Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/1-bTG4fJ9woZmiRnGA3mMnt-HFQU.roa
File:                     1-bTG4fJ9woZmiRnGA3mMnt-HFQU.roa (raw, json)
Hash identifier:          sBL1HNYrxZcmkezvdPWd49u3uAN+SQyINP0GsQYDsEg=
Subject key identifier:   F9:B4:C6:E1:F2:7D:C2:86:66:89:19:C6:03:79:8C:9E:DF:87:15:05
Certificate issuer:       /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial:       019874D53FA27263E43EEA17AA53EA7965CE
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/1-bTG4fJ9woZmiRnGA3mMnt-HFQU.roa
Signing time:             Mon 04 Aug 2025 11:26:29 +0000
ROA not before:           Mon 04 Aug 2025 11:26:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211500
IP address blocks:        176.118.160.0/22 maxlen: 22
                          212.23.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:d5:3f:a2:72:63:e4:3e:ea:17:aa:53:ea:79:65:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
        Validity
            Not Before: Aug  4 11:26:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9b4c6e1f27dc286668919c603798c9edf871505
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:51:04:7a:eb:c7:54:38:15:a2:08:b9:df:b5:
                    20:1b:0f:39:76:a4:67:af:d9:89:70:13:7d:23:92:
                    f2:93:8a:ed:42:be:0d:20:43:bf:88:87:2f:ca:4e:
                    8d:d6:be:da:98:78:0a:80:1e:cb:3c:1a:6b:68:a6:
                    40:ad:12:2d:ce:4b:a3:33:f2:de:14:ab:5a:0f:2e:
                    7a:23:66:ef:33:45:b9:d6:c5:18:32:63:b2:97:4a:
                    d5:aa:c8:67:02:85:f2:fc:25:a3:5b:e1:72:dc:a0:
                    e0:d8:66:d4:bf:c3:aa:1c:01:e2:ff:12:75:c1:dd:
                    13:63:25:e6:e3:2c:23:f9:c6:81:09:20:f0:4b:91:
                    9f:85:57:50:0a:eb:1d:d1:04:75:c2:bc:7e:97:35:
                    e0:9b:d6:cb:78:bb:90:f7:09:e9:9d:1f:89:a5:23:
                    a0:fe:a9:9a:30:4d:b5:3b:c2:4f:2e:22:7e:20:35:
                    6e:a2:1e:9b:50:b1:b7:53:87:de:0c:b5:b3:af:41:
                    f6:36:94:d9:e2:4e:22:22:21:34:18:08:79:45:e0:
                    5a:8d:63:87:b2:ea:76:c9:f7:9b:8c:d6:66:bf:b9:
                    c7:2e:dc:80:f6:28:ea:e0:46:32:8b:30:bb:c5:95:
                    66:ef:67:69:56:8f:ce:37:46:bb:e2:21:05:91:cf:
                    38:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:B4:C6:E1:F2:7D:C2:86:66:89:19:C6:03:79:8C:9E:DF:87:15:05
            X509v3 Authority Key Identifier:
                keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/1-bTG4fJ9woZmiRnGA3mMnt-HFQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.160.0/22
                  212.23.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:d9:16:9f:dc:d9:38:7e:d5:86:f8:f7:37:15:bc:19:09:41:
         c9:53:ab:1e:c6:61:6d:18:8e:52:91:26:24:e5:21:46:1d:1a:
         54:3c:5f:25:73:29:3b:8c:a2:d2:5e:19:e2:18:22:3a:ff:2c:
         d4:82:2e:18:43:42:63:36:f8:fd:b1:fe:4a:eb:9e:88:b0:ab:
         5f:71:89:a4:bb:ab:12:b9:f6:1e:7b:7e:66:a5:6f:f7:e7:41:
         c7:77:28:b9:60:c8:e5:e0:b1:41:6c:82:c0:d2:db:80:df:e3:
         79:7d:99:04:f8:9e:ad:fa:5f:e1:9a:2e:48:36:ec:2d:2c:75:
         a6:54:f9:91:95:28:a3:3c:6b:16:e6:6b:14:34:a5:4f:c1:f3:
         43:fd:94:d1:2b:00:da:bd:11:28:6d:0a:c6:62:0b:8a:47:fe:
         e0:c8:d6:a6:33:41:0f:bc:c9:c9:a2:2a:b4:e0:75:85:9e:a3:
         bc:8f:f1:da:fc:e0:88:b9:29:a6:17:ea:53:a4:27:23:6d:81:
         b9:a1:66:cd:f4:29:77:71:78:c9:a8:f1:99:cf:1c:5f:5a:c5:
         84:bc:19:78:8e:fb:92:89:30:8b:fd:07:e4:bb:7d:4a:9b:5b:
         3f:29:0b:98:36:03:e8:64:0b:12:72:b3:bd:ae:5e:69:78:bd:
         57:1f:8e:6e
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZh01T+icmPkPuoXqlPqeWXOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjUwODA0MTEyNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWI0YzZlMWYyN2RjMjg2NjY4OTE5YzYwMzc5OGM5ZWRmODcxNTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11EEeuvHVDgVogi537UgGw85dqRn
r9mJcBN9I5Lyk4rtQr4NIEO/iIcvyk6N1r7amHgKgB7LPBpraKZArRItzkujM/Le
FKtaDy56I2bvM0W51sUYMmOyl0rVqshnAoXy/CWjW+Fy3KDg2GbUv8OqHAHi/xJ1
wd0TYyXm4ywj+caBCSDwS5GfhVdQCusd0QR1wrx+lzXgm9bLeLuQ9wnpnR+JpSOg
/qmaME21O8JPLiJ+IDVuoh6bULG3U4feDLWzr0H2NpTZ4k4iIiE0GAh5ReBajWOH
sup2yfebjNZmv7nHLtyA9ijq4EYyizC7xZVm72dpVo/ON0a74iEFkc84JQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPm0xuHyfcKGZokZxgN5jJ7fhxUFMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvMS1iVEc0Zko5d29abWlSbkdBM21NbnQtSEZRVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzQvMDk4ZDEzLTZkNmQtNDI5NC05NzUzLWE4NzczZGU3Njhm
Ny8xL0FLXzJ0T18tZkRZLThnRDI4LVdJaTVGYnBvRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEArB2oAME
ANQXzDANBgkqhkiG9w0BAQsFAAOCAQEAmNkWn9zZOH7Vhvj3NxW8GQlByVOrHsZh
bRiOUpEmJOUhRh0aVDxfJXMpO4yi0l4Z4hgiOv8s1IIuGENCYzb4/bH+SuueiLCr
X3GJpLurErn2Hnt+ZqVv9+dBx3couWDI5eCxQWyCwNLbgN/jeX2ZBPierfpf4Zou
SDbsLSx1plT5kZUoozxrFuZrFDSlT8HzQ/2U0SsA2r0RKG0KxmILikf+4MjWpjNB
D7zJyaIqtOB1hZ6jvI/x2vzgiLkpphfqU6QnI22BuaFmzfQpd3F4yajxmc8cX1rF
hLwZeI77kokwi/0H5Lt9SptbPykLmDYD6GQLEnKzva5eaXi9Vx+Obg==
-----END CERTIFICATE-----