Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/oDDc4maMGFg6VaECYpUvaQj9RZE.roa
File:                     oDDc4maMGFg6VaECYpUvaQj9RZE.roa (raw, json)
Hash identifier:          yMwyHi5gWJ1kfutBi0VniZOe7Ci3z9TZluM+BsqvdSY=
Subject key identifier:   A0:30:DC:E2:66:8C:18:58:3A:55:A1:02:62:95:2F:69:08:FD:45:91
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       019A26FA34E2D8088DBA968ED067993C4305
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/oDDc4maMGFg6VaECYpUvaQj9RZE.roa
Signing time:             Mon 27 Oct 2025 18:42:03 +0000
ROA not before:           Mon 27 Oct 2025 18:42:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        5.102.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:26:fa:34:e2:d8:08:8d:ba:96:8e:d0:67:99:3c:43:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Oct 27 18:42:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a030dce2668c18583a55a10262952f6908fd4591
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3f:14:7d:37:ad:96:e7:7e:68:55:2b:4b:a3:
                    1b:f9:77:73:fb:ba:05:dd:9e:c3:93:d4:ff:d7:c5:
                    13:85:09:6b:8b:f7:93:96:8c:9b:4b:8f:b3:16:b2:
                    a9:df:8e:1a:e6:c2:37:ef:03:8b:18:15:f7:26:da:
                    cd:6d:a2:23:4f:a8:9c:de:18:8e:38:9f:f5:36:bd:
                    4e:ee:6c:73:50:4f:fe:7c:a2:fc:a6:f8:0a:ff:e9:
                    42:1f:4e:f7:46:ab:2a:e9:82:31:10:59:84:27:85:
                    5b:6c:29:89:88:ea:f7:27:ff:9d:64:96:97:40:eb:
                    0b:5a:fc:9e:a1:e4:cd:7d:90:1a:fa:31:d2:70:ff:
                    2d:91:62:eb:f9:32:6f:d5:15:87:f8:7c:1d:d5:a7:
                    83:b9:fd:06:79:33:bd:e7:7b:f4:4b:0b:9a:38:46:
                    00:e8:49:ac:04:7f:19:f7:8d:43:1d:e1:d9:df:d6:
                    c1:eb:bc:5b:81:16:f9:9a:eb:3c:f6:d3:45:90:b6:
                    75:6c:5b:4d:82:6d:f7:cb:3e:57:67:ff:f9:41:15:
                    97:e6:fd:a4:5c:e0:4d:bd:fc:f3:11:93:8b:b5:c6:
                    6e:ea:04:5f:36:14:8a:4d:50:8e:fd:ea:12:86:07:
                    48:07:51:7c:2d:e5:3d:0a:f9:17:2d:4b:ec:0a:d6:
                    9d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:30:DC:E2:66:8C:18:58:3A:55:A1:02:62:95:2F:69:08:FD:45:91
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/oDDc4maMGFg6VaECYpUvaQj9RZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:34:48:66:90:d9:24:34:11:a0:6a:fa:b3:a2:df:fe:b1:8b:
         df:80:c9:d5:3e:7c:e0:5a:2b:11:6c:52:c5:4a:e5:b2:2e:20:
         24:04:c9:db:56:7b:8f:ec:4b:8e:b8:61:46:21:08:5e:3f:2f:
         06:00:5d:90:42:07:7d:0d:2b:de:29:b3:31:ac:8f:14:27:d5:
         6f:e4:e5:be:51:2b:0d:28:11:50:af:33:e9:72:a8:c9:81:54:
         0f:76:c8:bf:4c:45:cc:50:34:07:78:6a:c1:d9:74:e4:8e:d7:
         a5:81:6f:9d:bd:5a:c4:cb:23:0a:17:65:24:e1:9e:39:8c:1f:
         a1:4a:98:44:b7:a7:49:45:ab:a6:ff:76:c6:89:53:d5:fd:cc:
         f7:fa:a2:01:10:59:c8:68:23:d0:c3:80:a9:d5:93:8b:38:ea:
         2a:b7:d7:5e:4c:65:06:2c:7f:ea:aa:22:c9:96:cf:d0:84:3a:
         03:53:80:75:3f:d9:19:45:9e:92:8d:0b:89:a2:e3:ee:33:4f:
         7f:15:ac:dd:4a:76:ee:b0:04:20:dd:78:30:d4:10:e5:b1:9b:
         c3:f8:22:a6:db:e3:68:83:48:b2:e3:a0:13:cd:44:b9:a8:6a:
         33:22:54:e3:d7:34:72:63:03:9b:2b:67:d7:f9:57:52:a0:e6:
         1f:16:ee:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZom+jTi2AiNupaO0GeZPEMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjUxMDI3MTg0MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDMwZGNlMjY2OGMxODU4M2E1NWExMDI2Mjk1MmY2OTA4ZmQ0NTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtj8UfTetlud+aFUrS6Mb+Xdz+7oF
3Z7Dk9T/18UThQlri/eTloybS4+zFrKp344a5sI37wOLGBX3JtrNbaIjT6ic3hiO
OJ/1Nr1O7mxzUE/+fKL8pvgK/+lCH073Rqsq6YIxEFmEJ4VbbCmJiOr3J/+dZJaX
QOsLWvyeoeTNfZAa+jHScP8tkWLr+TJv1RWH+Hwd1aeDuf0GeTO953v0SwuaOEYA
6EmsBH8Z941DHeHZ39bB67xbgRb5mus89tNFkLZ1bFtNgm33yz5XZ//5QRWX5v2k
XOBNvfzzEZOLtcZu6gRfNhSKTVCO/eoShgdIB1F8LeU9CvkXLUvsCtad/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAw3OJmjBhYOlWhAmKVL2kI/UWRMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvb0REYzRtYU1HRmc2VmFFQ1lwVXZhUWo5UlpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWYlMA0G
CSqGSIb3DQEBCwUAA4IBAQCeNEhmkNkkNBGgavqzot/+sYvfgMnVPnzgWisRbFLF
SuWyLiAkBMnbVnuP7EuOuGFGIQhePy8GAF2QQgd9DSveKbMxrI8UJ9Vv5OW+USsN
KBFQrzPpcqjJgVQPdsi/TEXMUDQHeGrB2XTkjtelgW+dvVrEyyMKF2Uk4Z45jB+h
SphEt6dJRaum/3bGiVPV/cz3+qIBEFnIaCPQw4Cp1ZOLOOoqt9deTGUGLH/qqiLJ
ls/QhDoDU4B1P9kZRZ6SjQuJouPuM09/FazdSnbusAQg3Xgw1BDlsZvD+CKm2+No
g0iy46ATzUS5qGozIlTj1zRyYwObK2fX+VdSoOYfFu6u
-----END CERTIFICATE-----