Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/zysZHwwZdHMoWgMUXdeFAHJvcPQ.roa
File:                     zysZHwwZdHMoWgMUXdeFAHJvcPQ.roa (raw, json)
Hash identifier:          JSFcJICikF4gq2JmcLqwfQ02lvaUo4SqU2srzhKJuS8=
Subject key identifier:   CF:2B:19:1F:0C:19:74:73:28:5A:03:14:5D:D7:85:00:72:6F:70:F4
Certificate issuer:       /CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
Certificate serial:       0198A87657575F775F2046AF9BB7EA944385
Authority key identifier: 83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/zysZHwwZdHMoWgMUXdeFAHJvcPQ.roa
Signing time:             Thu 14 Aug 2025 12:03:04 +0000
ROA not before:           Thu 14 Aug 2025 12:03:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62300
IP address blocks:        176.100.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:76:57:57:5f:77:5f:20:46:af:9b:b7:ea:94:43:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
        Validity
            Not Before: Aug 14 12:03:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf2b191f0c197473285a03145dd78500726f70f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:da:ba:91:41:3c:64:ef:44:9d:79:21:ab:1b:
                    21:5a:c6:16:66:b1:6e:f5:c7:6c:f4:43:d7:5f:35:
                    56:b8:1a:92:35:35:74:fe:59:bd:c6:38:9e:0d:0a:
                    a9:cc:69:81:4a:91:5f:3c:40:a8:19:f8:2c:54:fb:
                    2f:a8:9b:fa:19:c6:65:80:9c:58:81:8a:43:b3:30:
                    c2:e5:02:a4:fa:67:57:95:5c:12:7b:09:a4:b4:8c:
                    2e:81:d4:91:65:13:a3:7a:9a:82:21:5d:e5:d6:ba:
                    40:d4:db:20:18:3b:2c:c1:8f:67:ff:39:4e:2d:12:
                    ff:b5:91:19:3f:1e:fe:23:91:eb:63:15:d7:5b:d0:
                    62:4b:0b:1a:f8:87:5d:f3:db:89:30:2f:e3:f4:2a:
                    03:aa:1e:a5:b8:4c:e3:9c:7c:e5:bb:83:fa:1f:c1:
                    11:7c:02:2c:d3:d8:15:52:67:ab:d6:4b:83:45:d2:
                    f8:39:10:1f:dd:6f:29:7b:6e:54:be:74:5c:8f:62:
                    84:f8:e9:d1:b4:87:19:d4:dc:61:1d:41:eb:cb:04:
                    5b:23:a7:76:d6:a3:42:22:34:36:58:c4:3c:29:f0:
                    79:5c:e6:2d:95:6b:be:cb:09:ba:f3:4d:db:0a:bb:
                    03:3d:6e:ce:de:75:c1:6d:9d:89:cd:3b:2d:2f:c8:
                    81:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:2B:19:1F:0C:19:74:73:28:5A:03:14:5D:D7:85:00:72:6F:70:F4
            X509v3 Authority Key Identifier:
                keyid:83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/zysZHwwZdHMoWgMUXdeFAHJvcPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:90:d6:7d:39:c7:2a:08:6e:84:74:ee:ac:a2:ee:d5:4c:be:
         4d:63:d9:f5:7d:68:dd:2b:7b:ed:da:65:4f:de:bd:ac:41:c5:
         6d:cf:d3:2c:53:76:04:cc:46:3b:fc:a2:09:78:1d:5b:fe:03:
         2f:98:0b:b4:c7:0c:6b:5b:96:a5:52:9e:bf:66:8c:6c:d6:86:
         c7:41:38:e1:f6:d8:64:f4:44:ab:0b:7e:1a:08:1a:88:97:ac:
         c5:59:4e:4d:18:c7:6a:8c:ba:87:83:26:fd:b9:1d:0d:f8:3a:
         08:de:5a:16:0a:e1:8f:8c:5a:40:36:83:4e:4a:3b:d6:69:c5:
         34:f2:9b:6c:61:58:b3:dd:1c:40:bd:a5:78:86:b5:7a:c9:7c:
         90:26:5e:6d:26:f0:26:20:e4:3c:55:89:a7:78:84:e2:04:dd:
         4b:b6:df:8d:d4:13:43:2e:08:88:e1:28:e4:f1:48:11:6b:84:
         71:5d:86:fa:f2:3f:bd:5e:46:65:7e:da:3d:3f:bb:14:6d:2f:
         cd:63:0e:56:c6:78:c9:0d:ca:86:bd:75:fa:28:02:db:30:88:
         f9:5a:62:56:e7:5f:46:a2:2f:6b:be:c1:a5:21:5c:08:e2:85:
         d9:09:3c:88:df:b9:da:61:00:46:3d:2c:85:71:49:10:1b:a3:
         bc:ae:90:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiodldXX3dfIEavm7fqlEOFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZjM2YjBhZGVlNmNiNTUxODc2M2I1YmM4ZWFhM2Q0MWYy
M2U5MzgwHhcNMjUwODE0MTIwMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjJiMTkxZjBjMTk3NDczMjg1YTAzMTQ1ZGQ3ODUwMDcyNmY3MGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdq6kUE8ZO9EnXkhqxshWsYWZrFu
9cds9EPXXzVWuBqSNTV0/lm9xjieDQqpzGmBSpFfPECoGfgsVPsvqJv6GcZlgJxY
gYpDszDC5QKk+mdXlVwSewmktIwugdSRZROjepqCIV3l1rpA1NsgGDsswY9n/zlO
LRL/tZEZPx7+I5HrYxXXW9BiSwsa+Idd89uJMC/j9CoDqh6luEzjnHzlu4P6H8ER
fAIs09gVUmer1kuDRdL4ORAf3W8pe25UvnRcj2KE+OnRtIcZ1NxhHUHrywRbI6d2
1qNCIjQ2WMQ8KfB5XOYtlWu+ywm6803bCrsDPW7O3nXBbZ2JzTstL8iBTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8rGR8MGXRzKFoDFF3XhQByb3D0MB8GA1UdIwQY
MBaAFIPzawre5stVGHY7W8jqo9QfI+k4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGIt
YWY2NGYzZmEyNDU5LzEvenlzWkh3d1pkSE1vV2dNVVhkZUZBSEp2Y1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGItYWY2NGYzZmEyNDU5
LzEvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGSZMA0G
CSqGSIb3DQEBCwUAA4IBAQCekNZ9OccqCG6EdO6sou7VTL5NY9n1fWjdK3vt2mVP
3r2sQcVtz9MsU3YEzEY7/KIJeB1b/gMvmAu0xwxrW5alUp6/Zoxs1obHQTjh9thk
9ESrC34aCBqIl6zFWU5NGMdqjLqHgyb9uR0N+DoI3loWCuGPjFpANoNOSjvWacU0
8ptsYViz3RxAvaV4hrV6yXyQJl5tJvAmIOQ8VYmneITiBN1Ltt+N1BNDLgiI4Sjk
8UgRa4RxXYb68j+9XkZlfto9P7sUbS/NYw5WxnjJDcqGvXX6KALbMIj5WmJW519G
oi9rvsGlIVwI4oXZCTyI37naYQBGPSyFcUkQG6O8rpBW
-----END CERTIFICATE-----