Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/376f5a-c026-4bae-8847-2b1d439b2227/1/rNO8o619Q5SFsmTVHI_QY1wyUDE.roa
File:                     rNO8o619Q5SFsmTVHI_QY1wyUDE.roa (raw, json)
Hash identifier:          Hb7rXVkAK9PEfMPmQwPGTYXFwRIopAaJ4bo+hnJHqKU=
Subject key identifier:   AC:D3:BC:A3:AD:7D:43:94:85:B2:64:D5:1C:8F:D0:63:5C:32:50:31
Certificate issuer:       /CN=07d3c0c115328c3d28c0f5721b00982b2cd4215e
Certificate serial:       0198A8DA233E9D3DD2DE6C8608346A7A9C46
Authority key identifier: 07:D3:C0:C1:15:32:8C:3D:28:C0:F5:72:1B:00:98:2B:2C:D4:21:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9PAwRUyjD0owPVyGwCYKyzUIV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/376f5a-c026-4bae-8847-2b1d439b2227/1/rNO8o619Q5SFsmTVHI_QY1wyUDE.roa
Signing time:             Thu 14 Aug 2025 13:52:04 +0000
ROA not before:           Thu 14 Aug 2025 13:52:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        195.22.120.0/24 maxlen: 24
                          2001:67c:2f00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/376f5a-c026-4bae-8847-2b1d439b2227/1/B9PAwRUyjD0owPVyGwCYKyzUIV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/376f5a-c026-4bae-8847-2b1d439b2227/1/B9PAwRUyjD0owPVyGwCYKyzUIV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9PAwRUyjD0owPVyGwCYKyzUIV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:da:23:3e:9d:3d:d2:de:6c:86:08:34:6a:7a:9c:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d3c0c115328c3d28c0f5721b00982b2cd4215e
        Validity
            Not Before: Aug 14 13:52:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acd3bca3ad7d439485b264d51c8fd0635c325031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:46:18:e5:3e:16:0e:15:fc:63:3d:b6:5f:7f:
                    52:16:cf:36:ae:36:af:7c:89:8e:8d:ed:b2:22:20:
                    62:b1:5b:42:da:64:fc:9f:ca:8e:5f:ef:5c:43:60:
                    ca:86:77:48:2b:f1:91:6f:07:0f:62:d5:77:29:5a:
                    ca:4a:7b:cc:41:29:ec:3d:69:32:07:5e:ed:3f:19:
                    0e:63:6a:d7:94:56:0a:40:e8:73:a8:cf:57:80:cd:
                    e0:e8:19:d0:2e:f2:a5:66:bc:d1:aa:0f:df:06:7b:
                    15:ec:b9:4a:a3:bb:b4:06:19:32:0f:d4:38:30:75:
                    c1:ad:19:3c:cf:89:9d:9c:fe:28:0b:28:4a:39:e0:
                    35:17:36:07:45:84:15:e5:df:f4:7a:88:11:53:3a:
                    f6:dc:c2:03:34:c9:f7:b9:c2:ad:9b:d2:8c:8a:23:
                    02:a6:d2:44:c9:6c:7a:de:00:93:70:00:bd:d8:1d:
                    2c:b8:ba:73:28:e3:9f:29:a2:dc:7f:0a:17:00:49:
                    a9:88:b9:18:95:92:65:fb:dd:f0:d0:d5:12:45:67:
                    91:bb:85:5d:df:0d:5b:0f:3c:3a:fc:ad:5d:df:c8:
                    13:17:cc:ae:4a:34:95:c3:ee:df:46:a2:21:7d:28:
                    8d:d2:99:db:0f:37:cf:01:63:37:02:f4:d7:67:e0:
                    04:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D3:BC:A3:AD:7D:43:94:85:B2:64:D5:1C:8F:D0:63:5C:32:50:31
            X509v3 Authority Key Identifier:
