Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/jwpY6rERA_zyIv98bpD7R8nes4o.roa
File:                     jwpY6rERA_zyIv98bpD7R8nes4o.roa (raw, json)
Hash identifier:          zhq9elSEk74CwB7NZMhv2D35pQpbRAFiT6FBizp5Yp0=
Subject key identifier:   8F:0A:58:EA:B1:11:03:FC:F2:22:FF:7C:6E:90:FB:47:C9:DE:B3:8A
Certificate issuer:       /CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
Certificate serial:       019888F1F546AC607E6CFAB5FAF65605E9BD
Authority key identifier: 75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/jwpY6rERA_zyIv98bpD7R8nes4o.roa
Signing time:             Fri 08 Aug 2025 09:10:14 +0000
ROA not before:           Fri 08 Aug 2025 09:10:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36352
IP address blocks:        213.178.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:88:f1:f5:46:ac:60:7e:6c:fa:b5:fa:f6:56:05:e9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
        Validity
            Not Before: Aug  8 09:10:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f0a58eab11103fcf222ff7c6e90fb47c9deb38a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:65:35:bb:2c:c5:7e:0b:4d:90:40:62:c8:21:
                    ba:68:e2:52:f5:0f:36:1b:5c:6d:10:04:31:bb:fc:
                    9a:02:97:00:91:e1:eb:ae:6c:c4:5e:19:00:d1:c7:
                    5a:4a:bb:ab:c5:af:a1:52:bc:57:36:f2:f4:f9:ed:
                    91:c4:2e:95:bf:30:29:ef:67:db:26:52:43:00:bc:
                    b9:73:59:38:b7:a3:f1:3c:36:93:8d:c1:9a:a0:11:
                    f8:87:9e:2e:8b:d5:c2:2d:69:fe:2b:08:54:bd:5e:
                    eb:53:b0:6a:bd:2a:ca:1d:44:ab:97:96:b6:46:9f:
                    f2:b7:39:12:4d:83:fd:f5:a0:b6:55:18:f1:82:0b:
                    6e:88:a7:72:51:fe:79:0f:d4:6b:32:17:8f:a5:56:
                    6d:18:a2:3c:9a:08:41:77:fb:03:22:cd:9a:90:b8:
                    b9:69:01:ad:ae:35:4d:b5:ea:44:b7:38:54:1e:d0:
                    c6:c9:7e:df:24:10:e9:f2:d9:08:73:9d:47:88:0e:
                    8e:69:e4:65:73:80:b3:ea:54:65:22:0a:9b:32:7b:
                    5e:e6:7d:65:95:66:27:be:51:f8:6a:06:61:fe:84:
                    3f:80:16:c4:b3:ef:7b:60:99:72:0b:c2:02:f8:ab:
                    85:b9:df:47:2b:98:2d:05:0f:ef:6b:f6:64:d3:f2:
                    7a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:0A:58:EA:B1:11:03:FC:F2:22:FF:7C:6E:90:FB:47:C9:DE:B3:8A
            X509v3 Authority Key Identifier:
                keyid:75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/jwpY6rERA_zyIv98bpD7R8nes4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:c1:52:d2:48:27:1c:21:b7:e9:6e:b1:fc:50:e1:9a:cc:a4:
         13:d0:04:2b:04:b5:f1:e8:eb:16:1d:4e:b3:41:4e:b2:3c:ad:
         46:46:2e:2d:3e:95:1f:c0:4a:84:54:10:15:74:fe:c6:72:fa:
         2a:08:23:60:8e:1d:cc:2e:8b:86:9b:c0:1f:8f:21:2b:bf:ea:
         cc:fb:97:06:39:39:22:14:7d:f1:c2:ed:20:36:e6:5a:6e:9b:
         e8:3b:8d:13:c0:bd:54:b3:8c:40:a4:84:f6:53:08:09:73:7a:
         f3:be:99:06:d1:93:29:d3:c4:8f:61:ac:91:79:12:c3:49:99:
         8d:73:d3:30:2a:ac:6f:be:e1:04:59:de:a3:d3:a6:5e:a9:e8:
         4c:2f:ec:0c:df:6b:23:58:b0:ec:87:76:c6:77:f9:ad:51:84:
         cb:5e:51:1a:06:89:54:85:f0:dc:b8:3b:d1:89:35:7a:7e:13:
         fc:41:74:6a:f9:2f:4e:cb:70:0b:5f:45:34:6b:d7:bf:1e:48:
         cc:93:7c:4c:30:de:c6:16:66:69:86:df:e4:10:d1:75:f6:ef:
         fc:94:f6:6a:28:9f:0a:14:31:85:5c:01:13:fb:3f:62:e3:82:
         db:7c:3f:a3:2d:e3:68:2c:b8:d8:cb:7a:64:77:73:4a:57:53:
         b1:f3:8f:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiI8fVGrGB+bPq1+vZWBem9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NTRhYzRjN2Y0NTFjNWJiOTM4MmZiY2Q0NmQ3MGM0YzBm
OWRlNTYwHhcNMjUwODA4MDkxMDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjBhNThlYWIxMTEwM2ZjZjIyMmZmN2M2ZTkwZmI0N2M5ZGViMzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWU1uyzFfgtNkEBiyCG6aOJS9Q82
G1xtEAQxu/yaApcAkeHrrmzEXhkA0cdaSrurxa+hUrxXNvL0+e2RxC6VvzAp72fb
JlJDALy5c1k4t6PxPDaTjcGaoBH4h54ui9XCLWn+KwhUvV7rU7BqvSrKHUSrl5a2
Rp/ytzkSTYP99aC2VRjxggtuiKdyUf55D9RrMhePpVZtGKI8mghBd/sDIs2akLi5
aQGtrjVNtepEtzhUHtDGyX7fJBDp8tkIc51HiA6OaeRlc4Cz6lRlIgqbMnte5n1l
lWYnvlH4agZh/oQ/gBbEs+97YJlyC8IC+KuFud9HK5gtBQ/va/Zk0/J6TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8KWOqxEQP88iL/fG6Q+0fJ3rOKMB8GA1UdIwQY
MBaAFHVUrEx/RRxbuTgvvNRtcMTA+d5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4Mjgt
ZDkzMzdkYjM5ZDFmLzEvandwWTZyRVJBX3p5SXY5OGJwRDdSOG5lczRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4MjgtZDkzMzdkYjM5ZDFm
LzEvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bKMMA0G
CSqGSIb3DQEBCwUAA4IBAQAxwVLSSCccIbfpbrH8UOGazKQT0AQrBLXx6OsWHU6z
QU6yPK1GRi4tPpUfwEqEVBAVdP7GcvoqCCNgjh3MLouGm8AfjyErv+rM+5cGOTki
FH3xwu0gNuZabpvoO40TwL1Us4xApIT2UwgJc3rzvpkG0ZMp08SPYayReRLDSZmN
c9MwKqxvvuEEWd6j06ZeqehML+wM32sjWLDsh3bGd/mtUYTLXlEaBolUhfDcuDvR
iTV6fhP8QXRq+S9Oy3ALX0U0a9e/HkjMk3xMMN7GFmZpht/kENF19u/8lPZqKJ8K
FDGFXAET+z9i44LbfD+jLeNoLLjYy3pkd3NKV1Ox84/L
-----END CERTIFICATE-----