Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/188f03-168f-4942-9505-19803b1fb1f0/1/oV8Ma4hc484xc5SJXQCWtZwI26E.roa
File:                     oV8Ma4hc484xc5SJXQCWtZwI26E.roa (raw, json)
Hash identifier:          mXD629tUJB3Ogv1XBao+edGNLrPyoPhY8LRLBmBi4hw=
Subject key identifier:   A1:5F:0C:6B:88:5C:E3:CE:31:73:94:89:5D:00:96:B5:9C:08:DB:A1
Certificate issuer:       /CN=18c68ad6f14be2172c7d0c94f4b4d4d001933bb4
Certificate serial:       019791CA9A279C379381AE6F2468FFC2C6F8
Authority key identifier: 18:C6:8A:D6:F1:4B:E2:17:2C:7D:0C:94:F4:B4:D4:D0:01:93:3B:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GMaK1vFL4hcsfQyU9LTU0AGTO7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/188f03-168f-4942-9505-19803b1fb1f0/1/oV8Ma4hc484xc5SJXQCWtZwI26E.roa
Signing time:             Sat 21 Jun 2025 09:21:03 +0000
ROA not before:           Sat 21 Jun 2025 09:21:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57888
IP address blocks:        91.205.68.0/22 maxlen: 22
                          93.157.192.0/21 maxlen: 21
                          176.108.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/188f03-168f-4942-9505-19803b1fb1f0/1/GMaK1vFL4hcsfQyU9LTU0AGTO7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/188f03-168f-4942-9505-19803b1fb1f0/1/GMaK1vFL4hcsfQyU9LTU0AGTO7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GMaK1vFL4hcsfQyU9LTU0AGTO7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 17:39:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:91:ca:9a:27:9c:37:93:81:ae:6f:24:68:ff:c2:c6:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18c68ad6f14be2172c7d0c94f4b4d4d001933bb4
        Validity
            Not Before: Jun 21 09:21:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a15f0c6b885ce3ce317394895d0096b59c08dba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:bb:f4:8b:2b:fe:c8:f8:e7:53:41:b3:2e:f3:
                    0e:da:ec:7c:0e:a4:8c:38:5d:78:3e:e1:9d:31:44:
                    a7:2f:c1:04:c7:4b:e3:82:c5:80:41:27:ae:31:ac:
                    aa:30:df:96:4d:fb:a3:7c:e7:b9:a9:86:d9:63:6e:
                    64:0a:1c:00:f0:f3:c7:0e:2f:ed:79:68:68:61:c7:
                    50:29:ba:35:9d:bd:93:b1:46:94:4d:17:e5:f4:eb:
                    f4:c1:40:c7:1e:70:a2:00:c5:61:e2:f1:cf:f0:58:
                    88:69:69:53:12:e3:21:dc:c6:7d:40:25:94:df:88:
                    ae:6e:76:97:e0:fc:be:50:b7:da:b8:5a:a7:d3:89:
                    33:94:67:24:17:50:10:65:68:d7:95:17:52:09:46:
                    4d:cd:bb:88:d7:5d:64:d4:d0:f1:fb:27:45:be:3a:
                    30:62:5a:31:df:58:27:8e:5c:95:fc:3b:7c:09:10:
                    ec:79:32:34:7e:a8:32:bd:fa:7b:4f:76:be:26:18:
                    4e:f9:08:a7:4e:51:18:0d:b4:47:a6:85:e4:2c:a9:
                    9f:1c:8f:56:58:30:64:7b:9e:0e:21:34:bf:20:fc:
                    69:fe:7d:b7:d1:57:10:b4:bd:6e:4d:7c:72:6e:b0:
                    5d:ac:3d:ef:77:1a:31:95:e8:8a:21:c2:0e:b8:2b:
                    42:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:5F:0C:6B:88:5C:E3:CE:31:73:94:89:5D:00:96:B5:9C:08:DB:A1
            X509v3 Authority Key Identifier:
