Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/yCdRlY1dy91_yoXt5TFoEdJrw-o.roa
File:                     yCdRlY1dy91_yoXt5TFoEdJrw-o.roa (raw, json)
Hash identifier:          KareyGqAsZ0sDsSq6dTpkWiy0kkcW1Zx+0QaG17jqGs=
Subject key identifier:   C8:27:51:95:8D:5D:CB:DD:7F:CA:85:ED:E5:31:68:11:D2:6B:C3:EA
Certificate issuer:       /CN=4ca66f3c0f25774e696d2a46723277eb961128c3
Certificate serial:       0198CE5C2D908F5066680C78DADD42AC994C
Authority key identifier: 4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/yCdRlY1dy91_yoXt5TFoEdJrw-o.roa
Signing time:             Thu 21 Aug 2025 20:40:04 +0000
ROA not before:           Thu 21 Aug 2025 20:40:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150179
IP address blocks:        176.65.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ce:5c:2d:90:8f:50:66:68:0c:78:da:dd:42:ac:99:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca66f3c0f25774e696d2a46723277eb961128c3
        Validity
            Not Before: Aug 21 20:40:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c82751958d5dcbdd7fca85ede5316811d26bc3ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5f:89:5e:c3:f2:5f:27:04:64:6d:be:f8:51:
                    89:a6:c9:e9:38:fa:38:79:20:33:89:ba:22:44:13:
                    75:ae:f1:35:23:d5:d5:20:91:68:21:73:b0:53:d5:
                    7b:38:2f:f3:86:77:bf:4d:04:70:b3:54:fb:63:a5:
                    37:46:c1:bf:c9:ee:d6:a6:41:82:b4:57:0c:57:ec:
                    f5:06:97:6d:26:61:8f:a7:e6:a7:d5:7c:c2:8e:c5:
                    ef:f0:d5:d5:23:e4:98:2e:16:99:06:ae:6e:86:75:
                    06:54:9a:1f:4c:a2:2f:76:ca:f8:b9:9f:8d:f4:11:
                    86:e9:8f:be:2d:be:68:64:ae:83:29:d9:89:50:a4:
                    69:72:bb:f4:ad:5e:e3:3a:76:de:28:fb:ae:f2:5c:
                    57:4c:31:fb:5f:9c:72:dd:2e:c7:cb:55:73:bb:0b:
                    15:ff:9b:ab:8b:80:33:67:48:f9:75:b4:b5:e2:3f:
                    10:3e:8a:db:3f:65:25:df:dc:0b:02:1b:e3:1b:6e:
                    e3:08:00:9e:d6:d5:b4:4c:fd:15:0f:3c:db:9e:e6:
                    8d:1d:58:db:88:09:4f:2f:33:49:03:e4:dd:d4:12:
                    26:8e:9b:d9:41:44:87:59:04:ec:b3:19:05:75:e1:
                    ca:b0:72:ac:09:ee:d5:6c:a5:73:46:9a:30:a9:d6:
                    bf:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:27:51:95:8D:5D:CB:DD:7F:CA:85:ED:E5:31:68:11:D2:6B:C3:EA
            X509v3 Authority Key Identifier:
                keyid:4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/yCdRlY1dy91_yoXt5TFoEdJrw-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.65.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:15:5a:ac:9b:e0:46:82:2c:98:97:cc:c0:07:b4:c0:46:d3:
         ad:9f:39:8a:74:24:33:57:6f:95:c7:9a:01:27:d1:4b:1f:61:
         3c:05:86:59:ed:5b:3d:95:7e:06:b6:1f:43:3c:71:3a:2b:81:
         55:0b:b4:a9:d0:70:de:1f:b9:56:3c:b9:29:55:b2:0c:12:2b:
         3c:8a:93:b0:75:01:79:88:14:cb:e7:45:1d:31:41:9c:48:95:
         66:74:3e:47:53:30:ab:15:3c:a7:a5:7d:34:b6:85:b1:44:8b:
         94:3b:9f:e4:d5:b1:8d:06:1e:3f:9c:2e:16:1d:35:92:df:2d:
         00:75:dd:0b:e5:be:a2:f5:24:07:00:1e:15:d9:74:68:36:f8:
         43:45:55:dc:d9:51:60:bb:c9:53:69:f4:11:24:51:cf:b1:5a:
         ee:32:69:4d:12:19:03:6c:81:83:e7:e9:3f:ef:23:ef:8d:3a:
         b5:7c:75:04:e5:bb:7c:1a:ec:d6:c9:7c:d3:ad:a0:8d:26:a5:
         70:44:71:ad:01:38:0b:87:63:b1:d1:64:93:fe:f2:c9:ee:f9:
         21:5a:60:d8:81:b9:c7:41:a2:6b:99:73:08:b5:70:bf:46:a0:
         e8:cd:66:4f:b3:a0:a7:88:a3:9a:07:a9:97:f3:97:bf:0d:6e:
         0b:1d:06:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjOXC2Qj1BmaAx42t1CrJlMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTY2ZjNjMGYyNTc3NGU2OTZkMmE0NjcyMzI3N2ViOTYx
MTI4YzMwHhcNMjUwODIxMjA0MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODI3NTE5NThkNWRjYmRkN2ZjYTg1ZWRlNTMxNjgxMWQyNmJjM2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvl+JXsPyXycEZG2++FGJpsnpOPo4
eSAziboiRBN1rvE1I9XVIJFoIXOwU9V7OC/zhne/TQRws1T7Y6U3RsG/ye7WpkGC
tFcMV+z1BpdtJmGPp+an1XzCjsXv8NXVI+SYLhaZBq5uhnUGVJofTKIvdsr4uZ+N
9BGG6Y++Lb5oZK6DKdmJUKRpcrv0rV7jOnbeKPuu8lxXTDH7X5xy3S7Hy1VzuwsV
/5uri4AzZ0j5dbS14j8QPorbP2Ul39wLAhvjG27jCACe1tW0TP0VDzzbnuaNHVjb
iAlPLzNJA+Td1BImjpvZQUSHWQTssxkFdeHKsHKsCe7VbKVzRpowqda/hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgnUZWNXcvdf8qF7eUxaBHSa8PqMB8GA1UdIwQY
MBaAFEymbzwPJXdOaW0qRnIyd+uWESjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUt
MzE5YjBjODc0NDQwLzEveUNkUmxZMWR5OTFfeW9YdDVURm9FZEpydy1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUtMzE5YjBjODc0NDQw
LzEvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsEGJMA0G
CSqGSIb3DQEBCwUAA4IBAQAPFVqsm+BGgiyYl8zAB7TARtOtnzmKdCQzV2+Vx5oB
J9FLH2E8BYZZ7Vs9lX4Gth9DPHE6K4FVC7Sp0HDeH7lWPLkpVbIMEis8ipOwdQF5
iBTL50UdMUGcSJVmdD5HUzCrFTynpX00toWxRIuUO5/k1bGNBh4/nC4WHTWS3y0A
dd0L5b6i9SQHAB4V2XRoNvhDRVXc2VFgu8lTafQRJFHPsVruMmlNEhkDbIGD5+k/
7yPvjTq1fHUE5bt8GuzWyXzTraCNJqVwRHGtATgLh2Ox0WST/vLJ7vkhWmDYgbnH
QaJrmXMItXC/RqDozWZPs6CniKOaB6mX85e/DW4LHQYH
-----END CERTIFICATE-----