Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/nWpFu-ia2X0bjJCOwDt5OD3QhUU.roa
File:                     nWpFu-ia2X0bjJCOwDt5OD3QhUU.roa (raw, json)
Hash identifier:          j+w1oRLaR1UCeH6IJgbFlYRh4McsjrNOg64gWYp7KyE=
Subject key identifier:   9D:6A:45:BB:E8:9A:D9:7D:1B:8C:90:8E:C0:3B:79:38:3D:D0:85:45
Certificate issuer:       /CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Certificate serial:       019870DC19188854D572FD2F1FB2778E8686
Authority key identifier: A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/nWpFu-ia2X0bjJCOwDt5OD3QhUU.roa
Signing time:             Sun 03 Aug 2025 16:55:29 +0000
ROA not before:           Sun 03 Aug 2025 16:55:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211557
IP address blocks:        185.73.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 07:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:70:dc:19:18:88:54:d5:72:fd:2f:1f:b2:77:8e:86:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
        Validity
            Not Before: Aug  3 16:55:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d6a45bbe89ad97d1b8c908ec03b79383dd08545
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7a:2f:42:d3:55:9a:6d:5b:8c:9a:28:b5:5f:
                    34:3a:44:fb:35:d3:1b:cd:64:16:1f:5f:30:6f:37:
                    93:4d:49:be:8a:98:0c:0c:05:9c:b8:22:6a:e1:ab:
                    6e:93:f0:be:34:c7:e8:f9:9b:5e:6a:fa:b4:c4:ff:
                    3c:10:9a:3a:c8:5a:bd:6f:04:2c:7b:4b:e2:74:17:
                    d7:ac:c0:25:b9:16:46:cd:16:07:4d:97:46:79:26:
                    f7:22:66:3a:c6:fa:cf:92:e6:34:78:a5:00:aa:1e:
                    f5:55:fb:c9:b8:e4:6c:5f:f3:93:14:cc:37:a1:9b:
                    65:94:71:a6:8a:90:4e:ea:3a:eb:0f:e4:cc:16:8d:
                    02:26:63:30:c9:67:cd:3c:64:33:96:b3:b2:09:2d:
                    f7:13:c6:e5:1c:ed:52:6d:a8:bf:7d:75:dd:19:b8:
                    a0:ba:95:70:cc:93:29:73:71:e5:d3:ed:21:26:8f:
                    1b:96:0b:05:8b:06:ce:4a:bc:72:16:58:ea:93:bf:
                    86:e6:7a:44:ff:ab:d7:69:f5:e4:55:a2:da:54:ce:
                    90:67:f4:af:18:2f:45:1a:19:9d:79:ce:61:20:ec:
                    1d:54:1c:1d:49:a1:2f:67:f4:e5:24:cd:11:3b:9b:
                    f4:d8:8c:9e:2a:67:88:23:28:7b:37:ab:26:27:b7:
                    bc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:6A:45:BB:E8:9A:D9:7D:1B:8C:90:8E:C0:3B:79:38:3D:D0:85:45
            X509v3 Authority Key Identifier:
                keyid:A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/nWpFu-ia2X0bjJCOwDt5OD3QhUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:28:cb:61:94:3a:f6:fe:22:73:8f:c8:a0:1d:bb:69:51:95:
         0c:8e:3b:7c:be:b7:93:3c:0b:28:97:2d:f7:5d:5b:2a:fa:a4:
         16:bd:42:ae:69:d4:25:92:79:df:9e:00:be:e8:c4:70:0b:4c:
         6d:5a:61:a9:bd:1b:c7:f4:4a:af:cc:5f:fb:d2:19:48:fc:7d:
         97:38:92:88:ba:c4:24:37:c0:8a:cd:93:de:ff:7a:c7:73:7f:
         8f:bc:25:11:c8:8a:d2:24:49:52:ac:32:3a:65:a6:57:90:98:
         89:20:cc:87:dd:ac:45:79:75:d6:f0:bd:9a:99:1d:53:a7:7b:
         6d:1e:b3:af:cc:2c:6e:ea:80:51:eb:d5:f8:d8:3c:e5:b2:3d:
         98:10:d1:36:ed:4b:ce:65:0d:cf:e9:58:1f:e9:06:4d:ae:8b:
         f4:22:d5:2b:22:56:6f:ca:6f:f4:2c:ff:fd:86:a5:15:35:48:
         11:08:6d:ef:15:3c:08:25:d5:ed:8d:bb:a9:a7:22:6b:7e:ee:
         cf:21:1f:5a:50:ed:04:43:e5:e4:f6:1d:d4:02:8f:4c:72:30:
         f4:c2:3d:44:f0:c0:56:f4:99:49:bb:6d:92:bc:8a:da:0d:5c:
         5b:42:bd:28:5c:d0:8b:00:44:99:1b:7b:1a:f2:9a:af:31:5b:
         e2:cf:56:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhw3BkYiFTVcv0vH7J3joaGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmRkOWRhZDc1ODc3ZjdkMjhkMTRlMDhkYzU1YjEzMzBi
ZDEzYjcwHhcNMjUwODAzMTY1NTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDZhNDViYmU4OWFkOTdkMWI4YzkwOGVjMDNiNzkzODNkZDA4NTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3ovQtNVmm1bjJootV80OkT7NdMb
zWQWH18wbzeTTUm+ipgMDAWcuCJq4atuk/C+NMfo+Zteavq0xP88EJo6yFq9bwQs
e0vidBfXrMAluRZGzRYHTZdGeSb3ImY6xvrPkuY0eKUAqh71VfvJuORsX/OTFMw3
oZtllHGmipBO6jrrD+TMFo0CJmMwyWfNPGQzlrOyCS33E8blHO1Sbai/fXXdGbig
upVwzJMpc3Hl0+0hJo8blgsFiwbOSrxyFljqk7+G5npE/6vXafXkVaLaVM6QZ/Sv
GC9FGhmdec5hIOwdVBwdSaEvZ/TlJM0RO5v02IyeKmeIIyh7N6smJ7e8IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1qRbvomtl9G4yQjsA7eTg90IVFMB8GA1UdIwQY
MBaAFKdt2drXWHf30o0U4I3FWxMwvRO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQt
MmFjNmZmNzViZWIwLzEvbldwRnUtaWEyWDBiakpDT3dEdDVPRDNRaFVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQtMmFjNmZmNzViZWIw
LzEvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUnLMA0G
CSqGSIb3DQEBCwUAA4IBAQA4KMthlDr2/iJzj8igHbtpUZUMjjt8vreTPAsoly33
XVsq+qQWvUKuadQlknnfngC+6MRwC0xtWmGpvRvH9EqvzF/70hlI/H2XOJKIusQk
N8CKzZPe/3rHc3+PvCURyIrSJElSrDI6ZaZXkJiJIMyH3axFeXXW8L2amR1Tp3tt
HrOvzCxu6oBR69X42Dzlsj2YENE27UvOZQ3P6Vgf6QZNrov0ItUrIlZvym/0LP/9
hqUVNUgRCG3vFTwIJdXtjbuppyJrfu7PIR9aUO0EQ+Xk9h3UAo9McjD0wj1E8MBW
9JlJu22SvIraDVxbQr0oXNCLAESZG3sa8pqvMVviz1YV
-----END CERTIFICATE-----