Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/ChDs0vPKHYXjmSRKvkz2qLqd3Rw.roa
File:                     ChDs0vPKHYXjmSRKvkz2qLqd3Rw.roa (raw, json)
Hash identifier:          ThMIkvoH8p8/FHDDQvYXCmb7VtUAbCIv++31C7wNSNA=
Subject key identifier:   0A:10:EC:D2:F3:CA:1D:85:E3:99:24:4A:BE:4C:F6:A8:BA:9D:DD:1C
Certificate issuer:       /CN=a76fcfad966ae7e8171cfce26db3f65776d26fe8
Certificate serial:       019A2DAC12F877AF453593C69611983F16D6
Authority key identifier: A7:6F:CF:AD:96:6A:E7:E8:17:1C:FC:E2:6D:B3:F6:57:76:D2:6F:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/ChDs0vPKHYXjmSRKvkz2qLqd3Rw.roa
Signing time:             Wed 29 Oct 2025 01:54:03 +0000
ROA not before:           Wed 29 Oct 2025 01:54:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        91.224.186.0/24 maxlen: 24
                          153.98.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2d:ac:12:f8:77:af:45:35:93:c6:96:11:98:3f:16:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a76fcfad966ae7e8171cfce26db3f65776d26fe8
        Validity
            Not Before: Oct 29 01:54:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a10ecd2f3ca1d85e399244abe4cf6a8ba9ddd1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:49:ed:a3:cd:81:bc:4d:d6:1a:e4:4e:20:00:
                    04:dd:32:b2:b1:5e:3d:d8:58:93:44:6c:62:89:49:
                    24:d5:d0:b2:9b:87:b5:c9:02:d9:9f:96:fc:ab:cc:
                    5c:8f:1f:34:1f:f7:25:57:29:8b:8a:c0:c2:a6:7f:
                    b9:a7:49:35:fc:47:29:7e:1b:8a:06:90:1c:75:c7:
                    43:fa:91:64:83:3e:4e:86:e5:3a:e3:8f:71:15:02:
                    1f:71:24:8e:52:fd:59:1f:d1:b0:f7:24:bf:be:10:
                    b4:4a:31:d5:0b:e7:5b:4a:60:c8:9f:6b:9b:8e:cf:
                    34:81:c2:e5:08:07:38:c9:81:bf:bb:55:95:55:c4:
                    58:b7:b0:71:4f:aa:43:68:19:3b:74:42:f0:f7:5b:
                    c1:0a:d4:cd:df:04:a8:de:e4:30:c2:80:66:d7:1f:
                    1e:09:49:4d:04:7d:62:19:0b:38:6e:2a:c8:4b:b5:
                    6f:de:e8:5f:7e:79:20:f4:1e:bb:7f:00:5e:3a:7d:
                    19:02:14:bf:70:8d:7a:14:51:00:3f:d6:ea:5b:b7:
                    b2:97:7b:70:a7:ff:df:cc:2b:41:61:4a:7b:43:7d:
                    1f:b2:61:7d:77:f6:5b:b3:ac:29:b8:15:6f:f6:70:
                    01:9b:e3:e6:b9:99:34:aa:8a:25:bf:39:c7:db:09:
                    78:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:10:EC:D2:F3:CA:1D:85:E3:99:24:4A:BE:4C:F6:A8:BA:9D:DD:1C
            X509v3 Authority Key Identifier:
                keyid:A7:6F:CF:AD:96:6A:E7:E8:17:1C:FC:E2:6D:B3:F6:57:76:D2:6F:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/ChDs0vPKHYXjmSRKvkz2qLqd3Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.186.0/24
