Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/X9W0b9P6Ek_A8a9BpsvnX133VZw.roa
File:                     X9W0b9P6Ek_A8a9BpsvnX133VZw.roa (raw, json)
Hash identifier:          8NxMp0DgdQySkZvwKlqGylrfX1726nGJj79qXZbDO7M=
Subject key identifier:   5F:D5:B4:6F:D3:FA:12:4F:C0:F1:AF:41:A6:CB:E7:5F:5D:F7:55:9C
Certificate issuer:       /CN=cbc83c392c5421c595cd5fb79428e8275bdb594c
Certificate serial:       01986F360A9FD82BE1D334EDA4C62A91BB72
Authority key identifier: CB:C8:3C:39:2C:54:21:C5:95:CD:5F:B7:94:28:E8:27:5B:DB:59:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/X9W0b9P6Ek_A8a9BpsvnX133VZw.roa
Signing time:             Sun 03 Aug 2025 09:14:29 +0000
ROA not before:           Sun 03 Aug 2025 09:14:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198233
IP address blocks:        146.19.177.0/24 maxlen: 24
                          2a13:88c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6f:36:0a:9f:d8:2b:e1:d3:34:ed:a4:c6:2a:91:bb:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbc83c392c5421c595cd5fb79428e8275bdb594c
        Validity
            Not Before: Aug  3 09:14:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fd5b46fd3fa124fc0f1af41a6cbe75f5df7559c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:50:b0:04:b2:42:82:63:07:98:c2:75:63:84:
                    cb:76:fc:1e:62:b9:32:89:8f:64:d0:91:9d:01:81:
                    29:ab:2a:45:24:df:e3:5a:32:69:7b:d0:fa:87:a2:
                    b5:8a:25:5a:4c:67:a7:ff:24:f1:0e:9b:fc:03:53:
                    3e:c7:49:38:6e:8f:24:ae:33:ba:d2:51:b5:f1:73:
                    07:81:8c:b7:7c:96:ce:e1:f9:c9:44:bf:7c:2c:a0:
                    97:8f:df:89:f8:e7:5e:fc:68:35:0c:40:e5:32:3b:
                    cc:bd:df:6b:42:f8:53:6d:1a:3e:03:e0:11:cc:05:
                    a8:d5:8d:e7:8e:87:43:69:b5:58:55:58:c9:44:c9:
                    78:db:91:17:ca:37:12:11:bd:78:ce:21:c6:3f:49:
                    07:5a:63:01:ec:38:9e:38:86:2f:b9:d7:e4:45:62:
                    a2:f4:b2:02:5a:54:14:87:da:94:b2:af:5a:84:c8:
                    d8:f1:68:bd:63:4f:dc:3a:57:bf:da:af:18:70:3c:
                    38:0d:4c:7f:85:75:b7:04:91:87:ee:a6:15:06:e2:
                    ef:25:f9:50:dc:f6:bc:83:ce:ef:72:74:6d:2a:b6:
                    4f:d4:1c:10:fd:ab:5e:18:47:46:7f:3a:72:19:b8:
                    1d:9a:29:00:4d:a4:27:e1:d0:31:d4:97:5e:18:2a:
                    7a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:D5:B4:6F:D3:FA:12:4F:C0:F1:AF:41:A6:CB:E7:5F:5D:F7:55:9C
            X509v3 Authority Key Identifier:
                keyid:CB:C8:3C:39:2C:54:21:C5:95:CD:5F:B7:94:28:E8:27:5B:DB:59:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/X9W0b9P6Ek_A8a9BpsvnX133VZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.177.0/24
