Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/vIzYWBt0vGdhnurb4W8AKuSndlg.roa
File:                     vIzYWBt0vGdhnurb4W8AKuSndlg.roa (raw, json)
Hash identifier:          YV5/anPLe3l3ZlN3HdaAQFOHINttBjoXhWyPF608cVk=
Subject key identifier:   BC:8C:D8:58:1B:74:BC:67:61:9E:EA:DB:E1:6F:00:2A:E4:A7:76:58
Certificate issuer:       /CN=02a962c1fe8e2e12a35576fd62987a0cbba463d4
Certificate serial:       019860C60D7CB4AC64E9140B04CA9DBC1574
Authority key identifier: 02:A9:62:C1:FE:8E:2E:12:A3:55:76:FD:62:98:7A:0C:BB:A4:63:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/vIzYWBt0vGdhnurb4W8AKuSndlg.roa
Signing time:             Thu 31 Jul 2025 13:57:28 +0000
ROA not before:           Thu 31 Jul 2025 13:57:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207713
IP address blocks:        150.40.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 18:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:60:c6:0d:7c:b4:ac:64:e9:14:0b:04:ca:9d:bc:15:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02a962c1fe8e2e12a35576fd62987a0cbba463d4
        Validity
            Not Before: Jul 31 13:57:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc8cd8581b74bc67619eeadbe16f002ae4a77658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:85:69:1e:74:f8:aa:62:8c:be:5e:47:3c:e7:
                    f6:a2:3b:91:72:04:df:90:2f:de:27:8e:8a:85:e0:
                    72:6f:90:65:b7:82:f2:60:b9:f1:4e:0b:da:aa:76:
                    1e:75:cd:a6:f9:52:34:69:a9:71:f1:5e:93:a1:7e:
                    03:17:5b:e2:87:0f:35:e6:2a:6b:5a:0f:47:e1:b8:
                    6a:43:bf:d1:20:30:9d:ce:95:f5:40:e5:50:28:b0:
                    dd:de:aa:ee:d0:ae:26:de:0f:91:26:1e:1d:d9:25:
                    ee:32:85:20:95:3d:89:ae:e8:02:16:7e:47:f3:76:
                    80:2a:a1:07:b1:d0:66:3b:d8:c9:3a:78:3a:ac:31:
                    d9:43:a2:86:1d:05:43:3e:ba:1a:0f:5f:05:2c:d2:
                    83:88:39:bb:cd:c3:e7:54:14:a7:69:ff:3a:1c:9f:
                    e4:17:e8:5f:d3:d2:ac:1b:69:d4:09:6a:e4:09:81:
                    eb:8d:b3:44:a2:22:7d:f0:38:f3:5c:b9:6e:0a:49:
                    d2:2c:8d:bf:b1:b9:f7:a4:f4:47:ec:7f:63:f3:82:
                    dc:7f:a8:74:81:16:07:98:79:4a:17:fb:b8:eb:3d:
                    b2:5e:fc:98:a7:6a:07:da:35:7f:72:9c:f8:42:32:
                    66:90:d8:5f:56:65:86:8d:b5:8f:65:56:a3:ec:b7:
                    14:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:8C:D8:58:1B:74:BC:67:61:9E:EA:DB:E1:6F:00:2A:E4:A7:76:58
            X509v3 Authority Key Identifier:
                keyid:02:A9:62:C1:FE:8E:2E:12:A3:55:76:FD:62:98:7A:0C:BB:A4:63:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/vIzYWBt0vGdhnurb4W8AKuSndlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.40.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:d5:ce:d4:67:59:67:d4:27:ab:17:cb:d8:1f:3c:b0:0d:f8:
         38:3e:e3:28:2c:b5:b7:6a:90:36:78:e7:42:74:0b:bc:01:3f:
         b3:4d:66:f3:8f:85:96:c1:b0:b2:a1:8e:d5:5b:d2:8b:12:d4:
         38:23:42:f8:7f:30:45:8a:2f:dc:31:c4:dc:eb:30:b6:18:1e:
         3f:2a:fb:f5:e1:fd:b2:f1:10:bb:0a:bd:32:19:27:e7:d3:31:
         0e:b2:65:b0:2c:f9:08:d4:05:6f:23:28:61:20:e2:2f:fc:2a:
         ef:15:ac:14:84:b2:8e:b3:02:82:bd:17:1e:d9:46:1e:9a:10:
         fb:62:db:a9:89:7b:bf:05:5b:fe:b7:ea:c3:2f:4c:92:3f:48:
         ce:68:f9:ff:d0:16:2b:95:76:ea:a0:e8:93:2f:d2:57:e1:1d:
         2c:ae:27:69:e9:a8:f8:dd:0b:e4:72:0f:12:19:ff:bf:79:15:
         d4:36:fc:e9:d0:f6:ce:19:eb:0d:38:02:dd:eb:97:87:17:ca:
         ee:c1:44:2e:d7:9a:e2:0b:4a:70:23:a0:c1:9d:92:fd:7a:34:
         28:51:84:15:e3:d0:b6:00:57:fe:7a:4b:bd:18:b3:f0:c3:fa:
         29:94:2b:fb:38:1b:8a:c7:ab:11:bf:2c:66:a3:6d:e6:5d:dd:
         9c:d5:4f:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhgxg18tKxk6RQLBMqdvBV0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYTk2MmMxZmU4ZTJlMTJhMzU1NzZmZDYyOTg3YTBjYmJh
NDYzZDQwHhcNMjUwNzMxMTM1NzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzhjZDg1ODFiNzRiYzY3NjE5ZWVhZGJlMTZmMDAyYWU0YTc3NjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYVpHnT4qmKMvl5HPOf2ojuRcgTf
kC/eJ46KheByb5Blt4LyYLnxTgvaqnYedc2m+VI0aalx8V6ToX4DF1vihw815ipr
Wg9H4bhqQ7/RIDCdzpX1QOVQKLDd3qru0K4m3g+RJh4d2SXuMoUglT2JrugCFn5H
83aAKqEHsdBmO9jJOng6rDHZQ6KGHQVDProaD18FLNKDiDm7zcPnVBSnaf86HJ/k
F+hf09KsG2nUCWrkCYHrjbNEoiJ98DjzXLluCknSLI2/sbn3pPRH7H9j84Lcf6h0
gRYHmHlKF/u46z2yXvyYp2oH2jV/cpz4QjJmkNhfVmWGjbWPZVaj7LcULQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyM2FgbdLxnYZ7q2+FvACrkp3ZYMB8GA1UdIwQY
MBaAFAKpYsH+ji4So1V2/WKYegy7pGPUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXFsaXdmNk9MaEtqVlhiOVlwaDZETHVrWTlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jNjE3OWEtMTYwZC00MGUyLWFlODYt
N2QxMzQ5ODBjNWJlLzEvdkl6WVdCdDB2R2RobnVyYjRXOEFLdVNuZGxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jNjE3OWEtMTYwZC00MGUyLWFlODYtN2QxMzQ5ODBjNWJl
LzEvQXFsaXdmNk9MaEtqVlhiOVlwaDZETHVrWTlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlihnMA0G
CSqGSIb3DQEBCwUAA4IBAQBK1c7UZ1ln1CerF8vYHzywDfg4PuMoLLW3apA2eOdC
dAu8AT+zTWbzj4WWwbCyoY7VW9KLEtQ4I0L4fzBFii/cMcTc6zC2GB4/Kvv14f2y
8RC7Cr0yGSfn0zEOsmWwLPkI1AVvIyhhIOIv/CrvFawUhLKOswKCvRce2UYemhD7
YtupiXu/BVv+t+rDL0ySP0jOaPn/0BYrlXbqoOiTL9JX4R0sridp6aj43Qvkcg8S
Gf+/eRXUNvzp0PbOGesNOALd65eHF8ruwUQu15riC0pwI6DBnZL9ejQoUYQV49C2
AFf+eku9GLPww/oplCv7OBuKx6sRvyxmo23mXd2c1U8E
-----END CERTIFICATE-----