                  153.98.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:16:ba:fa:bb:95:b6:ca:63:4c:d7:9c:1a:19:3a:ad:56:f1:
         6b:c5:fa:38:db:98:1e:29:97:7d:79:90:29:43:80:2d:5b:7b:
         a3:c6:4b:e6:f9:fe:ef:6c:34:ad:d0:1b:57:37:11:be:c9:2d:
         0e:fe:45:67:24:ba:7c:e3:53:0a:b4:cb:2b:66:6e:dd:e3:3b:
         eb:0c:9e:5b:6a:42:dd:55:67:60:be:7e:23:60:54:64:4d:34:
         d2:70:bc:b1:b7:38:f3:4c:e6:a3:17:d6:08:03:84:38:91:06:
         67:a5:86:46:a0:2b:dd:07:2e:99:e4:01:65:7d:e5:00:9e:c0:
         e3:51:e9:8b:10:83:3e:3f:f8:4d:02:5f:b5:60:0d:5e:95:03:
         e7:83:a0:62:18:ff:d3:02:a7:a1:f9:16:2e:56:b4:01:08:d6:
         b1:4f:a1:47:42:91:39:6c:fe:45:e4:b6:44:33:31:a7:6d:2c:
         53:89:10:b9:79:23:a1:31:14:43:44:61:42:27:71:08:bc:77:
         ea:da:95:7e:d3:d2:09:a1:18:16:84:4f:82:6e:7e:5f:9d:e2:
         6c:c7:c7:1b:c5:ce:9e:66:a2:70:29:c1:4c:91:01:b6:8a:12:
         c3:07:81:e8:0c:5b:39:d8:3f:5e:1f:59:40:51:39:ad:32:4e:
         0f:62:56:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZotrBL4d69FNZPGlhGYPxbWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmZjZmFkOTY2YWU3ZTgxNzFjZmNlMjZkYjNmNjU3NzZk
MjZmZTgwHhcNMjUxMDI5MDE1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTEwZWNkMmYzY2ExZDg1ZTM5OTI0NGFiZTRjZjZhOGJhOWRkZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0nto82BvE3WGuROIAAE3TKysV49
2FiTRGxiiUkk1dCym4e1yQLZn5b8q8xcjx80H/clVymLisDCpn+5p0k1/EcpfhuK
BpAcdcdD+pFkgz5OhuU6449xFQIfcSSOUv1ZH9Gw9yS/vhC0SjHVC+dbSmDIn2ub
js80gcLlCAc4yYG/u1WVVcRYt7BxT6pDaBk7dELw91vBCtTN3wSo3uQwwoBm1x8e
CUlNBH1iGQs4birIS7Vv3uhffnkg9B67fwBeOn0ZAhS/cI16FFEAP9bqW7eyl3tw
p//fzCtBYUp7Q30fsmF9d/Zbs6wpuBVv9nABm+PmuZk0qoolvznH2wl4owIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAoQ7NLzyh2F45kkSr5M9qi6nd0cMB8GA1UdIwQY
MBaAFKdvz62WaufoFxz84m2z9ld20m/oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDJfUHJaWnE1LWdYSFB6aWJiUDJWM2JTYi1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9kYjg3NTItODRiMi00MzhhLTliYzEt
YzU0MDFmNmQ5MWQxLzEvQ2hEczB2UEtIWVhqbVNSS3ZrejJxTHFkM1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9kYjg3NTItODRiMi00MzhhLTliYzEtYzU0MDFmNmQ5MWQx
LzEvcDJfUHJaWnE1LWdYSFB6aWJiUDJWM2JTYi1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+C6AwQA
mWIeMA0GCSqGSIb3DQEBCwUAA4IBAQASFrr6u5W2ymNM15waGTqtVvFrxfo425ge
KZd9eZApQ4AtW3ujxkvm+f7vbDSt0BtXNxG+yS0O/kVnJLp841MKtMsrZm7d4zvr
DJ5bakLdVWdgvn4jYFRkTTTScLyxtzjzTOajF9YIA4Q4kQZnpYZGoCvdBy6Z5AFl
feUAnsDjUemLEIM+P/hNAl+1YA1elQPng6BiGP/TAqeh+RYuVrQBCNaxT6FHQpE5
bP5F5LZEMzGnbSxTiRC5eSOhMRRDRGFCJ3EIvHfq2pV+09IJoRgWhE+Cbn5fneJs
x8cbxc6eZqJwKcFMkQG2ihLDB4HoDFs52D9eH1lAUTmtMk4PYlaI
-----END CERTIFICATE-----