Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/oDYht5WNFMxT4sfzVWahtOBNgl8.roa
File:                     oDYht5WNFMxT4sfzVWahtOBNgl8.roa (raw, json)
Hash identifier:          4hzDVibyG3EqU8r1GZL8mr4iVORi5bVTwiads+GorvI=
Subject key identifier:   A0:36:21:B7:95:8D:14:CC:53:E2:C7:F3:55:66:A1:B4:E0:4D:82:5F
Certificate issuer:       /CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
Certificate serial:       019898C0BBEE77D8AB284CB4B0E84BB9BA9B
Authority key identifier: 83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/oDYht5WNFMxT4sfzVWahtOBNgl8.roa
Signing time:             Mon 11 Aug 2025 10:50:24 +0000
ROA not before:           Mon 11 Aug 2025 10:50:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209372
IP address blocks:        176.100.128.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:c0:bb:ee:77:d8:ab:28:4c:b4:b0:e8:4b:b9:ba:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
        Validity
            Not Before: Aug 11 10:50:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a03621b7958d14cc53e2c7f35566a1b4e04d825f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bd:a3:4d:6d:16:d6:84:a8:e8:26:7e:e0:62:
                    d6:4d:fb:2e:60:26:e0:d2:9f:f5:bf:df:51:d9:0e:
                    90:e3:83:e7:d3:71:20:d2:c9:46:a2:11:e5:e9:fa:
                    b9:fd:6f:f5:fa:bb:65:de:bc:88:ec:a0:09:f7:f2:
                    54:1b:44:68:fe:9e:9a:01:b5:42:91:42:4c:9d:ac:
                    70:fd:40:01:7a:38:1d:59:8f:db:7a:d2:d2:59:61:
                    20:20:c6:4b:36:96:3b:7b:f7:cd:c6:d3:59:6f:a7:
                    dd:d1:e7:3a:4c:41:bd:44:b1:78:8e:20:f7:cd:26:
                    3f:d9:ea:54:d4:c9:26:53:59:60:7d:74:33:a6:5c:
                    82:cd:50:b6:ce:74:ce:b6:09:f2:e9:f7:69:fb:08:
                    80:89:53:49:03:ab:26:c8:c7:4c:de:0a:e7:58:cf:
                    c8:4f:8b:17:a8:17:66:0a:eb:15:61:e9:86:d7:9c:
                    be:d4:42:74:aa:b3:95:40:3d:bf:7c:77:08:2b:43:
                    b8:b4:67:9d:b7:e7:a2:ea:65:7d:ae:a9:8b:ba:9b:
                    ca:f6:72:77:ad:35:00:d4:be:8f:6a:08:f3:b9:1e:
                    33:6b:57:a9:41:8d:69:18:28:11:64:70:b8:12:8e:
                    68:c5:db:59:6c:9b:2e:91:2a:81:be:4e:c6:0e:28:
                    50:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:36:21:B7:95:8D:14:CC:53:E2:C7:F3:55:66:A1:B4:E0:4D:82:5F
            X509v3 Authority Key Identifier:
                keyid:83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/oDYht5WNFMxT4sfzVWahtOBNgl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3a:6e:45:61:85:88:6f:23:bc:fc:b6:b0:01:56:66:32:ea:80:
         e3:62:c5:4b:72:e4:a8:06:05:34:22:e0:c9:d1:e9:be:97:06:
         a8:4e:bc:83:b5:48:b7:db:ed:ca:49:34:ff:0e:be:f8:63:cc:
         cb:9f:c3:6a:17:a6:46:49:8b:56:53:3f:25:a7:ed:86:16:cf:
         3b:3d:74:05:2c:22:01:a9:00:7c:3d:ac:82:96:b9:9a:59:7d:
         13:fa:9d:7e:2a:e3:97:4b:cd:c6:30:aa:35:c5:27:fc:89:18:
         ed:2f:98:53:1a:45:80:58:db:cc:b0:10:39:d1:c9:0b:8c:0f:
         2c:2b:ff:9c:25:48:4a:61:12:49:49:cf:e7:d6:15:07:2a:55:
         3f:c0:f6:3a:47:5e:6a:cb:93:ad:9e:1e:76:90:30:ac:9e:82:
         8a:f1:fb:65:52:56:a4:88:d2:4e:dc:23:28:36:ee:15:e9:83:
         99:3e:a6:c8:7c:43:15:4b:6a:f3:30:4a:37:93:18:37:55:78:
         d0:d0:3a:2c:92:b4:5e:91:fa:cf:56:9a:8a:0d:9a:90:48:2a:
         71:33:84:a4:57:57:6b:cb:5c:12:19:75:b2:99:50:93:95:4a:
         fe:90:23:d8:81:ee:6b:10:a8:48:43:19:8f:05:a1:8c:66:1d:
         25:fb:0c:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYwLvud9irKEy0sOhLubqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZjM2YjBhZGVlNmNiNTUxODc2M2I1YmM4ZWFhM2Q0MWYy
M2U5MzgwHhcNMjUwODExMTA1MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDM2MjFiNzk1OGQxNGNjNTNlMmM3ZjM1NTY2YTFiNGUwNGQ4MjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtL2jTW0W1oSo6CZ+4GLWTfsuYCbg
0p/1v99R2Q6Q44Pn03Eg0slGohHl6fq5/W/1+rtl3ryI7KAJ9/JUG0Ro/p6aAbVC
kUJMnaxw/UABejgdWY/betLSWWEgIMZLNpY7e/fNxtNZb6fd0ec6TEG9RLF4jiD3
zSY/2epU1MkmU1lgfXQzplyCzVC2znTOtgny6fdp+wiAiVNJA6smyMdM3grnWM/I
T4sXqBdmCusVYemG15y+1EJ0qrOVQD2/fHcIK0O4tGedt+ei6mV9rqmLupvK9nJ3
rTUA1L6PagjzuR4za1epQY1pGCgRZHC4Eo5oxdtZbJsukSqBvk7GDihQEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKA2IbeVjRTMU+LH81VmobTgTYJfMB8GA1UdIwQY
MBaAFIPzawre5stVGHY7W8jqo9QfI+k4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGIt
YWY2NGYzZmEyNDU5LzEvb0RZaHQ1V05GTXhUNHNmelZXYWh0T0JOZ2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGItYWY2NGYzZmEyNDU5
LzEvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsGSAMA0G
CSqGSIb3DQEBCwUAA4IBAQA6bkVhhYhvI7z8trABVmYy6oDjYsVLcuSoBgU0IuDJ
0em+lwaoTryDtUi32+3KSTT/Dr74Y8zLn8NqF6ZGSYtWUz8lp+2GFs87PXQFLCIB
qQB8PayClrmaWX0T+p1+KuOXS83GMKo1xSf8iRjtL5hTGkWAWNvMsBA50ckLjA8s
K/+cJUhKYRJJSc/n1hUHKlU/wPY6R15qy5Otnh52kDCsnoKK8ftlUlakiNJO3CMo
Nu4V6YOZPqbIfEMVS2rzMEo3kxg3VXjQ0DoskrRekfrPVpqKDZqQSCpxM4SkV1dr
y1wSGXWymVCTlUr+kCPYge5rEKhIQxmPBaGMZh0l+wzB
-----END CERTIFICATE-----