Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/087UupeobRWZv5Tg2oEF0C56iBA.roa
File:                     087UupeobRWZv5Tg2oEF0C56iBA.roa (raw, json)
Hash identifier:          zWP3Bk5tOFSv0zyFnnjB/V+owp0c/zcYuM6L9hK4AdI=
Subject key identifier:   D3:CE:D4:BA:97:A8:6D:15:99:BF:94:E0:DA:81:05:D0:2E:7A:88:10
Certificate issuer:       /CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Certificate serial:       01987FDFA4212EAB541AC95CABFD204A6425
Authority key identifier: 1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/087UupeobRWZv5Tg2oEF0C56iBA.roa
Signing time:             Wed 06 Aug 2025 14:53:39 +0000
ROA not before:           Wed 06 Aug 2025 14:53:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15626
IP address blocks:        130.0.232.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 08:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:df:a4:21:2e:ab:54:1a:c9:5c:ab:fd:20:4a:64:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
        Validity
            Not Before: Aug  6 14:53:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3ced4ba97a86d1599bf94e0da8105d02e7a8810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fe:14:58:00:c0:8d:0a:66:40:89:54:f2:b7:
                    06:d9:e0:ad:30:a7:e8:fa:91:e4:3a:22:8f:4c:bb:
                    f8:2c:ac:e1:e7:06:fb:7a:c1:c4:26:49:86:b8:f7:
                    d4:f4:9b:60:f4:21:9b:36:6b:2e:dd:76:bb:b6:b2:
                    e5:45:b8:e8:18:a0:db:9e:31:ab:ff:e3:f6:73:53:
                    7f:fd:f2:a6:a2:8f:77:86:d0:72:11:78:0b:56:39:
                    09:86:8a:2e:3a:62:e5:6b:07:68:71:44:86:25:6c:
                    08:08:d8:d3:72:6d:19:3e:bd:e4:c9:d6:c2:2e:de:
                    17:19:e3:e7:fa:40:5a:c2:6c:bc:90:5e:ea:02:0c:
                    aa:37:e7:4d:48:5f:c2:f8:5a:3c:2a:06:e8:a2:64:
                    84:00:d1:e0:44:33:b5:7f:57:16:26:15:ae:d5:ac:
                    ed:99:ce:33:a4:5d:2b:a0:0b:86:5d:84:10:03:8d:
                    2c:16:9d:18:9a:fc:28:97:d6:cd:c4:03:67:b7:2e:
                    fd:10:95:3d:9f:91:07:a6:38:6c:94:31:b6:c4:80:
                    e0:3f:a1:5c:88:ad:66:e1:53:e8:19:36:6d:42:ec:
                    e0:39:69:13:95:4b:51:cf:80:e6:47:16:43:6d:b8:
                    93:a7:b2:0c:88:56:4c:47:00:76:4e:44:67:f5:c0:
                    b5:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:CE:D4:BA:97:A8:6D:15:99:BF:94:E0:DA:81:05:D0:2E:7A:88:10
            X509v3 Authority Key Identifier:
                keyid:1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/087UupeobRWZv5Tg2oEF0C56iBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.0.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         58:53:70:3b:ea:e6:c5:80:4a:ae:aa:a7:a7:5f:05:15:45:ee:
         92:be:9a:2b:0a:f9:0a:99:31:1d:b3:93:19:77:3a:be:3e:0a:
         6f:3b:eb:87:25:fb:eb:94:26:3f:1d:65:43:98:5d:07:83:98:
         17:1c:5d:cd:87:19:96:3d:ab:4a:f9:e3:f8:8c:53:10:50:18:
         8d:6a:f8:2e:d2:e0:ec:6a:13:5e:4a:dd:d2:6d:55:2c:ce:3b:
         78:88:39:d3:3e:51:27:88:c9:08:07:1e:54:49:62:4c:83:c9:
         30:b2:5a:ff:f2:6c:46:be:08:5b:86:18:2f:63:aa:38:9c:28:
         38:f4:a1:6d:15:c9:dd:bd:e9:f0:7d:66:39:e8:a0:8f:86:94:
         3a:58:2f:9a:33:b1:a4:f0:95:8d:f6:29:85:1e:1f:77:a0:4a:
         94:6b:07:71:ba:ac:1b:ca:6a:06:f2:88:8e:66:c7:e0:c8:03:
         04:d3:e1:45:6f:a9:7e:d3:a1:ec:99:b8:0e:cb:38:ff:92:2c:
         ff:57:00:f4:fd:b6:68:3b:0d:70:ff:ab:b3:08:9b:78:19:2a:
         8f:d1:f5:96:89:17:37:78:14:3c:e1:e0:c8:1f:a7:97:83:4f:
         cd:26:68:b8:0f:a2:35:55:ce:c3:2a:16:2d:56:44:6d:bf:9a:
         26:54:77:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh/36QhLqtUGslcq/0gSmQlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRjMjI1OTVmYzFmNTg4ZmJjNGRkZTA3YzFjMzk0OTk4
ZjMzYTcwHhcNMjUwODA2MTQ1MzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2NlZDRiYTk3YTg2ZDE1OTliZjk0ZTBkYTgxMDVkMDJlN2E4ODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/4UWADAjQpmQIlU8rcG2eCtMKfo
+pHkOiKPTLv4LKzh5wb7esHEJkmGuPfU9Jtg9CGbNmsu3Xa7trLlRbjoGKDbnjGr
/+P2c1N//fKmoo93htByEXgLVjkJhoouOmLlawdocUSGJWwICNjTcm0ZPr3kydbC
Lt4XGePn+kBawmy8kF7qAgyqN+dNSF/C+Fo8KgboomSEANHgRDO1f1cWJhWu1azt
mc4zpF0roAuGXYQQA40sFp0Ymvwol9bNxANnty79EJU9n5EHpjhslDG2xIDgP6Fc
iK1m4VPoGTZtQuzgOWkTlUtRz4DmRxZDbbiTp7IMiFZMRwB2TkRn9cC1OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPO1LqXqG0Vmb+U4NqBBdAueogQMB8GA1UdIwQY
MBaAFBpNwiWV/B9Yj7xN3gfBw5SZjzOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYt
MmI3OGIxOWI1YTg3LzEvMDg3VXVwZW9iUldadjVUZzJvRUYwQzU2aUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYtMmI3OGIxOWI1YTg3
LzEvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDggDoMA0G
CSqGSIb3DQEBCwUAA4IBAQBYU3A76ubFgEquqqenXwUVRe6SvporCvkKmTEds5MZ
dzq+PgpvO+uHJfvrlCY/HWVDmF0Hg5gXHF3NhxmWPatK+eP4jFMQUBiNavgu0uDs
ahNeSt3SbVUszjt4iDnTPlEniMkIBx5USWJMg8kwslr/8mxGvghbhhgvY6o4nCg4
9KFtFcndvenwfWY56KCPhpQ6WC+aM7Gk8JWN9imFHh93oEqUawdxuqwbymoG8oiO
ZsfgyAME0+FFb6l+06HsmbgOyzj/kiz/VwD0/bZoOw1w/6uzCJt4GSqP0fWWiRc3
eBQ84eDIH6eXg0/NJmi4D6I1Vc7DKhYtVkRtv5omVHcO
-----END CERTIFICATE-----