Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1ff4c-a58f-4ee3-98e9-d79ce2deea70/1/ChX8pazd-3AGexip8e66J_qv-5s.roa
File:                     ChX8pazd-3AGexip8e66J_qv-5s.roa (raw, json)
Hash identifier:          WJAdxZ3OiI7mTsTBH6nQW+FFyZetDh90YtsYr8TxOkE=
Subject key identifier:   0A:15:FC:A5:AC:DD:FB:70:06:7B:18:A9:F1:EE:BA:27:FA:AF:FB:9B
Certificate issuer:       /CN=d4074714142f83970148fab0ec3e2117c393c491
Certificate serial:       019879473FA49F9E2300819DE7CDDE3BDFDA
Authority key identifier: D4:07:47:14:14:2F:83:97:01:48:FA:B0:EC:3E:21:17:C3:93:C4:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1AdHFBQvg5cBSPqw7D4hF8OTxJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1ff4c-a58f-4ee3-98e9-d79ce2deea70/1/ChX8pazd-3AGexip8e66J_qv-5s.roa
Signing time:             Tue 05 Aug 2025 08:09:29 +0000
ROA not before:           Tue 05 Aug 2025 08:09:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210331
IP address blocks:        217.65.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a1ff4c-a58f-4ee3-98e9-d79ce2deea70/1/1AdHFBQvg5cBSPqw7D4hF8OTxJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a1ff4c-a58f-4ee3-98e9-d79ce2deea70/1/1AdHFBQvg5cBSPqw7D4hF8OTxJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1AdHFBQvg5cBSPqw7D4hF8OTxJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 11:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:79:47:3f:a4:9f:9e:23:00:81:9d:e7:cd:de:3b:df:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4074714142f83970148fab0ec3e2117c393c491
        Validity
            Not Before: Aug  5 08:09:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a15fca5acddfb70067b18a9f1eeba27faaffb9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:81:f3:6e:b6:cc:83:f7:7e:ed:d4:66:f9:da:
                    c2:61:f3:31:59:a1:9e:7f:89:95:e0:58:af:34:cc:
                    e1:26:0a:dd:d1:d9:73:a9:e6:0f:ff:9c:17:0b:74:
                    64:31:16:a8:19:64:35:58:8a:6f:2a:e0:4a:34:96:
                    be:2e:d6:a0:5a:08:b5:7d:06:78:15:0a:29:f1:d3:
                    06:17:12:50:73:21:15:a5:92:78:ad:1e:3a:64:0c:
                    be:be:97:cc:2a:6d:54:07:50:f6:a7:b4:e9:78:6b:
                    28:e3:d2:4f:7b:5c:7f:f0:e7:fd:a2:c4:47:3e:13:
                    c9:f9:32:94:0b:33:4a:a2:89:d2:45:10:a9:2e:36:
                    26:79:88:9b:ac:f6:fd:e7:46:3c:ea:86:e1:11:11:
                    c2:9d:43:c6:12:44:d4:86:76:33:e1:69:ac:00:45:
                    68:79:e1:ae:fd:77:42:7f:3a:da:a4:c9:22:f7:d7:
                    c9:dc:79:d4:b6:2c:66:7a:57:09:b6:c4:f7:c6:c2:
                    99:a9:be:bc:63:58:2d:7a:f3:0f:71:8c:5c:b7:2d:
                    88:5a:78:5b:05:79:50:ec:38:73:89:34:f3:79:27:
                    dd:b7:1a:69:5d:9c:c4:41:97:97:df:42:cf:8c:e2:
                    57:9d:55:eb:ee:7b:a0:9b:60:d8:d7:51:3c:06:8c:
                    c3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:15:FC:A5:AC:DD:FB:70:06:7B:18:A9:F1:EE:BA:27:FA:AF:FB:9B
            X509v3 Authority Key Identifier:
                keyid:D4:07:47:14:14:2F:83:97:01:48:FA:B0:EC:3E:21:17:C3:93:C4:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1AdHFBQvg5cBSPqw7D4hF8OTxJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1ff4c-a58f-4ee3-98e9-d79ce2deea70/1/ChX8pazd-3AGexip8e66J_qv-5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1ff4c-a58f-4ee3-98e9-d79ce2deea70/1/1AdHFBQvg5cBSPqw7D4hF8OTxJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.65.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:4e:6b:71:70:ad:49:0f:61:cc:5b:26:d7:af:19:6f:34:fd:
         9a:0b:33:e9:16:f7:4d:e5:d6:8f:2d:1f:be:f8:30:89:8b:d4:
         1f:8b:ba:49:6c:70:37:cb:60:6e:d3:b3:82:e3:fc:d7:9e:98:
         99:8d:7f:cf:15:6f:ce:17:44:af:24:20:20:0d:fd:dc:ea:3f:
         83:9d:b6:ac:9d:de:f8:83:6a:3f:39:2c:29:e9:0f:4f:bb:cc:
         c6:7d:db:d3:0a:25:d9:1f:32:4b:fa:bb:d9:44:c5:8b:31:a1:
         51:3d:f1:48:ca:0e:a7:8e:a5:0d:87:57:bd:36:6f:8d:3a:da:
         27:43:d2:64:ab:6d:b0:f4:a8:d3:d8:13:1f:d5:1f:8e:b6:36:
         10:fb:6b:4c:fb:e3:22:45:0e:46:aa:a6:68:98:ac:a0:12:e7:
         d4:59:3e:de:e1:3e:96:07:ce:84:36:41:99:b2:82:c4:8f:64:
         51:8e:53:89:97:63:b8:70:3d:51:32:a5:ad:4f:86:3f:fe:5b:
         8f:6e:62:90:be:5d:9c:15:42:bf:b0:fc:11:11:a1:14:aa:d7:
         f1:c5:82:45:a6:dc:2a:6c:4c:7f:02:62:61:2a:36:42:ff:c3:
         99:f2:f1:33:85:01:2c:9f:fc:96:e4:87:c4:e9:b4:6a:e2:6c:
         de:3e:71:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh5Rz+kn54jAIGd583eO9/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MDc0NzE0MTQyZjgzOTcwMTQ4ZmFiMGVjM2UyMTE3YzM5
M2M0OTEwHhcNMjUwODA1MDgwOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTE1ZmNhNWFjZGRmYjcwMDY3YjE4YTlmMWVlYmEyN2ZhYWZmYjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYHzbrbMg/d+7dRm+drCYfMxWaGe
f4mV4FivNMzhJgrd0dlzqeYP/5wXC3RkMRaoGWQ1WIpvKuBKNJa+LtagWgi1fQZ4
FQop8dMGFxJQcyEVpZJ4rR46ZAy+vpfMKm1UB1D2p7TpeGso49JPe1x/8Of9osRH
PhPJ+TKUCzNKoonSRRCpLjYmeYibrPb950Y86obhERHCnUPGEkTUhnYz4WmsAEVo
eeGu/XdCfzrapMki99fJ3HnUtixmelcJtsT3xsKZqb68Y1gtevMPcYxcty2IWnhb
BXlQ7DhziTTzeSfdtxppXZzEQZeX30LPjOJXnVXr7nugm2DY11E8BozD6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAoV/KWs3ftwBnsYqfHuuif6r/ubMB8GA1UdIwQY
MBaAFNQHRxQUL4OXAUj6sOw+IRfDk8SRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUFkSEZCUXZnNWNCU1BxdzdENGhGOE9UeEpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMWZmNGMtYTU4Zi00ZWUzLTk4ZTkt
ZDc5Y2UyZGVlYTcwLzEvQ2hYOHBhemQtM0FHZXhpcDhlNjZKX3F2LTVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMWZmNGMtYTU4Zi00ZWUzLTk4ZTktZDc5Y2UyZGVlYTcw
LzEvMUFkSEZCUXZnNWNCU1BxdzdENGhGOE9UeEpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2UFLMA0G
CSqGSIb3DQEBCwUAA4IBAQCeTmtxcK1JD2HMWybXrxlvNP2aCzPpFvdN5daPLR++
+DCJi9Qfi7pJbHA3y2Bu07OC4/zXnpiZjX/PFW/OF0SvJCAgDf3c6j+Dnbasnd74
g2o/OSwp6Q9Pu8zGfdvTCiXZHzJL+rvZRMWLMaFRPfFIyg6njqUNh1e9Nm+NOton
Q9Jkq22w9KjT2BMf1R+OtjYQ+2tM++MiRQ5GqqZomKygEufUWT7e4T6WB86ENkGZ
soLEj2RRjlOJl2O4cD1RMqWtT4Y//luPbmKQvl2cFUK/sPwREaEUqtfxxYJFptwq
bEx/AmJhKjZC/8OZ8vEzhQEsn/yW5IfE6bRq4mzePnFm
-----END CERTIFICATE-----