Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/o7B_AATrid016ogYkpvZQUyGv2w.roa
File:                     o7B_AATrid016ogYkpvZQUyGv2w.roa (raw, json)
Hash identifier:          DpIjx4D8p2F7Oz4FAUSYe9B9CrOdjjOaJK3tP/7IaZc=
Subject key identifier:   A3:B0:7F:00:04:EB:89:DD:35:EA:88:18:92:9B:D9:41:4C:86:BF:6C
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0197A642818D42D6502C8DE8EC187D7F9A71
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/o7B_AATrid016ogYkpvZQUyGv2w.roa
Signing time:             Wed 25 Jun 2025 08:44:25 +0000
ROA not before:           Wed 25 Jun 2025 08:44:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214223
IP address blocks:        104.238.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:42:81:8d:42:d6:50:2c:8d:e8:ec:18:7d:7f:9a:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jun 25 08:44:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3b07f0004eb89dd35ea8818929bd9414c86bf6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9d:35:c7:36:57:e8:5f:aa:1c:e1:16:1e:b5:
                    7b:5c:67:6b:26:ad:ab:80:b1:52:35:b3:e3:23:64:
                    35:d1:37:c9:8d:14:7b:98:de:b1:1d:0a:45:3f:08:
                    db:35:91:d9:00:8a:21:8e:dc:1b:c9:dd:cf:9a:f8:
                    70:0d:02:0c:2f:df:cd:dc:14:02:e8:d1:3f:c0:05:
                    6c:04:1a:5b:79:60:9a:e2:b2:b9:6f:2e:52:94:ba:
                    6d:fe:87:8c:54:ea:f8:4e:3b:2c:45:f9:5a:6d:81:
                    ce:23:1b:40:a0:cb:28:0b:0f:d8:d4:32:9a:bf:a6:
                    65:7b:0c:8d:c9:b2:38:29:31:78:43:31:70:de:53:
                    2b:04:d4:e8:a1:b0:1c:04:0f:8a:11:e6:89:43:bd:
                    05:80:4f:9b:0a:58:3b:19:7b:a3:14:60:79:60:70:
                    fe:ad:16:a0:aa:04:7d:e2:1c:e1:27:73:9c:e3:76:
                    3d:ed:75:c0:74:a8:62:66:42:68:c0:f7:4e:54:f9:
                    f5:ac:97:4e:25:5f:67:4d:49:2d:59:f1:5c:58:fc:
                    d7:d4:95:bc:e7:30:1b:8a:b1:17:30:67:03:0e:18:
                    0a:49:fc:1c:cb:8a:4d:42:30:95:82:aa:ba:d8:44:
                    ce:59:9f:44:49:d5:01:bc:52:24:28:2a:d6:85:f0:
                    4a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:B0:7F:00:04:EB:89:DD:35:EA:88:18:92:9B:D9:41:4C:86:BF:6C
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/o7B_AATrid016ogYkpvZQUyGv2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.238.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:60:d6:20:b2:6e:e8:10:13:99:89:d2:38:08:5e:b2:b7:ad:
         91:a1:4c:d1:d9:d3:57:58:b6:a2:ee:28:1a:cd:e5:a6:d5:d1:
         47:f3:d2:98:fa:54:b3:90:65:a8:c0:45:05:61:61:19:b1:7b:
         81:e6:87:f8:c2:fc:8c:16:4c:5d:2a:84:d3:5c:99:b1:99:29:
         96:a2:87:d7:38:36:7c:a9:49:0e:d3:c4:a8:d5:10:a4:c1:d5:
         c8:76:c4:0f:12:29:ec:40:0b:ce:d0:69:1a:35:46:c9:37:1f:
         11:ab:6b:db:70:06:cc:d8:ca:2c:c5:c5:84:a6:9c:1a:8f:37:
         2f:35:57:97:2e:78:cb:70:25:a6:a9:8d:a6:b4:82:59:ba:66:
         1f:b2:2f:4e:04:f2:e5:1d:51:14:42:d3:6f:0e:2d:aa:6d:5f:
         5b:ee:60:f1:3e:45:46:3c:45:6e:c7:9d:81:b0:b0:b5:7d:b1:
         8e:e4:65:12:ed:27:23:81:76:bd:bb:63:10:84:62:86:81:14:
         41:cd:1f:a4:6a:71:64:70:2e:5e:0a:6b:1b:6b:89:fa:87:90:
         bf:8f:24:12:ad:cd:d6:db:0e:e2:2e:12:79:25:ea:42:9c:5c:
         06:14:ac:6f:2c:28:95:9e:03:c3:79:31:d1:13:8a:c0:d0:32:
         d0:12:e4:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZemQoGNQtZQLI3o7Bh9f5pxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwNjI1MDg0NDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2IwN2YwMDA0ZWI4OWRkMzVlYTg4MTg5MjliZDk0MTRjODZiZjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAup01xzZX6F+qHOEWHrV7XGdrJq2r
gLFSNbPjI2Q10TfJjRR7mN6xHQpFPwjbNZHZAIohjtwbyd3PmvhwDQIML9/N3BQC
6NE/wAVsBBpbeWCa4rK5by5SlLpt/oeMVOr4TjssRflabYHOIxtAoMsoCw/Y1DKa
v6ZlewyNybI4KTF4QzFw3lMrBNToobAcBA+KEeaJQ70FgE+bClg7GXujFGB5YHD+
rRagqgR94hzhJ3Oc43Y97XXAdKhiZkJowPdOVPn1rJdOJV9nTUktWfFcWPzX1JW8
5zAbirEXMGcDDhgKSfwcy4pNQjCVgqq62ETOWZ9ESdUBvFIkKCrWhfBK5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOwfwAE64ndNeqIGJKb2UFMhr9sMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvbzdCX0FBVHJpZDAxNm9nWWtwdlpRVXlHdjJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaO4aMA0G
CSqGSIb3DQEBCwUAA4IBAQBTYNYgsm7oEBOZidI4CF6yt62RoUzR2dNXWLai7iga
zeWm1dFH89KY+lSzkGWowEUFYWEZsXuB5of4wvyMFkxdKoTTXJmxmSmWoofXODZ8
qUkO08So1RCkwdXIdsQPEinsQAvO0GkaNUbJNx8Rq2vbcAbM2MosxcWEppwajzcv
NVeXLnjLcCWmqY2mtIJZumYfsi9OBPLlHVEUQtNvDi2qbV9b7mDxPkVGPEVux52B
sLC1fbGO5GUS7ScjgXa9u2MQhGKGgRRBzR+kanFkcC5eCmsba4n6h5C/jyQSrc3W
2w7iLhJ5JepCnFwGFKxvLCiVngPDeTHRE4rA0DLQEuRJ
-----END CERTIFICATE-----