Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/853e8f-fcd4-4566-a648-e37499679d46/1/zSp8Tcrfxe5_p3n3onsW-Ve9HcQ.roa
File:                     zSp8Tcrfxe5_p3n3onsW-Ve9HcQ.roa (raw, json)
Hash identifier:          hWOLO9tqL0286CUEjHeu7GROlem9sTgukzg2u3fOev0=
Subject key identifier:   CD:2A:7C:4D:CA:DF:C5:EE:7F:A7:79:F7:A2:7B:16:F9:57:BD:1D:C4
Certificate issuer:       /CN=485018b5c2fef1248ab6ec0d07e971ecbcf739ca
Certificate serial:       01987F567C1074F6D64F1ACBF7C9DBB48636
Authority key identifier: 48:50:18:B5:C2:FE:F1:24:8A:B6:EC:0D:07:E9:71:EC:BC:F7:39:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SFAYtcL-8SSKtuwNB-lx7Lz3Oco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/853e8f-fcd4-4566-a648-e37499679d46/1/zSp8Tcrfxe5_p3n3onsW-Ve9HcQ.roa
Signing time:             Wed 06 Aug 2025 12:23:50 +0000
ROA not before:           Wed 06 Aug 2025 12:23:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202561
IP address blocks:        176.117.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/853e8f-fcd4-4566-a648-e37499679d46/1/SFAYtcL-8SSKtuwNB-lx7Lz3Oco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/853e8f-fcd4-4566-a648-e37499679d46/1/SFAYtcL-8SSKtuwNB-lx7Lz3Oco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SFAYtcL-8SSKtuwNB-lx7Lz3Oco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:56:7c:10:74:f6:d6:4f:1a:cb:f7:c9:db:b4:86:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=485018b5c2fef1248ab6ec0d07e971ecbcf739ca
        Validity
            Not Before: Aug  6 12:23:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd2a7c4dcadfc5ee7fa779f7a27b16f957bd1dc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ab:74:7f:df:36:e7:3f:c3:d6:ee:f2:fd:26:
                    07:a4:40:6c:49:2a:e8:ba:88:5c:6b:fe:b3:12:8b:
                    7e:76:89:86:9e:5c:9d:dc:2c:e4:57:4d:93:da:86:
                    6a:95:88:31:b8:fc:f2:33:57:f9:47:c4:6b:b9:18:
                    26:a3:24:2b:92:24:2e:5a:36:37:95:53:80:a6:33:
                    73:28:04:7b:13:ca:70:a1:02:02:b3:91:de:9e:8c:
                    d6:7e:c7:94:73:0d:b5:e2:0e:c9:12:6a:7e:4b:3a:
                    96:9c:0c:82:de:00:30:0e:cc:0a:1f:f0:70:00:29:
                    f9:e4:d4:90:ed:e3:c1:35:75:bf:b1:54:5d:e1:11:
                    7d:d0:76:cd:c8:26:0b:d6:4d:a7:75:bf:df:19:37:
                    6c:e9:78:1d:04:57:cd:e6:6a:24:55:dc:01:4d:b2:
                    0a:2a:81:cd:78:d9:bb:d9:96:f3:bb:7d:7c:f9:81:
                    bb:c0:4a:3e:d6:87:ea:88:d9:1c:b9:d2:3f:d8:7f:
                    82:42:6c:94:2f:4f:c6:0d:5d:a5:0d:b1:cd:b9:61:
                    ac:d6:5a:01:7a:36:ba:5d:2b:68:48:ac:ea:8c:be:
                    6e:6e:50:c1:b7:83:d5:11:fc:c1:e9:c0:d2:e0:37:
                    45:ec:cd:34:0b:d1:c6:d7:ff:99:1c:7f:77:cb:ac:
                    a7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:2A:7C:4D:CA:DF:C5:EE:7F:A7:79:F7:A2:7B:16:F9:57:BD:1D:C4
            X509v3 Authority Key Identifier:
                keyid:48:50:18:B5:C2:FE:F1:24:8A:B6:EC:0D:07:E9:71:EC:BC:F7:39:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SFAYtcL-8SSKtuwNB-lx7Lz3Oco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/853e8f-fcd4-4566-a648-e37499679d46/1/zSp8Tcrfxe5_p3n3onsW-Ve9HcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/853e8f-fcd4-4566-a648-e37499679d46/1/SFAYtcL-8SSKtuwNB-lx7Lz3Oco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:e6:58:d5:e2:ae:df:24:4d:c3:7c:10:67:43:d5:ed:2c:c9:
         8d:73:19:38:08:0d:42:c0:4f:58:75:90:c2:7b:73:3f:00:7f:
         41:ef:29:20:95:11:34:c5:a0:da:36:52:88:d8:04:49:77:35:
         a8:56:c7:8f:f7:ed:c5:e1:03:51:ba:70:69:d4:d4:34:15:84:
         27:a0:e9:1f:0a:8e:c6:0f:58:f2:fd:15:fa:c2:8f:2f:4c:ab:
         4a:11:fd:b7:d6:77:95:a0:ac:1b:c9:e7:3b:e7:db:c2:a9:e6:
         f6:06:07:28:f2:97:47:37:f9:4b:c5:38:14:d2:b5:2d:aa:e3:
         89:6a:cf:b1:1a:eb:48:d9:1e:87:6d:71:39:a6:fa:30:42:5b:
         22:68:96:89:c0:46:4f:a3:e4:8b:53:de:e7:12:c3:8a:5a:f6:
         64:90:48:aa:d2:42:ef:86:b5:1e:15:83:d5:a6:0e:3c:d5:ee:
         12:13:f1:ed:a4:9a:54:18:ed:65:af:0b:7f:8a:eb:ad:d2:c4:
         e0:01:70:a0:43:9a:19:5f:9d:65:90:a8:1d:3c:62:11:72:ca:
         52:58:6c:43:81:f2:7c:5e:fc:63:40:69:4c:a7:91:38:5e:37:
         90:6b:c9:31:c7:94:ab:8b:4d:21:04:e1:e0:18:8d:f2:2e:69:
         b3:77:21:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh/VnwQdPbWTxrL98nbtIY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NTAxOGI1YzJmZWYxMjQ4YWI2ZWMwZDA3ZTk3MWVjYmNm
NzM5Y2EwHhcNMjUwODA2MTIyMzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDJhN2M0ZGNhZGZjNWVlN2ZhNzc5ZjdhMjdiMTZmOTU3YmQxZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqt0f9825z/D1u7y/SYHpEBsSSro
uohca/6zEot+domGnlyd3CzkV02T2oZqlYgxuPzyM1f5R8RruRgmoyQrkiQuWjY3
lVOApjNzKAR7E8pwoQICs5HenozWfseUcw214g7JEmp+SzqWnAyC3gAwDswKH/Bw
ACn55NSQ7ePBNXW/sVRd4RF90HbNyCYL1k2ndb/fGTds6XgdBFfN5mokVdwBTbIK
KoHNeNm72Zbzu318+YG7wEo+1ofqiNkcudI/2H+CQmyUL0/GDV2lDbHNuWGs1loB
eja6XStoSKzqjL5ublDBt4PVEfzB6cDS4DdF7M00C9HG1/+ZHH93y6ynVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0qfE3K38Xuf6d596J7FvlXvR3EMB8GA1UdIwQY
MBaAFEhQGLXC/vEkirbsDQfpcey89znKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0ZBWXRjTC04U1NLdHV3TkItbHg3THozT2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny84NTNlOGYtZmNkNC00NTY2LWE2NDgt
ZTM3NDk5Njc5ZDQ2LzEvelNwOFRjcmZ4ZTVfcDNuM29uc1ctVmU5SGNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny84NTNlOGYtZmNkNC00NTY2LWE2NDgtZTM3NDk5Njc5ZDQ2
LzEvU0ZBWXRjTC04U1NLdHV3TkItbHg3THozT2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHVqMA0G
CSqGSIb3DQEBCwUAA4IBAQBO5ljV4q7fJE3DfBBnQ9XtLMmNcxk4CA1CwE9YdZDC
e3M/AH9B7ykglRE0xaDaNlKI2ARJdzWoVseP9+3F4QNRunBp1NQ0FYQnoOkfCo7G
D1jy/RX6wo8vTKtKEf231neVoKwbyec759vCqeb2Bgco8pdHN/lLxTgU0rUtquOJ
as+xGutI2R6HbXE5pvowQlsiaJaJwEZPo+SLU97nEsOKWvZkkEiq0kLvhrUeFYPV
pg481e4SE/HtpJpUGO1lrwt/iuut0sTgAXCgQ5oZX51lkKgdPGIRcspSWGxDgfJ8
XvxjQGlMp5E4XjeQa8kxx5Sri00hBOHgGI3yLmmzdyG2
-----END CERTIFICATE-----