Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RK1O-a2mHIy_nQ5roRSHFEMArKI.roa
File:                     RK1O-a2mHIy_nQ5roRSHFEMArKI.roa (raw, json)
Hash identifier:          UJRbqwcH/HImxZn6bg73LlWy7wN6vSCErzYOKPapKao=
Subject key identifier:   44:AD:4E:F9:AD:A6:1C:8C:BF:9D:0E:6B:A1:14:87:14:43:00:AC:A2
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0198E1457DAC1076445B3EE3D711A1D51801
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RK1O-a2mHIy_nQ5roRSHFEMArKI.roa
Signing time:             Mon 25 Aug 2025 12:48:04 +0000
ROA not before:           Mon 25 Aug 2025 12:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214432
IP address blocks:        5.182.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e1:45:7d:ac:10:76:44:5b:3e:e3:d7:11:a1:d5:18:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Aug 25 12:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44ad4ef9ada61c8cbf9d0e6ba11487144300aca2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8c:a7:31:de:a1:b6:bc:12:69:78:84:d7:68:
                    64:7e:bd:61:69:10:57:6c:45:53:08:47:f9:89:da:
                    6e:a2:8c:1e:ce:70:6e:d6:fc:b4:2a:7e:66:72:ed:
                    1c:30:1e:10:f7:4d:57:35:33:bd:45:bb:c8:e4:20:
                    91:80:6c:36:8c:64:7f:20:f6:70:7c:80:28:00:60:
                    aa:ba:39:e3:91:d6:3c:d7:b2:2f:52:63:dd:df:02:
                    bd:e9:a2:1c:db:de:96:b2:86:6a:9b:56:89:ce:1e:
                    2e:64:7c:a9:ff:70:8c:d3:19:cf:91:ed:fb:0c:3b:
                    b7:7e:fe:60:05:35:56:de:c1:c3:00:d7:78:9f:51:
                    32:ed:cf:d3:88:dc:d0:86:dd:73:f9:aa:43:a7:1c:
                    c6:23:7f:f6:0c:5b:0b:bb:c5:a1:ee:77:ea:76:a6:
                    1d:bc:00:05:97:a7:b2:3d:9e:3f:bf:83:e8:6a:e0:
                    e6:52:15:87:f3:43:68:0d:5a:07:b2:94:71:50:87:
                    c5:36:12:88:f0:49:f2:1e:ac:93:e2:b8:c4:81:5a:
                    55:4d:0a:45:e1:ed:58:b8:61:25:39:9a:32:3d:2c:
                    9a:f9:ee:da:37:67:ab:89:45:e9:f8:8e:5c:19:09:
                    4f:f3:92:e8:06:84:f5:f0:7f:f0:67:2b:8f:b1:26:
                    0a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:AD:4E:F9:AD:A6:1C:8C:BF:9D:0E:6B:A1:14:87:14:43:00:AC:A2
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/RK1O-a2mHIy_nQ5roRSHFEMArKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:1e:6d:95:6a:58:45:1f:61:d4:cf:db:3a:e7:b0:b2:c1:b1:
         29:8e:0a:8e:f8:a3:17:7a:82:d2:a3:f8:ed:5e:8a:ce:66:48:
         bb:ca:10:f0:46:68:2b:88:37:58:c5:34:4a:c1:43:18:a1:95:
         7d:ed:db:8a:42:20:dd:d3:17:3f:99:a0:66:fa:fe:7f:75:07:
         36:eb:80:99:30:f7:56:08:cc:db:e7:46:e5:33:ab:d4:b2:5e:
         56:53:45:eb:bc:c0:97:d7:6e:d5:04:f5:d4:07:e6:91:cb:ac:
         79:1a:23:1e:28:a8:83:2c:87:4b:f1:6a:5f:f8:98:f2:3a:91:
         bb:b4:0c:f4:e7:d7:f1:a5:34:97:b8:54:47:b9:e6:8b:d4:1c:
         08:ea:40:b9:35:7c:50:fc:01:62:c5:dc:d4:bc:ce:08:fc:d5:
         11:33:22:29:6f:a6:db:0c:e0:1f:46:cf:9a:6a:67:67:54:0d:
         5e:50:de:9f:2d:be:7e:2f:ee:b6:c6:1f:3b:68:2b:b8:31:46:
         3e:c3:9a:4c:ea:77:24:61:65:a2:44:7e:9d:99:7d:ae:1b:d2:
         f9:cb:e5:8b:00:02:f1:ba:0f:8d:50:2f:eb:ba:cf:c4:95:ae:
         6b:e0:19:6a:f9:bc:f4:14:91:d2:38:56:66:65:c8:0d:d7:8c:
         ca:e5:68:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjhRX2sEHZEWz7j1xGh1RgBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwODI1MTI0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGFkNGVmOWFkYTYxYzhjYmY5ZDBlNmJhMTE0ODcxNDQzMDBhY2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IynMd6htrwSaXiE12hkfr1haRBX
bEVTCEf5idpuooweznBu1vy0Kn5mcu0cMB4Q901XNTO9RbvI5CCRgGw2jGR/IPZw
fIAoAGCqujnjkdY817IvUmPd3wK96aIc296WsoZqm1aJzh4uZHyp/3CM0xnPke37
DDu3fv5gBTVW3sHDANd4n1Ey7c/TiNzQht1z+apDpxzGI3/2DFsLu8Wh7nfqdqYd
vAAFl6eyPZ4/v4PoauDmUhWH80NoDVoHspRxUIfFNhKI8EnyHqyT4rjEgVpVTQpF
4e1YuGElOZoyPSya+e7aN2eriUXp+I5cGQlP85LoBoT18H/wZyuPsSYK1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEStTvmtphyMv50Oa6EUhxRDAKyiMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvUksxTy1hMm1ISXlfblE1cm9SU0hGRU1BcktJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbZwMA0G
CSqGSIb3DQEBCwUAA4IBAQB7Hm2ValhFH2HUz9s657CywbEpjgqO+KMXeoLSo/jt
XorOZki7yhDwRmgriDdYxTRKwUMYoZV97duKQiDd0xc/maBm+v5/dQc264CZMPdW
CMzb50blM6vUsl5WU0XrvMCX127VBPXUB+aRy6x5GiMeKKiDLIdL8Wpf+JjyOpG7
tAz059fxpTSXuFRHueaL1BwI6kC5NXxQ/AFixdzUvM4I/NURMyIpb6bbDOAfRs+a
amdnVA1eUN6fLb5+L+62xh87aCu4MUY+w5pM6nckYWWiRH6dmX2uG9L5y+WLAALx
ug+NUC/rus/Ela5r4Blq+bz0FJHSOFZmZcgN14zK5Wje
-----END CERTIFICATE-----