Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/QxU1oUg0L71x8I3OUGU7EffxOtQ.roa
File:                     QxU1oUg0L71x8I3OUGU7EffxOtQ.roa (raw, json)
Hash identifier:          x4WguF8OrW9WYJ2uUgagYn93WyWPPdlfvjM3+EJeaQQ=
Subject key identifier:   43:15:35:A1:48:34:2F:BD:71:F0:8D:CE:50:65:3B:11:F7:F1:3A:D4
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       0198676686524B65765D700F4AA4061EEAFD
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/QxU1oUg0L71x8I3OUGU7EffxOtQ.roa
Signing time:             Fri 01 Aug 2025 20:50:29 +0000
ROA not before:           Fri 01 Aug 2025 20:50:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58507
IP address blocks:        161.8.0.0/18 maxlen: 24
                          161.8.192.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:67:66:86:52:4b:65:76:5d:70:0f:4a:a4:06:1e:ea:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Aug  1 20:50:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=431535a148342fbd71f08dce50653b11f7f13ad4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:34:2a:81:77:2c:5b:01:36:1a:a2:d9:16:7b:
                    55:24:e2:59:db:bf:84:87:74:de:e0:06:c8:fd:ee:
                    08:aa:72:6a:39:92:25:ad:f4:ee:65:c2:f4:4d:a2:
                    21:c9:a2:c1:87:3c:57:29:e5:a9:f0:b1:7d:1a:76:
                    61:41:2d:52:33:cd:c6:bf:4c:d4:51:fb:88:87:db:
                    0a:3f:05:72:09:e6:98:71:0b:14:f8:84:e5:91:52:
                    88:c2:a9:58:b5:62:3e:f0:5d:ab:bd:b2:75:58:c6:
                    b2:12:78:67:f2:4f:60:55:9b:e6:11:52:ab:48:ff:
                    8b:31:3f:79:a7:7d:1c:10:88:4f:1a:9c:ac:c1:16:
                    af:b6:bf:ee:9d:de:30:b1:61:77:32:56:fd:d7:c6:
                    47:1a:3a:64:7b:50:30:f9:d0:12:b6:74:15:5a:fd:
                    4e:61:fd:f5:e4:f0:05:dc:63:3e:41:04:49:fa:57:
                    d9:b7:fb:57:57:6b:de:5f:cd:0c:17:c2:7d:f2:9c:
                    fa:30:27:3a:61:55:dc:49:3b:35:ad:16:56:48:db:
                    2b:21:ef:57:4d:6e:6e:4d:d9:f3:89:bf:c0:cc:80:
                    02:9f:72:87:d4:47:db:61:43:01:db:9d:e5:df:d0:
                    41:a4:89:74:30:a2:fe:db:4c:54:46:51:3b:73:8a:
                    e7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:15:35:A1:48:34:2F:BD:71:F0:8D:CE:50:65:3B:11:F7:F1:3A:D4
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/QxU1oUg0L71x8I3OUGU7EffxOtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.8.0.0/18
                  161.8.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         55:53:b5:8b:71:ce:1c:be:33:0d:58:95:5d:47:44:d4:ab:4b:
         2f:6a:f5:94:5c:ee:79:d3:cb:80:a4:9a:d7:e5:c9:87:a7:b0:
         2e:8b:7a:f5:65:0d:1a:67:ab:e7:4c:ae:8b:ce:fd:a5:fc:e4:
         c8:78:17:5c:43:11:09:b9:3d:8d:ce:2c:6f:88:b0:a5:c3:8b:
         8d:2c:49:35:bd:b2:da:41:96:da:7c:01:3d:88:03:a5:bc:c3:
         f3:5c:7b:ee:d9:6b:6f:67:58:9c:2c:0a:fb:06:e3:a9:ab:d7:
         08:38:af:04:cb:09:e7:f8:66:75:6a:25:9c:76:96:17:0d:65:
         b3:42:1c:d7:19:b4:7e:50:62:20:ac:65:88:f0:b1:9e:f4:66:
         03:52:a8:85:35:3b:7d:a6:84:e0:5c:d2:e5:17:15:de:90:36:
         3a:09:01:1c:02:83:cf:c4:3a:0f:81:13:63:73:de:cc:48:3d:
         c4:66:ef:29:42:9d:f8:e2:1a:35:58:4f:7a:9a:fe:6a:04:b2:
         83:2d:9c:ff:7d:c7:a8:dd:d6:66:d0:dc:4b:23:68:fe:10:38:
         ec:41:ce:f0:b3:53:07:fe:8b:96:70:d9:c3:9e:07:e9:90:ff:
         c8:73:56:fd:ff:43:92:56:7e:1a:6f:15:e3:9d:ac:e1:12:c4:
         4e:2a:7f:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhnZoZSS2V2XXAPSqQGHur9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjUwODAxMjA1MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzE1MzVhMTQ4MzQyZmJkNzFmMDhkY2U1MDY1M2IxMWY3ZjEzYWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DQqgXcsWwE2GqLZFntVJOJZ27+E
h3Te4AbI/e4IqnJqOZIlrfTuZcL0TaIhyaLBhzxXKeWp8LF9GnZhQS1SM83Gv0zU
UfuIh9sKPwVyCeaYcQsU+ITlkVKIwqlYtWI+8F2rvbJ1WMayEnhn8k9gVZvmEVKr
SP+LMT95p30cEIhPGpyswRavtr/und4wsWF3Mlb918ZHGjpke1Aw+dAStnQVWv1O
Yf315PAF3GM+QQRJ+lfZt/tXV2veX80MF8J98pz6MCc6YVXcSTs1rRZWSNsrIe9X
TW5uTdnzib/AzIACn3KH1EfbYUMB253l39BBpIl0MKL+20xURlE7c4rnkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEMVNaFINC+9cfCNzlBlOxH38TrUMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvUXhVMW9VZzBMNzF4OEkzT1VHVTdFZmZ4T3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGoQgAAwQG
oQjAMA0GCSqGSIb3DQEBCwUAA4IBAQBVU7WLcc4cvjMNWJVdR0TUq0svavWUXO55
08uApJrX5cmHp7Aui3r1ZQ0aZ6vnTK6Lzv2l/OTIeBdcQxEJuT2NzixviLClw4uN
LEk1vbLaQZbafAE9iAOlvMPzXHvu2WtvZ1icLAr7BuOpq9cIOK8Eywnn+GZ1aiWc
dpYXDWWzQhzXGbR+UGIgrGWI8LGe9GYDUqiFNTt9poTgXNLlFxXekDY6CQEcAoPP
xDoPgRNjc97MSD3EZu8pQp344ho1WE96mv5qBLKDLZz/fceo3dZm0NxLI2j+EDjs
Qc7ws1MH/ouWcNnDngfpkP/Ic1b9/0OSVn4abxXjnazhEsROKn9D
-----END CERTIFICATE-----