                keyid:07:D3:C0:C1:15:32:8C:3D:28:C0:F5:72:1B:00:98:2B:2C:D4:21:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9PAwRUyjD0owPVyGwCYKyzUIV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/376f5a-c026-4bae-8847-2b1d439b2227/1/rNO8o619Q5SFsmTVHI_QY1wyUDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/376f5a-c026-4bae-8847-2b1d439b2227/1/B9PAwRUyjD0owPVyGwCYKyzUIV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.22.120.0/24
                IPv6:
                  2001:67c:2f00::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:36:a0:db:91:a5:60:1e:21:e2:f6:e6:16:45:11:2a:59:c3:
         37:de:e0:3f:04:d5:73:78:9f:a8:d5:62:7b:4c:c9:a0:c4:eb:
         a6:0b:38:44:c5:9c:14:5b:2a:a3:b1:6b:a4:77:ca:39:d8:d2:
         d5:05:43:6e:8a:2a:0d:20:39:55:1e:9f:a5:7b:9b:16:be:ef:
         72:98:02:f4:ca:28:03:f8:91:53:26:9b:bd:45:11:da:79:93:
         4c:9e:0a:a1:5e:b0:b9:4b:ba:c5:84:92:c5:bc:9e:cb:79:f9:
         31:5c:6f:78:69:74:60:27:be:d3:73:e8:4c:20:cc:ab:0c:b4:
         c4:fc:80:bb:3c:e1:66:d0:c9:32:b7:87:4b:a8:17:cb:7e:ad:
         ed:d0:45:1f:2c:e2:af:c0:77:b6:f5:8e:de:3b:01:ae:c3:d1:
         88:4d:00:d1:44:98:4d:59:58:cf:f4:a4:8d:5c:9b:99:94:b0:
         05:45:62:45:de:4d:97:76:52:c0:31:c8:51:f6:f4:72:b5:19:
         72:e9:d5:91:b7:f5:13:42:ea:d8:b2:03:85:0d:a3:25:d0:94:
         19:0d:78:b3:1e:c3:a6:0c:7e:dd:88:c0:96:60:38:dc:29:fc:
         93:c0:80:9c:ce:8a:54:ad:3f:25:22:0e:6a:05:c5:e3:2b:4c:
         a8:ff:6f:96
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZio2iM+nT3S3myGCDRqepxGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZDNjMGMxMTUzMjhjM2QyOGMwZjU3MjFiMDA5ODJiMmNk
NDIxNWUwHhcNMjUwODE0MTM1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2QzYmNhM2FkN2Q0Mzk0ODViMjY0ZDUxYzhmZDA2MzVjMzI1MDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkYY5T4WDhX8Yz22X39SFs82rjav
fImOje2yIiBisVtC2mT8n8qOX+9cQ2DKhndIK/GRbwcPYtV3KVrKSnvMQSnsPWky
B17tPxkOY2rXlFYKQOhzqM9XgM3g6BnQLvKlZrzRqg/fBnsV7LlKo7u0BhkyD9Q4
MHXBrRk8z4mdnP4oCyhKOeA1FzYHRYQV5d/0eogRUzr23MIDNMn3ucKtm9KMiiMC
ptJEyWx63gCTcAC92B0suLpzKOOfKaLcfwoXAEmpiLkYlZJl+93w0NUSRWeRu4Vd
3w1bDzw6/K1d38gTF8yuSjSVw+7fRqIhfSiN0pnbDzfPAWM3AvTXZ+AEbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKzTvKOtfUOUhbJk1RyP0GNcMlAxMB8GA1UdIwQY
MBaAFAfTwMEVMow9KMD1chsAmCss1CFeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlQQXdSVXlqRDBvd1BWeUd3Q1lLeXpVSVY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zNzZmNWEtYzAyNi00YmFlLTg4NDct
MmIxZDQzOWIyMjI3LzEvck5POG82MTlRNVNGc21UVkhJX1FZMXd5VURFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zNzZmNWEtYzAyNi00YmFlLTg4NDctMmIxZDQzOWIyMjI3
LzEvQjlQQXdSVXlqRDBvd1BWeUd3Q1lLeXpVSVY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwxZ4MA8E
AgACMAkDBwAgAQZ8LwAwDQYJKoZIhvcNAQELBQADggEBAFY2oNuRpWAeIeL25hZF
ESpZwzfe4D8E1XN4n6jVYntMyaDE66YLOETFnBRbKqOxa6R3yjnY0tUFQ26KKg0g
OVUen6V7mxa+73KYAvTKKAP4kVMmm71FEdp5k0yeCqFesLlLusWEksW8nst5+TFc
b3hpdGAnvtNz6EwgzKsMtMT8gLs84WbQyTK3h0uoF8t+re3QRR8s4q/Ad7b1jt47
Aa7D0YhNANFEmE1ZWM/0pI1cm5mUsAVFYkXeTZd2UsAxyFH29HK1GXLp1ZG39RNC
6tiyA4UNoyXQlBkNeLMew6YMft2IwJZgONwp/JPAgJzOilStPyUiDmoFxeMrTKj/
b5Y=
-----END CERTIFICATE-----