Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/ookYOsl62US6mMi6GMg2HcD_y2A.roa
File:                     ookYOsl62US6mMi6GMg2HcD_y2A.roa (raw, json)
Hash identifier:          NEIgALewSP5rnsPbfbCrZ+39OwZPrksdjPilVku316k=
Subject key identifier:   A2:89:18:3A:C9:7A:D9:44:BA:98:C8:BA:18:C8:36:1D:C0:FF:CB:60
Certificate issuer:       /CN=97530cab3bae5b529fabeb9979bd685f7b2bdab3
Certificate serial:       0199292D615F8B825FEEAB5B9CBA7142A12D
Authority key identifier: 97:53:0C:AB:3B:AE:5B:52:9F:AB:EB:99:79:BD:68:5F:7B:2B:DA:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/ookYOsl62US6mMi6GMg2HcD_y2A.roa
Signing time:             Mon 08 Sep 2025 11:54:23 +0000
ROA not before:           Mon 08 Sep 2025 11:54:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43395
IP address blocks:        164.138.203.0/24 maxlen: 24
                          2a05:7a80:fffd::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 21:45:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:29:2d:61:5f:8b:82:5f:ee:ab:5b:9c:ba:71:42:a1:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97530cab3bae5b529fabeb9979bd685f7b2bdab3
        Validity
            Not Before: Sep  8 11:54:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a289183ac97ad944ba98c8ba18c8361dc0ffcb60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b2:bf:37:ae:c6:01:7c:6c:5b:cb:b1:17:86:
                    50:03:7c:0f:5f:82:38:60:ac:45:fc:2e:d0:3e:3e:
                    3b:89:77:cd:8b:d7:19:5d:4d:2b:46:12:7c:25:7f:
                    64:4f:bd:08:7c:33:35:9e:15:6f:03:0b:a1:7b:b2:
                    3c:d7:03:99:41:57:c5:80:82:30:31:a9:49:5a:9d:
                    01:a0:fd:92:c9:c7:ca:aa:e2:64:56:90:1d:3f:06:
                    3e:ca:6c:44:a0:62:05:8f:f7:08:53:90:41:62:05:
                    59:a7:46:64:84:67:58:1f:16:15:c0:41:06:a7:34:
                    63:41:57:c1:dd:6a:b3:86:8f:75:47:e1:0d:95:65:
                    8a:e5:ee:98:b9:2a:8d:80:18:b0:d6:58:2a:21:c1:
                    6f:50:f9:36:6c:88:5f:7a:7c:b0:41:cf:0f:a4:89:
                    85:a9:2f:ce:63:f7:45:d3:71:d6:89:c0:7a:c8:d1:
                    d8:5a:d1:bb:76:9b:c3:03:e6:be:d6:05:64:14:d5:
                    bd:0d:ee:f4:d1:2f:cd:94:b7:c1:41:bc:8b:06:4b:
                    1f:cf:ee:04:d7:ab:7a:03:26:58:80:d5:f6:10:0e:
                    f7:f7:47:83:cc:92:26:53:f4:88:be:d7:90:2b:5d:
                    ef:25:41:da:1d:1f:03:6f:4b:c8:11:51:29:a1:11:
                    3f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:89:18:3A:C9:7A:D9:44:BA:98:C8:BA:18:C8:36:1D:C0:FF:CB:60
            X509v3 Authority Key Identifier:
                keyid:97:53:0C:AB:3B:AE:5B:52:9F:AB:EB:99:79:BD:68:5F:7B:2B:DA:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/ookYOsl62US6mMi6GMg2HcD_y2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/6252f9-6787-406a-b91f-9cfa2c7d816e/1/l1MMqzuuW1Kfq-uZeb1oX3sr2rM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.203.0/24
