:0f:30:11:e7:78:e7:0f:
         e5:bb:eb:61:57:5b:9c:04:96:45:56:f4:63:79:3a:fd:86:da:
         f1:7e:74:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa+u/IvBihHtxW5+VcnOOwDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYTI2YjQ1OGFkNDFkNDdkMjYxYTc2ZDhjNWRjMGZjOGQx
YTllMmMwHhcNMjUwNTExMDk0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDFlZjYwYjkzZDVlZGZhOWU1NjMwNWQ1Mzk3MWU0NjIzZDMzNjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3n0tTwKHE+iMHYihvz1sStGuRG/C
X1islSFAIGVuL2amvA7vWbBdgJnANkwac6u6CpNq1/0ZK6s9okL+1ocjm+pr+kOi
iyghC5a6D+xp5TaGJMywAqr5j5ohoBwr+grbalbdKOQvMhHQVF8ouv1LLZn/uqNM
fA/D1ggvuYHyLniSBUzXTwldjLj3vz6fnllFelJ/k5A4D9zJMmDE63rTNWbX3jIk
y5p6a7QMs/zwOt0bnSFf1QVWXU/+ks8A43H3AueQpRs3t8iF6m4DMe/sJu1AZXSK
w9jWasutL67c9jRKarFCf8l0faME6691D9l/3WocIv+CI2LOB8wDeA1x7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAe9guT1e36nlYwXVOXHkYj0zYYMB8GA1UdIwQY
MBaAFI6ia0WK1B1H0mGnbYxdwPyNGp4sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanFKclJZclVIVWZTWWFkdGpGM0FfSTBhbml3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9kZGNiYjktOGZkMi00ZGMxLWJiZDYt
Mjg5MDA1NTkxNGM1LzEvNEI3MkM1UFY3ZnFlVmpCZFU1Y2VSaVBUTmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9kZGNiYjktOGZkMi00ZGMxLWJiZDYtMjg5MDA1NTkxNGM1
LzEvanFKclJZclVIVWZTWWFkdGpGM0FfSTBhbml3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpalMA0G
CSqGSIb3DQEBCwUAA4IBAQAu94S+yOVtvmsv4gEO/MEatMc9xmYm7Cl9XmjJUdwV
FNPxhTi62salsGXbBrG4+Ee4Dz1xnYESBkohHRGjlIVEMe01W7A2mxf7b0DrtAyy
VEabhw2KLs2RpXUWeOACb06TGvxixMso6B1v+Mf96on3M4SQUtd0SrWrI0l3LtOE
5V/tyidrBp5RXNJ3vjP8Biai6TY9PPvHKB62jF8z7wbHRf9B5jDOc95RplUXxVTy
Nlpcm53tishegVA3TzouhmwkGbEVT2c9UGMERAinUkJwF3XCack/ElxT3SCgroA7
sDRctw8wEed45w/lu+thV1ucBJZFVvRjeTr9htrxfnRP
-----END CERTIFICATE-----