Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/ands1ewW_p4rUPNxNNwaH3t7Wgw.roa
File:                     ands1ewW_p4rUPNxNNwaH3t7Wgw.roa (raw, json)
Hash identifier:          r0Kt8ppRm38RnP39fdx5wDLkfswfrhUk1HCm9MglBrU=
Subject key identifier:   6A:77:6C:D5:EC:16:FE:9E:2B:50:F3:71:34:DC:1A:1F:7B:7B:5A:0C
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       01987A81348B97D019D25842880A12D25055
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/ands1ewW_p4rUPNxNNwaH3t7Wgw.roa
Signing time:             Tue 05 Aug 2025 13:52:24 +0000
ROA not before:           Tue 05 Aug 2025 13:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34702
IP address blocks:        114.129.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 17:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7a:81:34:8b:97:d0:19:d2:58:42:88:0a:12:d2:50:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Aug  5 13:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a776cd5ec16fe9e2b50f37134dc1a1f7b7b5a0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b7:54:81:54:61:16:7f:9e:2a:be:2a:72:a9:
                    36:b9:0f:50:de:e4:da:c1:25:d1:0d:d1:83:16:62:
                    05:e1:bf:f7:05:e3:5f:0c:16:9e:9c:c8:d5:d1:d8:
                    42:c4:ca:91:4b:29:e8:f1:d0:e9:e1:b2:7e:d8:5e:
                    37:88:33:43:3a:77:8e:cb:31:ad:12:68:d9:60:a7:
                    48:ae:89:a8:50:96:1d:5e:a4:43:49:2e:bc:cf:f9:
                    06:d3:48:b7:1c:ee:97:00:7c:d6:c4:9d:87:54:ce:
                    33:10:42:e1:65:be:75:77:19:66:3a:ca:04:1b:79:
                    a4:2d:25:69:36:cb:c7:b8:38:68:91:c3:7c:1d:3c:
                    fb:38:c9:c5:e1:67:85:8b:81:82:7b:be:ce:18:4c:
                    1a:49:b1:f5:cb:89:84:3e:6e:3a:f3:70:73:bd:09:
                    2c:94:05:b5:91:59:93:a3:82:68:62:c3:90:86:f4:
                    1b:6c:3e:95:84:e4:77:a1:e1:64:44:88:4a:59:4f:
                    c3:0b:9d:b8:a5:25:87:ac:72:49:97:b2:4e:a7:8e:
                    f5:2a:a3:27:f2:90:13:13:90:f9:ec:57:cc:b5:40:
                    3b:77:e4:49:e0:97:e5:d4:bc:49:1e:90:30:9e:78:
                    f3:c4:49:e4:c2:bd:af:f3:83:40:62:32:b0:55:52:
                    3a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:77:6C:D5:EC:16:FE:9E:2B:50:F3:71:34:DC:1A:1F:7B:7B:5A:0C
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/ands1ewW_p4rUPNxNNwaH3t7Wgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.129.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:1c:4b:36:b2:60:e4:d8:97:1c:b2:d6:b2:17:48:b1:fa:e1:
         4a:bf:45:00:70:48:51:08:dd:76:76:56:2d:80:f0:85:97:63:
         c6:f4:24:2f:73:84:a7:a1:1f:99:0f:ba:d1:cb:b3:fb:3a:77:
         39:80:0e:3d:ce:c4:b7:59:78:05:bc:13:4e:3d:cd:d3:ee:9a:
         ad:61:3b:09:f0:04:ae:6a:a1:f9:8c:04:06:c2:39:f5:cc:ec:
         a8:73:3a:70:c3:a6:cd:7c:6b:e6:5f:45:4b:0c:12:99:e1:32:
         74:bc:85:4c:dd:89:5c:0f:db:a8:0d:7f:71:68:ec:85:b5:a4:
         32:32:d1:2a:fe:bb:d1:8c:ba:00:b7:c6:99:be:2d:5d:0f:43:
         6b:66:67:64:e3:5e:f0:15:65:7c:6c:8a:2b:cf:d5:c2:05:6e:
         80:74:0b:4f:6c:52:16:fc:dc:a6:c6:2e:7b:f8:0e:34:f7:0b:
         8d:fd:76:c4:1d:d5:d7:87:db:bc:64:b0:8e:64:b7:32:99:6f:
         4d:00:af:c3:bb:6d:92:54:1c:76:85:8c:4e:3f:b3:bf:2b:04:
         fe:af:0f:b4:8c:f2:fe:0d:66:1b:1d:9d:d0:59:0c:33:b1:6e:
         a4:08:0e:e2:47:18:73:38:d2:b6:83:e4:de:8a:81:d3:60:bb:
         b4:22:cc:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh6gTSLl9AZ0lhCiAoS0lBVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjUwODA1MTM1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTc3NmNkNWVjMTZmZTllMmI1MGYzNzEzNGRjMWExZjdiN2I1YTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rdUgVRhFn+eKr4qcqk2uQ9Q3uTa
wSXRDdGDFmIF4b/3BeNfDBaenMjV0dhCxMqRSyno8dDp4bJ+2F43iDNDOneOyzGt
EmjZYKdIromoUJYdXqRDSS68z/kG00i3HO6XAHzWxJ2HVM4zEELhZb51dxlmOsoE
G3mkLSVpNsvHuDhokcN8HTz7OMnF4WeFi4GCe77OGEwaSbH1y4mEPm4683BzvQks
lAW1kVmTo4JoYsOQhvQbbD6VhOR3oeFkRIhKWU/DC524pSWHrHJJl7JOp471KqMn
8pATE5D57FfMtUA7d+RJ4Jfl1LxJHpAwnnjzxEnkwr2v84NAYjKwVVI6hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGp3bNXsFv6eK1DzcTTcGh97e1oMMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvYW5kczFld1dfcDRyVVBOeE5Od2FIM3Q3V2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAcoEJMA0G
CSqGSIb3DQEBCwUAA4IBAQDNHEs2smDk2JccstayF0ix+uFKv0UAcEhRCN12dlYt
gPCFl2PG9CQvc4SnoR+ZD7rRy7P7Onc5gA49zsS3WXgFvBNOPc3T7pqtYTsJ8ASu
aqH5jAQGwjn1zOyoczpww6bNfGvmX0VLDBKZ4TJ0vIVM3YlcD9uoDX9xaOyFtaQy
MtEq/rvRjLoAt8aZvi1dD0NrZmdk417wFWV8bIorz9XCBW6AdAtPbFIW/Nymxi57
+A409wuN/XbEHdXXh9u8ZLCOZLcymW9NAK/Du22SVBx2hYxOP7O/KwT+rw+0jPL+
DWYbHZ3QWQwzsW6kCA7iRxhzONK2g+TeioHTYLu0Isw4
-----END CERTIFICATE-----