Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/oe97wSbY_88YdH_dfh2cAaxIIGc.roa
File:                     oe97wSbY_88YdH_dfh2cAaxIIGc.roa (raw, json)
Hash identifier:          rf6pyZdYCbMMLh4GoGVJWNXbBBHbQfaEuZdhu42zCSU=
Subject key identifier:   A1:EF:7B:C1:26:D8:FF:CF:18:74:7F:DD:7E:1D:9C:01:AC:48:20:67
Certificate issuer:       /CN=2e738cf32e6e4f940220f3b828f07b77e813d096
Certificate serial:       01987EBF173B923F8463F645FC0C8DB1928D
Authority key identifier: 2E:73:8C:F3:2E:6E:4F:94:02:20:F3:B8:28:F0:7B:77:E8:13:D0:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LnOM8y5uT5QCIPO4KPB7d-gT0JY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/oe97wSbY_88YdH_dfh2cAaxIIGc.roa
Signing time:             Wed 06 Aug 2025 09:38:29 +0000
ROA not before:           Wed 06 Aug 2025 09:38:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215337
IP address blocks:        193.177.246.0/24 maxlen: 24
                          212.102.104.0/24 maxlen: 24
                          2a0d:58c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/LnOM8y5uT5QCIPO4KPB7d-gT0JY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/LnOM8y5uT5QCIPO4KPB7d-gT0JY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LnOM8y5uT5QCIPO4KPB7d-gT0JY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:bf:17:3b:92:3f:84:63:f6:45:fc:0c:8d:b1:92:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e738cf32e6e4f940220f3b828f07b77e813d096
        Validity
            Not Before: Aug  6 09:38:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1ef7bc126d8ffcf18747fdd7e1d9c01ac482067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:24:16:09:cc:7c:8f:11:bf:3d:ba:d8:81:9d:
                    23:fb:43:db:7b:7b:c1:f4:ad:e6:3b:a4:66:da:58:
                    7e:23:28:29:02:65:02:02:31:f3:1f:b7:e6:38:88:
                    df:04:bf:92:12:b2:83:4d:a4:11:cc:a2:7a:bb:46:
                    8d:0a:0c:d0:34:52:9d:4b:5a:e3:39:e2:93:a9:eb:
                    46:f9:e4:62:70:9f:3d:59:90:d6:20:16:72:77:e4:
                    e2:b3:c6:5f:be:28:3c:9c:18:01:46:eb:6b:89:f2:
                    c1:a2:88:f7:d6:17:d1:64:3d:2e:53:cb:58:40:a7:
                    97:95:5e:73:33:71:62:4d:68:f3:3b:35:ca:ef:36:
                    2c:88:82:4d:0f:99:3c:54:15:49:06:2c:ef:a9:e3:
                    f8:50:67:dd:44:b2:8b:50:52:c8:00:c7:d8:35:a0:
                    93:0c:1e:95:7d:4a:5c:76:4a:e5:4b:db:7d:c3:77:
                    10:f3:19:10:a3:2c:60:73:f9:9e:a7:1c:65:33:d5:
                    41:ce:e1:b4:64:5c:2c:d2:d3:4f:94:77:43:21:09:
                    78:8c:1d:34:d3:66:1e:22:97:dc:8c:0a:4f:25:77:
                    43:a0:9f:66:a2:56:49:75:cd:c5:2d:96:00:02:36:
                    0e:87:4f:e2:bf:00:5c:3f:c7:1d:8d:f1:89:56:8f:
                    4b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:EF:7B:C1:26:D8:FF:CF:18:74:7F:DD:7E:1D:9C:01:AC:48:20:67
            X509v3 Authority Key Identifier:
