Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/pMSZccnz2cyq4EAmIRmDcUPtCn0.roa
File:                     pMSZccnz2cyq4EAmIRmDcUPtCn0.roa (raw, json)
Hash identifier:          rRJO86ohCtFwFSEvJg481KQrtUgLqQRd6A69YZTm2Ng=
Subject key identifier:   A4:C4:99:71:C9:F3:D9:CC:AA:E0:40:26:21:19:83:71:43:ED:0A:7D
Certificate issuer:       /CN=1efa596a3126ace029c6d70d529257e07b38ba06
Certificate serial:       01978CC44989B22FC096A3EF238BAF74595C
Authority key identifier: 1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/pMSZccnz2cyq4EAmIRmDcUPtCn0.roa
Signing time:             Fri 20 Jun 2025 09:56:03 +0000
ROA not before:           Fri 20 Jun 2025 09:56:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        128.139.4.0/24 maxlen: 24
                          128.139.6.0/24 maxlen: 24
                          128.139.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:c4:49:89:b2:2f:c0:96:a3:ef:23:8b:af:74:59:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1efa596a3126ace029c6d70d529257e07b38ba06
        Validity
            Not Before: Jun 20 09:56:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4c49971c9f3d9ccaae040262119837143ed0a7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c1:5d:14:14:44:9f:0b:bc:bb:63:8b:c5:1c:
                    15:82:b4:49:58:b4:bd:07:5e:84:b6:35:a8:10:b4:
                    ae:9e:66:fb:0d:71:42:92:b0:6e:a6:57:92:6c:c7:
                    4c:06:d4:83:ef:7c:9e:bd:1b:b1:ca:70:f6:48:a2:
                    88:15:c4:c9:94:3c:1e:15:bb:27:ab:51:76:27:a9:
                    4a:03:41:56:d2:e0:18:f3:fc:86:2b:aa:28:bc:bf:
                    9c:81:90:7c:70:8b:fe:f3:64:2f:8d:42:b0:84:8e:
                    4f:9b:af:bc:33:c0:28:22:ce:6a:d4:c1:a3:e9:e9:
                    1d:a3:39:50:c0:f6:43:3e:7e:9d:ee:50:79:0e:a3:
                    7e:5a:74:33:00:0f:5b:07:81:f8:36:77:0c:9a:90:
                    2e:71:ca:8d:03:b3:96:29:1e:a1:ee:c5:08:af:a5:
                    7d:25:a2:26:da:da:34:18:25:20:80:aa:be:01:ea:
                    d5:c4:ba:58:37:37:38:1c:35:35:03:96:74:d4:ed:
                    a4:11:99:01:1c:50:37:5a:d9:d4:3a:5b:fc:0c:37:
                    70:b2:d7:63:4f:46:d8:49:7d:d8:8e:7e:31:56:8c:
                    49:55:59:1a:28:86:d5:02:db:71:a1:37:cc:50:97:
                    33:f0:03:3b:a8:20:a3:ec:9a:ca:84:8c:1b:a8:a5:
                    84:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C4:99:71:C9:F3:D9:CC:AA:E0:40:26:21:19:83:71:43:ED:0A:7D
            X509v3 Authority Key Identifier:
                keyid:1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/pMSZccnz2cyq4EAmIRmDcUPtCn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.139.4.0/24
                  128.139.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:27:6e:4b:14:ad:7b:05:16:2e:e2:84:f1:b1:df:29:a9:6a:
         95:9e:4b:07:44:72:4b:47:cf:5b:0e:bd:e5:a4:61:d2:d7:a9:
         fd:8d:48:07:83:55:65:15:76:de:8a:11:8e:8e:5d:a8:bb:94:
         7d:bf:11:64:ac:f5:29:95:24:74:e0:33:c3:e3:17:ff:01:4b:
         3f:38:78:41:c3:8d:ce:45:5e:83:2f:a8:22:84:75:66:6e:28:
         e6:a0:1f:15:0d:57:42:aa:f4:ab:93:b9:27:b4:7d:17:c0:2d:
         02:d8:65:41:2f:d9:d5:b2:ff:9d:7d:c1:6e:03:9a:98:9e:a3:
         c9:61:89:7d:0f:74:c6:af:2a:31:b3:a7:38:6f:e7:07:4e:1f:
         fc:70:91:1a:a1:b6:fd:79:27:4d:65:35:fd:97:ac:4a:7e:a7:
         e5:34:45:4c:01:b8:2d:f4:e3:98:33:e9:68:bd:ba:a9:09:11:
         12:06:31:1a:b2:2c:7f:8f:4f:22:50:fb:58:61:cc:0e:cd:27:
         b2:2f:b5:4a:7d:8f:ad:22:25:3e:11:a6:ab:34:0b:a0:ae:dd:
         b1:16:d7:c7:94:87:28:83:96:2f:17:e2:73:65:0d:e3:7e:fb:
         bd:e5:47:a8:86:0a:d7:34:82:b1:ce:e9:0b:02:34:6d:ec:67:
         10:45:4b:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeMxEmJsi/AlqPvI4uvdFlcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZmE1OTZhMzEyNmFjZTAyOWM2ZDcwZDUyOTI1N2UwN2Iz
OGJhMDYwHhcNMjUwNjIwMDk1NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGM0OTk3MWM5ZjNkOWNjYWFlMDQwMjYyMTE5ODM3MTQzZWQwYTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MFdFBREnwu8u2OLxRwVgrRJWLS9
B16EtjWoELSunmb7DXFCkrBupleSbMdMBtSD73yevRuxynD2SKKIFcTJlDweFbsn
q1F2J6lKA0FW0uAY8/yGK6oovL+cgZB8cIv+82QvjUKwhI5Pm6+8M8AoIs5q1MGj
6ekdozlQwPZDPn6d7lB5DqN+WnQzAA9bB4H4NncMmpAuccqNA7OWKR6h7sUIr6V9
JaIm2to0GCUggKq+AerVxLpYNzc4HDU1A5Z01O2kEZkBHFA3WtnUOlv8DDdwstdj
T0bYSX3Yjn4xVoxJVVkaKIbVAttxoTfMUJcz8AM7qCCj7JrKhIwbqKWEBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKTEmXHJ89nMquBAJiEZg3FD7Qp9MB8GA1UdIwQY
MBaAFB76WWoxJqzgKcbXDVKSV+B7OLoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODIt
OWQwYzYyMDczNWYxLzEvcE1TWmNjbnoyY3lxNEVBbUlSbURjVVB0Q24wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODItOWQwYzYyMDczNWYx
LzEvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAgIsEAwQB
gIsGMA0GCSqGSIb3DQEBCwUAA4IBAQCBJ25LFK17BRYu4oTxsd8pqWqVnksHRHJL
R89bDr3lpGHS16n9jUgHg1VlFXbeihGOjl2ou5R9vxFkrPUplSR04DPD4xf/AUs/
OHhBw43ORV6DL6gihHVmbijmoB8VDVdCqvSrk7kntH0XwC0C2GVBL9nVsv+dfcFu
A5qYnqPJYYl9D3TGryoxs6c4b+cHTh/8cJEaobb9eSdNZTX9l6xKfqflNEVMAbgt
9OOYM+lovbqpCRESBjEasix/j08iUPtYYcwOzSeyL7VKfY+tIiU+EaarNAugrt2x
FtfHlIcog5YvF+JzZQ3jfvu95UeohgrXNIKxzukLAjRt7GcQRUsw
-----END CERTIFICATE-----