Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/cJ1rW8VClyRweGHbeEMtWBhnXAQ.roa
File:                     cJ1rW8VClyRweGHbeEMtWBhnXAQ.roa (raw, json)
Hash identifier:          xDtfcFeuvoc7H53dx6XMFpyYCc4Qq+FPUImWBrlN+70=
Subject key identifier:   70:9D:6B:5B:C5:42:97:24:70:78:61:DB:78:43:2D:58:18:67:5C:04
Certificate issuer:       /CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
Certificate serial:       0198EA8D487639BAE3C3D82B49E67BB4D069
Authority key identifier: 0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/cJ1rW8VClyRweGHbeEMtWBhnXAQ.roa
Signing time:             Wed 27 Aug 2025 08:03:04 +0000
ROA not before:           Wed 27 Aug 2025 08:03:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210381
IP address blocks:        83.139.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 14:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:8d:48:76:39:ba:e3:c3:d8:2b:49:e6:7b:b4:d0:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
        Validity
            Not Before: Aug 27 08:03:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=709d6b5bc5429724707861db78432d5818675c04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:be:f2:06:1f:c4:12:3b:cb:fe:9a:61:03:09:
                    e6:89:4c:0a:5f:6f:7d:a2:fa:ab:94:b5:95:5f:3d:
                    1b:1a:60:99:5e:ad:fd:6e:73:4b:04:23:72:c0:30:
                    4d:d3:73:65:5f:04:46:00:cf:f4:c1:e5:61:21:d2:
                    d1:a7:91:15:38:85:63:e0:31:87:97:33:13:42:7a:
                    aa:b0:bf:a5:bd:a0:09:31:d6:37:97:fd:f2:95:48:
                    1d:05:10:bf:a0:75:de:b6:3c:b5:61:ef:5c:85:c1:
                    4a:e8:da:ff:a6:89:9a:48:da:81:9b:2e:ed:a7:8a:
                    0f:c4:fe:b8:dd:5e:a8:60:7c:96:65:8c:0e:9c:b4:
                    ec:7f:a1:f2:af:16:fb:36:12:2c:16:69:9d:c5:be:
                    ab:2c:08:4f:4f:6d:ce:06:10:23:74:76:95:81:5a:
                    85:5d:ce:77:37:ed:61:5b:98:95:54:21:8e:4a:c4:
                    c8:5a:61:2c:6b:f9:c6:0d:40:90:ba:d1:79:03:20:
                    ca:54:36:a7:ce:55:91:24:9d:6d:56:18:27:db:20:
                    51:ac:a2:e2:79:53:22:23:d2:73:17:1f:d3:a4:f2:
                    a9:02:2c:a2:ed:4d:bf:02:85:87:bf:40:63:80:ba:
                    da:99:57:47:8d:a3:3c:8a:23:f6:fe:1c:af:df:63:
                    b6:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:9D:6B:5B:C5:42:97:24:70:78:61:DB:78:43:2D:58:18:67:5C:04
            X509v3 Authority Key Identifier:
                keyid:0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/cJ1rW8VClyRweGHbeEMtWBhnXAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.139.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:42:f7:fc:82:b7:c2:4b:97:e9:4a:33:e2:65:fe:6c:62:28:
         90:a7:44:22:6d:c8:79:27:e4:4b:bc:41:44:e9:c8:82:02:60:
         c9:0f:59:2c:39:40:65:15:4e:a6:95:e8:4c:33:cd:23:13:3a:
         1c:da:a9:be:dc:dd:ef:d3:1f:81:56:32:58:c6:03:5a:c5:c5:
         0b:2c:1b:d8:28:83:65:fc:2c:a0:87:98:de:b7:78:5c:c5:fc:
         a9:6d:ff:8b:11:8e:49:f7:5b:af:33:14:41:e1:1c:ce:e0:8d:
         a5:01:9c:a2:db:cc:1c:83:c9:28:92:67:13:c1:01:16:9a:38:
         d2:f4:44:16:96:81:d4:20:a0:38:b3:1f:82:b1:94:a8:ec:2c:
         e9:b7:96:ed:88:2a:27:21:99:50:67:a9:37:05:48:76:16:ac:
         46:d1:0b:7e:27:d3:89:8d:7d:c1:c9:92:f8:09:11:60:11:e4:
         ae:47:23:44:b6:c2:d9:bf:f4:1d:99:6d:3a:1f:66:f0:3d:0a:
         53:fd:b0:f1:0c:c4:43:37:94:a0:2e:80:b7:72:ab:fb:31:9f:
         f5:81:d8:d1:5b:fb:ee:58:1a:01:c0:63:0c:0b:0d:20:78:21:
         a6:13:fa:fa:f0:5c:f1:08:c7:32:08:f7:e3:3d:f0:7d:e3:79:
         a1:c4:12:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjqjUh2Obrjw9grSeZ7tNBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNzVmYjRmNTJhODI5ZDEzNmUyOWE5YTAyNWM2MzZkMTlh
ZTMyOGUwHhcNMjUwODI3MDgwMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDlkNmI1YmM1NDI5NzI0NzA3ODYxZGI3ODQzMmQ1ODE4Njc1YzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr77yBh/EEjvL/pphAwnmiUwKX299
ovqrlLWVXz0bGmCZXq39bnNLBCNywDBN03NlXwRGAM/0weVhIdLRp5EVOIVj4DGH
lzMTQnqqsL+lvaAJMdY3l/3ylUgdBRC/oHXetjy1Ye9chcFK6Nr/pomaSNqBmy7t
p4oPxP643V6oYHyWZYwOnLTsf6Hyrxb7NhIsFmmdxb6rLAhPT23OBhAjdHaVgVqF
Xc53N+1hW5iVVCGOSsTIWmEsa/nGDUCQutF5AyDKVDanzlWRJJ1tVhgn2yBRrKLi
eVMiI9JzFx/TpPKpAiyi7U2/AoWHv0BjgLramVdHjaM8iiP2/hyv32O25wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCda1vFQpckcHhh23hDLVgYZ1wEMB8GA1UdIwQY
MBaAFA51+09SqCnRNuKamgJcY20ZrjKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYt
MzViYTI2N2RlZDNiLzEvY0oxclc4VkNseVJ3ZUdIYmVFTXRXQmhuWEFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYtMzViYTI2N2RlZDNi
LzEvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4sEMA0G
CSqGSIb3DQEBCwUAA4IBAQAUQvf8grfCS5fpSjPiZf5sYiiQp0Qibch5J+RLvEFE
6ciCAmDJD1ksOUBlFU6mlehMM80jEzoc2qm+3N3v0x+BVjJYxgNaxcULLBvYKINl
/Cygh5jet3hcxfypbf+LEY5J91uvMxRB4RzO4I2lAZyi28wcg8kokmcTwQEWmjjS
9EQWloHUIKA4sx+CsZSo7Czpt5btiConIZlQZ6k3BUh2FqxG0Qt+J9OJjX3ByZL4
CRFgEeSuRyNEtsLZv/QdmW06H2bwPQpT/bDxDMRDN5SgLoC3cqv7MZ/1gdjRW/vu
WBoBwGMMCw0geCGmE/r68FzxCMcyCPfjPfB943mhxBJb
-----END CERTIFICATE-----