Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/1b7635-e6ff-4969-b2c0-89fb8fe69633/1/1sJFZghMZeTMGQwVbgXTJDIAE7U.roa
File:                     1sJFZghMZeTMGQwVbgXTJDIAE7U.roa (raw, json)
Hash identifier:          wAWhs8HeHYrIA8dcB/1TKIItiYjrWBishkT6U/JKEEA=
Subject key identifier:   D6:C2:45:66:08:4C:65:E4:CC:19:0C:15:6E:05:D3:24:32:00:13:B5
Certificate issuer:       /CN=9ba90d66d2ddeb646a61406912ffddfa14e39910
Certificate serial:       01979D239162554B7F90A53492F8C47404F2
Authority key identifier: 9B:A9:0D:66:D2:DD:EB:64:6A:61:40:69:12:FF:DD:FA:14:E3:99:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m6kNZtLd62RqYUBpEv_d-hTjmRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/1b7635-e6ff-4969-b2c0-89fb8fe69633/1/1sJFZghMZeTMGQwVbgXTJDIAE7U.roa
Signing time:             Mon 23 Jun 2025 14:14:03 +0000
ROA not before:           Mon 23 Jun 2025 14:14:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197540
IP address blocks:        5.182.200.0/23 maxlen: 24
                          5.182.202.0/23 maxlen: 24
                          2a0f:5b00::/32 maxlen: 32
                          2a0f:5b01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/1b7635-e6ff-4969-b2c0-89fb8fe69633/1/m6kNZtLd62RqYUBpEv_d-hTjmRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/1b7635-e6ff-4969-b2c0-89fb8fe69633/1/m6kNZtLd62RqYUBpEv_d-hTjmRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m6kNZtLd62RqYUBpEv_d-hTjmRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9d:23:91:62:55:4b:7f:90:a5:34:92:f8:c4:74:04:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ba90d66d2ddeb646a61406912ffddfa14e39910
        Validity
            Not Before: Jun 23 14:14:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6c24566084c65e4cc190c156e05d324320013b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:26:a5:94:d1:b0:c1:4d:b8:55:14:54:6e:98:
                    52:90:78:e9:13:ff:cc:91:f4:cc:39:bc:28:29:ed:
                    17:df:f2:e0:64:82:2d:29:d4:90:7c:69:e2:af:e4:
                    33:28:3a:8a:5f:d2:26:07:5f:91:11:4e:f7:b3:f5:
                    fe:e4:ac:1c:9f:61:d1:75:69:c9:07:98:e3:bc:40:
                    31:db:ad:56:af:fe:1d:f8:b4:7e:6a:cf:e7:68:bc:
                    34:78:c3:f5:df:fa:f6:b0:b3:ac:13:0d:59:a0:5b:
                    e0:bd:0d:1c:b3:e6:b9:e7:0a:77:0f:c5:19:87:01:
                    84:b5:94:13:2b:bf:17:91:97:a3:ec:a9:a7:7f:11:
                    25:5a:db:26:3a:c8:49:9b:04:a5:a9:4e:21:48:11:
                    a1:fe:1c:5c:0a:93:44:0d:93:f8:81:62:0c:9a:83:
                    b7:3e:66:4a:ef:b5:d5:36:ea:39:80:eb:62:e9:e6:
                    54:f2:12:59:08:4d:91:a6:fc:4e:c4:2d:86:54:f4:
                    30:5c:d7:25:5f:0d:33:6b:d3:da:77:54:55:b0:84:
                    f6:de:fb:d8:3f:47:5a:09:46:65:6e:f5:94:c1:bb:
                    93:7f:f9:81:0e:1f:6e:7a:bc:2f:bb:43:1e:71:e0:
                    e1:19:3f:ed:5a:3c:63:09:6f:92:10:47:19:63:c0:
                    d5:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:C2:45:66:08:4C:65:E4:CC:19:0C:15:6E:05:D3:24:32:00:13:B5
            X509v3 Authority Key Identifier:
                keyid:9B:A9:0D:66:D2:DD:EB:64:6A:61:40:69:12:FF:DD:FA:14:E3:99:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m6kNZtLd62RqYUBpEv_d-hTjmRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1b7635-e6ff-4969-b2c0-89fb8fe69633/1/1sJFZghMZeTMGQwVbgXTJDIAE7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/1b7635-e6ff-4969-b2c0-89fb8fe69633/1/m6kNZtLd62RqYUBpEv_d-hTjmRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.200.0/22
                IPv6:
                  2a0f:5b00::/31

    Signature Algorithm: sha256WithRSAEncryption
         9c:6c:f7:07:16:f8:80:43:ef:5d:d2:3e:48:25:5e:da:0a:1f:
         b6:fa:b3:8b:40:e0:35:cd:54:d6:7c:22:83:f0:f5:33:18:c3:
         b1:6d:93:71:1f:4b:23:21:46:6c:56:9e:63:66:c7:78:f3:72:
         2d:f6:fe:e5:be:a4:45:d2:88:a7:61:aa:e3:fe:b5:a1:b5:9f:
         c6:62:88:4d:97:6d:b3:95:85:f8:45:af:b7:64:2c:82:b6:aa:
         a4:89:16:de:2c:6f:e4:73:1c:c8:63:ec:a4:48:0f:0e:62:67:
         25:6f:08:90:80:9a:38:af:52:22:57:fa:e2:03:d8:50:fa:ca:
         f3:0f:65:46:23:e2:fb:93:81:9f:76:71:e7:60:cb:11:cf:69:
         eb:0a:61:e4:2a:19:01:f8:b4:c4:67:43:93:fc:76:e7:99:4e:
         2c:f4:b2:d4:41:a9:31:35:a3:07:2e:e8:95:17:5c:ae:7c:88:
         61:38:04:85:89:35:95:b1:22:44:86:e6:08:fc:1e:8d:fc:b6:
         fd:b9:93:43:6a:0f:97:74:53:c2:67:ef:65:aa:31:5d:e9:7b:
         1b:51:63:ab:f6:d4:a6:63:2e:c8:13:2c:68:f1:b9:1c:dd:1b:
         e6:94:44:03:10:56:af:bb:a0:97:d2:ee:40:66:5c:de:3a:13:
         2d:fd:cf:3a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZedI5FiVUt/kKU0kvjEdATyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYTkwZDY2ZDJkZGViNjQ2YTYxNDA2OTEyZmZkZGZhMTRl
Mzk5MTAwHhcNMjUwNjIzMTQxNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmMyNDU2NjA4NGM2NWU0Y2MxOTBjMTU2ZTA1ZDMyNDMyMDAxM2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiallNGwwU24VRRUbphSkHjpE//M
kfTMObwoKe0X3/LgZIItKdSQfGnir+QzKDqKX9ImB1+REU73s/X+5Kwcn2HRdWnJ
B5jjvEAx261Wr/4d+LR+as/naLw0eMP13/r2sLOsEw1ZoFvgvQ0cs+a55wp3D8UZ
hwGEtZQTK78XkZej7KmnfxElWtsmOshJmwSlqU4hSBGh/hxcCpNEDZP4gWIMmoO3
PmZK77XVNuo5gOti6eZU8hJZCE2RpvxOxC2GVPQwXNclXw0za9Pad1RVsIT23vvY
P0daCUZlbvWUwbuTf/mBDh9uerwvu0MeceDhGT/tWjxjCW+SEEcZY8DVvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNbCRWYITGXkzBkMFW4F0yQyABO1MB8GA1UdIwQY
MBaAFJupDWbS3etkamFAaRL/3foU45kQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTZrTlp0TGQ2MlJxWVVCcEV2X2QtaFRqbVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xYjc2MzUtZTZmZi00OTY5LWIyYzAt
ODlmYjhmZTY5NjMzLzEvMXNKRlpnaE1aZVRNR1F3VmJnWFRKRElBRTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xYjc2MzUtZTZmZi00OTY5LWIyYzAtODlmYjhmZTY5NjMz
LzEvbTZrTlp0TGQ2MlJxWVVCcEV2X2QtaFRqbVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCBbbIMA0E
AgACMAcDBQEqD1sAMA0GCSqGSIb3DQEBCwUAA4IBAQCcbPcHFviAQ+9d0j5IJV7a
Ch+2+rOLQOA1zVTWfCKD8PUzGMOxbZNxH0sjIUZsVp5jZsd483It9v7lvqRF0oin
Yarj/rWhtZ/GYohNl22zlYX4Ra+3ZCyCtqqkiRbeLG/kcxzIY+ykSA8OYmclbwiQ
gJo4r1IiV/riA9hQ+srzD2VGI+L7k4GfdnHnYMsRz2nrCmHkKhkB+LTEZ0OT/Hbn
mU4s9LLUQakxNaMHLuiVF1yufIhhOASFiTWVsSJEhuYI/B6N/Lb9uZNDag+XdFPC
Z+9lqjFd6XsbUWOr9tSmYy7IEyxo8bkc3RvmlEQDEFavu6CX0u5AZlzeOhMt/c86
-----END CERTIFICATE-----