Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/Ckk724uPBMvC5hAYC_G2Cql2mg8.roa
File:                     Ckk724uPBMvC5hAYC_G2Cql2mg8.roa (raw, json)
Hash identifier:          SvzDJJVWG5l4/3gmB9vjbONxrJR1zsOkk3wBSKA3xRw=
Subject key identifier:   0A:49:3B:DB:8B:8F:04:CB:C2:E6:10:18:0B:F1:B6:0A:A9:76:9A:0F
Certificate issuer:       /CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
Certificate serial:       0198B93B3E2C66CDB1F5E1BF839F6EB578EB
Authority key identifier: 49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/Ckk724uPBMvC5hAYC_G2Cql2mg8.roa
Signing time:             Sun 17 Aug 2025 18:12:04 +0000
ROA not before:           Sun 17 Aug 2025 18:12:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        178.17.53.0/24 maxlen: 24
                          178.17.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 19:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b9:3b:3e:2c:66:cd:b1:f5:e1:bf:83:9f:6e:b5:78:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
        Validity
            Not Before: Aug 17 18:12:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a493bdb8b8f04cbc2e610180bf1b60aa9769a0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:20:47:61:d0:90:47:2b:43:21:83:a4:ca:6c:
                    7e:17:58:6f:c4:ff:c0:61:ab:02:d1:fd:12:c4:05:
                    df:d1:7d:00:fd:5c:3c:03:9d:2f:4c:12:af:2e:e1:
                    e6:e9:e2:de:b3:71:0f:78:24:f2:8b:fb:f6:cd:26:
                    ef:90:0f:39:62:64:34:ad:07:85:89:8d:72:5c:b9:
                    5b:14:d7:39:48:9c:ff:af:2e:ac:54:c2:83:86:da:
                    bf:44:a2:a8:18:9e:8c:5d:77:27:92:e6:d7:69:c8:
                    32:ea:cf:94:c3:e7:df:1e:22:6a:45:9e:1c:45:08:
                    dc:e8:0e:0b:30:fb:e4:e2:36:dd:4c:d3:c6:e7:fe:
                    29:36:e5:b8:b4:a2:0c:a4:30:5f:15:59:58:f0:7a:
                    79:a0:bd:81:75:37:a7:56:fe:f2:22:21:b0:d0:c4:
                    82:fe:06:bc:95:1a:92:ce:09:96:cc:a6:9b:28:4c:
                    5f:07:ce:6b:6c:8f:7a:a9:ac:29:72:db:84:cf:b2:
                    c8:38:b6:0f:a1:65:a7:cb:59:c5:a2:bc:ba:44:6f:
                    8b:a4:20:7d:69:b4:92:7c:45:9e:20:ed:63:32:d9:
                    ed:2f:f8:33:f4:ce:59:a1:91:e5:10:5d:7e:34:85:
                    32:ff:55:08:eb:f9:9d:48:f6:5e:d3:60:55:42:54:
                    86:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:49:3B:DB:8B:8F:04:CB:C2:E6:10:18:0B:F1:B6:0A:A9:76:9A:0F
            X509v3 Authority Key Identifier:
                keyid:49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/Ckk724uPBMvC5hAYC_G2Cql2mg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.17.53.0/24
                  178.17.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:6b:aa:7b:60:d8:03:ea:57:82:c9:bf:b8:fa:96:af:1e:86:
         dc:c2:0d:56:f9:17:53:a4:01:9d:eb:09:a1:97:56:a5:b3:ba:
         fc:e4:57:8b:68:59:0e:ca:16:97:32:23:f5:5c:9c:c2:a0:23:
         89:83:91:ac:b8:59:e8:4b:e9:e3:94:b3:b6:1b:6a:14:82:ce:
         de:cf:28:9b:f0:55:4d:09:de:43:37:1a:3f:37:e6:e7:51:b7:
         a8:b4:ae:ce:e2:75:62:57:be:fd:1a:6b:0f:93:b8:b0:81:d7:
         a9:36:16:36:f4:05:01:0a:f8:4f:d7:33:d3:17:5b:de:af:ea:
         73:d6:33:f2:6d:d8:b3:91:6a:08:0f:ff:57:b0:3b:14:02:6b:
         dd:b6:8c:90:07:aa:fe:23:bd:42:83:de:a8:5e:a8:4c:aa:d7:
         2e:d3:69:34:dc:97:22:8f:86:2b:0e:63:2b:d5:7f:89:56:25:
         2c:24:05:57:48:73:bc:28:ce:a3:99:42:fb:ea:3f:3c:a5:5f:
         88:56:0b:5f:83:3a:75:b1:67:c9:2d:5d:0e:a5:04:fb:9c:aa:
         63:a5:ef:d7:03:56:f4:84:bc:3a:7a:a9:6f:30:9c:c1:e9:46:
         25:1f:c5:4b:20:32:3b:0c:b6:c0:b7:c0:4d:95:f2:7a:95:cd:
         c1:d6:3f:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZi5Oz4sZs2x9eG/g59utXjrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjE2ZjVjMTY1YjgyN2E3ZmQ3M2Q4MTA3YWViZDJmNjNj
NjNlMjQwHhcNMjUwODE3MTgxMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQ5M2JkYjhiOGYwNGNiYzJlNjEwMTgwYmYxYjYwYWE5NzY5YTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyBHYdCQRytDIYOkymx+F1hvxP/A
YasC0f0SxAXf0X0A/Vw8A50vTBKvLuHm6eLes3EPeCTyi/v2zSbvkA85YmQ0rQeF
iY1yXLlbFNc5SJz/ry6sVMKDhtq/RKKoGJ6MXXcnkubXacgy6s+Uw+ffHiJqRZ4c
RQjc6A4LMPvk4jbdTNPG5/4pNuW4tKIMpDBfFVlY8Hp5oL2BdTenVv7yIiGw0MSC
/ga8lRqSzgmWzKabKExfB85rbI96qawpctuEz7LIOLYPoWWny1nFory6RG+LpCB9
abSSfEWeIO1jMtntL/gz9M5ZoZHlEF1+NIUy/1UI6/mdSPZe02BVQlSGdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFApJO9uLjwTLwuYQGAvxtgqpdpoPMB8GA1UdIwQY
MBaAFEkhb1wWW4J6f9c9gQeuvS9jxj4kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQt
MGRiYmMyNDllNjU3LzEvQ2trNzI0dVBCTXZDNWhBWUNfRzJDcWwybWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQtMGRiYmMyNDllNjU3
LzEvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAshE1AwQA
shE6MA0GCSqGSIb3DQEBCwUAA4IBAQBPa6p7YNgD6leCyb+4+pavHobcwg1W+RdT
pAGd6wmhl1als7r85FeLaFkOyhaXMiP1XJzCoCOJg5GsuFnoS+njlLO2G2oUgs7e
zyib8FVNCd5DNxo/N+bnUbeotK7O4nViV779GmsPk7iwgdepNhY29AUBCvhP1zPT
F1ver+pz1jPybdizkWoID/9XsDsUAmvdtoyQB6r+I71Cg96oXqhMqtcu02k03Jci
j4YrDmMr1X+JViUsJAVXSHO8KM6jmUL76j88pV+IVgtfgzp1sWfJLV0OpQT7nKpj
pe/XA1b0hLw6eqlvMJzB6UYlH8VLIDI7DLbAt8BNlfJ6lc3B1j8h
-----END CERTIFICATE-----