Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fPgPk-g5nAbUEctGpKlK-wElGrQ.roa
File:                     fPgPk-g5nAbUEctGpKlK-wElGrQ.roa (raw, json)
Hash identifier:          fUiU8cmu0Vl0EEBUPnbk+ZPPzHVDMBVRymSRQ3YrHGo=
Subject key identifier:   7C:F8:0F:93:E8:39:9C:06:D4:11:CB:46:A4:A9:4A:FB:01:25:1A:B4
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019763E7B161BF4AD966DF8EB6780AD6BD16
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fPgPk-g5nAbUEctGpKlK-wElGrQ.roa
Signing time:             Thu 12 Jun 2025 11:30:17 +0000
ROA not before:           Thu 12 Jun 2025 11:30:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208483
IP address blocks:        128.0.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 17:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:e7:b1:61:bf:4a:d9:66:df:8e:b6:78:0a:d6:bd:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun 12 11:30:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cf80f93e8399c06d411cb46a4a94afb01251ab4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1c:5c:fa:6e:a7:cb:48:9b:f1:f2:19:cf:8f:
                    b0:72:5c:82:82:ab:c2:8b:8e:ea:0c:a3:8b:6a:18:
                    7e:eb:07:11:af:be:93:fa:65:60:32:6e:a3:f7:70:
                    b4:bc:21:11:da:e4:f4:3c:47:1e:2c:c1:ef:a2:c9:
                    94:92:74:ae:40:32:7d:49:83:c8:81:32:f7:ca:c5:
                    ef:10:50:f2:11:07:ef:6a:15:df:b5:b0:e5:6f:0c:
                    2a:38:b7:b7:fb:9b:75:ef:bd:c2:9a:b9:4b:62:d8:
                    d0:55:43:a6:8c:f9:9b:d6:30:14:b3:35:3f:0b:a4:
                    d4:23:e5:a4:8a:fd:69:2e:72:04:49:7e:7b:46:9b:
                    50:d2:41:5d:48:cc:68:8d:49:14:8c:a4:3c:a0:60:
                    44:34:4d:eb:69:ec:54:26:28:48:56:3a:e5:ea:e7:
                    dd:d0:b7:8e:63:c0:9e:e0:0c:2d:2a:68:52:33:fa:
                    6d:4a:e6:58:66:ad:8a:e1:93:d3:f0:b5:d1:e8:b0:
                    3a:55:45:73:82:2c:49:23:02:d9:53:ee:e5:0b:b5:
                    06:a1:e3:6e:53:ef:1a:cc:dc:f6:7e:bc:b3:2b:83:
                    71:c1:3f:86:47:9a:38:73:fb:07:c9:e6:e4:ab:ad:
                    a8:fb:19:eb:9b:3f:90:4f:b3:cf:54:fe:e3:45:27:
                    3d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F8:0F:93:E8:39:9C:06:D4:11:CB:46:A4:A9:4A:FB:01:25:1A:B4
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fPgPk-g5nAbUEctGpKlK-wElGrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:6e:56:7b:2d:bb:5e:3a:7f:0d:b0:7a:26:6a:49:c6:cf:0f:
         5b:10:a8:d1:03:68:c6:8e:6e:87:73:98:6e:6d:59:42:6e:27:
         14:f3:ba:b9:83:5c:fd:55:d8:4d:41:02:2e:1e:e7:7a:a4:7b:
         1e:56:2f:ea:fd:2e:13:12:d9:5c:8e:01:c9:d2:73:f6:90:7f:
         f7:7a:f0:b4:19:d9:e5:96:81:7e:75:42:4d:de:f1:9f:00:fc:
         3e:9a:c6:13:15:57:9f:a8:4d:b5:92:0b:56:20:2f:8c:c3:59:
         39:8b:9f:43:f6:72:96:81:62:13:a5:a8:d7:1b:e0:99:d1:93:
         e1:0c:4a:08:31:a3:bb:12:4c:3c:93:89:1f:f2:9f:8e:4d:b8:
         97:45:4f:0c:52:0e:98:f0:f6:28:27:14:7f:84:aa:63:a2:ba:
         07:7c:d7:ec:09:f2:0b:0d:48:6b:d6:66:62:a0:32:fa:df:df:
         de:52:ae:7d:8e:91:03:dc:9f:f5:36:10:bd:f4:ce:8d:ac:f3:
         db:09:e9:4c:a5:df:d4:ab:6f:e6:8c:8f:7e:3e:b7:ee:45:e8:
         47:0e:43:db:6a:c3:17:bd:16:00:5b:7e:3f:be:07:47:a9:ae:
         70:47:70:eb:b6:0f:eb:bc:c0:3f:6a:8f:ae:b9:3e:22:8c:0f:
         6a:7b:fb:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdj57Fhv0rZZt+OtngK1r0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwNjEyMTEzMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Y4MGY5M2U4Mzk5YzA2ZDQxMWNiNDZhNGE5NGFmYjAxMjUxYWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRxc+m6ny0ib8fIZz4+wclyCgqvC
i47qDKOLahh+6wcRr76T+mVgMm6j93C0vCER2uT0PEceLMHvosmUknSuQDJ9SYPI
gTL3ysXvEFDyEQfvahXftbDlbwwqOLe3+5t1773CmrlLYtjQVUOmjPmb1jAUszU/
C6TUI+Wkiv1pLnIESX57RptQ0kFdSMxojUkUjKQ8oGBENE3raexUJihIVjrl6ufd
0LeOY8Ce4AwtKmhSM/ptSuZYZq2K4ZPT8LXR6LA6VUVzgixJIwLZU+7lC7UGoeNu
U+8azNz2fryzK4NxwT+GR5o4c/sHyebkq62o+xnrmz+QT7PPVP7jRSc9QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHz4D5PoOZwG1BHLRqSpSvsBJRq0MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvZlBnUGstZzVuQWJVRWN0R3BLbEstd0VsR3JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgAABMA0G
CSqGSIb3DQEBCwUAA4IBAQBGblZ7LbteOn8NsHomaknGzw9bEKjRA2jGjm6Hc5hu
bVlCbicU87q5g1z9VdhNQQIuHud6pHseVi/q/S4TEtlcjgHJ0nP2kH/3evC0Gdnl
loF+dUJN3vGfAPw+msYTFVefqE21kgtWIC+Mw1k5i59D9nKWgWITpajXG+CZ0ZPh
DEoIMaO7Ekw8k4kf8p+OTbiXRU8MUg6Y8PYoJxR/hKpjoroHfNfsCfILDUhr1mZi
oDL639/eUq59jpED3J/1NhC99M6NrPPbCelMpd/Uq2/mjI9+PrfuRehHDkPbasMX
vRYAW34/vgdHqa5wR3Drtg/rvMA/ao+uuT4ijA9qe/uU
-----END CERTIFICATE-----