Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/CBfKytqpvt0tAB2PjVjEtEOii5Y.roa
File:                     CBfKytqpvt0tAB2PjVjEtEOii5Y.roa (raw, json)
Hash identifier:          i27ozZoSMlAv0My0Jipe0pJfvbBrT7aRoob1vtMvHMc=
Subject key identifier:   08:17:CA:CA:DA:A9:BE:DD:2D:00:1D:8F:8D:58:C4:B4:43:A2:8B:96
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0198F9ABB4AA5BB4F6C887F24D278790E229
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/CBfKytqpvt0tAB2PjVjEtEOii5Y.roa
Signing time:             Sat 30 Aug 2025 06:30:36 +0000
ROA not before:           Sat 30 Aug 2025 06:30:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214361
IP address blocks:        178.239.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 21:45:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f9:ab:b4:aa:5b:b4:f6:c8:87:f2:4d:27:87:90:e2:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Aug 30 06:30:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0817cacadaa9bedd2d001d8f8d58c4b443a28b96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:79:3e:18:98:4b:67:28:af:40:73:eb:45:25:
                    68:42:84:de:6b:eb:c4:d0:f8:97:c6:32:9f:47:d1:
                    cd:ee:4c:17:63:86:fd:cc:cf:d2:04:f0:51:47:d3:
                    9c:9d:f6:34:07:43:a7:1e:98:4d:57:57:ed:2e:7c:
                    82:01:eb:d6:c8:6e:98:76:62:79:29:76:aa:71:7a:
                    2c:9c:05:d4:5b:7f:57:3a:9b:95:0c:a7:ab:79:98:
                    c5:32:66:a9:c2:4c:66:4e:18:bf:43:0f:be:9d:4f:
                    e3:bd:66:64:39:cd:0f:54:39:29:f0:83:ce:21:08:
                    51:6e:7f:49:18:25:c3:b4:93:6b:26:7e:3f:23:14:
                    c7:a5:dc:21:10:32:5c:40:e0:d9:52:c2:b2:95:6d:
                    ae:94:5d:9f:78:d5:80:6e:9e:22:08:65:c0:aa:00:
                    03:62:ec:33:96:96:14:76:69:b4:cb:81:f2:59:f0:
                    75:64:b7:e7:6b:83:2b:33:e7:2d:b2:50:b6:38:94:
                    66:6d:4d:21:00:79:06:9a:45:32:f2:9c:fc:08:8c:
                    5d:6e:a4:26:ef:15:3d:86:2e:67:79:3f:c6:c8:4f:
                    c5:5f:63:2e:1d:fd:c6:b9:30:ce:94:1a:4e:65:38:
                    82:84:97:9a:e3:76:f7:d1:6d:65:87:31:f1:be:b8:
                    52:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:17:CA:CA:DA:A9:BE:DD:2D:00:1D:8F:8D:58:C4:B4:43:A2:8B:96
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/CBfKytqpvt0tAB2PjVjEtEOii5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:e7:52:18:41:8f:32:15:17:bf:0e:b6:fc:b4:3d:98:ce:3b:
         2e:01:e2:1c:cb:6f:57:45:40:6b:64:49:cc:d2:a1:c8:c9:5d:
         ab:27:5b:85:ef:2c:21:4c:f9:f7:33:e5:e4:4a:0e:e0:6c:aa:
         4e:95:0e:bd:e9:dd:8b:0f:dc:14:9f:a8:42:e7:1f:d0:b7:cc:
         c9:8a:3f:91:74:9e:f5:f3:3d:5b:f9:c9:e7:ab:e8:55:f4:12:
         21:74:fb:d8:24:f2:14:d0:97:b7:f6:8a:bc:13:60:d7:bd:1b:
         03:e1:95:ee:91:71:b8:01:09:99:f8:dc:54:ab:37:80:ac:71:
         28:88:49:c5:d4:38:01:b7:ff:b9:02:64:2d:19:c1:9b:a0:e3:
         b5:da:09:70:69:ab:ea:df:18:d5:a7:91:e6:56:51:22:1c:82:
         0a:bb:8d:f2:ee:97:30:f7:55:40:7d:f1:f4:2e:36:6d:bb:46:
         eb:8b:c0:4a:1a:b8:82:39:ae:64:98:47:27:12:45:12:f6:b1:
         5d:96:76:93:28:1f:99:67:b8:1b:2f:d1:f6:28:0a:bb:9f:48:
         92:f5:bc:0a:08:63:0a:d3:80:19:86:7d:4d:18:89:e2:f6:d6:
         14:bc:b5:ab:26:7f:91:af:69:e7:f9:a8:66:49:5c:19:28:62:
         70:1d:c7:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj5q7SqW7T2yIfyTSeHkOIpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwODMwMDYzMDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODE3Y2FjYWRhYTliZWRkMmQwMDFkOGY4ZDU4YzRiNDQzYTI4Yjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHk+GJhLZyivQHPrRSVoQoTea+vE
0PiXxjKfR9HN7kwXY4b9zM/SBPBRR9OcnfY0B0OnHphNV1ftLnyCAevWyG6YdmJ5
KXaqcXosnAXUW39XOpuVDKereZjFMmapwkxmThi/Qw++nU/jvWZkOc0PVDkp8IPO
IQhRbn9JGCXDtJNrJn4/IxTHpdwhEDJcQODZUsKylW2ulF2feNWAbp4iCGXAqgAD
YuwzlpYUdmm0y4HyWfB1ZLfna4MrM+ctslC2OJRmbU0hAHkGmkUy8pz8CIxdbqQm
7xU9hi5neT/GyE/FX2MuHf3GuTDOlBpOZTiChJea43b30W1lhzHxvrhSxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgXysraqb7dLQAdj41YxLRDoouWMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvQ0JmS3l0cXB2dDB0QUIyUGpWakV0RU9paTVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+SMA0G
CSqGSIb3DQEBCwUAA4IBAQCf51IYQY8yFRe/Drb8tD2YzjsuAeIcy29XRUBrZEnM
0qHIyV2rJ1uF7ywhTPn3M+XkSg7gbKpOlQ696d2LD9wUn6hC5x/Qt8zJij+RdJ71
8z1b+cnnq+hV9BIhdPvYJPIU0Je39oq8E2DXvRsD4ZXukXG4AQmZ+NxUqzeArHEo
iEnF1DgBt/+5AmQtGcGboOO12glwaavq3xjVp5HmVlEiHIIKu43y7pcw91VAffH0
LjZtu0bri8BKGriCOa5kmEcnEkUS9rFdlnaTKB+ZZ7gbL9H2KAq7n0iS9bwKCGMK
04AZhn1NGIni9tYUvLWrJn+Rr2nn+ahmSVwZKGJwHcfI
-----END CERTIFICATE-----