                IPv6:
                  2a13:88c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b8:5e:f9:71:49:45:80:6e:29:9b:08:1d:32:de:42:10:a9:b0:
         d8:83:6b:66:30:55:35:4b:e9:11:c2:6d:8b:e8:de:d2:2f:98:
         04:09:a0:15:ac:97:aa:67:4a:c1:75:8b:3b:0d:05:cc:38:bd:
         aa:2f:9a:c6:bb:33:b5:3f:4b:c0:fd:47:f7:f7:11:6c:ae:75:
         a2:7f:5f:df:48:c8:14:89:7d:5a:74:71:28:a8:33:86:98:36:
         2f:3f:8f:80:33:13:54:4f:f5:ec:f1:a9:25:78:42:99:49:9a:
         cb:89:2b:44:15:a4:60:c1:bd:cf:87:1d:73:67:c9:64:b9:ab:
         97:cc:64:4f:4e:ad:52:91:f1:07:b6:a1:ca:2a:a9:c9:5c:2b:
         0b:15:f9:06:53:17:c8:98:a0:fd:7f:f2:a3:21:53:3a:5a:5b:
         b4:b3:49:71:bf:02:58:ac:24:96:70:8c:31:4c:70:07:34:ba:
         c1:58:31:9d:1e:9c:7c:ee:da:17:35:4d:3b:61:d8:40:6a:c5:
         ce:83:d3:56:17:79:96:c8:a2:bc:44:87:02:57:d3:78:ff:32:
         73:64:ff:d1:34:21:ca:9f:08:38:93:d5:cc:0f:9b:1a:f3:5f:
         2c:33:cf:e8:60:cc:bb:f1:d0:ad:92:2f:6c:46:fd:a1:d0:92:
         10:d1:f8:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZhvNgqf2Cvh0zTtpMYqkbtyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiYzgzYzM5MmM1NDIxYzU5NWNkNWZiNzk0MjhlODI3NWJk
YjU5NGMwHhcNMjUwODAzMDkxNDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmQ1YjQ2ZmQzZmExMjRmYzBmMWFmNDFhNmNiZTc1ZjVkZjc1NTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplCwBLJCgmMHmMJ1Y4TLdvweYrky
iY9k0JGdAYEpqypFJN/jWjJpe9D6h6K1iiVaTGen/yTxDpv8A1M+x0k4bo8krjO6
0lG18XMHgYy3fJbO4fnJRL98LKCXj9+J+Ode/Gg1DEDlMjvMvd9rQvhTbRo+A+AR
zAWo1Y3njodDabVYVVjJRMl425EXyjcSEb14ziHGP0kHWmMB7DieOIYvudfkRWKi
9LICWlQUh9qUsq9ahMjY8Wi9Y0/cOle/2q8YcDw4DUx/hXW3BJGH7qYVBuLvJflQ
3Pa8g87vcnRtKrZP1BwQ/ateGEdGfzpyGbgdmikATaQn4dAx1JdeGCp6GwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF/VtG/T+hJPwPGvQabL519d91WcMB8GA1UdIwQY
MBaAFMvIPDksVCHFlc1ft5Qo6Cdb21lMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveThnOE9TeFVJY1dWelYtM2xDam9KMXZiV1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zMDUyZGUtNTU4Yi00MzM0LThhNzAt
OWFkMzNhZTY1M2FkLzEvWDlXMGI5UDZFa19BOGE5QnBzdm5YMTMzVlp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zMDUyZGUtNTU4Yi00MzM0LThhNzAtOWFkMzNhZTY1M2Fk
LzEveThnOE9TeFVJY1dWelYtM2xDam9KMXZiV1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAkhOxMA0E
AgACMAcDBQMqE4jAMA0GCSqGSIb3DQEBCwUAA4IBAQC4XvlxSUWAbimbCB0y3kIQ
qbDYg2tmMFU1S+kRwm2L6N7SL5gECaAVrJeqZ0rBdYs7DQXMOL2qL5rGuzO1P0vA
/Uf39xFsrnWif1/fSMgUiX1adHEoqDOGmDYvP4+AMxNUT/Xs8akleEKZSZrLiStE
FaRgwb3Phx1zZ8lkuauXzGRPTq1SkfEHtqHKKqnJXCsLFfkGUxfImKD9f/KjIVM6
Wlu0s0lxvwJYrCSWcIwxTHAHNLrBWDGdHpx87toXNU07YdhAasXOg9NWF3mWyKK8
RIcCV9N4/zJzZP/RNCHKnwg4k9XMD5sa818sM8/oYMy78dCtki9sRv2h0JIQ0fjB
-----END CERTIFICATE-----