Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/0n7UCbZ1CSQD1chTufvi0D4SwWY.roa
File:                     0n7UCbZ1CSQD1chTufvi0D4SwWY.roa (raw, json)
Hash identifier:          MgxpLg44O6vyjfMuXtrh4vXnQpGl13H8GJ0o5ubu4IM=
Subject key identifier:   D2:7E:D4:09:B6:75:09:24:03:D5:C8:53:B9:FB:E2:D0:3E:12:C1:66
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       019A4E0D43D4C009636C2E51FD2DBA1E7A84
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/0n7UCbZ1CSQD1chTufvi0D4SwWY.roa
Signing time:             Tue 04 Nov 2025 08:48:03 +0000
ROA not before:           Tue 04 Nov 2025 08:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201337
IP address blocks:        84.236.137.0/24 maxlen: 24
                          84.236.189.0/24 maxlen: 24
                          178.156.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 08:48:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:0d:43:d4:c0:09:63:6c:2e:51:fd:2d:ba:1e:7a:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Nov  4 08:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d27ed409b675092403d5c853b9fbe2d03e12c166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:21:39:1e:76:6b:bc:0a:f6:67:07:72:70:ec:
                    27:a1:a8:b5:7e:a5:56:a1:a0:ec:97:4d:be:a1:44:
                    9c:b9:09:17:1d:c6:e0:9a:2e:a2:7e:8a:86:82:bf:
                    35:75:57:90:5f:b0:69:92:b5:18:b1:b8:3d:e5:1a:
                    f0:a7:a9:db:ef:23:89:89:90:51:33:e9:54:e2:26:
                    c8:2e:22:b4:44:2c:f5:ac:68:df:42:d9:c9:14:b8:
                    ef:87:83:c4:71:2e:15:57:aa:70:4d:a4:70:b4:55:
                    2d:27:bb:d6:67:d4:86:a6:b0:5b:d4:e2:73:5b:64:
                    f2:98:f8:d0:ec:ce:f7:10:36:d4:c9:c9:e2:a7:5f:
                    a5:b7:0e:19:96:60:e8:41:37:6b:e8:58:25:f4:75:
                    00:96:70:fc:a9:07:16:ee:73:ab:70:96:09:19:26:
                    47:76:c7:0b:2e:cc:91:d1:c3:35:5f:02:c5:72:91:
                    4a:54:59:6d:ce:66:f1:05:31:f3:d9:25:dc:b8:a2:
                    4e:63:9a:d1:05:56:de:d5:58:29:3b:b8:15:44:7e:
                    1b:89:ef:96:c2:f1:f0:c8:bd:cc:6a:8d:fa:45:a2:
                    2b:50:e3:63:a0:99:9a:a4:2c:d1:0c:21:3f:f3:c8:
                    ba:5e:25:35:53:42:78:36:4f:e1:2c:d5:53:30:85:
                    26:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:7E:D4:09:B6:75:09:24:03:D5:C8:53:B9:FB:E2:D0:3E:12:C1:66
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/0n7UCbZ1CSQD1chTufvi0D4SwWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.236.137.0/24
                  84.236.189.0/24
                  178.156.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:ee:15:02:20:1f:6e:19:c9:91:43:a1:3e:4f:a5:59:bd:22:
         b7:21:5e:b6:06:56:bb:06:ac:ff:2f:42:b7:7d:b9:1c:d2:db:
         31:f9:21:4e:72:c3:a0:42:fb:9d:45:90:63:78:5c:ca:85:12:
         cd:26:89:2d:4b:f0:2f:9f:17:58:bc:87:d3:27:b5:28:35:2f:
         21:55:91:f8:8e:7f:a9:d9:16:46:39:d4:34:17:c1:2d:81:c6:
         c9:23:49:10:3a:e7:d0:ee:1a:ab:a3:4d:8c:ee:85:19:90:91:
         51:e8:b2:1a:21:34:e1:50:5b:3e:f1:e0:80:ba:58:ed:23:1a:
         37:02:af:04:26:51:f7:c3:c0:32:15:0b:b0:3d:d8:20:7b:4d:
         45:bf:13:61:60:1f:f6:b3:74:dd:5c:cc:4f:e6:aa:f1:cb:ab:
         29:2e:3c:8f:21:b4:0f:5d:c2:c4:6e:a4:d1:32:d0:8a:73:7f:
         86:1a:44:e9:d9:f9:cb:3a:15:50:df:3a:87:13:77:30:59:54:
         06:9b:f2:ab:0b:85:e6:d5:08:be:03:00:cf:58:55:09:01:04:
         3a:84:69:52:87:aa:5b:24:04:3f:ea:1b:b8:a7:35:e4:84:3f:
         bf:74:51:cd:09:67:2e:42:ee:0d:8a:c1:f8:68:a5:75:b5:ef:
         0e:cf:97:26
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZpODUPUwAljbC5R/S26HnqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjUxMTA0MDg0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjdlZDQwOWI2NzUwOTI0MDNkNWM4NTNiOWZiZTJkMDNlMTJjMTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCE5HnZrvAr2ZwdycOwnoai1fqVW
oaDsl02+oUScuQkXHcbgmi6ifoqGgr81dVeQX7BpkrUYsbg95Rrwp6nb7yOJiZBR
M+lU4ibILiK0RCz1rGjfQtnJFLjvh4PEcS4VV6pwTaRwtFUtJ7vWZ9SGprBb1OJz
W2TymPjQ7M73EDbUycnip1+ltw4ZlmDoQTdr6Fgl9HUAlnD8qQcW7nOrcJYJGSZH
dscLLsyR0cM1XwLFcpFKVFltzmbxBTHz2SXcuKJOY5rRBVbe1VgpO7gVRH4bie+W
wvHwyL3Mao36RaIrUONjoJmapCzRDCE/88i6XiU1U0J4Nk/hLNVTMIUmbQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNJ+1Am2dQkkA9XIU7n74tA+EsFmMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvMG43VUNiWjFDU1FEMWNoVHVmdmkwRDRTd1dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVOyJAwQA
VOy9AwQAspxLMA0GCSqGSIb3DQEBCwUAA4IBAQBe7hUCIB9uGcmRQ6E+T6VZvSK3
IV62Bla7Bqz/L0K3fbkc0tsx+SFOcsOgQvudRZBjeFzKhRLNJoktS/AvnxdYvIfT
J7UoNS8hVZH4jn+p2RZGOdQ0F8EtgcbJI0kQOufQ7hqro02M7oUZkJFR6LIaITTh
UFs+8eCAuljtIxo3Aq8EJlH3w8AyFQuwPdgge01FvxNhYB/2s3TdXMxP5qrxy6sp
LjyPIbQPXcLEbqTRMtCKc3+GGkTp2fnLOhVQ3zqHE3cwWVQGm/KrC4Xm1Qi+AwDP
WFUJAQQ6hGlSh6pbJAQ/6hu4pzXkhD+/dFHNCWcuQu4NisH4aKV1te8Oz5cm
-----END CERTIFICATE-----