Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/0FgHZM9vUb9uHoeAiu2mjryWiLE.roa
File:                     0FgHZM9vUb9uHoeAiu2mjryWiLE.roa (raw, json)
Hash identifier:          dSibnUywbm1CQv567gr5v4918RVbBUJM+DaWTjbZmyw=
Subject key identifier:   D0:58:07:64:CF:6F:51:BF:6E:1E:87:80:8A:ED:A6:8E:BC:96:88:B1
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0198C0BDD9A4804C8E77B9A2B4DA91BFDE75
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/0FgHZM9vUb9uHoeAiu2mjryWiLE.roa
Signing time:             Tue 19 Aug 2025 05:12:04 +0000
ROA not before:           Tue 19 Aug 2025 05:12:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214309
IP address blocks:        5.178.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c0:bd:d9:a4:80:4c:8e:77:b9:a2:b4:da:91:bf:de:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Aug 19 05:12:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0580764cf6f51bf6e1e87808aeda68ebc9688b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:36:41:41:3c:9e:42:53:a8:cf:32:8b:2e:57:
                    76:e1:1f:cc:79:99:66:1e:11:54:bf:1f:34:51:8d:
                    93:b5:17:7f:1c:5b:de:4c:de:a6:1e:5f:3a:96:ae:
                    b4:c4:a0:dc:ce:b7:fa:7b:03:d9:37:21:69:92:b7:
                    e9:ef:c2:6d:16:5e:8f:f5:d1:46:81:22:e3:b2:55:
                    f1:10:62:af:30:da:f6:b7:44:00:1c:fc:34:4f:dc:
                    24:26:74:25:5b:62:55:b0:16:b1:63:b9:29:26:2d:
                    a2:86:0f:e0:f9:70:f4:a7:78:1a:39:5b:06:8e:ca:
                    22:cb:cf:77:be:b3:aa:f9:97:6f:5c:c6:4e:59:1f:
                    4a:ef:c5:13:0e:10:f9:47:b1:be:ac:f8:c1:4f:c2:
                    fe:71:62:21:94:a9:08:07:c2:13:13:20:63:29:9a:
                    70:90:8c:ec:22:19:85:a0:e3:31:a7:07:bb:f5:b8:
                    b0:0a:bb:b6:b2:00:f7:9b:af:0e:3b:0a:cf:dc:15:
                    88:02:29:2e:d0:71:6c:72:f3:5f:55:b7:5f:73:0a:
                    d2:89:7b:e0:b1:01:51:96:74:a0:50:72:fa:89:44:
                    6c:84:40:7e:01:c8:20:37:cd:5b:c0:b7:ff:49:4a:
                    d1:d6:32:ee:5c:97:d6:d5:e4:9a:3b:79:ba:f4:88:
                    8c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:58:07:64:CF:6F:51:BF:6E:1E:87:80:8A:ED:A6:8E:BC:96:88:B1
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/0FgHZM9vUb9uHoeAiu2mjryWiLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:a0:29:4d:30:63:70:6a:d8:fe:09:9c:4f:65:3e:1e:b4:16:
         db:c3:89:d8:48:ef:5f:bb:28:41:14:ca:f3:c8:80:1e:76:c5:
         74:e0:be:7a:2b:19:75:95:9c:ca:28:54:ae:b0:f3:eb:f0:7d:
         75:c6:79:18:8d:98:65:45:7a:40:e0:7e:9a:52:55:05:e5:3b:
         23:aa:7b:5f:c1:87:ac:16:ee:cd:5d:7e:8e:b1:96:92:f2:37:
         d6:2c:38:0e:52:62:7a:d7:20:ca:79:13:7d:1c:aa:08:2f:9d:
         f3:e7:a4:e8:98:2a:f3:e1:08:fc:f9:3a:c1:5e:27:68:25:9c:
         4b:a9:3c:48:f4:3f:84:2b:da:7a:5e:75:98:e1:c5:0e:d6:93:
         e2:49:f2:84:28:30:e4:d1:0d:f4:a3:9a:3b:fb:ed:d8:d3:17:
         d0:b9:46:69:1d:91:f1:fa:82:28:78:85:15:9e:73:4e:22:70:
         72:df:d6:7b:e2:cb:d8:37:ef:55:59:50:c6:83:4f:2f:02:67:
         13:de:de:fa:33:96:b1:b5:db:03:f3:9b:68:40:9a:a0:b1:a7:
         99:ff:b5:e7:0b:7d:ec:a0:f0:3e:14:9c:e6:61:46:fd:ab:2e:
         d8:ee:cf:a2:dc:cb:11:e4:0e:ef:b2:4b:39:dc:cf:47:97:8b:
         f6:80:df:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjAvdmkgEyOd7mitNqRv951MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwODE5MDUxMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDU4MDc2NGNmNmY1MWJmNmUxZTg3ODA4YWVkYTY4ZWJjOTY4OGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDZBQTyeQlOozzKLLld24R/MeZlm
HhFUvx80UY2TtRd/HFveTN6mHl86lq60xKDczrf6ewPZNyFpkrfp78JtFl6P9dFG
gSLjslXxEGKvMNr2t0QAHPw0T9wkJnQlW2JVsBaxY7kpJi2ihg/g+XD0p3gaOVsG
jsoiy893vrOq+ZdvXMZOWR9K78UTDhD5R7G+rPjBT8L+cWIhlKkIB8ITEyBjKZpw
kIzsIhmFoOMxpwe79biwCru2sgD3m68OOwrP3BWIAiku0HFscvNfVbdfcwrSiXvg
sQFRlnSgUHL6iURshEB+AcggN81bwLf/SUrR1jLuXJfW1eSaO3m69IiMWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBYB2TPb1G/bh6HgIrtpo68loixMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvMEZnSFpNOXZVYjl1SG9lQWl1Mm1qcnlXaUxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJtMA0G
CSqGSIb3DQEBCwUAA4IBAQB/oClNMGNwatj+CZxPZT4etBbbw4nYSO9fuyhBFMrz
yIAedsV04L56Kxl1lZzKKFSusPPr8H11xnkYjZhlRXpA4H6aUlUF5TsjqntfwYes
Fu7NXX6OsZaS8jfWLDgOUmJ61yDKeRN9HKoIL53z56TomCrz4Qj8+TrBXidoJZxL
qTxI9D+EK9p6XnWY4cUO1pPiSfKEKDDk0Q30o5o7++3Y0xfQuUZpHZHx+oIoeIUV
nnNOInBy39Z74svYN+9VWVDGg08vAmcT3t76M5axtdsD85toQJqgsaeZ/7XnC33s
oPA+FJzmYUb9qy7Y7s+i3MsR5A7vsks53M9Hl4v2gN/y
-----END CERTIFICATE-----