Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/0VerGYtqkn-bpkLU4lNyPROKJKI.roa
File:                     0VerGYtqkn-bpkLU4lNyPROKJKI.roa (raw, json)
Hash identifier:          0VzsdR9TcNCTx4hJtj6JD1JHzxfylckxiznc2AWvLwU=
Subject key identifier:   D1:57:AB:19:8B:6A:92:7F:9B:A6:42:D4:E2:53:72:3D:13:8A:24:A2
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0198791A62C01EAAB3636ACD3670288DB36F
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/0VerGYtqkn-bpkLU4lNyPROKJKI.roa
Signing time:             Tue 05 Aug 2025 07:20:29 +0000
ROA not before:           Tue 05 Aug 2025 07:20:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     154049
IP address blocks:        188.255.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:79:1a:62:c0:1e:aa:b3:63:6a:cd:36:70:28:8d:b3:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Aug  5 07:20:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d157ab198b6a927f9ba642d4e253723d138a24a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c9:dd:59:39:c1:6f:5b:80:f3:af:a7:6c:4e:
                    d6:d8:9a:97:c7:b1:fe:f4:32:af:5c:b8:bb:ad:64:
                    70:94:f8:2d:b4:67:5e:b6:86:92:70:5f:fc:53:92:
                    df:58:d3:20:53:e9:46:7f:8e:65:44:1b:63:5b:6e:
                    8f:82:7c:de:13:bb:19:d8:9d:1e:4b:9b:06:fc:19:
                    8a:ce:df:d6:43:95:56:f4:54:dc:da:8c:5f:b5:b6:
                    75:94:7d:aa:8a:03:88:00:f2:8a:ac:61:d6:69:16:
                    f9:a8:37:54:14:c6:14:65:3b:ff:dc:4f:12:5b:05:
                    09:93:30:f8:c1:d7:11:2e:f5:b7:67:32:63:3a:b4:
                    db:57:ac:75:dd:ed:8d:2c:93:61:0b:63:ad:2c:24:
                    0b:ce:13:57:f3:f2:b6:88:45:69:2e:0a:49:37:48:
                    a1:7e:1c:f6:01:b3:c8:c3:b0:76:7f:c2:52:09:de:
                    4e:b9:13:7c:d4:9c:1a:5f:e0:61:ba:aa:59:1c:16:
                    a9:10:ce:de:6d:9a:9f:22:28:0d:d3:68:5c:e2:ed:
                    a3:88:3e:c3:55:69:ba:4e:a4:b1:6d:05:8d:18:aa:
                    dc:c3:b9:00:ab:bc:98:63:ea:c6:ae:c4:51:c3:a4:
                    52:d3:05:ea:1a:c1:0c:89:52:a1:0e:80:4a:c1:e2:
                    71:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:57:AB:19:8B:6A:92:7F:9B:A6:42:D4:E2:53:72:3D:13:8A:24:A2
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/0VerGYtqkn-bpkLU4lNyPROKJKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:ee:d8:24:7c:02:db:e8:6e:e1:54:42:20:12:89:ae:ea:c8:
         56:93:5d:77:aa:b2:1b:34:d1:0f:f2:7e:db:d2:c5:4d:cd:95:
         15:d7:f3:6e:35:10:2d:49:5d:0c:fd:35:72:de:65:2c:4d:e5:
         75:60:dc:bf:22:5e:ff:c6:e7:e7:c4:70:d6:9e:96:fd:48:27:
         8e:81:e6:7a:c6:68:b2:66:45:85:e7:ec:1d:a7:69:1b:39:95:
         cb:7c:98:00:8d:fb:9a:ec:62:12:8f:3d:47:88:37:24:60:ae:
         34:75:be:6d:f5:94:6c:36:99:9e:61:87:98:01:ff:0a:c4:37:
         b8:93:01:1a:ae:a5:9a:13:3a:0c:7c:22:f1:86:3e:a7:88:19:
         67:57:c6:d4:bb:37:0e:c8:e5:32:44:d3:02:28:c7:6f:0a:72:
         60:2e:b4:a1:09:24:ab:6b:2d:c2:90:62:c5:69:ce:56:d6:21:
         b5:f2:d4:e2:98:20:43:15:7f:8f:a8:30:66:7a:d2:4e:46:78:
         14:a0:0e:d0:64:d2:d5:97:ee:d6:11:ba:c0:b0:88:ed:bb:96:
         eb:ba:bd:b6:06:a6:a8:83:9a:35:c8:f1:ff:98:62:1a:e2:88:
         1d:48:ae:89:de:36:9f:62:67:3b:ff:c7:c9:fb:fe:69:64:84:
         e4:bc:67:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh5GmLAHqqzY2rNNnAojbNvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwODA1MDcyMDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTU3YWIxOThiNmE5MjdmOWJhNjQyZDRlMjUzNzIzZDEzOGEyNGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusndWTnBb1uA86+nbE7W2JqXx7H+
9DKvXLi7rWRwlPgttGdetoaScF/8U5LfWNMgU+lGf45lRBtjW26PgnzeE7sZ2J0e
S5sG/BmKzt/WQ5VW9FTc2oxftbZ1lH2qigOIAPKKrGHWaRb5qDdUFMYUZTv/3E8S
WwUJkzD4wdcRLvW3ZzJjOrTbV6x13e2NLJNhC2OtLCQLzhNX8/K2iEVpLgpJN0ih
fhz2AbPIw7B2f8JSCd5OuRN81JwaX+BhuqpZHBapEM7ebZqfIigN02hc4u2jiD7D
VWm6TqSxbQWNGKrcw7kAq7yYY+rGrsRRw6RS0wXqGsEMiVKhDoBKweJxkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFXqxmLapJ/m6ZC1OJTcj0TiiSiMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvMFZlckdZdHFrbi1icGtMVTRsTnlQUk9LSktJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/YMA0G
CSqGSIb3DQEBCwUAA4IBAQBt7tgkfALb6G7hVEIgEomu6shWk113qrIbNNEP8n7b
0sVNzZUV1/NuNRAtSV0M/TVy3mUsTeV1YNy/Il7/xufnxHDWnpb9SCeOgeZ6xmiy
ZkWF5+wdp2kbOZXLfJgAjfua7GISjz1HiDckYK40db5t9ZRsNpmeYYeYAf8KxDe4
kwEarqWaEzoMfCLxhj6niBlnV8bUuzcOyOUyRNMCKMdvCnJgLrShCSSray3CkGLF
ac5W1iG18tTimCBDFX+PqDBmetJORngUoA7QZNLVl+7WEbrAsIjtu5brur22Bqao
g5o1yPH/mGIa4ogdSK6J3jafYmc7/8fJ+/5pZITkvGch
-----END CERTIFICATE-----