Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/moP8AyjZtAwgHc_3A5HxdEuZa_0.roa
File:                     moP8AyjZtAwgHc_3A5HxdEuZa_0.roa (raw, json)
Hash identifier:          yYBiqX5FXyS7o5F0YgbX3wSwVohfQEDB4XLRwkTHVXk=
Subject key identifier:   9A:83:FC:03:28:D9:B4:0C:20:1D:CF:F7:03:91:F1:74:4B:99:6B:FD
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0198898B013C0BBC0E09DFAD6A52A8603BF8
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/moP8AyjZtAwgHc_3A5HxdEuZa_0.roa
Signing time:             Fri 08 Aug 2025 11:57:24 +0000
ROA not before:           Fri 08 Aug 2025 11:57:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        193.111.4.0/24 maxlen: 24
                          193.111.5.0/24 maxlen: 24
                          193.111.18.0/24 maxlen: 24
                          193.111.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 23:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:89:8b:01:3c:0b:bc:0e:09:df:ad:6a:52:a8:60:3b:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug  8 11:57:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a83fc0328d9b40c201dcff70391f1744b996bfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:3e:f9:e6:3c:6e:33:6e:28:49:3f:a2:f1:ca:
                    84:c3:a1:90:76:94:46:79:f6:6f:80:f7:24:d3:5c:
                    f4:22:c6:d3:6a:ef:33:30:15:7b:18:0c:fa:be:ef:
                    60:69:e3:0c:ca:cd:b4:a0:28:ab:b2:13:d6:d5:82:
                    48:ae:34:61:60:7b:25:e6:55:85:0a:b5:a7:12:ea:
                    9a:13:6f:e8:09:6d:57:a7:af:02:e8:32:fb:34:9e:
                    1d:49:a8:ba:6d:ff:d1:68:2b:74:bb:be:76:b6:ee:
                    c9:fe:b9:d3:6c:21:86:86:6a:15:c0:f5:67:40:06:
                    ad:01:df:af:6f:49:16:0f:77:5d:ed:3f:e2:ff:8f:
                    2a:70:17:be:96:1b:56:4d:5c:91:07:d7:8e:21:6d:
                    56:c4:71:0a:96:67:30:5e:cf:23:64:c2:7f:a4:4d:
                    fd:4f:6c:44:74:1d:38:7b:fc:51:2f:19:72:da:b9:
                    a4:df:ab:8c:a5:01:4a:03:52:a9:80:e2:86:3f:05:
                    74:94:85:8b:75:4e:a5:cf:4d:29:ee:a4:fd:4e:b6:
                    8b:db:be:19:52:50:c1:4f:98:75:26:37:25:17:b5:
                    a3:2a:40:be:3c:82:c9:7e:14:6d:c3:82:42:56:74:
                    12:4c:e9:33:33:8d:ed:0f:f2:11:66:bb:bd:f4:be:
                    70:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:83:FC:03:28:D9:B4:0C:20:1D:CF:F7:03:91:F1:74:4B:99:6B:FD
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/moP8AyjZtAwgHc_3A5HxdEuZa_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.4.0/23
                  193.111.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:69:a2:bc:40:8a:1c:64:0c:ce:6f:81:f2:6a:0b:3e:9a:67:
         90:c1:d4:c9:50:c1:f2:b3:84:35:b5:c2:c5:23:ca:35:9c:a3:
         f4:ad:9d:ea:b0:45:1a:cc:e4:5e:23:a6:08:a4:a4:d2:fe:73:
         d3:21:30:fb:70:99:0d:2b:f7:d0:93:6e:99:70:21:dc:65:91:
         c5:f8:33:0d:ef:39:0a:96:31:fe:00:09:b3:59:ef:c4:ec:83:
         e4:e9:56:9e:04:e9:5e:06:8c:9f:e5:2a:b5:3c:64:a0:9e:b9:
         78:9b:e9:27:81:ee:e2:1e:94:10:b5:a9:7d:6f:f0:3d:48:71:
         cb:84:cf:b4:53:ff:2d:73:b7:08:26:da:1e:34:8c:7e:27:bc:
         7a:10:fc:02:82:c5:fe:3c:47:8c:84:5d:ca:4f:f4:42:35:1b:
         df:d7:3e:21:23:04:d0:d7:5f:52:08:df:e6:9d:26:6f:d0:d0:
         10:04:0d:16:7f:78:75:58:2b:68:1f:61:fe:a0:74:ed:1f:cd:
         12:42:71:37:63:30:22:05:48:77:3b:cd:41:cd:09:59:24:4f:
         11:0b:c1:56:aa:64:82:62:41:9a:00:ab:54:b5:b7:a4:30:cc:
         a0:92:4f:b4:e1:2f:7a:91:a2:6b:af:fd:9a:f7:37:d6:bf:b8:
         55:c4:d4:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiJiwE8C7wOCd+talKoYDv4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODA4MTE1NzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTgzZmMwMzI4ZDliNDBjMjAxZGNmZjcwMzkxZjE3NDRiOTk2YmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzj755jxuM24oST+i8cqEw6GQdpRG
efZvgPck01z0IsbTau8zMBV7GAz6vu9gaeMMys20oCirshPW1YJIrjRhYHsl5lWF
CrWnEuqaE2/oCW1Xp68C6DL7NJ4dSai6bf/RaCt0u752tu7J/rnTbCGGhmoVwPVn
QAatAd+vb0kWD3dd7T/i/48qcBe+lhtWTVyRB9eOIW1WxHEKlmcwXs8jZMJ/pE39
T2xEdB04e/xRLxly2rmk36uMpQFKA1KpgOKGPwV0lIWLdU6lz00p7qT9TraL274Z
UlDBT5h1JjclF7WjKkC+PILJfhRtw4JCVnQSTOkzM43tD/IRZru99L5w+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJqD/AMo2bQMIB3P9wOR8XRLmWv9MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvbW9QOEF5alp0QXdnSGNfM0E1SHhkRXVaYV8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwW8EAwQB
wW8SMA0GCSqGSIb3DQEBCwUAA4IBAQBiaaK8QIocZAzOb4Hyags+mmeQwdTJUMHy
s4Q1tcLFI8o1nKP0rZ3qsEUazOReI6YIpKTS/nPTITD7cJkNK/fQk26ZcCHcZZHF
+DMN7zkKljH+AAmzWe/E7IPk6VaeBOleBoyf5Sq1PGSgnrl4m+knge7iHpQQtal9
b/A9SHHLhM+0U/8tc7cIJtoeNIx+J7x6EPwCgsX+PEeMhF3KT/RCNRvf1z4hIwTQ
119SCN/mnSZv0NAQBA0Wf3h1WCtoH2H+oHTtH80SQnE3YzAiBUh3O81BzQlZJE8R
C8FWqmSCYkGaAKtUtbekMMygkk+04S96kaJrr/2a9zfWv7hVxNRX
-----END CERTIFICATE-----
Generated at Thu Aug 21 03:18:15 2025 by rpki-client