Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/1OWaJkh3xMG85_hCH7EG9MsKPnE.roa
File:                     1OWaJkh3xMG85_hCH7EG9MsKPnE.roa (raw, json)
Hash identifier:          7Qj+nAZULs6II5SyfVpkBsSwcikp23VZRDpTVixA+q4=
Subject key identifier:   D4:E5:9A:26:48:77:C4:C1:BC:E7:F8:42:1F:B1:06:F4:CB:0A:3E:71
Certificate issuer:       /CN=02a962c1fe8e2e12a35576fd62987a0cbba463d4
Certificate serial:       019889598EA53626C1A8EEC21490C25A76F5
Authority key identifier: 02:A9:62:C1:FE:8E:2E:12:A3:55:76:FD:62:98:7A:0C:BB:A4:63:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/1OWaJkh3xMG85_hCH7EG9MsKPnE.roa
Signing time:             Fri 08 Aug 2025 11:03:24 +0000
ROA not before:           Fri 08 Aug 2025 11:03:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215659
IP address blocks:        150.40.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:89:59:8e:a5:36:26:c1:a8:ee:c2:14:90:c2:5a:76:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02a962c1fe8e2e12a35576fd62987a0cbba463d4
        Validity
            Not Before: Aug  8 11:03:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4e59a264877c4c1bce7f8421fb106f4cb0a3e71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:77:e7:78:8c:03:b1:f4:ac:ed:7f:d5:3a:1d:
                    e3:85:ee:fe:6f:83:02:34:44:17:ae:8f:3c:fd:9e:
                    1e:ae:7b:13:19:4e:c2:44:f7:37:04:83:76:3a:a8:
                    93:99:c3:07:f1:aa:0b:1d:4b:6d:5b:86:8c:b1:b6:
                    2c:5a:68:07:81:0c:ae:67:91:b4:52:dc:52:a5:7d:
                    3c:e0:a6:0d:ab:16:f8:2d:b6:3b:ff:fe:63:f9:75:
                    c9:94:cf:43:22:46:26:12:e8:a8:be:08:89:33:8f:
                    98:63:26:2d:d5:1f:58:69:3e:5e:71:7a:d8:e3:99:
                    38:ab:26:05:9c:b2:ca:2c:57:3e:80:5c:ff:f1:3d:
                    f5:8b:88:ea:e3:26:87:a8:34:cf:89:8a:cd:57:18:
                    b0:69:e9:2d:71:84:74:62:8c:7f:47:ef:31:31:c9:
                    f2:95:67:e4:83:e1:6d:1f:6d:6c:46:e3:95:e8:18:
                    93:d7:d0:01:91:2c:32:28:61:e9:eb:e2:bf:f9:84:
                    0d:41:fc:40:81:18:19:83:8c:f4:2e:cc:2b:1a:56:
                    a4:83:d6:16:70:88:b9:11:cb:43:51:cf:f2:56:8a:
                    8b:70:a5:33:49:a8:18:63:df:54:f6:18:69:6a:1b:
                    97:91:f9:77:b6:a4:3a:c9:6e:95:ef:28:fa:f1:cb:
                    2a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:E5:9A:26:48:77:C4:C1:BC:E7:F8:42:1F:B1:06:F4:CB:0A:3E:71
            X509v3 Authority Key Identifier:
                keyid:02:A9:62:C1:FE:8E:2E:12:A3:55:76:FD:62:98:7A:0C:BB:A4:63:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/1OWaJkh3xMG85_hCH7EG9MsKPnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.40.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:e3:65:64:01:de:65:90:fc:12:6a:9b:1c:78:2e:2e:4d:4f:
         93:ab:9d:c3:7c:79:2a:06:ae:08:44:6a:34:01:73:7b:d8:6f:
         e4:a9:77:e8:79:e5:8a:68:df:48:ce:db:4a:86:9d:8c:95:ed:
         ef:86:bf:67:74:fd:64:48:a6:6f:68:3e:a8:ea:e9:42:d7:3f:
         02:41:6d:7c:60:7f:44:72:f0:fb:e3:5f:04:e4:a3:5e:87:f5:
         dd:8f:50:c5:04:77:61:b8:fa:77:01:20:9f:a4:c6:32:f7:84:
         d4:13:13:cc:a0:8d:47:e8:03:6e:d5:6e:4e:2a:c9:c1:91:e7:
         5a:1b:d9:35:35:13:5f:48:e8:6f:ee:74:44:0e:81:bc:7c:41:
         f4:1b:37:d3:45:00:6d:57:e8:2a:69:5d:a4:d3:8f:ef:fc:7a:
         3a:19:0e:43:5b:cf:41:37:e8:0b:8b:0d:79:dd:f8:80:de:c5:
         cb:2b:82:2b:d3:2a:52:cb:57:02:ec:61:53:cd:f6:e0:80:9c:
         31:d9:e8:74:e0:dd:a2:f0:b6:31:5a:aa:2d:e0:b3:b7:b1:39:
         89:3b:c3:cd:41:81:f9:98:fc:62:b7:01:73:b0:3f:cd:e4:44:
         19:9d:c4:7f:95:47:0f:a7:5b:e0:df:42:40:52:15:ae:41:40:
         a3:54:28:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiJWY6lNibBqO7CFJDCWnb1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYTk2MmMxZmU4ZTJlMTJhMzU1NzZmZDYyOTg3YTBjYmJh
NDYzZDQwHhcNMjUwODA4MTEwMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGU1OWEyNjQ4NzdjNGMxYmNlN2Y4NDIxZmIxMDZmNGNiMGEzZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XfneIwDsfSs7X/VOh3jhe7+b4MC
NEQXro88/Z4ernsTGU7CRPc3BIN2OqiTmcMH8aoLHUttW4aMsbYsWmgHgQyuZ5G0
UtxSpX084KYNqxb4LbY7//5j+XXJlM9DIkYmEuiovgiJM4+YYyYt1R9YaT5ecXrY
45k4qyYFnLLKLFc+gFz/8T31i4jq4yaHqDTPiYrNVxiwaektcYR0Yox/R+8xMcny
lWfkg+FtH21sRuOV6BiT19ABkSwyKGHp6+K/+YQNQfxAgRgZg4z0LswrGlakg9YW
cIi5EctDUc/yVoqLcKUzSagYY99U9hhpahuXkfl3tqQ6yW6V7yj68csquwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTlmiZId8TBvOf4Qh+xBvTLCj5xMB8GA1UdIwQY
MBaAFAKpYsH+ji4So1V2/WKYegy7pGPUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXFsaXdmNk9MaEtqVlhiOVlwaDZETHVrWTlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jNjE3OWEtMTYwZC00MGUyLWFlODYt
N2QxMzQ5ODBjNWJlLzEvMU9XYUpraDN4TUc4NV9oQ0g3RUc5TXNLUG5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jNjE3OWEtMTYwZC00MGUyLWFlODYtN2QxMzQ5ODBjNWJl
LzEvQXFsaXdmNk9MaEtqVlhiOVlwaDZETHVrWTlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlih4MA0G
CSqGSIb3DQEBCwUAA4IBAQAT42VkAd5lkPwSapsceC4uTU+Tq53DfHkqBq4IRGo0
AXN72G/kqXfoeeWKaN9IzttKhp2Mle3vhr9ndP1kSKZvaD6o6ulC1z8CQW18YH9E
cvD7418E5KNeh/Xdj1DFBHdhuPp3ASCfpMYy94TUExPMoI1H6ANu1W5OKsnBkeda
G9k1NRNfSOhv7nREDoG8fEH0GzfTRQBtV+gqaV2k04/v/Ho6GQ5DW89BN+gLiw15
3fiA3sXLK4Ir0ypSy1cC7GFTzfbggJwx2eh04N2i8LYxWqot4LO3sTmJO8PNQYH5
mPxitwFzsD/N5EQZncR/lUcPp1vg30JAUhWuQUCjVCh5
-----END CERTIFICATE-----