Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/44b7bb-2605-425b-b341-14605db543d0/1/hZOD7Y_mupZOHap9fLf6vk7q8ec.roa
File:                     hZOD7Y_mupZOHap9fLf6vk7q8ec.roa (raw, json)
Hash identifier:          S7Xh16GME3MVdYv3MI3CqwSYnk2TD7axisWzIQZKMnA=
Subject key identifier:   85:93:83:ED:8F:E6:BA:96:4E:1D:AA:7D:7C:B7:FA:BE:4E:EA:F1:E7
Certificate issuer:       /CN=ca926f963511893fa4d9fbd5e64e0f8a43837e40
Certificate serial:       01982DD1911A8B50709139C159557DFDFA16
Authority key identifier: CA:92:6F:96:35:11:89:3F:A4:D9:FB:D5:E6:4E:0F:8A:43:83:7E:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypJvljURiT-k2fvV5k4PikODfkA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/44b7bb-2605-425b-b341-14605db543d0/1/hZOD7Y_mupZOHap9fLf6vk7q8ec.roa
Signing time:             Mon 21 Jul 2025 16:29:25 +0000
ROA not before:           Mon 21 Jul 2025 16:29:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        217.149.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/44b7bb-2605-425b-b341-14605db543d0/1/ypJvljURiT-k2fvV5k4PikODfkA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/44b7bb-2605-425b-b341-14605db543d0/1/ypJvljURiT-k2fvV5k4PikODfkA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypJvljURiT-k2fvV5k4PikODfkA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 16:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:d1:91:1a:8b:50:70:91:39:c1:59:55:7d:fd:fa:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca926f963511893fa4d9fbd5e64e0f8a43837e40
        Validity
            Not Before: Jul 21 16:29:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=859383ed8fe6ba964e1daa7d7cb7fabe4eeaf1e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:35:fc:59:a2:ec:06:e6:b7:2a:2c:2e:1d:bf:
                    0a:de:67:fa:35:51:1c:ef:0c:13:e8:27:5b:21:c8:
                    2b:5d:0d:4d:90:53:ff:ca:88:c5:9e:03:16:21:d2:
                    eb:e5:dd:c7:bb:69:59:cf:2a:1d:56:55:aa:48:78:
                    16:8d:d3:34:d3:91:dd:bc:ec:af:21:fc:f9:7c:d4:
                    70:fe:65:fc:97:3b:a5:b9:7a:ad:b7:ad:72:6a:e5:
                    c1:35:05:a5:19:7a:31:34:11:48:0c:e7:6f:9f:bf:
                    ea:a7:a7:5a:e7:f0:09:63:ee:f3:53:2d:e4:65:36:
                    ac:a1:82:09:25:02:95:1b:fc:49:48:99:d3:9e:fc:
                    44:f9:86:86:59:42:89:45:c9:d6:b9:1f:d1:f9:2d:
                    6b:2d:8e:47:b2:8e:aa:d0:05:5a:fc:fe:c7:95:21:
                    32:eb:61:74:16:0a:9f:11:bf:b8:7e:f1:9c:c6:05:
                    11:d6:43:ed:8c:d5:32:ae:ae:c3:cf:42:ad:78:09:
                    0c:15:ce:ec:dd:3b:34:46:d6:fa:68:ff:b2:50:a2:
                    6a:86:f1:b7:27:07:dc:68:59:ff:88:bb:b4:29:3c:
                    9b:eb:31:1c:75:7a:33:41:75:b6:a2:be:1e:aa:b8:
                    81:e3:a8:77:d4:68:0a:4c:8b:a8:39:91:b4:81:bd:
                    8d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:93:83:ED:8F:E6:BA:96:4E:1D:AA:7D:7C:B7:FA:BE:4E:EA:F1:E7
            X509v3 Authority Key Identifier:
                keyid:CA:92:6F:96:35:11:89:3F:A4:D9:FB:D5:E6:4E:0F:8A:43:83:7E:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypJvljURiT-k2fvV5k4PikODfkA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/44b7bb-2605-425b-b341-14605db543d0/1/hZOD7Y_mupZOHap9fLf6vk7q8ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/44b7bb-2605-425b-b341-14605db543d0/1/ypJvljURiT-k2fvV5k4PikODfkA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.149.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:72:cc:e4:db:3e:e7:a7:68:9e:d7:2d:59:5a:c8:f8:56:91:
         43:72:c5:52:89:e0:d8:94:63:d0:19:60:7a:cf:40:c0:cc:74:
         ed:d0:60:08:95:0f:e5:98:30:e2:5b:33:ba:8d:2a:bc:8a:cb:
         52:c4:3c:ba:f5:34:80:56:ba:64:a8:a7:4d:d7:97:31:74:a7:
         6f:4d:87:01:09:dc:14:43:27:20:1f:47:fa:04:3d:d0:86:99:
         ec:b1:28:e0:ad:c7:bb:53:d9:41:8b:38:6e:52:1e:d3:13:e1:
         bd:07:a6:11:36:0b:4b:b3:66:03:e8:7b:c9:98:9f:51:d8:f6:
         75:91:c6:52:ff:91:71:bf:2f:b7:ed:7b:f5:b6:6e:eb:28:c7:
         fb:a5:ec:c3:a8:5f:34:d2:98:56:3e:ed:cd:71:f7:c6:88:92:
         6e:d6:d4:f6:ac:0e:a3:58:68:1f:d4:f3:8c:3d:35:10:c1:7a:
         7f:1a:7d:8e:30:c6:28:82:9f:ce:57:fe:e7:b7:29:f6:8e:a4:
         75:30:4c:a1:9b:14:bb:9c:aa:d2:9a:5f:f6:87:06:cb:3b:1a:
         6b:c3:21:2e:d1:fa:f1:96:b3:48:b7:5c:11:9f:30:dd:24:27:
         07:a0:75:c3:3d:70:dd:7d:46:24:c9:0b:20:7b:d4:63:1d:43:
         f9:55:90:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgt0ZEai1BwkTnBWVV9/foWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOTI2Zjk2MzUxMTg5M2ZhNGQ5ZmJkNWU2NGUwZjhhNDM4
MzdlNDAwHhcNMjUwNzIxMTYyOTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTkzODNlZDhmZTZiYTk2NGUxZGFhN2Q3Y2I3ZmFiZTRlZWFmMWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzX8WaLsBua3KiwuHb8K3mf6NVEc
7wwT6CdbIcgrXQ1NkFP/yojFngMWIdLr5d3Hu2lZzyodVlWqSHgWjdM005HdvOyv
Ifz5fNRw/mX8lzuluXqtt61yauXBNQWlGXoxNBFIDOdvn7/qp6da5/AJY+7zUy3k
ZTasoYIJJQKVG/xJSJnTnvxE+YaGWUKJRcnWuR/R+S1rLY5Hso6q0AVa/P7HlSEy
62F0FgqfEb+4fvGcxgUR1kPtjNUyrq7Dz0KteAkMFc7s3Ts0Rtb6aP+yUKJqhvG3
JwfcaFn/iLu0KTyb6zEcdXozQXW2or4eqriB46h31GgKTIuoOZG0gb2NAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWTg+2P5rqWTh2qfXy3+r5O6vHnMB8GA1UdIwQY
MBaAFMqSb5Y1EYk/pNn71eZOD4pDg35AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBKdmxqVVJpVC1rMmZ2VjVrNFBpa09EZmtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy80NGI3YmItMjYwNS00MjViLWIzNDEt
MTQ2MDVkYjU0M2QwLzEvaFpPRDdZX211cFpPSGFwOWZMZjZ2azdxOGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy80NGI3YmItMjYwNS00MjViLWIzNDEtMTQ2MDVkYjU0M2Qw
LzEveXBKdmxqVVJpVC1rMmZ2VjVrNFBpa09EZmtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZVsMA0G
CSqGSIb3DQEBCwUAA4IBAQALcszk2z7np2ie1y1ZWsj4VpFDcsVSieDYlGPQGWB6
z0DAzHTt0GAIlQ/lmDDiWzO6jSq8istSxDy69TSAVrpkqKdN15cxdKdvTYcBCdwU
QycgH0f6BD3QhpnssSjgrce7U9lBizhuUh7TE+G9B6YRNgtLs2YD6HvJmJ9R2PZ1
kcZS/5Fxvy+37Xv1tm7rKMf7pezDqF800phWPu3NcffGiJJu1tT2rA6jWGgf1POM
PTUQwXp/Gn2OMMYogp/OV/7ntyn2jqR1MEyhmxS7nKrSml/2hwbLOxprwyEu0frx
lrNIt1wRnzDdJCcHoHXDPXDdfUYkyQsge9RjHUP5VZC6
-----END CERTIFICATE-----