Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/7G9BATflDTu21vt4c9hB8iiswlM.roa
File:                     7G9BATflDTu21vt4c9hB8iiswlM.roa (raw, json)
Hash identifier:          P9Za6RbhgxcCprlrob8HoCtWOEssiOOzNtrX617o2iA=
Subject key identifier:   EC:6F:41:01:37:E5:0D:3B:B6:D6:FB:78:73:D8:41:F2:28:AC:C2:53
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       01999B3011B169B06F4EE81BD44EA646DA4C
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/7G9BATflDTu21vt4c9hB8iiswlM.roa
Signing time:             Tue 30 Sep 2025 15:14:02 +0000
ROA not before:           Tue 30 Sep 2025 15:14:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     268624
IP address blocks:        158.173.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9b:30:11:b1:69:b0:6f:4e:e8:1b:d4:4e:a6:46:da:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Sep 30 15:14:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec6f410137e50d3bb6d6fb7873d841f228acc253
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:94:de:74:ca:d2:53:bb:ad:77:e4:40:e3:bb:
                    03:d8:e8:6a:32:e6:df:89:e7:e3:6c:bb:d5:79:1d:
                    db:64:2b:d4:21:2a:b9:40:ff:a0:25:fe:fb:48:66:
                    d9:28:59:c5:e8:80:81:4d:50:7a:36:41:a2:61:53:
                    7b:a2:3f:53:32:6e:08:ca:a7:73:1e:d2:ed:9d:15:
                    23:0b:94:5e:7e:28:1d:e9:5f:19:8c:07:23:6f:cd:
                    ce:07:21:e0:94:af:17:0c:8a:94:2e:95:57:f5:cc:
                    e5:38:12:85:27:b5:5a:81:ae:5c:54:27:49:40:c8:
                    76:0b:c5:14:68:b3:e1:95:48:95:d2:63:a4:66:8e:
                    47:28:9c:54:74:71:df:c5:da:c8:67:91:bf:32:f7:
                    65:74:18:50:6c:46:2e:00:c6:fb:93:1a:22:77:03:
                    c6:fe:c5:8b:c3:8e:b0:44:3d:5c:18:2c:f0:b3:46:
                    70:b4:36:0b:c8:a4:5c:a1:d3:78:74:bd:bd:eb:6f:
                    9c:ce:79:8f:a8:e3:d0:75:b6:c5:2b:a5:33:93:f3:
                    52:f6:a0:4a:08:6a:0d:0b:de:fc:a2:c6:a2:42:05:
                    1f:6e:0a:ba:2a:a5:34:ad:9b:5e:a9:bd:f8:16:57:
                    4f:4c:ef:3f:a4:95:ce:f1:72:94:9d:3c:6e:94:a8:
                    7f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:6F:41:01:37:E5:0D:3B:B6:D6:FB:78:73:D8:41:F2:28:AC:C2:53
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/7G9BATflDTu21vt4c9hB8iiswlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:fd:61:d9:2e:4c:ae:55:8b:fb:ce:e8:f8:08:0a:21:0d:84:
         17:59:5e:17:4a:65:1f:5d:b8:dc:82:8d:1b:8a:f5:00:44:18:
         12:49:90:01:65:0c:96:96:05:f9:1e:f8:39:69:84:e0:8d:bb:
         c3:ca:b6:7c:38:86:da:10:57:46:c3:0f:fb:fe:c2:15:ee:b6:
         22:fd:d8:8e:a4:d3:5d:49:58:3d:72:29:eb:b8:8d:8e:77:b3:
         68:22:d8:fb:bb:89:ee:50:21:7a:1f:9e:45:5b:78:23:62:61:
         dd:0b:6d:b3:cd:ca:e3:55:17:77:f6:fa:6f:7e:30:49:3a:18:
         36:c4:0e:11:ea:bd:e6:4e:8b:bd:1f:ba:67:ed:f7:09:d0:04:
         37:4c:86:6a:ef:98:c3:31:37:0a:48:30:80:45:7d:76:97:c1:
         46:9f:8c:6b:ec:c5:a6:25:94:1b:f1:88:e5:3e:5e:00:e0:67:
         6b:7f:b3:48:de:f2:a9:49:a4:1f:6e:8d:c7:7f:90:1a:61:ba:
         6f:c9:28:a6:2e:ab:28:31:4b:98:dc:b8:f5:cb:a3:14:81:8e:
         97:7c:1b:41:ea:19:06:84:b7:b2:22:da:48:36:0f:4f:d7:21:
         ec:92:73:1a:8e:5c:4e:cd:d3:17:64:64:14:e9:e9:fd:de:28:
         94:79:f8:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmbMBGxabBvTugb1E6mRtpMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjUwOTMwMTUxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzZmNDEwMTM3ZTUwZDNiYjZkNmZiNzg3M2Q4NDFmMjI4YWNjMjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZTedMrSU7utd+RA47sD2OhqMubf
iefjbLvVeR3bZCvUISq5QP+gJf77SGbZKFnF6ICBTVB6NkGiYVN7oj9TMm4Iyqdz
HtLtnRUjC5Refigd6V8ZjAcjb83OByHglK8XDIqULpVX9czlOBKFJ7Vaga5cVCdJ
QMh2C8UUaLPhlUiV0mOkZo5HKJxUdHHfxdrIZ5G/MvdldBhQbEYuAMb7kxoidwPG
/sWLw46wRD1cGCzws0ZwtDYLyKRcodN4dL2962+cznmPqOPQdbbFK6Uzk/NS9qBK
CGoNC978osaiQgUfbgq6KqU0rZteqb34FldPTO8/pJXO8XKUnTxulKh/VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxvQQE35Q07ttb7eHPYQfIorMJTMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvN0c5QkFUZmxEVHUyMXZ0NGM5aEI4aWlzd2xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq0lMA0G
CSqGSIb3DQEBCwUAA4IBAQAp/WHZLkyuVYv7zuj4CAohDYQXWV4XSmUfXbjcgo0b
ivUARBgSSZABZQyWlgX5Hvg5aYTgjbvDyrZ8OIbaEFdGww/7/sIV7rYi/diOpNNd
SVg9cinruI2Od7NoItj7u4nuUCF6H55FW3gjYmHdC22zzcrjVRd39vpvfjBJOhg2
xA4R6r3mTou9H7pn7fcJ0AQ3TIZq75jDMTcKSDCARX12l8FGn4xr7MWmJZQb8Yjl
Pl4A4Gdrf7NI3vKpSaQfbo3Hf5AaYbpvySimLqsoMUuY3Lj1y6MUgY6XfBtB6hkG
hLeyItpINg9P1yHsknMajlxOzdMXZGQU6en93iiUefhy
-----END CERTIFICATE-----