Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/PvzW1LilVgkSMjr-1-Yzvm-wGUI.roa
File:                     PvzW1LilVgkSMjr-1-Yzvm-wGUI.roa (raw, json)
Hash identifier:          lkTDUiRzb2/fpHpIX7XQuDSWI0FVDd2991z/UDnMP84=
Subject key identifier:   3E:FC:D6:D4:B8:A5:56:09:12:32:3A:FE:D7:E6:33:BE:6F:B0:19:42
Certificate issuer:       /CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
Certificate serial:       0198C21F3E42C7B161401A839E22878278B7
Authority key identifier: 75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/PvzW1LilVgkSMjr-1-Yzvm-wGUI.roa
Signing time:             Tue 19 Aug 2025 11:38:04 +0000
ROA not before:           Tue 19 Aug 2025 11:38:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61254
IP address blocks:        213.178.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c2:1f:3e:42:c7:b1:61:40:1a:83:9e:22:87:82:78:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
        Validity
            Not Before: Aug 19 11:38:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3efcd6d4b8a5560912323afed7e633be6fb01942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ac:7b:27:53:d0:86:3e:cc:b6:a7:84:d3:6c:
                    e9:f7:4c:36:35:12:f9:b4:42:78:3e:63:c9:37:9e:
                    ab:63:17:ff:a7:60:7b:f8:3d:5f:0d:17:11:20:01:
                    d9:a9:6e:bc:75:18:ae:6f:8d:65:ae:73:58:f5:bf:
                    0d:e1:96:2b:b9:23:b7:b7:79:87:df:90:0a:f4:e6:
                    fe:5b:2a:94:ef:e1:bd:db:8c:e0:fe:e1:41:94:2a:
                    5f:7f:42:91:74:d2:79:89:4f:64:7d:bf:9b:34:f1:
                    52:8d:15:86:97:a8:53:7a:db:35:f2:e3:c2:19:f4:
                    a1:90:09:5c:08:94:16:ee:ba:24:6f:01:2d:67:63:
                    29:e0:f1:71:af:50:49:77:c0:d2:53:e7:ce:0f:76:
                    b9:9c:3f:07:c1:9b:38:81:d3:9c:42:9a:f5:19:ec:
                    f8:e6:28:22:35:e5:d0:37:71:05:99:9f:36:97:8f:
                    9c:33:4b:ae:88:68:d6:50:fb:2f:87:3f:2f:33:a8:
                    41:75:b0:4b:dd:da:14:a1:d0:95:0e:6b:ee:22:84:
                    1e:b2:04:c7:f5:9e:22:5d:7e:31:0b:76:37:6b:73:
                    5d:6d:d5:7a:64:84:1e:7b:3b:5d:59:ac:87:0f:c0:
                    80:0b:ce:f2:49:80:b4:d6:85:ba:ac:74:06:02:d3:
                    90:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:FC:D6:D4:B8:A5:56:09:12:32:3A:FE:D7:E6:33:BE:6F:B0:19:42
            X509v3 Authority Key Identifier:
                keyid:75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/PvzW1LilVgkSMjr-1-Yzvm-wGUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:e2:20:23:45:45:38:f1:80:f6:ee:fa:d3:8e:ce:a0:cc:78:
         5d:12:f8:b7:7e:a9:a1:e0:c7:e7:a2:27:ae:61:28:56:55:87:
         06:a7:49:c7:f2:cd:ef:52:d4:16:89:bb:7e:a6:87:11:97:02:
         8b:e1:0e:ae:7d:ac:0c:aa:6e:0a:ed:df:83:5e:3b:14:57:17:
         05:87:c5:9e:76:15:98:28:ae:89:b9:fe:0b:3b:c2:92:6e:27:
         9c:78:da:fb:ef:57:5e:21:39:91:e7:96:a7:13:b2:8a:13:84:
         da:98:63:88:5b:42:23:44:27:68:41:87:10:73:cd:ef:aa:a9:
         3a:d0:df:89:46:a9:9f:e6:e2:f8:9f:9a:ce:5d:1e:af:fc:32:
         8d:97:06:20:23:2e:d9:a7:3c:21:53:ab:bd:95:53:f7:28:65:
         0f:ac:52:8e:6f:75:9d:54:08:95:83:a0:b3:1c:a5:f7:f2:4e:
         8e:65:db:3d:05:db:33:29:e5:6a:8b:f3:16:ec:74:68:58:e7:
         6b:be:54:41:18:99:e4:41:da:7c:a3:3b:58:f2:de:11:83:2c:
         c7:9d:49:21:cc:aa:4a:81:04:be:73:97:ca:df:07:df:fa:fd:
         72:38:80:02:5e:27:bf:b1:82:3d:8c:df:6a:46:4e:1a:d9:42:
         5e:2d:2a:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjCHz5Cx7FhQBqDniKHgni3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NTRhYzRjN2Y0NTFjNWJiOTM4MmZiY2Q0NmQ3MGM0YzBm
OWRlNTYwHhcNMjUwODE5MTEzODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWZjZDZkNGI4YTU1NjA5MTIzMjNhZmVkN2U2MzNiZTZmYjAxOTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoax7J1PQhj7MtqeE02zp90w2NRL5
tEJ4PmPJN56rYxf/p2B7+D1fDRcRIAHZqW68dRiub41lrnNY9b8N4ZYruSO3t3mH
35AK9Ob+WyqU7+G924zg/uFBlCpff0KRdNJ5iU9kfb+bNPFSjRWGl6hTets18uPC
GfShkAlcCJQW7rokbwEtZ2Mp4PFxr1BJd8DSU+fOD3a5nD8HwZs4gdOcQpr1Gez4
5igiNeXQN3EFmZ82l4+cM0uuiGjWUPsvhz8vM6hBdbBL3doUodCVDmvuIoQesgTH
9Z4iXX4xC3Y3a3NdbdV6ZIQeeztdWayHD8CAC87ySYC01oW6rHQGAtOQdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD781tS4pVYJEjI6/tfmM75vsBlCMB8GA1UdIwQY
MBaAFHVUrEx/RRxbuTgvvNRtcMTA+d5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4Mjgt
ZDkzMzdkYjM5ZDFmLzEvUHZ6VzFMaWxWZ2tTTWpyLTEtWXp2bS13R1VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4MjgtZDkzMzdkYjM5ZDFm
LzEvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bKOMA0G
CSqGSIb3DQEBCwUAA4IBAQCc4iAjRUU48YD27vrTjs6gzHhdEvi3fqmh4Mfnoieu
YShWVYcGp0nH8s3vUtQWibt+pocRlwKL4Q6ufawMqm4K7d+DXjsUVxcFh8WedhWY
KK6Juf4LO8KSbieceNr771deITmR55anE7KKE4TamGOIW0IjRCdoQYcQc83vqqk6
0N+JRqmf5uL4n5rOXR6v/DKNlwYgIy7ZpzwhU6u9lVP3KGUPrFKOb3WdVAiVg6Cz
HKX38k6OZds9BdszKeVqi/MW7HRoWOdrvlRBGJnkQdp8oztY8t4RgyzHnUkhzKpK
gQS+c5fK3wff+v1yOIACXie/sYI9jN9qRk4a2UJeLSoc
-----END CERTIFICATE-----