                keyid:2E:73:8C:F3:2E:6E:4F:94:02:20:F3:B8:28:F0:7B:77:E8:13:D0:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LnOM8y5uT5QCIPO4KPB7d-gT0JY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/oe97wSbY_88YdH_dfh2cAaxIIGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/LnOM8y5uT5QCIPO4KPB7d-gT0JY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.177.246.0/24
                  212.102.104.0/24
                IPv6:
                  2a0d:58c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         db:09:a4:82:94:a2:ef:0d:bc:a5:92:9d:1f:40:98:5c:d0:e0:
         36:66:19:5b:ed:52:8a:9f:d8:36:93:ae:a6:fe:18:02:13:a0:
         50:63:7f:c4:1b:47:8e:b0:ad:d0:e7:11:0f:7a:7b:40:f1:e8:
         14:dd:7b:e2:de:65:7c:ac:e5:cd:3d:d8:7b:60:df:fa:5f:bb:
         d8:47:81:a7:21:b3:dc:bc:e2:3d:34:f8:9a:c5:fd:21:54:8c:
         5f:bd:d9:fd:64:53:76:ef:cf:c4:ab:95:17:a1:16:76:04:a5:
         e4:e3:03:24:2f:b5:bd:cd:b7:09:6b:bc:e8:03:86:23:f1:17:
         a8:ff:62:2d:3c:d4:a6:47:3a:4f:96:49:66:45:b1:12:bf:f7:
         f5:b1:3e:78:9e:81:06:49:ee:d4:80:e6:c4:fc:68:39:f8:bd:
         1b:e0:d8:9c:c3:07:2d:d2:8e:a2:60:44:e3:c6:d3:0e:f8:7b:
         eb:2a:4c:96:ce:88:a8:98:84:89:eb:2d:30:45:43:42:92:08:
         e7:1d:a0:e6:8c:28:c9:d6:15:ae:fe:86:ce:b5:a7:00:85:02:
         51:db:6b:04:59:46:d6:44:6c:c9:a0:d8:d3:f6:54:39:5d:ba:
         90:1f:b1:4b:25:19:cb:83:67:1a:c6:ea:99:c3:26:07:44:e7:
         a4:a3:48:40
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZh+vxc7kj+EY/ZF/AyNsZKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNzM4Y2YzMmU2ZTRmOTQwMjIwZjNiODI4ZjA3Yjc3ZTgx
M2QwOTYwHhcNMjUwODA2MDkzODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWVmN2JjMTI2ZDhmZmNmMTg3NDdmZGQ3ZTFkOWMwMWFjNDgyMDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8yQWCcx8jxG/PbrYgZ0j+0Pbe3vB
9K3mO6Rm2lh+IygpAmUCAjHzH7fmOIjfBL+SErKDTaQRzKJ6u0aNCgzQNFKdS1rj
OeKTqetG+eRicJ89WZDWIBZyd+Tis8Zfvig8nBgBRutrifLBooj31hfRZD0uU8tY
QKeXlV5zM3FiTWjzOzXK7zYsiIJND5k8VBVJBizvqeP4UGfdRLKLUFLIAMfYNaCT
DB6VfUpcdkrlS9t9w3cQ8xkQoyxgc/mepxxlM9VBzuG0ZFws0tNPlHdDIQl4jB00
02YeIpfcjApPJXdDoJ9molZJdc3FLZYAAjYOh0/ivwBcP8cdjfGJVo9L+QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKHve8Em2P/PGHR/3X4dnAGsSCBnMB8GA1UdIwQY
MBaAFC5zjPMubk+UAiDzuCjwe3foE9CWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG5PTTh5NXVUNVFDSVBPNEtQQjdkLWdUMEpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9lMTdlOWEtZDNlOS00M2IxLWEyYzct
NWY2NTEwM2U2ZjcwLzEvb2U5N3dTYllfODhZZEhfZGZoMmNBYXhJSUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9lMTdlOWEtZDNlOS00M2IxLWEyYzctNWY2NTEwM2U2Zjcw
LzEvTG5PTTh5NXVUNVFDSVBPNEtQQjdkLWdUMEpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwbH2AwQA
1GZoMA0EAgACMAcDBQMqDVjAMA0GCSqGSIb3DQEBCwUAA4IBAQDbCaSClKLvDbyl
kp0fQJhc0OA2Zhlb7VKKn9g2k66m/hgCE6BQY3/EG0eOsK3Q5xEPentA8egU3Xvi
3mV8rOXNPdh7YN/6X7vYR4GnIbPcvOI9NPiaxf0hVIxfvdn9ZFN278/Eq5UXoRZ2
BKXk4wMkL7W9zbcJa7zoA4Yj8Reo/2ItPNSmRzpPlklmRbESv/f1sT54noEGSe7U
gObE/Gg5+L0b4Nicwwct0o6iYETjxtMO+HvrKkyWzoiomISJ6y0wRUNCkgjnHaDm
jCjJ1hWu/obOtacAhQJR22sEWUbWRGzJoNjT9lQ5XbqQH7FLJRnLg2caxuqZwyYH
ROeko0hA
-----END CERTIFICATE-----