Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/rDpy0tZSmSxAZiuCdiFjKbPXtTE.roa
File:                     rDpy0tZSmSxAZiuCdiFjKbPXtTE.roa (raw, json)
Hash identifier:          3A3lKsCvx8V7XbQbrRL9M/LjLU+tIZktu4nNwrlV4Ic=
Subject key identifier:   AC:3A:72:D2:D6:52:99:2C:40:66:2B:82:76:21:63:29:B3:D7:B5:31
Certificate issuer:       /CN=f382cb13dde12658cdac18cacae91fbbf5c58090
Certificate serial:       0198E08E614A123DD01C4BE97797FB0EFEA2
Authority key identifier: F3:82:CB:13:DD:E1:26:58:CD:AC:18:CA:CA:E9:1F:BB:F5:C5:80:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/84LLE93hJljNrBjKyukfu_XFgJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/rDpy0tZSmSxAZiuCdiFjKbPXtTE.roa
Signing time:             Mon 25 Aug 2025 09:28:04 +0000
ROA not before:           Mon 25 Aug 2025 09:28:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153671
IP address blocks:        193.203.214.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/84LLE93hJljNrBjKyukfu_XFgJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/84LLE93hJljNrBjKyukfu_XFgJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/84LLE93hJljNrBjKyukfu_XFgJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 09:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e0:8e:61:4a:12:3d:d0:1c:4b:e9:77:97:fb:0e:fe:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f382cb13dde12658cdac18cacae91fbbf5c58090
        Validity
            Not Before: Aug 25 09:28:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac3a72d2d652992c40662b8276216329b3d7b531
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:70:2d:7f:51:5e:89:8a:7c:d5:0e:32:70:27:
                    bd:62:5a:e4:85:67:41:05:3e:1f:a0:7a:63:b2:18:
                    99:5c:9f:b8:98:ff:27:24:fb:0b:64:51:56:4c:b3:
                    10:c2:7d:43:89:c7:f3:d1:f0:43:6e:46:d0:43:f5:
                    f9:56:bc:27:ee:bb:e9:01:bb:66:f2:64:b0:a0:37:
                    0b:31:2b:a9:cd:ce:84:fc:58:3b:94:88:ef:8b:a0:
                    f4:c0:3c:aa:f9:3a:85:36:15:a7:49:d3:c1:cf:61:
                    b5:5d:24:98:1e:a3:f8:61:e3:57:b4:3b:17:ca:84:
                    f5:47:a7:40:5a:cf:52:41:26:d6:49:f8:cd:32:7e:
                    01:15:74:5d:cf:27:86:89:6f:54:3e:a7:e7:f4:46:
                    19:ae:18:c0:3a:3c:19:aa:1a:de:a0:88:ab:4d:0e:
                    66:38:85:7b:17:59:84:c4:9c:ad:28:38:75:e9:e2:
                    03:ad:ac:41:2b:e1:7d:cc:a2:09:65:1b:d4:f2:dc:
                    6d:12:6e:7d:a6:0d:89:85:44:8f:58:7b:67:a3:fe:
                    69:fa:32:e8:f4:2d:ec:3b:1e:c9:b0:61:77:bb:66:
                    f4:64:54:4c:cd:51:03:f3:aa:96:00:51:ea:10:58:
                    0f:49:fd:2a:da:d8:83:c4:64:06:7d:5d:8b:ac:01:
                    5a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:3A:72:D2:D6:52:99:2C:40:66:2B:82:76:21:63:29:B3:D7:B5:31
            X509v3 Authority Key Identifier:
