Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/8LnP7s60zUj8mpVBDepOWfTdk7E.roa
File:                     8LnP7s60zUj8mpVBDepOWfTdk7E.roa (raw, json)
Hash identifier:          py+LCdSJ89NBiipx+vqS8aHgY4j9qaVC8lI7EDR2iCk=
Subject key identifier:   F0:B9:CF:EE:CE:B4:CD:48:FC:9A:95:41:0D:EA:4E:59:F4:DD:93:B1
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       01989DAF3F061059956D5609E2D1FE13278C
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/8LnP7s60zUj8mpVBDepOWfTdk7E.roa
Signing time:             Tue 12 Aug 2025 09:49:24 +0000
ROA not before:           Tue 12 Aug 2025 09:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1004
IP address blocks:        185.143.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9d:af:3f:06:10:59:95:6d:56:09:e2:d1:fe:13:27:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Aug 12 09:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0b9cfeeceb4cd48fc9a95410dea4e59f4dd93b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9c:60:69:ce:3d:4a:bd:ac:4c:42:5c:30:d3:
                    3b:37:31:85:82:e1:a5:65:eb:e0:7b:28:3d:28:e6:
                    42:62:dd:1d:ef:99:83:fc:15:03:6c:25:c8:22:59:
                    d6:00:da:f4:10:ef:c0:68:56:52:e5:93:d1:cb:da:
                    78:a0:83:aa:15:e5:72:b0:8d:5b:4d:46:45:e6:90:
                    49:c5:17:bd:9b:85:41:d0:d5:02:41:7e:bb:38:4b:
                    4e:b2:e6:ea:7e:4d:78:22:07:9d:34:72:c3:db:be:
                    a1:9e:d8:00:68:bf:7e:d9:f8:d1:d3:80:de:61:e8:
                    77:bd:67:bc:d5:74:a3:7b:ed:6a:05:ee:5f:8d:c0:
                    7d:be:84:c2:55:d5:37:62:24:bb:58:3b:a2:b9:05:
                    f4:e8:2a:b0:89:ac:ce:53:31:2a:f0:25:56:b7:d4:
                    cb:11:0b:f6:1e:14:11:50:16:cb:ed:d0:4c:db:f8:
                    c1:df:6b:70:ce:7f:e1:15:0b:b0:07:22:2f:9f:2a:
                    39:05:39:fe:15:56:ab:cf:b8:cc:2b:04:70:2a:77:
                    8e:53:6a:33:5b:97:6b:3d:ff:55:b1:78:f8:b6:f1:
                    74:15:eb:be:af:15:f5:5a:64:eb:32:47:2b:22:d4:
                    37:ac:a4:f7:d8:9a:7a:02:11:bd:02:fd:f1:34:25:
                    1e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B9:CF:EE:CE:B4:CD:48:FC:9A:95:41:0D:EA:4E:59:F4:DD:93:B1
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/8LnP7s60zUj8mpVBDepOWfTdk7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:c0:25:d8:1d:0d:23:d6:29:28:47:ff:63:a3:50:86:41:81:
         1a:16:5e:a4:78:26:ec:b1:21:e1:2a:ac:af:7e:09:c7:0c:d2:
         bb:17:d2:ef:d9:a2:51:bc:ce:ab:be:5f:12:d3:4d:d3:16:ab:
         9c:69:41:61:3d:8c:d7:1f:56:49:5d:0f:7e:ab:2c:3c:44:5c:
         93:40:cd:14:c5:ff:ab:fe:57:76:23:09:57:75:12:71:3a:db:
         43:2e:99:ac:50:e5:80:01:7f:a3:df:b1:84:fe:b2:ec:ec:c6:
         02:6d:de:07:a5:b9:8a:d1:2d:0f:5f:f1:01:f1:42:51:40:87:
         41:4f:c3:74:46:e8:10:60:7a:07:47:73:82:a0:4e:62:4d:0f:
         94:88:3b:1b:24:f1:32:1b:c1:d1:b6:d5:6d:93:82:8a:ae:45:
         80:de:d7:ac:45:d8:5f:9f:06:ca:ac:cc:fe:ea:76:5d:1c:3e:
         04:74:90:1d:9d:ff:e5:7d:3b:6b:03:2d:40:95:23:93:02:04:
         4d:1b:1b:b0:90:fc:81:78:65:3b:c5:f5:ca:53:5e:fc:78:27:
         dd:cc:57:92:72:08:28:c7:e1:b9:8e:49:cf:7c:9e:1d:3a:3d:
         0b:c2:27:84:68:3b:9f:66:33:82:7d:3f:65:9b:90:0e:6d:ff:
         35:44:9f:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZidrz8GEFmVbVYJ4tH+EyeMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwODEyMDk0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGI5Y2ZlZWNlYjRjZDQ4ZmM5YTk1NDEwZGVhNGU1OWY0ZGQ5M2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZxgac49Sr2sTEJcMNM7NzGFguGl
Zevgeyg9KOZCYt0d75mD/BUDbCXIIlnWANr0EO/AaFZS5ZPRy9p4oIOqFeVysI1b
TUZF5pBJxRe9m4VB0NUCQX67OEtOsubqfk14IgedNHLD276hntgAaL9+2fjR04De
Yeh3vWe81XSje+1qBe5fjcB9voTCVdU3YiS7WDuiuQX06CqwiazOUzEq8CVWt9TL
EQv2HhQRUBbL7dBM2/jB32twzn/hFQuwByIvnyo5BTn+FVarz7jMKwRwKneOU2oz
W5drPf9VsXj4tvF0Feu+rxX1WmTrMkcrItQ3rKT32Jp6AhG9Av3xNCUeWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPC5z+7OtM1I/JqVQQ3qTln03ZOxMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvOExuUDdzNjB6VWo4bXBWQkRlcE9XZlRkazdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY9IMA0G
CSqGSIb3DQEBCwUAA4IBAQChwCXYHQ0j1ikoR/9jo1CGQYEaFl6keCbssSHhKqyv
fgnHDNK7F9Lv2aJRvM6rvl8S003TFqucaUFhPYzXH1ZJXQ9+qyw8RFyTQM0Uxf+r
/ld2IwlXdRJxOttDLpmsUOWAAX+j37GE/rLs7MYCbd4HpbmK0S0PX/EB8UJRQIdB
T8N0RugQYHoHR3OCoE5iTQ+UiDsbJPEyG8HRttVtk4KKrkWA3tesRdhfnwbKrMz+
6nZdHD4EdJAdnf/lfTtrAy1AlSOTAgRNGxuwkPyBeGU7xfXKU178eCfdzFeScggo
x+G5jknPfJ4dOj0LwieEaDufZjOCfT9lm5AObf81RJ/B
-----END CERTIFICATE-----