Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/0dkE5YB1LPjuLCpCd3Uk2kNJAF0.roa
File:                     0dkE5YB1LPjuLCpCd3Uk2kNJAF0.roa (raw, json)
Hash identifier:          sAPjXbel1SIwR+uMy8rTUFwGCAUiiah8pEkeWQfG1LI=
Subject key identifier:   D1:D9:04:E5:80:75:2C:F8:EE:2C:2A:42:77:75:24:DA:43:49:00:5D
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01989E8FB984C8D2945BBC03635C7BCA8525
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/0dkE5YB1LPjuLCpCd3Uk2kNJAF0.roa
Signing time:             Tue 12 Aug 2025 13:54:35 +0000
ROA not before:           Tue 12 Aug 2025 13:54:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14178
IP address blocks:        185.70.112.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9e:8f:b9:84:c8:d2:94:5b:bc:03:63:5c:7b:ca:85:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Aug 12 13:54:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1d904e580752cf8ee2c2a42777524da4349005d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:29:fa:14:92:c5:3e:5e:e1:58:c3:53:1f:48:
                    e7:a2:3f:e3:9a:f8:1c:e7:e6:14:f4:4d:de:f9:39:
                    e2:8a:d5:ac:56:89:e2:d9:a1:85:c5:82:15:17:0f:
                    51:60:6e:c9:39:66:b7:94:d6:39:3e:c1:41:e2:03:
                    f9:47:ef:68:a3:a5:f4:dd:54:c7:e8:aa:d1:cd:d5:
                    d1:ce:4a:17:62:eb:8c:26:2a:cf:f5:10:a7:4b:2e:
                    9f:d2:70:bd:ac:80:f0:09:14:e6:54:27:32:75:5b:
                    2e:e0:5b:b9:0e:c8:20:b8:32:61:11:68:28:a5:ef:
                    33:7e:f4:c2:c5:48:56:e3:3f:51:0a:e4:65:35:72:
                    1d:de:4a:f4:59:3b:8d:93:56:a8:03:36:c8:a2:3d:
                    93:cb:ac:60:1f:76:f3:0d:c3:76:3f:15:03:1a:58:
                    f9:99:89:2b:81:b8:e1:13:ef:46:98:56:66:6e:49:
                    06:4c:d1:15:11:de:29:ea:1f:9c:39:8b:e4:59:c4:
                    a5:14:8f:6f:14:3a:ed:bb:64:c0:a2:21:88:30:03:
                    78:e9:63:2f:59:4f:d9:2f:6c:d6:b1:b9:17:8b:2c:
                    2a:f3:46:3c:9d:94:5f:af:f9:9d:a8:45:07:38:bc:
                    f5:34:d1:ae:24:f6:c1:45:ea:b7:9c:fe:7c:4d:61:
                    25:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:D9:04:E5:80:75:2C:F8:EE:2C:2A:42:77:75:24:DA:43:49:00:5D
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/0dkE5YB1LPjuLCpCd3Uk2kNJAF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         df:dd:8e:b1:65:1b:db:5c:19:ee:02:5a:d9:f3:7f:40:04:99:
         f2:b0:fe:11:ee:cf:9e:8a:36:62:45:2f:26:c9:f7:3e:76:c5:
         7f:eb:b9:cb:b8:f3:23:dd:8f:02:b0:44:ac:5b:69:6c:ad:a3:
         0c:f8:75:f9:bb:80:41:59:54:69:2f:d7:46:d3:a9:ce:28:88:
         c0:51:1c:46:4c:e0:41:3d:78:36:52:5e:85:76:58:ba:bb:2c:
         ba:a3:09:27:30:47:ec:47:02:75:49:e0:74:db:ee:99:01:04:
         ea:44:30:a1:f8:a0:08:7f:7f:1b:6b:fa:79:50:cd:0a:d3:20:
         28:48:d3:2e:06:98:02:57:13:a1:59:9c:80:b1:8e:da:4a:c8:
         97:92:d5:1d:53:39:c2:28:00:ff:58:3e:52:52:d8:3b:02:23:
         93:4f:70:53:49:7d:69:81:94:a9:00:af:a6:33:7b:e4:8a:43:
         05:a0:62:4f:b1:a5:19:6a:5f:cc:29:7b:e6:36:16:f6:6f:4e:
         7f:50:82:5c:3c:41:e4:70:f1:f1:d4:00:f9:be:26:59:bf:c4:
         b0:02:a4:39:84:c3:30:56:7b:48:b0:de:72:ab:02:c8:74:6e:
         ce:d1:3a:47:2a:8f:97:7e:6c:f2:e7:10:7c:9b:ca:63:50:2c:
         aa:eb:4e:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiej7mEyNKUW7wDY1x7yoUlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwODEyMTM1NDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWQ5MDRlNTgwNzUyY2Y4ZWUyYzJhNDI3Nzc1MjRkYTQzNDkwMDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCn6FJLFPl7hWMNTH0jnoj/jmvgc
5+YU9E3e+TniitWsVoni2aGFxYIVFw9RYG7JOWa3lNY5PsFB4gP5R+9oo6X03VTH
6KrRzdXRzkoXYuuMJirP9RCnSy6f0nC9rIDwCRTmVCcydVsu4Fu5DsgguDJhEWgo
pe8zfvTCxUhW4z9RCuRlNXId3kr0WTuNk1aoAzbIoj2Ty6xgH3bzDcN2PxUDGlj5
mYkrgbjhE+9GmFZmbkkGTNEVEd4p6h+cOYvkWcSlFI9vFDrtu2TAoiGIMAN46WMv
WU/ZL2zWsbkXiywq80Y8nZRfr/mdqEUHOLz1NNGuJPbBReq3nP58TWEleQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHZBOWAdSz47iwqQnd1JNpDSQBdMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvMGRrRTVZQjFMUGp1TENwQ2QzVWsya05KQUYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUZwMA0G
CSqGSIb3DQEBCwUAA4IBAQDf3Y6xZRvbXBnuAlrZ839ABJnysP4R7s+eijZiRS8m
yfc+dsV/67nLuPMj3Y8CsESsW2lsraMM+HX5u4BBWVRpL9dG06nOKIjAURxGTOBB
PXg2Ul6Fdli6uyy6owknMEfsRwJ1SeB02+6ZAQTqRDCh+KAIf38ba/p5UM0K0yAo
SNMuBpgCVxOhWZyAsY7aSsiXktUdUznCKAD/WD5SUtg7AiOTT3BTSX1pgZSpAK+m
M3vkikMFoGJPsaUZal/MKXvmNhb2b05/UIJcPEHkcPHx1AD5viZZv8SwAqQ5hMMw
VntIsN5yqwLIdG7O0TpHKo+Xfmzy5xB8m8pjUCyq604f
-----END CERTIFICATE-----