Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/5fab75-5f35-464d-9f0d-3ed2eceb4f6c/1/nfoKwQ2m4-pqtnkuZ0FBhe4zHtg.roa
File:                     nfoKwQ2m4-pqtnkuZ0FBhe4zHtg.roa (raw, json)
Hash identifier:          T6MxLdRLuaXJD0ruS8Amwko5rPAMgelrkEY/tEezDSg=
Subject key identifier:   9D:FA:0A:C1:0D:A6:E3:EA:6A:B6:79:2E:67:41:41:85:EE:33:1E:D8
Certificate issuer:       /CN=7c67ee3de881562eea7df2e3232cdb32b54fe037
Certificate serial:       0198EA55B13B1902596F00846827EF1EE2C8
Authority key identifier: 7C:67:EE:3D:E8:81:56:2E:EA:7D:F2:E3:23:2C:DB:32:B5:4F:E0:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fGfuPeiBVi7qffLjIyzbMrVP4Dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/5fab75-5f35-464d-9f0d-3ed2eceb4f6c/1/nfoKwQ2m4-pqtnkuZ0FBhe4zHtg.roa
Signing time:             Wed 27 Aug 2025 07:02:20 +0000
ROA not before:           Wed 27 Aug 2025 07:02:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50490
IP address blocks:        178.21.90.0/23 maxlen: 23
                          178.21.92.0/22 maxlen: 22
                          2a00:1f9f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/5fab75-5f35-464d-9f0d-3ed2eceb4f6c/1/fGfuPeiBVi7qffLjIyzbMrVP4Dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/5fab75-5f35-464d-9f0d-3ed2eceb4f6c/1/fGfuPeiBVi7qffLjIyzbMrVP4Dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fGfuPeiBVi7qffLjIyzbMrVP4Dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 22:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:55:b1:3b:19:02:59:6f:00:84:68:27:ef:1e:e2:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c67ee3de881562eea7df2e3232cdb32b54fe037
        Validity
            Not Before: Aug 27 07:02:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9dfa0ac10da6e3ea6ab6792e67414185ee331ed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f5:76:60:41:4d:73:ac:75:23:f0:9b:2b:a5:
                    a7:df:c9:11:67:f6:ed:09:9e:9f:8e:1c:b0:91:9f:
                    99:71:82:68:e6:f1:3a:db:6b:ef:91:63:8c:9b:49:
                    8e:36:d0:74:98:08:9f:bc:9d:75:77:40:34:86:d9:
                    b8:b4:4f:b0:01:ba:b7:5c:f1:61:8e:0b:05:b9:1d:
                    01:ad:f8:45:4f:ec:a1:6e:a8:eb:e7:4e:3d:f9:28:
                    87:d0:0d:35:0d:26:68:10:34:fc:0c:2b:1a:68:f9:
                    59:ab:e0:6a:e0:53:12:6d:0f:e1:11:7f:2e:59:b4:
                    ed:b3:f7:ea:77:ac:19:28:b6:d8:08:bf:9b:61:0e:
                    f9:fa:94:b7:e5:9b:4a:d1:92:07:b7:e4:ba:16:94:
                    e0:c1:7a:02:39:22:29:a1:0f:6d:e0:1f:d8:44:16:
                    7d:06:96:88:d0:91:87:f9:cd:41:19:e0:dd:d2:50:
                    14:f3:e9:e8:41:6b:78:7c:0c:1b:9f:fe:11:e8:30:
                    52:47:39:41:8b:48:cf:5b:16:a0:33:37:c4:5b:9c:
                    e3:ee:be:66:5e:13:3e:11:23:74:aa:e9:0d:b7:ae:
                    39:08:28:87:dc:12:e8:75:e9:46:d4:05:fa:48:3a:
                    c0:8c:30:e9:16:eb:c6:9d:42:1d:60:6e:43:31:dd:
                    d7:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:FA:0A:C1:0D:A6:E3:EA:6A:B6:79:2E:67:41:41:85:EE:33:1E:D8
            X509v3 Authority Key Identifier:
                keyid:7C:67:EE:3D:E8:81:56:2E:EA:7D:F2:E3:23:2C:DB:32:B5:4F:E0:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fGfuPeiBVi7qffLjIyzbMrVP4Dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/5fab75-5f35-464d-9f0d-3ed2eceb4f6c/1/nfoKwQ2m4-pqtnkuZ0FBhe4zHtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/5fab75-5f35-464d-9f0d-3ed2eceb4f6c/1/fGfuPeiBVi7qffLjIyzbMrVP4Dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.21.90.0-178.21.95.255
                IPv6:
                  2a00:1f9f::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:81:b4:38:09:b5:5c:b6:df:76:35:12:aa:11:db:3d:97:8a:
         e6:8b:de:c3:60:ac:0d:dd:11:82:dd:37:82:d7:53:15:9c:af:
         14:5b:33:32:ab:0e:49:44:a7:83:e7:bd:17:25:3e:54:dd:fc:
         e3:1a:b5:ee:9c:ab:9e:7e:c9:15:e8:3b:38:1e:9b:45:75:e6:
         03:f7:23:fe:31:5e:c5:fc:3d:35:84:3c:96:33:82:ef:d6:17:
         f4:61:3d:60:f6:bd:fb:8a:1e:d9:c4:9f:93:bf:7d:82:ec:13:
         f9:78:23:0e:d3:db:8b:0d:14:3e:24:86:2d:0a:f4:29:96:ca:
         f3:e3:5f:c3:c5:a0:cd:9a:45:93:b6:2e:9f:05:41:5f:eb:6e:
         52:8d:c6:66:63:4c:67:05:0b:48:33:d1:5e:9a:d1:ae:a1:2b:
         02:a0:99:ce:a7:6a:9f:dc:78:62:54:6f:f7:74:46:fc:2c:83:
         3b:4c:88:24:89:1f:45:e4:36:b1:f1:8c:0e:cd:69:c1:48:26:
         2f:ed:1d:79:d4:b8:91:d7:0a:e8:00:f9:e2:ab:3d:ee:83:a8:
         68:a4:37:64:24:72:7d:bf:c7:62:a9:4c:4e:28:72:78:b7:22:
         ec:16:3f:3c:73:cd:e4:23:97:ab:f0:b5:94:5c:3f:55:97:74:
         36:8a:ec:2b
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZjqVbE7GQJZbwCEaCfvHuLIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNjdlZTNkZTg4MTU2MmVlYTdkZjJlMzIzMmNkYjMyYjU0
ZmUwMzcwHhcNMjUwODI3MDcwMjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGZhMGFjMTBkYTZlM2VhNmFiNjc5MmU2NzQxNDE4NWVlMzMxZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvV2YEFNc6x1I/CbK6Wn38kRZ/bt
CZ6fjhywkZ+ZcYJo5vE622vvkWOMm0mONtB0mAifvJ11d0A0htm4tE+wAbq3XPFh
jgsFuR0BrfhFT+yhbqjr5049+SiH0A01DSZoEDT8DCsaaPlZq+Bq4FMSbQ/hEX8u
WbTts/fqd6wZKLbYCL+bYQ75+pS35ZtK0ZIHt+S6FpTgwXoCOSIpoQ9t4B/YRBZ9
BpaI0JGH+c1BGeDd0lAU8+noQWt4fAwbn/4R6DBSRzlBi0jPWxagMzfEW5zj7r5m
XhM+ESN0qukNt645CCiH3BLodelG1AX6SDrAjDDpFuvGnUIdYG5DMd3XdQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJ36CsENpuPqarZ5LmdBQYXuMx7YMB8GA1UdIwQY
MBaAFHxn7j3ogVYu6n3y4yMs2zK1T+A3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkdmdVBlaUJWaTdxZmZMakl5emJNclZQNERjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81ZmFiNzUtNWYzNS00NjRkLTlmMGQt
M2VkMmVjZWI0ZjZjLzEvbmZvS3dRMm00LXBxdG5rdVowRkJoZTR6SHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81ZmFiNzUtNWYzNS00NjRkLTlmMGQtM2VkMmVjZWI0ZjZj
LzEvZkdmdVBlaUJWaTdxZmZMakl5emJNclZQNERjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAGyFVoD
BAWyFUAwDQQCAAIwBwMFACoAH58wDQYJKoZIhvcNAQELBQADggEBABuBtDgJtVy2
33Y1EqoR2z2XiuaL3sNgrA3dEYLdN4LXUxWcrxRbMzKrDklEp4PnvRclPlTd/OMa
te6cq55+yRXoOzgem0V15gP3I/4xXsX8PTWEPJYzgu/WF/RhPWD2vfuKHtnEn5O/
fYLsE/l4Iw7T24sNFD4khi0K9CmWyvPjX8PFoM2aRZO2Lp8FQV/rblKNxmZjTGcF
C0gz0V6a0a6hKwKgmc6nap/ceGJUb/d0RvwsgztMiCSJH0XkNrHxjA7NacFIJi/t
HXnUuJHXCugA+eKrPe6DqGikN2Qkcn2/x2KpTE4ocni3IuwWPzxzzeQjl6vwtZRc
P1WXdDaK7Cs=
-----END CERTIFICATE-----