Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/F7JL5bHYyLaweW8pONIwm4V1Ta8.roa
File:                     F7JL5bHYyLaweW8pONIwm4V1Ta8.roa (raw, json)
Hash identifier:          9Al0+nQsmlduPmazSDY0bBkTJLPuHl1nJV+djdoKlfw=
Subject key identifier:   17:B2:4B:E5:B1:D8:C8:B6:B0:79:6F:29:38:D2:30:9B:85:75:4D:AF
Certificate issuer:       /CN=9681fc8c7337c6a1d20b84800df862a27e5fdbd7
Certificate serial:       019715EA6FB0053718E9BF1C34EEB4395035
Authority key identifier: 96:81:FC:8C:73:37:C6:A1:D2:0B:84:80:0D:F8:62:A2:7E:5F:DB:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/F7JL5bHYyLaweW8pONIwm4V1Ta8.roa
Signing time:             Wed 28 May 2025 08:02:54 +0000
ROA not before:           Wed 28 May 2025 08:02:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215138
IP address blocks:        195.8.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:ea:6f:b0:05:37:18:e9:bf:1c:34:ee:b4:39:50:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9681fc8c7337c6a1d20b84800df862a27e5fdbd7
        Validity
            Not Before: May 28 08:02:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17b24be5b1d8c8b6b0796f2938d2309b85754daf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ed:48:38:ed:f8:63:48:c0:28:aa:bd:a7:d1:
                    5e:f1:e6:97:ae:2c:52:24:48:b8:47:9f:8a:9b:79:
                    4c:a4:35:5b:cb:2f:a8:bd:ed:9b:e5:83:fe:eb:8e:
                    b5:17:0f:77:ef:93:68:f5:eb:1d:c5:68:7d:4d:5e:
                    d5:66:f4:4c:ee:97:b9:12:3f:51:52:92:c6:b3:9e:
                    29:59:81:8e:68:39:e4:eb:04:83:98:64:05:47:26:
                    c4:e4:26:2a:3a:14:62:73:04:77:ba:bc:7b:07:90:
                    2d:d5:dd:8e:b7:ae:71:cd:7d:cd:e3:c7:2c:db:b3:
                    bc:7d:be:47:4b:cf:55:b0:d1:58:81:27:ab:73:a3:
                    e2:73:b6:df:53:ab:e3:d3:39:87:fc:a3:15:ba:a3:
                    f6:5c:c4:0d:54:81:16:71:8b:42:88:78:a6:6a:fa:
                    02:b6:1f:82:f5:b4:35:64:02:d7:cf:ed:9f:c2:77:
                    17:a6:53:b5:a5:92:48:f1:05:9d:ec:4e:55:84:ed:
                    68:2c:43:9d:dd:75:ab:47:91:30:9f:1f:e4:48:ca:
                    e5:d4:85:ce:30:49:d4:8a:91:4b:e6:d2:9f:c5:bb:
                    76:21:29:2d:c1:27:88:72:98:5d:f6:f6:48:23:cb:
                    43:8e:e8:bd:4b:b7:6b:76:09:59:b5:e0:0d:7b:d7:
                    d2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:B2:4B:E5:B1:D8:C8:B6:B0:79:6F:29:38:D2:30:9B:85:75:4D:AF
            X509v3 Authority Key Identifier:
                keyid:96:81:FC:8C:73:37:C6:A1:D2:0B:84:80:0D:F8:62:A2:7E:5F:DB:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/F7JL5bHYyLaweW8pONIwm4V1Ta8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:0e:22:ba:86:5d:cf:76:8e:07:c7:19:0d:52:30:9e:94:38:
         f1:53:40:74:e4:4e:80:0f:5e:60:8c:8d:2f:89:e9:ec:28:1c:
         69:56:45:62:9e:e5:72:de:26:8c:66:7a:d8:2c:30:56:50:89:
         f2:43:31:9a:60:1c:75:24:f5:6b:9e:3c:12:e4:d7:d6:08:1b:
         b7:cc:17:30:a0:f4:49:33:09:64:5f:60:9c:f4:42:0a:d9:cf:
         11:3c:8e:3f:fb:6b:77:16:2d:29:83:a9:f7:64:80:85:8a:35:
         d3:cb:7c:59:a2:4b:59:d6:63:a0:04:a1:70:33:2d:ed:1e:09:
         52:e7:7a:4f:6c:ae:4a:c5:e9:29:09:35:b4:e8:a7:3d:32:28:
         d6:58:2a:19:05:ae:dc:e1:cd:97:1e:95:17:96:53:6e:43:d1:
         7e:e9:4d:01:7e:fd:5a:57:94:2f:0f:01:e3:d6:ac:cb:ec:8b:
         50:66:d5:e4:6a:84:3b:77:ea:50:7a:6e:d9:6d:24:3a:17:b0:
         60:3d:a0:d2:04:94:5a:22:61:40:66:ab:ae:93:5f:0c:d4:dc:
         85:ef:c5:1d:79:1e:95:00:ea:e6:c4:77:89:7f:6e:fb:bd:d1:
         27:8f:a6:64:45:7b:fa:bd:42:ab:6d:24:3d:f6:62:11:a3:cc:
         7d:41:a2:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcV6m+wBTcY6b8cNO60OVA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ODFmYzhjNzMzN2M2YTFkMjBiODQ4MDBkZjg2MmEyN2U1
ZmRiZDcwHhcNMjUwNTI4MDgwMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2IyNGJlNWIxZDhjOGI2YjA3OTZmMjkzOGQyMzA5Yjg1NzU0ZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsu1IOO34Y0jAKKq9p9Fe8eaXrixS
JEi4R5+Km3lMpDVbyy+ove2b5YP+6461Fw9375No9esdxWh9TV7VZvRM7pe5Ej9R
UpLGs54pWYGOaDnk6wSDmGQFRybE5CYqOhRicwR3urx7B5At1d2Ot65xzX3N48cs
27O8fb5HS89VsNFYgSerc6Pic7bfU6vj0zmH/KMVuqP2XMQNVIEWcYtCiHimavoC
th+C9bQ1ZALXz+2fwncXplO1pZJI8QWd7E5VhO1oLEOd3XWrR5Ewnx/kSMrl1IXO
MEnUipFL5tKfxbt2ISktwSeIcphd9vZII8tDjui9S7drdglZteANe9fSxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeyS+Wx2Mi2sHlvKTjSMJuFdU2vMB8GA1UdIwQY
MBaAFJaB/IxzN8ah0guEgA34YqJ+X9vXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG9IOGpITTN4cUhTQzRTQURmaGlvbjVmMjljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny80MGU1ZDUtZWQ0MS00ZGQzLTkzMzIt
NTNkOTYwOTlkN2IxLzEvRjdKTDViSFl5TGF3ZVc4cE9OSXdtNFYxVGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny80MGU1ZDUtZWQ0MS00ZGQzLTkzMzItNTNkOTYwOTlkN2Ix
LzEvbG9IOGpITTN4cUhTQzRTQURmaGlvbjVmMjljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwhiMA0G
CSqGSIb3DQEBCwUAA4IBAQAPDiK6hl3Pdo4HxxkNUjCelDjxU0B05E6AD15gjI0v
iensKBxpVkVinuVy3iaMZnrYLDBWUInyQzGaYBx1JPVrnjwS5NfWCBu3zBcwoPRJ
MwlkX2Cc9EIK2c8RPI4/+2t3Fi0pg6n3ZICFijXTy3xZoktZ1mOgBKFwMy3tHglS
53pPbK5KxekpCTW06Kc9MijWWCoZBa7c4c2XHpUXllNuQ9F+6U0Bfv1aV5QvDwHj
1qzL7ItQZtXkaoQ7d+pQem7ZbSQ6F7BgPaDSBJRaImFAZquuk18M1NyF78UdeR6V
AOrmxHeJf277vdEnj6ZkRXv6vUKrbSQ99mIRo8x9QaK7
-----END CERTIFICATE-----