Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/pOZ1F9hyRFOdoBaMtrLB8jYGNWc.roa
File:                     pOZ1F9hyRFOdoBaMtrLB8jYGNWc.roa (raw, json)
Hash identifier:          6VCklzgSsrpQjFMUYtVFUJA9ILM+2e5OeIFkbP0SCQ4=
Subject key identifier:   A4:E6:75:17:D8:72:44:53:9D:A0:16:8C:B6:B2:C1:F2:36:06:35:67
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       01987BE0D6C74B584D825EAEB682C80E1DC9
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/pOZ1F9hyRFOdoBaMtrLB8jYGNWc.roa
Signing time:             Tue 05 Aug 2025 20:16:29 +0000
ROA not before:           Tue 05 Aug 2025 20:16:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202736
IP address blocks:        192.200.192.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7b:e0:d6:c7:4b:58:4d:82:5e:ae:b6:82:c8:0e:1d:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Aug  5 20:16:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4e67517d87244539da0168cb6b2c1f236063567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:8b:88:a0:11:75:89:5a:d6:90:8b:28:98:47:
                    c3:63:2d:aa:98:93:5b:6c:b4:f3:92:a6:2f:b4:b5:
                    11:a4:c7:ae:44:ba:7a:13:7a:12:f6:f9:d5:0a:3f:
                    57:e9:24:48:19:b8:18:a1:40:15:2e:00:64:d8:14:
                    ed:49:c1:71:fd:c0:01:7b:e9:40:97:e9:08:e8:5d:
                    21:8b:6c:24:1b:c0:48:2b:26:d6:8b:14:ec:62:36:
                    42:49:29:5b:f0:d1:1c:30:1d:b5:1b:57:ef:5d:62:
                    0e:c5:37:d0:11:88:83:6e:6e:4f:bc:05:0a:15:7f:
                    3f:e8:ae:65:3a:60:53:05:8c:bd:94:11:b9:d7:b5:
                    4c:9e:c3:41:5e:95:e4:7f:4c:a2:11:c1:1a:92:f1:
                    85:05:80:7d:9c:d6:74:6b:91:ac:58:a8:44:52:bb:
                    2d:4c:97:40:fa:4b:d6:7d:60:62:b5:66:eb:6a:82:
                    c0:c8:4c:9e:23:6f:3b:8a:95:2c:a8:24:53:90:36:
                    6f:f5:c6:fb:11:9d:c9:37:b4:49:1e:de:f0:f8:52:
                    da:a9:07:82:c7:db:0c:10:f3:0f:4a:fd:1b:c8:2e:
                    db:72:25:21:e7:36:d6:7d:ec:35:79:e7:80:2b:09:
                    1f:eb:8c:0f:6e:aa:78:d5:62:7a:65:d2:92:52:a6:
                    3f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:E6:75:17:D8:72:44:53:9D:A0:16:8C:B6:B2:C1:F2:36:06:35:67
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/pOZ1F9hyRFOdoBaMtrLB8jYGNWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.200.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         54:16:a2:7a:cc:87:55:df:1f:cd:92:e7:28:e1:c1:a6:6a:6c:
         07:fe:16:9d:cb:5b:10:a2:b2:b3:b8:29:d8:63:70:e3:e9:d9:
         6e:b6:8a:bf:8c:9e:8c:90:6a:db:74:5d:7d:8b:1e:ab:8e:cd:
         83:58:aa:14:79:50:98:c6:d0:ea:0a:d9:7f:61:1c:ac:f7:11:
         d5:9e:05:34:39:ec:de:39:03:2f:57:12:3b:fb:d5:78:f8:c7:
         14:ee:2a:95:40:f1:44:6f:7a:31:dc:f1:f3:e7:10:78:c5:ca:
         4d:61:9b:de:41:e6:0a:32:58:56:58:b4:57:36:17:b4:07:6b:
         85:8f:68:1b:9f:e5:ee:f2:89:93:a7:26:9f:23:08:b4:93:aa:
         bf:89:5f:df:04:92:50:61:22:39:5e:eb:d7:b7:a2:fc:31:c1:
         02:17:df:83:18:97:2d:45:d2:63:0e:86:0c:b7:0e:69:44:26:
         64:b5:a4:a3:b0:cb:f9:c9:ff:8c:3b:40:99:bc:b8:5a:24:0e:
         39:62:9f:31:69:58:28:63:41:3d:cf:0b:61:00:45:2f:7d:5c:
         93:5a:9d:c5:bf:08:c2:45:a6:7d:a4:2a:84:e1:32:7b:b6:eb:
         1c:25:e9:ea:59:93:96:4a:8c:11:a4:fc:bd:0f:9e:74:1e:72:
         6f:7a:05:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh74NbHS1hNgl6utoLIDh3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwODA1MjAxNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGU2NzUxN2Q4NzI0NDUzOWRhMDE2OGNiNmIyYzFmMjM2MDYzNTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4uIoBF1iVrWkIsomEfDYy2qmJNb
bLTzkqYvtLURpMeuRLp6E3oS9vnVCj9X6SRIGbgYoUAVLgBk2BTtScFx/cABe+lA
l+kI6F0hi2wkG8BIKybWixTsYjZCSSlb8NEcMB21G1fvXWIOxTfQEYiDbm5PvAUK
FX8/6K5lOmBTBYy9lBG517VMnsNBXpXkf0yiEcEakvGFBYB9nNZ0a5GsWKhEUrst
TJdA+kvWfWBitWbraoLAyEyeI287ipUsqCRTkDZv9cb7EZ3JN7RJHt7w+FLaqQeC
x9sMEPMPSv0byC7bciUh5zbWfew1eeeAKwkf64wPbqp41WJ6ZdKSUqY/0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTmdRfYckRTnaAWjLaywfI2BjVnMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvcE9aMUY5aHlSRk9kb0JhTXRyTEI4allHTldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwMjAMA0G
CSqGSIb3DQEBCwUAA4IBAQBUFqJ6zIdV3x/Nkuco4cGmamwH/hady1sQorKzuCnY
Y3Dj6dlutoq/jJ6MkGrbdF19ix6rjs2DWKoUeVCYxtDqCtl/YRys9xHVngU0Oeze
OQMvVxI7+9V4+McU7iqVQPFEb3ox3PHz5xB4xcpNYZveQeYKMlhWWLRXNhe0B2uF
j2gbn+Xu8omTpyafIwi0k6q/iV/fBJJQYSI5XuvXt6L8McECF9+DGJctRdJjDoYM
tw5pRCZktaSjsMv5yf+MO0CZvLhaJA45Yp8xaVgoY0E9zwthAEUvfVyTWp3FvwjC
RaZ9pCqE4TJ7tuscJenqWZOWSowRpPy9D550HnJvegUf
-----END CERTIFICATE-----