Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/alTqKCifeNo8zsCZr-YIcnFDs1s.roa
File:                     alTqKCifeNo8zsCZr-YIcnFDs1s.roa (raw, json)
Hash identifier:          A5XRsrPwHMcGGnnn+HZF9XSr7qQ3yX70hbfMq73Ias0=
Subject key identifier:   6A:54:EA:28:28:9F:78:DA:3C:CE:C0:99:AF:E6:08:72:71:43:B3:5B
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0197A10401948168C17607BAD4D942B20E93
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/alTqKCifeNo8zsCZr-YIcnFDs1s.roa
Signing time:             Tue 24 Jun 2025 08:18:03 +0000
ROA not before:           Tue 24 Jun 2025 08:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10753
IP address blocks:        194.102.120.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a1:04:01:94:81:68:c1:76:07:ba:d4:d9:42:b2:0e:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jun 24 08:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a54ea28289f78da3ccec099afe608727143b35b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3c:19:e7:b1:43:10:b5:75:a7:2e:03:f5:8c:
                    be:63:2d:fa:ce:e6:60:04:cb:c1:80:25:00:d2:b3:
                    2d:cd:7c:fa:bc:fe:c4:6c:38:2b:25:de:34:fa:90:
                    de:69:47:ca:0b:39:84:72:b4:68:a0:53:8f:c7:c5:
                    b1:f5:47:c3:94:16:ca:9a:76:46:d9:17:21:69:cd:
                    e9:05:f5:d1:cd:8b:84:4a:19:a5:bc:9d:b6:17:86:
                    2b:48:ff:58:0e:0b:29:81:d0:c9:c3:07:f4:0a:01:
                    ec:19:a1:b3:1b:66:82:85:41:75:19:f3:96:6f:84:
                    5c:c1:2b:67:5d:4a:b2:35:30:e8:8a:db:b7:c8:cc:
                    55:5f:ec:01:72:b2:5e:b3:58:40:65:36:bf:28:5b:
                    3d:52:68:7c:7f:d0:e4:e8:f4:47:a2:13:50:11:c4:
                    e7:4b:91:68:d2:48:8d:26:cb:e5:71:1f:19:5e:d5:
                    31:3c:2d:9d:66:ea:18:0a:e8:ab:e0:df:9b:ac:cf:
                    89:e0:72:4a:ac:7d:a5:b4:42:d3:88:c7:b5:c6:c2:
                    8e:78:96:5d:38:8c:14:c6:24:4a:66:05:07:d0:14:
                    55:b7:d8:f8:85:e1:8b:02:86:0f:38:1f:38:7a:d9:
                    d8:dc:b1:87:84:65:63:4c:6f:c5:24:c4:60:72:0c:
                    bf:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:54:EA:28:28:9F:78:DA:3C:CE:C0:99:AF:E6:08:72:71:43:B3:5B
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/alTqKCifeNo8zsCZr-YIcnFDs1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:ca:33:4b:88:8c:b9:22:f7:c3:aa:aa:d6:1e:95:57:cc:39:
         6a:6a:01:74:1f:75:d2:90:cd:ac:2d:29:d3:d0:27:77:ca:6d:
         5f:8d:49:ef:36:ff:e7:b8:74:04:26:06:4e:55:4d:7e:51:24:
         22:cc:0e:e2:76:0d:b4:c5:a0:b8:ea:1f:63:96:f5:5e:e4:e9:
         b8:30:e3:e9:10:0a:f6:27:0f:22:89:91:1a:07:99:53:04:7d:
         78:fc:23:fe:e1:12:98:53:07:81:5b:32:1d:00:ce:2b:ea:c6:
         fa:f9:a0:84:cd:61:07:f9:65:ed:55:df:0e:01:af:af:72:99:
         53:79:fd:1c:2d:6a:4a:7d:44:9f:2b:59:18:95:ae:10:c0:96:
         16:7a:6b:8d:3b:95:91:ce:b0:22:5d:60:c2:3a:bd:cb:28:df:
         9a:01:98:5e:cd:cb:a7:40:45:99:b6:60:0e:14:63:21:ae:63:
         96:6a:c8:86:b3:b2:de:b5:bf:8f:3c:1a:f8:a6:31:c1:34:ce:
         d5:5b:0f:04:11:83:1d:f5:2b:7a:5b:e0:ba:39:cb:18:a9:0c:
         23:9a:b8:58:ff:2f:7b:23:b8:82:fc:bc:f9:a3:c9:32:fc:cd:
         81:9e:de:a5:8c:4f:64:1b:4a:fd:ea:ae:6d:aa:74:3c:97:9e:
         25:7b:91:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZehBAGUgWjBdge61NlCsg6TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwNjI0MDgxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTU0ZWEyODI4OWY3OGRhM2NjZWMwOTlhZmU2MDg3MjcxNDNiMzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDwZ57FDELV1py4D9Yy+Yy36zuZg
BMvBgCUA0rMtzXz6vP7EbDgrJd40+pDeaUfKCzmEcrRooFOPx8Wx9UfDlBbKmnZG
2Rchac3pBfXRzYuEShmlvJ22F4YrSP9YDgspgdDJwwf0CgHsGaGzG2aChUF1GfOW
b4RcwStnXUqyNTDoitu3yMxVX+wBcrJes1hAZTa/KFs9Umh8f9Dk6PRHohNQEcTn
S5Fo0kiNJsvlcR8ZXtUxPC2dZuoYCuir4N+brM+J4HJKrH2ltELTiMe1xsKOeJZd
OIwUxiRKZgUH0BRVt9j4heGLAoYPOB84etnY3LGHhGVjTG/FJMRgcgy/RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGpU6igon3jaPM7Ama/mCHJxQ7NbMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvYWxUcUtDaWZlTm84enNDWnItWUljbkZEczFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmZ4MA0G
CSqGSIb3DQEBCwUAA4IBAQAjyjNLiIy5IvfDqqrWHpVXzDlqagF0H3XSkM2sLSnT
0Cd3ym1fjUnvNv/nuHQEJgZOVU1+USQizA7idg20xaC46h9jlvVe5Om4MOPpEAr2
Jw8iiZEaB5lTBH14/CP+4RKYUweBWzIdAM4r6sb6+aCEzWEH+WXtVd8OAa+vcplT
ef0cLWpKfUSfK1kYla4QwJYWemuNO5WRzrAiXWDCOr3LKN+aAZhezcunQEWZtmAO
FGMhrmOWasiGs7Letb+PPBr4pjHBNM7VWw8EEYMd9St6W+C6OcsYqQwjmrhY/y97
I7iC/Lz5o8ky/M2Bnt6ljE9kG0r96q5tqnQ8l54le5Fv
-----END CERTIFICATE-----