Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/pF_pVy2TIwjzEOlTFDghAKXtbzQ.roa
File:                     pF_pVy2TIwjzEOlTFDghAKXtbzQ.roa (raw, json)
Hash identifier:          hczSlLK7qtHA0sxQPsDXkLAUtpEz88IsWfA1PqBcBfA=
Subject key identifier:   A4:5F:E9:57:2D:93:23:08:F3:10:E9:53:14:38:21:00:A5:ED:6F:34
Certificate issuer:       /CN=7f6bd1a6b04625c571d830f878b1c0238247408c
Certificate serial:       0198C5C8BF18B825A4D91F513029AF3AEFF0
Authority key identifier: 7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/pF_pVy2TIwjzEOlTFDghAKXtbzQ.roa
Signing time:             Wed 20 Aug 2025 04:42:04 +0000
ROA not before:           Wed 20 Aug 2025 04:42:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4766
IP address blocks:        192.100.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c5:c8:bf:18:b8:25:a4:d9:1f:51:30:29:af:3a:ef:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f6bd1a6b04625c571d830f878b1c0238247408c
        Validity
            Not Before: Aug 20 04:42:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a45fe9572d932308f310e95314382100a5ed6f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:60:b5:02:52:83:41:00:86:8c:4c:9b:79:c5:
                    e2:d3:f1:64:da:89:ac:68:0f:13:e2:c7:f3:24:61:
                    0a:19:b6:39:34:ff:be:1d:dc:8d:0a:0c:ec:ca:28:
                    41:50:e1:73:9d:a0:d7:6a:c6:13:7a:68:0e:a5:2b:
                    23:4a:e4:c8:b9:6e:a7:7a:6f:c6:71:d6:e7:ea:44:
                    38:c6:0d:4b:62:75:a4:72:9b:29:0c:65:0b:6d:24:
                    f1:e4:98:f9:f1:a5:bb:f3:15:59:c1:12:1e:a6:52:
                    8c:89:5d:51:42:d9:cd:48:15:f6:3e:5d:da:4d:63:
                    43:52:a8:f2:31:52:d6:9e:b5:5b:ec:90:5c:5b:c9:
                    bb:5b:4d:8e:bd:d0:05:47:a7:30:23:93:76:d4:ec:
                    c5:56:16:69:ca:87:74:62:a1:3c:b0:99:71:96:d5:
                    30:8a:c2:4f:8e:5a:ee:9d:49:4a:b3:df:6a:41:a8:
                    01:58:37:b3:c6:53:49:46:f5:d8:4c:51:4a:49:07:
                    40:af:38:ec:5e:7a:7b:01:c0:29:08:23:b3:6b:a1:
                    55:bb:2d:e1:38:ec:d3:45:6f:00:0b:73:85:ca:9a:
                    2f:37:42:32:a4:e6:ec:7e:66:74:78:35:4d:78:da:
                    30:d7:84:8d:92:3a:ed:39:95:de:41:01:18:1f:4d:
                    52:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:5F:E9:57:2D:93:23:08:F3:10:E9:53:14:38:21:00:A5:ED:6F:34
            X509v3 Authority Key Identifier:
                keyid:7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/pF_pVy2TIwjzEOlTFDghAKXtbzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.100.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:a7:a3:ce:79:a8:05:b3:af:c1:a1:21:a8:03:93:ef:37:32:
         cd:fa:26:8c:08:1b:ee:aa:27:ae:03:94:c0:eb:09:f7:a0:0e:
         c9:49:ee:2a:05:86:e4:00:99:a0:30:3f:25:02:02:fe:be:c7:
         89:7f:cc:d2:d1:df:57:4e:8b:7b:cf:0e:37:8e:b7:fe:23:16:
         6e:41:46:96:b6:a4:c0:0b:99:18:fc:89:fb:03:af:2a:89:cf:
         aa:70:07:61:1f:a0:35:ba:7f:1d:08:a0:66:c0:d0:01:f1:78:
         f4:a6:d5:e4:03:fc:86:33:b1:74:c9:fa:03:2b:54:ae:25:9b:
         a0:38:70:a3:21:33:59:7f:71:5f:0e:0c:68:7e:88:9c:3e:0c:
         12:f5:cd:fb:3b:65:99:92:dc:50:8e:d1:93:dd:1d:f1:ae:43:
         e5:86:b7:e5:1b:16:e0:8e:14:a8:e2:4c:60:03:54:7a:c1:3e:
         4e:ca:91:4e:bc:e5:a9:88:00:72:9b:ff:7b:b6:7c:c8:72:04:
         57:05:ea:c5:75:2b:eb:8d:37:0b:e0:49:cc:b6:9d:1f:9d:df:
         5d:92:c8:f6:9b:0a:79:9f:6c:e8:30:b3:be:ef:3a:2b:50:7e:
         35:94:f6:4e:53:7c:3f:52:39:fc:2b:78:a7:a0:69:47:bb:0e:
         2d:f9:37:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjFyL8YuCWk2R9RMCmvOu/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNmJkMWE2YjA0NjI1YzU3MWQ4MzBmODc4YjFjMDIzODI0
NzQwOGMwHhcNMjUwODIwMDQ0MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDVmZTk1NzJkOTMyMzA4ZjMxMGU5NTMxNDM4MjEwMGE1ZWQ2ZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWC1AlKDQQCGjEybecXi0/Fk2oms
aA8T4sfzJGEKGbY5NP++HdyNCgzsyihBUOFznaDXasYTemgOpSsjSuTIuW6nem/G
cdbn6kQ4xg1LYnWkcpspDGULbSTx5Jj58aW78xVZwRIeplKMiV1RQtnNSBX2Pl3a
TWNDUqjyMVLWnrVb7JBcW8m7W02OvdAFR6cwI5N21OzFVhZpyod0YqE8sJlxltUw
isJPjlrunUlKs99qQagBWDezxlNJRvXYTFFKSQdArzjsXnp7AcApCCOza6FVuy3h
OOzTRW8AC3OFypovN0IypObsfmZ0eDVNeNow14SNkjrtOZXeQQEYH01STQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRf6VctkyMI8xDpUxQ4IQCl7W80MB8GA1UdIwQY
MBaAFH9r0aawRiXFcdgw+HixwCOCR0CMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEt
ODliNmMzMjMxNWMyLzEvcEZfcFZ5MlRJd2p6RU9sVEZEZ2hBS1h0YnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEtODliNmMzMjMxNWMy
LzEvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwGREMA0G
CSqGSIb3DQEBCwUAA4IBAQAtp6POeagFs6/BoSGoA5PvNzLN+iaMCBvuqieuA5TA
6wn3oA7JSe4qBYbkAJmgMD8lAgL+vseJf8zS0d9XTot7zw43jrf+IxZuQUaWtqTA
C5kY/In7A68qic+qcAdhH6A1un8dCKBmwNAB8Xj0ptXkA/yGM7F0yfoDK1SuJZug
OHCjITNZf3FfDgxofoicPgwS9c37O2WZktxQjtGT3R3xrkPlhrflGxbgjhSo4kxg
A1R6wT5OypFOvOWpiABym/97tnzIcgRXBerFdSvrjTcL4EnMtp0fnd9dksj2mwp5
n2zoMLO+7zorUH41lPZOU3w/Ujn8K3inoGlHuw4t+TcF
-----END CERTIFICATE-----