                keyid:18:C6:8A:D6:F1:4B:E2:17:2C:7D:0C:94:F4:B4:D4:D0:01:93:3B:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GMaK1vFL4hcsfQyU9LTU0AGTO7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/188f03-168f-4942-9505-19803b1fb1f0/1/oV8Ma4hc484xc5SJXQCWtZwI26E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/188f03-168f-4942-9505-19803b1fb1f0/1/GMaK1vFL4hcsfQyU9LTU0AGTO7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.68.0/22
                  93.157.192.0/21
                  176.108.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         10:e4:41:e8:81:f0:83:a5:d1:f6:64:46:28:00:44:a0:79:e2:
         b5:48:7e:5c:a8:33:fe:90:d3:09:95:1e:f1:3f:b7:f3:4b:73:
         89:1f:ce:89:ed:fe:c3:93:d4:49:37:70:49:3d:fc:8e:ff:de:
         26:c9:05:b6:66:b4:c3:b3:6d:8b:ad:15:1e:33:9e:be:82:51:
         80:69:dd:b2:7c:d3:8d:6a:d0:06:e6:2c:b1:f4:15:b7:63:3f:
         26:5d:6a:91:7d:62:5f:f2:f5:53:1f:aa:59:c9:0a:8c:d6:5c:
         9d:a3:e1:16:60:cd:10:11:66:70:47:1f:23:ad:2c:ae:1d:cf:
         ac:9b:7d:bd:75:0b:e3:19:92:2b:5d:59:de:35:25:72:a2:52:
         a3:36:83:f7:c1:6b:fc:31:4f:8e:5f:bf:65:bc:9f:39:6b:9d:
         94:e1:c9:60:52:00:84:9e:2b:4b:77:5a:1f:49:2d:07:ea:3b:
         5e:80:b1:8f:7a:b0:f9:b9:36:bf:93:b5:62:1a:8f:82:01:26:
         77:0d:44:2c:af:66:05:2d:ce:27:85:79:f3:e8:2a:83:a9:6d:
         89:94:21:95:70:c2:58:03:b1:58:3d:cc:e2:ae:6c:66:63:7d:
         92:3a:47:5a:62:0c:e9:2b:92:b5:60:ba:c1:36:f7:35:e7:5b:
         8c:51:40:35
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZeRyponnDeTga5vJGj/wsb4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YzY4YWQ2ZjE0YmUyMTcyYzdkMGM5NGY0YjRkNGQwMDE5
MzNiYjQwHhcNMjUwNjIxMDkyMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTVmMGM2Yjg4NWNlM2NlMzE3Mzk0ODk1ZDAwOTZiNTljMDhkYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLv0iyv+yPjnU0GzLvMO2ux8DqSM
OF14PuGdMUSnL8EEx0vjgsWAQSeuMayqMN+WTfujfOe5qYbZY25kChwA8PPHDi/t
eWhoYcdQKbo1nb2TsUaUTRfl9Ov0wUDHHnCiAMVh4vHP8FiIaWlTEuMh3MZ9QCWU
34iubnaX4Py+ULfauFqn04kzlGckF1AQZWjXlRdSCUZNzbuI111k1NDx+ydFvjow
Ylox31gnjlyV/Dt8CRDseTI0fqgyvfp7T3a+JhhO+QinTlEYDbRHpoXkLKmfHI9W
WDBke54OITS/IPxp/n230VcQtL1uTXxybrBdrD3vdxoxleiKIcIOuCtC/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKFfDGuIXOPOMXOUiV0AlrWcCNuhMB8GA1UdIwQY
MBaAFBjGitbxS+IXLH0MlPS01NABkzu0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR01hSzF2Rkw0aGNzZlF5VTlMVFUwQUdUTzdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8xODhmMDMtMTY4Zi00OTQyLTk1MDUt
MTk4MDNiMWZiMWYwLzEvb1Y4TWE0aGM0ODR4YzVTSlhRQ1d0WndJMjZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8xODhmMDMtMTY4Zi00OTQyLTk1MDUtMTk4MDNiMWZiMWYw
LzEvR01hSzF2Rkw0aGNzZlF5VTlMVFUwQUdUTzdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW81EAwQD
XZ3AAwQDsGw4MA0GCSqGSIb3DQEBCwUAA4IBAQAQ5EHogfCDpdH2ZEYoAESgeeK1
SH5cqDP+kNMJlR7xP7fzS3OJH86J7f7Dk9RJN3BJPfyO/94myQW2ZrTDs22LrRUe
M56+glGAad2yfNONatAG5iyx9BW3Yz8mXWqRfWJf8vVTH6pZyQqM1lydo+EWYM0Q
EWZwRx8jrSyuHc+sm329dQvjGZIrXVneNSVyolKjNoP3wWv8MU+OX79lvJ85a52U
4clgUgCEnitLd1ofSS0H6jtegLGPerD5uTa/k7ViGo+CASZ3DUQsr2YFLc4nhXnz
6CqDqW2JlCGVcMJYA7FYPczirmxmY32SOkdaYgzpK5K1YLrBNvc151uMUUA1
-----END CERTIFICATE-----