Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/C-0GBSjt5EkrQhuu1z2lCOmwKvs.roa
File:                     C-0GBSjt5EkrQhuu1z2lCOmwKvs.roa (raw, json)
Hash identifier:          2R8h59W8AGB+2kq7TW/8IFolwXE+BsDOT/kw+k3wz9Q=
Subject key identifier:   0B:ED:06:05:28:ED:E4:49:2B:42:1B:AE:D7:3D:A5:08:E9:B0:2A:FB
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       019A06277EFBEABB9441D737D6DAFB9DF772
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/C-0GBSjt5EkrQhuu1z2lCOmwKvs.roa
Signing time:             Tue 21 Oct 2025 09:44:03 +0000
ROA not before:           Tue 21 Oct 2025 09:44:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13687
IP address blocks:        147.161.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:06:27:7e:fb:ea:bb:94:41:d7:37:d6:da:fb:9d:f7:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Oct 21 09:44:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bed060528ede4492b421baed73da508e9b02afb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2c:7e:35:03:1e:22:8a:29:e3:00:d5:cd:a7:
                    e5:ed:e4:7e:06:c6:1b:e5:4d:f0:83:d0:bc:41:a0:
                    a9:9a:45:3d:0e:88:68:4e:19:36:94:7b:ce:1d:12:
                    8b:f1:f3:b1:de:4b:ab:fc:fa:15:f6:cf:da:30:f1:
                    e6:85:f0:58:62:c2:33:1d:ed:62:07:48:37:70:e5:
                    90:7e:20:59:69:c0:08:db:14:aa:5c:4f:01:f4:0f:
                    69:b9:da:9f:f6:a4:79:0e:e7:a1:be:16:7a:c9:37:
                    02:e4:28:6e:2b:5f:b6:72:24:f9:79:89:7e:13:04:
                    f8:17:d6:50:41:4c:d5:05:78:cd:af:07:e0:2a:59:
                    32:bc:74:f8:18:77:d7:c7:d5:41:49:f0:9a:d1:da:
                    87:85:e0:c3:0b:15:d7:a8:3e:a8:cf:85:31:46:08:
                    9f:80:eb:8f:4d:27:eb:cc:52:d5:fe:bc:f5:87:62:
                    dc:f5:3f:7e:49:19:e4:56:63:cc:7b:e4:54:e3:11:
                    b0:1b:b2:05:3a:42:ba:2a:20:99:1a:27:62:7e:35:
                    c3:8b:cb:79:02:49:ac:cb:2b:14:bf:a5:c3:6b:44:
                    0b:e5:68:2f:8c:4a:6a:bd:11:1e:07:fe:f6:89:4e:
                    5a:0e:87:ea:07:77:da:87:59:b2:19:47:ba:ea:75:
                    90:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:ED:06:05:28:ED:E4:49:2B:42:1B:AE:D7:3D:A5:08:E9:B0:2A:FB
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/C-0GBSjt5EkrQhuu1z2lCOmwKvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.161.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:74:0f:d8:ee:57:a1:bd:87:ea:a3:9b:a3:13:51:96:57:9d:
         d3:cd:4d:e3:23:28:48:f4:18:5b:6f:ce:12:ab:e7:da:24:78:
         dd:f2:00:e3:9d:1c:f5:6c:c4:44:9a:06:e1:de:85:c6:9f:db:
         42:0a:1c:02:10:b8:07:05:d6:36:c2:71:17:9b:ad:42:f1:38:
         30:00:d0:7d:02:20:01:7c:e2:d6:14:7c:15:53:30:19:b2:12:
         05:c8:6f:71:11:e0:9a:1f:95:2b:8b:ad:5e:66:ca:6e:c8:fc:
         94:f0:8e:38:65:1a:ad:47:d0:40:71:a5:66:e4:98:5e:28:47:
         6f:41:66:ec:72:0c:42:54:76:d9:63:78:23:b9:bd:9f:4e:e8:
         b7:3f:3f:a5:9d:fa:c5:5b:4a:76:e5:f8:26:03:49:d3:ba:4c:
         a8:05:b7:3e:19:b0:e7:1c:3b:de:37:df:d8:1b:6c:e6:aa:62:
         d3:7f:16:3c:f3:5b:6f:d8:14:76:5a:f6:cd:0c:eb:27:ae:75:
         a8:57:f5:bb:87:fb:6d:2e:81:98:39:99:25:d4:79:97:6b:fa:
         66:fc:1d:c6:a7:7a:61:37:b4:c9:c8:36:81:c4:94:ff:b8:9b:
         a7:ce:fb:e4:1b:3d:95:0a:27:1a:12:9a:9a:7f:bf:fb:58:be:
         7e:e3:68:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoGJ3776ruUQdc31tr7nfdyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjUxMDIxMDk0NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmVkMDYwNTI4ZWRlNDQ5MmI0MjFiYWVkNzNkYTUwOGU5YjAyYWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSx+NQMeIoop4wDVzafl7eR+BsYb
5U3wg9C8QaCpmkU9DohoThk2lHvOHRKL8fOx3kur/PoV9s/aMPHmhfBYYsIzHe1i
B0g3cOWQfiBZacAI2xSqXE8B9A9pudqf9qR5DuehvhZ6yTcC5ChuK1+2ciT5eYl+
EwT4F9ZQQUzVBXjNrwfgKlkyvHT4GHfXx9VBSfCa0dqHheDDCxXXqD6oz4UxRgif
gOuPTSfrzFLV/rz1h2Lc9T9+SRnkVmPMe+RU4xGwG7IFOkK6KiCZGidifjXDi8t5
AkmsyysUv6XDa0QL5WgvjEpqvREeB/72iU5aDofqB3fah1myGUe66nWQuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvtBgUo7eRJK0Ibrtc9pQjpsCr7MB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvQy0wR0JTanQ1RWtyUWh1dTF6MmxDT213S3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk6EDMA0G
CSqGSIb3DQEBCwUAA4IBAQAYdA/Y7lehvYfqo5ujE1GWV53TzU3jIyhI9Bhbb84S
q+faJHjd8gDjnRz1bMREmgbh3oXGn9tCChwCELgHBdY2wnEXm61C8TgwANB9AiAB
fOLWFHwVUzAZshIFyG9xEeCaH5Uri61eZspuyPyU8I44ZRqtR9BAcaVm5JheKEdv
QWbscgxCVHbZY3gjub2fTui3Pz+lnfrFW0p25fgmA0nTukyoBbc+GbDnHDveN9/Y
G2zmqmLTfxY881tv2BR2WvbNDOsnrnWoV/W7h/ttLoGYOZkl1HmXa/pm/B3Gp3ph
N7TJyDaBxJT/uJunzvvkGz2VCicaEpqaf7/7WL5+42g8
-----END CERTIFICATE-----