                IPv6:
                  2a05:7a80:fffd::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:6a:cb:11:fd:06:54:9e:90:da:58:d3:c5:58:fc:ab:5a:04:
         57:63:37:69:9f:28:47:eb:33:34:25:51:a7:4e:0f:18:89:b5:
         34:20:ac:00:68:8a:45:a7:93:b2:2d:6b:16:58:15:b5:7d:16:
         1d:35:43:8d:6c:b0:8d:80:0b:d5:7c:76:36:36:25:d9:ce:f2:
         b8:2b:e7:a5:fe:d7:c8:b4:15:58:14:3c:29:a8:32:09:9a:06:
         a5:b7:4a:b5:76:2b:e3:17:6c:ce:86:b7:37:fc:ad:55:98:39:
         f1:c4:28:a3:9d:1b:bd:53:82:f3:31:24:25:20:39:8e:0b:08:
         35:54:3a:c9:e2:07:4a:2a:ef:86:51:f8:8b:b5:98:52:53:df:
         ec:1d:57:b4:54:f7:aa:66:c5:d0:42:64:98:9a:c7:fa:f2:00:
         0b:fd:de:6a:b8:84:48:ef:91:4c:91:fc:47:0c:ef:7b:54:42:
         7b:f9:6d:58:1f:a6:f6:6a:79:7e:71:54:a6:e4:92:27:49:9a:
         49:de:70:56:51:de:dd:8b:26:e7:25:84:cd:5e:8d:5e:19:9a:
         19:f3:77:b6:0f:53:21:b7:be:9c:d3:db:84:e3:29:cd:6b:6e:
         d2:d8:10:c7:7d:5a:d7:8f:74:2d:26:5d:93:c3:be:e0:1c:09:
         1c:2c:fb:72
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZkpLWFfi4Jf7qtbnLpxQqEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NTMwY2FiM2JhZTViNTI5ZmFiZWI5OTc5YmQ2ODVmN2Iy
YmRhYjMwHhcNMjUwOTA4MTE1NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjg5MTgzYWM5N2FkOTQ0YmE5OGM4YmExOGM4MzYxZGMwZmZjYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrK/N67GAXxsW8uxF4ZQA3wPX4I4
YKxF/C7QPj47iXfNi9cZXU0rRhJ8JX9kT70IfDM1nhVvAwuhe7I81wOZQVfFgIIw
MalJWp0BoP2SycfKquJkVpAdPwY+ymxEoGIFj/cIU5BBYgVZp0ZkhGdYHxYVwEEG
pzRjQVfB3Wqzho91R+ENlWWK5e6YuSqNgBiw1lgqIcFvUPk2bIhfenywQc8PpImF
qS/OY/dF03HWicB6yNHYWtG7dpvDA+a+1gVkFNW9De700S/NlLfBQbyLBksfz+4E
16t6AyZYgNX2EA7390eDzJImU/SIvteQK13vJUHaHR8Db0vIEVEpoRE/kwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKKJGDrJetlEupjIuhjINh3A/8tgMB8GA1UdIwQY
MBaAFJdTDKs7rltSn6vrmXm9aF97K9qzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDFNTXF6dXVXMUtmcS11WmViMW9YM3NyMnJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82MjUyZjktNjc4Ny00MDZhLWI5MWYt
OWNmYTJjN2Q4MTZlLzEvb29rWU9zbDYyVVM2bU1pNkdNZzJIY0RfeTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82MjUyZjktNjc4Ny00MDZhLWI5MWYtOWNmYTJjN2Q4MTZl
LzEvbDFNTXF6dXVXMUtmcS11WmViMW9YM3NyMnJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQApIrLMA8E
AgACMAkDBwAqBXqA//0wDQYJKoZIhvcNAQELBQADggEBAFpqyxH9BlSekNpY08VY
/KtaBFdjN2mfKEfrMzQlUadODxiJtTQgrABoikWnk7ItaxZYFbV9Fh01Q41ssI2A
C9V8djY2JdnO8rgr56X+18i0FVgUPCmoMgmaBqW3SrV2K+MXbM6Gtzf8rVWYOfHE
KKOdG71TgvMxJCUgOY4LCDVUOsniB0oq74ZR+Iu1mFJT3+wdV7RU96pmxdBCZJia
x/ryAAv93mq4hEjvkUyR/EcM73tUQnv5bVgfpvZqeX5xVKbkkidJmknecFZR3t2L
JuclhM1ejV4Zmhnzd7YPUyG3vpzT24TjKc1rbtLYEMd9WtePdC0mXZPDvuAcCRws
+3I=
-----END CERTIFICATE-----