Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1OgL-iqK_gsykU9MBNTRR4Fp5fI.roa
File:                     1OgL-iqK_gsykU9MBNTRR4Fp5fI.roa (raw, json)
Hash identifier:          vcfoao1qcz3f/SxxY/IB+4IinzFtoHbhjRNzPa7A/Uo=
Subject key identifier:   D4:E8:0B:FA:2A:8A:FE:0B:32:91:4F:4C:04:D4:D1:47:81:69:E5:F2
Certificate issuer:       /CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
Certificate serial:       019990C6F7F5CEFF95F19E62A46A3C68DA14
Authority key identifier: D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1OgL-iqK_gsykU9MBNTRR4Fp5fI.roa
Signing time:             Sun 28 Sep 2025 14:43:02 +0000
ROA not before:           Sun 28 Sep 2025 14:43:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        185.103.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:90:c6:f7:f5:ce:ff:95:f1:9e:62:a4:6a:3c:68:da:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
        Validity
            Not Before: Sep 28 14:43:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4e80bfa2a8afe0b32914f4c04d4d1478169e5f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:23:5b:c0:00:b6:e5:95:84:61:df:19:e1:d9:
                    55:c0:f9:7e:6f:1d:c6:fc:6d:89:3a:94:41:36:23:
                    99:6b:fd:a0:41:be:a5:ee:51:00:0e:c6:4e:41:78:
                    b0:f7:a1:1d:bc:f8:26:06:32:5e:94:82:da:97:37:
                    ad:79:a6:46:4a:51:d1:13:54:23:29:09:dc:b8:64:
                    24:ff:65:d0:16:7f:de:e9:38:b6:eb:53:29:5f:86:
                    d4:42:30:8b:ca:37:5b:0d:4a:1a:6f:75:73:a4:fc:
                    5b:8c:36:7f:8d:af:8f:01:6f:ee:78:e4:45:99:14:
                    24:a5:bf:1c:d0:fa:42:a0:0b:d2:55:cf:37:c7:89:
                    82:a9:a4:5d:38:54:c6:ee:03:b4:e9:44:bc:3e:7e:
                    74:73:35:c9:cc:8b:0e:13:e1:59:9b:82:33:98:40:
                    7e:8c:c6:68:ad:a8:29:06:22:72:81:a9:68:78:2e:
                    5a:3e:79:1d:d2:1c:86:97:e2:98:64:d4:4f:c6:f3:
                    82:c8:e0:bd:b7:ad:96:e9:19:4a:ed:cc:4f:46:93:
                    4a:14:56:d5:f0:c5:79:d1:03:8e:54:3c:dc:e1:c0:
                    39:e9:52:57:fd:2f:a9:9d:87:2a:8d:ca:35:61:cd:
                    3a:86:9f:1e:7e:64:ee:36:d9:3b:46:0c:d4:62:ac:
                    4f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:E8:0B:FA:2A:8A:FE:0B:32:91:4F:4C:04:D4:D1:47:81:69:E5:F2
            X509v3 Authority Key Identifier:
                keyid:D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1OgL-iqK_gsykU9MBNTRR4Fp5fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:a2:95:f2:49:db:f0:1a:a5:6e:f9:3f:60:06:04:d5:44:cc:
         f1:ce:7b:ec:11:d6:43:87:ec:71:a6:0c:59:43:ae:87:6a:2b:
         49:d7:5a:43:fa:95:4b:81:f5:14:da:11:52:52:f2:04:79:68:
         41:63:51:2b:9c:1f:0e:d2:f9:de:8c:fb:e6:e3:0c:02:dd:54:
         d3:87:e3:8d:d1:97:19:12:6f:ab:f6:92:e7:65:f1:3c:90:f8:
         2e:ef:0f:e0:41:d8:eb:dd:88:97:e0:71:d9:00:44:49:76:ee:
         fb:fb:61:e1:38:c8:38:3e:bc:00:19:6a:0e:27:ed:5e:c8:90:
         22:7f:67:9e:2d:11:8f:68:12:45:9b:3a:05:44:53:dc:3f:ab:
         90:ed:74:59:44:8a:57:2c:a5:32:ea:e3:ef:6f:94:a1:5f:6e:
         e2:8e:00:1e:fd:38:7a:d0:a5:56:67:eb:9e:3c:61:de:fb:d3:
         be:ee:88:32:64:5f:d7:34:a8:28:06:fb:29:65:fb:e6:6e:d2:
         81:52:81:bc:13:2a:18:86:0c:bd:05:5d:4b:12:ce:1f:cb:c5:
         f4:9d:98:db:3a:90:43:35:90:50:30:ef:b2:d3:4d:e0:c1:00:
         10:ea:ac:d6:0e:3f:01:d1:6a:4d:99:5f:06:9c:d8:70:1f:96:
         90:e1:2c:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmQxvf1zv+V8Z5ipGo8aNoUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MjE5ZWM3MzgzZmEwNjEwNDgwZGRmYTYyYzNmODJjNDAw
Y2Q1NmYwHhcNMjUwOTI4MTQ0MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGU4MGJmYTJhOGFmZTBiMzI5MTRmNGMwNGQ0ZDE0NzgxNjllNWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyNbwAC25ZWEYd8Z4dlVwPl+bx3G
/G2JOpRBNiOZa/2gQb6l7lEADsZOQXiw96EdvPgmBjJelILalzeteaZGSlHRE1Qj
KQncuGQk/2XQFn/e6Ti261MpX4bUQjCLyjdbDUoab3VzpPxbjDZ/ja+PAW/ueORF
mRQkpb8c0PpCoAvSVc83x4mCqaRdOFTG7gO06US8Pn50czXJzIsOE+FZm4IzmEB+
jMZoragpBiJygaloeC5aPnkd0hyGl+KYZNRPxvOCyOC9t62W6RlK7cxPRpNKFFbV
8MV50QOOVDzc4cA56VJX/S+pnYcqjco1Yc06hp8efmTuNtk7RgzUYqxPSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNToC/oqiv4LMpFPTATU0UeBaeXyMB8GA1UdIwQY
MBaAFNchnsc4P6BhBIDd+mLD+CxADNVvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4Yjct
ZDBjODJhM2NmNGI2LzEvMU9nTC1pcUtfZ3N5a1U5TUJOVFJSNEZwNWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4YjctZDBjODJhM2NmNGI2
LzEvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWcFMA0G
CSqGSIb3DQEBCwUAA4IBAQAgopXySdvwGqVu+T9gBgTVRMzxznvsEdZDh+xxpgxZ
Q66HaitJ11pD+pVLgfUU2hFSUvIEeWhBY1ErnB8O0vnejPvm4wwC3VTTh+ON0ZcZ
Em+r9pLnZfE8kPgu7w/gQdjr3YiX4HHZAERJdu77+2HhOMg4PrwAGWoOJ+1eyJAi
f2eeLRGPaBJFmzoFRFPcP6uQ7XRZRIpXLKUy6uPvb5ShX27ijgAe/Th60KVWZ+ue
PGHe+9O+7ogyZF/XNKgoBvspZfvmbtKBUoG8EyoYhgy9BV1LEs4fy8X0nZjbOpBD
NZBQMO+y003gwQAQ6qzWDj8B0WpNmV8GnNhwH5aQ4Szc
-----END CERTIFICATE-----