Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/0A7YmzuBMp3AnzV7uyObYfuJA-I.roa
File:                     0A7YmzuBMp3AnzV7uyObYfuJA-I.roa (raw, json)
Hash identifier:          7fXqAOKC5Q/vz61tqbSnvN/llglRyFYHrN6Bf9NPAuw=
Subject key identifier:   D0:0E:D8:9B:3B:81:32:9D:C0:9F:35:7B:BB:23:9B:61:FB:89:03:E2
Certificate issuer:       /CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
Certificate serial:       01988D8B789834BB0AFE50A75D05B8F82D40
Authority key identifier: 83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/0A7YmzuBMp3AnzV7uyObYfuJA-I.roa
Signing time:             Sat 09 Aug 2025 06:36:24 +0000
ROA not before:           Sat 09 Aug 2025 06:36:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44559
IP address blocks:        176.100.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8d:8b:78:98:34:bb:0a:fe:50:a7:5d:05:b8:f8:2d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
        Validity
            Not Before: Aug  9 06:36:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d00ed89b3b81329dc09f357bbb239b61fb8903e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c6:e6:e5:c8:c3:85:65:98:df:03:b5:65:98:
                    42:5e:74:f2:3a:fe:2c:50:6b:2c:55:07:ac:cb:4c:
                    1f:27:6b:4a:65:86:01:65:db:3b:83:79:ac:61:97:
                    a9:94:46:cc:19:aa:83:50:20:27:cf:8f:44:61:ea:
                    57:2a:fb:49:21:6b:bb:5b:7c:7e:3c:ff:dd:02:23:
                    f4:5e:10:39:e8:e8:25:8a:ae:50:47:d0:a4:33:6e:
                    7c:2e:ae:2e:0d:17:36:31:33:fb:d7:20:46:80:1a:
                    2a:b7:3a:92:98:23:11:f5:9a:7e:a3:f8:26:0b:82:
                    00:c5:41:30:84:5c:ec:84:a7:f0:bc:71:32:61:b7:
                    9b:38:86:3b:81:eb:f1:ce:a5:c9:33:5a:8d:3f:dd:
                    e7:11:a1:69:ec:7c:25:2c:d1:ae:40:33:ce:2f:b3:
                    61:d6:75:ba:af:a9:a7:96:7c:76:e7:9b:31:b1:05:
                    ff:9f:b4:0d:39:2a:db:fd:52:34:58:4d:82:29:d7:
                    6d:23:31:b1:be:38:8e:e4:f7:60:37:18:b5:db:0b:
                    d9:30:52:8c:bb:08:c7:1c:46:5e:d8:8f:a2:48:3f:
                    41:36:39:8d:98:e6:88:35:01:1a:83:71:0e:95:e5:
                    9e:db:16:20:40:e7:b2:e2:17:ab:e5:cf:11:6f:c9:
                    10:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:0E:D8:9B:3B:81:32:9D:C0:9F:35:7B:BB:23:9B:61:FB:89:03:E2
            X509v3 Authority Key Identifier:
                keyid:83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/0A7YmzuBMp3AnzV7uyObYfuJA-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:99:ee:7e:13:1c:78:c9:24:e4:a5:75:24:7b:b3:56:e8:8c:
         6f:4b:a8:82:2f:4e:af:9c:36:86:83:23:38:d0:b0:9a:69:79:
         1a:a5:a5:3e:9f:cb:5e:54:0b:1e:62:21:c3:9f:b0:d3:fa:59:
         1f:93:a1:e5:89:3c:72:dd:7d:a2:2d:3d:65:fe:da:3e:02:6e:
         f2:2d:a7:f7:cc:62:f3:8d:b1:07:8e:b6:99:01:b4:bb:2b:53:
         d6:51:6e:36:d1:a6:48:28:10:39:df:79:22:eb:72:b7:e7:d6:
         2d:ec:99:d3:0b:26:ec:45:6d:29:2b:c9:03:b6:24:06:0c:f6:
         63:6a:18:0d:d4:34:8b:1e:47:4f:45:8c:e8:bc:f6:5f:81:06:
         ad:c9:c9:52:7a:e1:b4:85:e4:f3:70:17:04:e4:2d:20:c7:b9:
         e3:71:80:4d:2c:9d:05:f4:eb:b5:95:95:89:b5:dc:ae:0d:89:
         41:4e:c4:54:3a:6a:fd:3e:07:31:b0:09:af:ba:89:35:06:36:
         96:f3:b6:0f:a7:fb:3b:8f:75:c2:34:c7:2b:7a:0e:6d:94:d9:
         65:0c:27:37:76:60:56:c6:07:8c:79:f8:c5:b1:19:26:87:c6:
         8a:83:e2:bd:f5:99:dd:a8:03:e0:02:8e:68:e4:2b:9a:46:eb:
         4c:c3:5c:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiNi3iYNLsK/lCnXQW4+C1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZjM2YjBhZGVlNmNiNTUxODc2M2I1YmM4ZWFhM2Q0MWYy
M2U5MzgwHhcNMjUwODA5MDYzNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDBlZDg5YjNiODEzMjlkYzA5ZjM1N2JiYjIzOWI2MWZiODkwM2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMbm5cjDhWWY3wO1ZZhCXnTyOv4s
UGssVQesy0wfJ2tKZYYBZds7g3msYZeplEbMGaqDUCAnz49EYepXKvtJIWu7W3x+
PP/dAiP0XhA56Ogliq5QR9CkM258Lq4uDRc2MTP71yBGgBoqtzqSmCMR9Zp+o/gm
C4IAxUEwhFzshKfwvHEyYbebOIY7gevxzqXJM1qNP93nEaFp7HwlLNGuQDPOL7Nh
1nW6r6mnlnx255sxsQX/n7QNOSrb/VI0WE2CKddtIzGxvjiO5PdgNxi12wvZMFKM
uwjHHEZe2I+iSD9BNjmNmOaINQEag3EOleWe2xYgQOey4her5c8Rb8kQ7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAO2Js7gTKdwJ81e7sjm2H7iQPiMB8GA1UdIwQY
MBaAFIPzawre5stVGHY7W8jqo9QfI+k4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGIt
YWY2NGYzZmEyNDU5LzEvMEE3WW16dUJNcDNBbnpWN3V5T2JZZnVKQS1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGItYWY2NGYzZmEyNDU5
LzEvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGSTMA0G
CSqGSIb3DQEBCwUAA4IBAQAhme5+Exx4ySTkpXUke7NW6IxvS6iCL06vnDaGgyM4
0LCaaXkapaU+n8teVAseYiHDn7DT+lkfk6HliTxy3X2iLT1l/to+Am7yLaf3zGLz
jbEHjraZAbS7K1PWUW420aZIKBA533ki63K359Yt7JnTCybsRW0pK8kDtiQGDPZj
ahgN1DSLHkdPRYzovPZfgQatyclSeuG0heTzcBcE5C0gx7njcYBNLJ0F9Ou1lZWJ
tdyuDYlBTsRUOmr9PgcxsAmvuok1BjaW87YPp/s7j3XCNMcreg5tlNllDCc3dmBW
xgeMefjFsRkmh8aKg+K99ZndqAPgAo5o5CuaRutMw1yJ
-----END CERTIFICATE-----