Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wQhCVa6kxF84UrscGm1O3MaIA_g.roa
File:                     wQhCVa6kxF84UrscGm1O3MaIA_g.roa (raw, json)
Hash identifier:          jaQ+TCeQJH6JAZzvlGuSlhegaajAIQpSwB/bRRpl2XU=
Subject key identifier:   C1:08:42:55:AE:A4:C4:5F:38:52:BB:1C:1A:6D:4E:DC:C6:88:03:F8
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       0198A760549490BA6705D9FABEBFEE29D2CE
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wQhCVa6kxF84UrscGm1O3MaIA_g.roa
Signing time:             Thu 14 Aug 2025 06:59:24 +0000
ROA not before:           Thu 14 Aug 2025 06:59:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     996
IP address blocks:        159.148.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 22:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:60:54:94:90:ba:67:05:d9:fa:be:bf:ee:29:d2:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Aug 14 06:59:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1084255aea4c45f3852bb1c1a6d4edcc68803f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:37:10:05:e1:a6:0b:db:a5:a6:8c:ec:3f:f9:
                    de:7d:f6:75:32:ee:be:9e:c0:22:fa:5c:6e:33:48:
                    51:62:2c:a0:da:b9:8f:39:e1:a3:39:31:e1:d3:19:
                    a5:51:07:e2:49:8b:69:88:f6:16:f3:2f:44:59:c2:
                    2a:49:0f:4a:55:f4:1e:82:5f:b2:b7:c5:df:e7:b4:
                    96:3c:ac:0a:eb:58:b1:f4:29:87:6a:db:bb:b4:7f:
                    c3:86:1e:c1:71:c1:b4:cc:84:9a:0e:b2:d8:b3:1e:
                    0c:43:ab:20:a7:c6:cc:53:e1:5b:48:fc:32:56:df:
                    58:3c:95:6a:ef:11:56:d2:65:38:6c:a1:6b:24:7f:
                    3d:21:f6:b0:60:38:18:f0:56:9e:72:8f:91:00:3f:
                    dc:db:d4:44:db:66:77:57:5f:a2:42:42:b3:d5:d2:
                    ef:67:ce:67:55:bf:56:dc:68:f6:ca:e3:1e:79:80:
                    80:f1:2b:45:95:14:4c:0a:45:f3:73:26:b8:ee:23:
                    5f:60:a0:6c:93:61:0f:d4:e8:f3:e5:a3:49:3b:fb:
                    28:66:e6:e2:d7:44:a2:5b:eb:c3:a4:26:10:ea:ef:
                    6d:da:f2:f3:22:fc:5f:0e:5f:2f:0b:4d:ed:7b:ff:
                    3a:12:c0:f1:d0:53:74:e4:7e:cb:90:e6:0d:77:a7:
                    9e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:08:42:55:AE:A4:C4:5F:38:52:BB:1C:1A:6D:4E:DC:C6:88:03:F8
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wQhCVa6kxF84UrscGm1O3MaIA_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:d4:36:eb:34:78:14:0b:a8:53:eb:ec:04:88:d1:2e:3a:61:
         d0:4e:8e:73:9e:d3:3b:3f:c6:58:7d:e8:e6:33:b0:2f:f3:52:
         b3:7e:7c:f9:5e:b5:7f:1f:1d:96:6d:35:28:e6:f6:e4:a3:bf:
         5d:71:f1:56:02:54:e9:81:af:75:63:e6:b0:8d:bb:da:ff:1a:
         3f:bb:15:50:a8:e1:e8:a3:c7:06:22:c3:a3:d3:85:79:cd:29:
         da:be:f4:20:5c:5b:bf:f8:67:4d:c7:d3:3a:47:db:42:5a:5d:
         21:0a:7d:ec:1e:aa:b7:72:01:26:d7:1b:6c:47:42:7b:67:ee:
         5a:97:3b:cf:c9:f4:e7:cb:3c:c4:d4:19:d6:42:2f:51:9b:05:
         b6:b2:90:97:fe:d4:21:f7:c3:76:5d:b3:88:2e:8f:25:7c:4d:
         01:19:3f:5c:0f:95:79:81:2d:26:0f:1c:a9:11:92:4e:a8:a4:
         3a:e9:c9:0a:42:29:fc:7f:cf:86:12:81:ee:d7:1c:5f:85:d8:
         aa:de:62:91:a5:2d:20:3c:78:67:54:61:18:a7:53:07:6d:3d:
         51:c8:fa:90:8c:f9:88:4d:ec:c6:db:b9:a9:94:e8:7d:d3:30:
         ef:4e:7f:cc:c2:5e:2f:1a:7b:62:ec:bd:6c:35:c1:68:b9:74:
         ca:db:14:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZinYFSUkLpnBdn6vr/uKdLOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwODE0MDY1OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTA4NDI1NWFlYTRjNDVmMzg1MmJiMWMxYTZkNGVkY2M2ODgwM2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzcQBeGmC9ulpozsP/neffZ1Mu6+
nsAi+lxuM0hRYiyg2rmPOeGjOTHh0xmlUQfiSYtpiPYW8y9EWcIqSQ9KVfQegl+y
t8Xf57SWPKwK61ix9CmHatu7tH/Dhh7BccG0zISaDrLYsx4MQ6sgp8bMU+FbSPwy
Vt9YPJVq7xFW0mU4bKFrJH89IfawYDgY8Faeco+RAD/c29RE22Z3V1+iQkKz1dLv
Z85nVb9W3Gj2yuMeeYCA8StFlRRMCkXzcya47iNfYKBsk2EP1Ojz5aNJO/soZubi
10SiW+vDpCYQ6u9t2vLzIvxfDl8vC03te/86EsDx0FN05H7LkOYNd6ee7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEIQlWupMRfOFK7HBptTtzGiAP4MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvd1FoQ1ZhNmt4Rjg0VXJzY0dtMU8zTWFJQV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5T1MA0G
CSqGSIb3DQEBCwUAA4IBAQCI1DbrNHgUC6hT6+wEiNEuOmHQTo5zntM7P8ZYfejm
M7Av81Kzfnz5XrV/Hx2WbTUo5vbko79dcfFWAlTpga91Y+awjbva/xo/uxVQqOHo
o8cGIsOj04V5zSnavvQgXFu/+GdNx9M6R9tCWl0hCn3sHqq3cgEm1xtsR0J7Z+5a
lzvPyfTnyzzE1BnWQi9RmwW2spCX/tQh98N2XbOILo8lfE0BGT9cD5V5gS0mDxyp
EZJOqKQ66ckKQin8f8+GEoHu1xxfhdiq3mKRpS0gPHhnVGEYp1MHbT1RyPqQjPmI
TezG27mplOh90zDvTn/Mwl4vGnti7L1sNcFouXTK2xQc
-----END CERTIFICATE-----