Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/vd2pBoJBZhf5P4J8dtMG91g6Jt4.roa
File:                     vd2pBoJBZhf5P4J8dtMG91g6Jt4.roa (raw, json)
Hash identifier:          rtCqRJvAHr3CK7C32hUZPO+hSIBq5AQ/a8C+367rDXc=
Subject key identifier:   BD:DD:A9:06:82:41:66:17:F9:3F:82:7C:76:D3:06:F7:58:3A:26:DE
Certificate issuer:       /CN=7e5555f1a2cee89b7134656086f054d796353c1e
Certificate serial:       019856CAD09003427C681C86DE8FEEFF9E72
Authority key identifier: 7E:55:55:F1:A2:CE:E8:9B:71:34:65:60:86:F0:54:D7:96:35:3C:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flVV8aLO6JtxNGVghvBU15Y1PB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/vd2pBoJBZhf5P4J8dtMG91g6Jt4.roa
Signing time:             Tue 29 Jul 2025 15:26:28 +0000
ROA not before:           Tue 29 Jul 2025 15:26:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12213
IP address blocks:        193.93.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/flVV8aLO6JtxNGVghvBU15Y1PB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/flVV8aLO6JtxNGVghvBU15Y1PB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flVV8aLO6JtxNGVghvBU15Y1PB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 09:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:56:ca:d0:90:03:42:7c:68:1c:86:de:8f:ee:ff:9e:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e5555f1a2cee89b7134656086f054d796353c1e
        Validity
            Not Before: Jul 29 15:26:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bddda90682416617f93f827c76d306f7583a26de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a2:87:c2:b3:73:9a:c4:de:b0:67:de:b9:bf:
                    8d:46:32:55:b6:64:bb:85:5c:b5:5b:88:ef:de:dd:
                    d1:8e:06:3a:aa:05:65:03:04:16:26:3d:b7:f6:54:
                    66:cc:87:3e:d5:21:73:20:5f:d5:65:62:4f:d0:47:
                    9a:90:36:9e:46:3d:ec:9a:78:47:b9:be:42:97:a1:
                    e6:cd:f0:06:79:ef:71:5c:0c:3c:0a:ff:57:68:b0:
                    96:14:d6:86:7f:5d:11:ae:22:eb:b6:29:95:7b:ae:
                    d5:9a:c8:d6:6d:1f:0f:c6:92:c2:a5:60:42:70:32:
                    d6:a0:6b:e1:fa:17:68:36:23:67:1f:38:60:ae:87:
                    4e:83:cb:b8:eb:01:91:c7:ef:b8:cf:51:3c:ce:8c:
                    08:c6:35:68:ee:d5:b1:22:53:1a:c2:cf:16:3d:d2:
                    62:b4:36:29:0e:f5:0a:0f:4d:0c:51:4f:8f:28:8f:
                    bb:31:4c:4a:ba:0d:7a:ba:ed:05:67:a3:f8:58:e9:
                    68:d9:dd:38:69:f4:3b:74:d5:05:25:70:b3:4a:77:
                    7f:81:e8:3a:01:a2:7e:95:e8:66:1b:63:03:53:42:
                    1a:c3:7c:03:23:53:58:0f:7a:46:e8:cf:83:b9:b1:
                    74:02:56:9a:a3:37:13:5a:be:3e:5e:ad:74:71:46:
                    4c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:DD:A9:06:82:41:66:17:F9:3F:82:7C:76:D3:06:F7:58:3A:26:DE
            X509v3 Authority Key Identifier:
                keyid:7E:55:55:F1:A2:CE:E8:9B:71:34:65:60:86:F0:54:D7:96:35:3C:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flVV8aLO6JtxNGVghvBU15Y1PB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/vd2pBoJBZhf5P4J8dtMG91g6Jt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/flVV8aLO6JtxNGVghvBU15Y1PB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:7b:6e:94:15:2a:17:df:80:d0:85:4e:de:4a:6e:25:11:7b:
         7c:1d:74:5f:e6:c1:32:01:54:53:41:45:75:e7:f5:00:bd:64:
         14:07:9a:ee:d4:10:e7:b1:78:19:c9:61:aa:89:17:95:07:bb:
         b8:d7:fa:6a:cf:b4:c6:7a:d0:fc:9d:80:8b:97:32:da:88:6b:
         cf:da:e2:e0:de:03:f8:0b:62:6f:d0:07:4d:12:b8:cc:bf:67:
         01:d9:29:71:8a:56:58:8a:86:3c:5f:db:a5:8d:7c:f5:b3:2f:
         3a:93:5b:ed:b0:79:f7:85:41:3f:44:01:e2:82:5a:81:f7:30:
         b7:07:fd:2d:b3:29:62:b8:e2:7a:b5:6c:c4:f3:20:60:61:be:
         a6:54:fe:5a:dd:70:df:6e:c5:f3:73:09:36:81:40:62:cb:18:
         a0:d7:b6:30:da:1d:f6:57:4d:94:2e:09:9a:bf:4d:42:ba:79:
         5e:8b:a1:38:71:f0:3a:53:27:a3:3d:2e:c1:51:2d:01:98:e1:
         3c:ae:a5:3e:f5:c3:2b:17:81:57:8a:24:69:cd:58:7a:ab:ba:
         a7:67:7e:81:0c:47:ce:24:0e:ba:7b:b9:f2:6e:86:dc:75:db:
         b5:eb:18:93:4f:ef:b4:0f:90:43:9e:ac:66:90:31:73:27:a4:
         1c:2d:94:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhWytCQA0J8aByG3o/u/55yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNTU1NWYxYTJjZWU4OWI3MTM0NjU2MDg2ZjA1NGQ3OTYz
NTNjMWUwHhcNMjUwNzI5MTUyNjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGRkYTkwNjgyNDE2NjE3ZjkzZjgyN2M3NmQzMDZmNzU4M2EyNmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKKHwrNzmsTesGfeub+NRjJVtmS7
hVy1W4jv3t3RjgY6qgVlAwQWJj239lRmzIc+1SFzIF/VZWJP0EeakDaeRj3smnhH
ub5Cl6HmzfAGee9xXAw8Cv9XaLCWFNaGf10RriLrtimVe67VmsjWbR8PxpLCpWBC
cDLWoGvh+hdoNiNnHzhgrodOg8u46wGRx++4z1E8zowIxjVo7tWxIlMaws8WPdJi
tDYpDvUKD00MUU+PKI+7MUxKug16uu0FZ6P4WOlo2d04afQ7dNUFJXCzSnd/geg6
AaJ+lehmG2MDU0Iaw3wDI1NYD3pG6M+DubF0AlaaozcTWr4+Xq10cUZMCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3dqQaCQWYX+T+CfHbTBvdYOibeMB8GA1UdIwQY
MBaAFH5VVfGizuibcTRlYIbwVNeWNTweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmxWVjhhTE82SnR4TkdWZ2h2QlUxNVkxUEI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8wNWExY2EtMzNjNS00YWVmLTljOWEt
ZjUwZmQ5OTM3M2VjLzEvdmQycEJvSkJaaGY1UDRKOGR0TUc5MWc2SnQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8wNWExY2EtMzNjNS00YWVmLTljOWEtZjUwZmQ5OTM3M2Vj
LzEvZmxWVjhhTE82SnR4TkdWZ2h2QlUxNVkxUEI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwV1UMA0G
CSqGSIb3DQEBCwUAA4IBAQAle26UFSoX34DQhU7eSm4lEXt8HXRf5sEyAVRTQUV1
5/UAvWQUB5ru1BDnsXgZyWGqiReVB7u41/pqz7TGetD8nYCLlzLaiGvP2uLg3gP4
C2Jv0AdNErjMv2cB2SlxilZYioY8X9uljXz1sy86k1vtsHn3hUE/RAHiglqB9zC3
B/0tsyliuOJ6tWzE8yBgYb6mVP5a3XDfbsXzcwk2gUBiyxig17Yw2h32V02ULgma
v01Cunlei6E4cfA6UyejPS7BUS0BmOE8rqU+9cMrF4FXiiRpzVh6q7qnZ36BDEfO
JA66e7nybobcddu16xiTT++0D5BDnqxmkDFzJ6QcLZTF
-----END CERTIFICATE-----