                keyid:F3:82:CB:13:DD:E1:26:58:CD:AC:18:CA:CA:E9:1F:BB:F5:C5:80:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/84LLE93hJljNrBjKyukfu_XFgJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/rDpy0tZSmSxAZiuCdiFjKbPXtTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/84LLE93hJljNrBjKyukfu_XFgJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:99:ad:24:79:2c:0e:56:25:41:40:38:39:6f:ae:9b:03:ef:
         b8:cd:74:99:66:5f:9f:89:6c:57:1b:21:05:37:ed:5f:18:1c:
         23:55:93:fe:97:33:62:d2:ef:cf:4e:19:63:2e:04:22:ef:a4:
         86:9f:16:7b:20:1c:2a:2f:d1:e7:01:bc:68:d5:29:62:b5:cb:
         aa:f4:67:b9:7e:0c:a9:b7:c4:a2:0d:cd:3e:8b:87:dd:64:eb:
         a3:e2:d6:04:bd:3a:97:4a:f2:51:be:5a:73:93:08:eb:35:13:
         35:f9:98:c0:ee:b5:a4:6f:e5:43:2c:77:b2:ad:0e:28:bd:da:
         0d:af:f0:07:d8:8e:a6:4e:3e:b9:5f:5f:25:55:ba:4a:3a:48:
         e2:5e:de:89:48:2e:89:cc:f1:5c:73:f7:77:ba:25:79:90:99:
         52:41:b5:a7:13:97:b5:12:9b:a0:0e:c1:49:1c:4e:b9:72:e0:
         2b:18:b6:4f:bc:7d:4f:11:9d:34:9b:99:ff:6f:94:33:dd:15:
         9e:8d:aa:66:96:8b:7b:3e:68:09:02:44:ff:47:e9:53:3f:44:
         9d:b7:9e:bb:18:a1:ee:1f:94:30:f7:51:29:97:55:33:03:68:
         ac:72:80:06:e3:47:b6:4b:14:b4:0d:52:dc:f3:d8:e6:c7:95:
         9c:98:73:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjgjmFKEj3QHEvpd5f7Dv6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzODJjYjEzZGRlMTI2NThjZGFjMThjYWNhZTkxZmJiZjVj
NTgwOTAwHhcNMjUwODI1MDkyODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzNhNzJkMmQ2NTI5OTJjNDA2NjJiODI3NjIxNjMyOWIzZDdiNTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXAtf1FeiYp81Q4ycCe9YlrkhWdB
BT4foHpjshiZXJ+4mP8nJPsLZFFWTLMQwn1Dicfz0fBDbkbQQ/X5Vrwn7rvpAbtm
8mSwoDcLMSupzc6E/Fg7lIjvi6D0wDyq+TqFNhWnSdPBz2G1XSSYHqP4YeNXtDsX
yoT1R6dAWs9SQSbWSfjNMn4BFXRdzyeGiW9UPqfn9EYZrhjAOjwZqhreoIirTQ5m
OIV7F1mExJytKDh16eIDraxBK+F9zKIJZRvU8txtEm59pg2JhUSPWHtno/5p+jLo
9C3sOx7JsGF3u2b0ZFRMzVED86qWAFHqEFgPSf0q2tiDxGQGfV2LrAFaAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKw6ctLWUpksQGYrgnYhYymz17UxMB8GA1UdIwQY
MBaAFPOCyxPd4SZYzawYysrpH7v1xYCQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODRMTEU5M2hKbGpOckJqS3l1a2Z1X1hGZ0pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lN2RhOWEtOTMyYS00NjdiLWIyZDIt
OTcwNDI4OTFlYjk5LzEvckRweTB0WlNtU3hBWml1Q2RpRmpLYlBYdFRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lN2RhOWEtOTMyYS00NjdiLWIyZDItOTcwNDI4OTFlYjk5
LzEvODRMTEU5M2hKbGpOckJqS3l1a2Z1X1hGZ0pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcvWMA0G
CSqGSIb3DQEBCwUAA4IBAQB3ma0keSwOViVBQDg5b66bA++4zXSZZl+fiWxXGyEF
N+1fGBwjVZP+lzNi0u/PThljLgQi76SGnxZ7IBwqL9HnAbxo1Slitcuq9Ge5fgyp
t8SiDc0+i4fdZOuj4tYEvTqXSvJRvlpzkwjrNRM1+ZjA7rWkb+VDLHeyrQ4ovdoN
r/AH2I6mTj65X18lVbpKOkjiXt6JSC6JzPFcc/d3uiV5kJlSQbWnE5e1EpugDsFJ
HE65cuArGLZPvH1PEZ00m5n/b5Qz3RWejapmlot7PmgJAkT/R+lTP0Sdt567GKHu
H5Qw91Epl1UzA2iscoAG40e2SxS0DVLc89jmx5WcmHP/
-----END CERTIFICATE-----