Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mL6flvC1pQxyNbm29gDhfcpwd-s.roa
File:                     mL6flvC1pQxyNbm29gDhfcpwd-s.roa (raw, json)
Hash identifier:          5PPIVEvZg5uTs0kuwkmk/TvhaCR6gBPWptYFn6nDeI4=
Subject key identifier:   98:BE:9F:96:F0:B5:A5:0C:72:35:B9:B6:F6:00:E1:7D:CA:70:77:EB
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0198C26BB32DC477127681865D5122D076DC
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mL6flvC1pQxyNbm29gDhfcpwd-s.roa
Signing time:             Tue 19 Aug 2025 13:01:34 +0000
ROA not before:           Tue 19 Aug 2025 13:01:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202591
IP address blocks:        158.173.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c2:6b:b3:2d:c4:77:12:76:81:86:5d:51:22:d0:76:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Aug 19 13:01:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98be9f96f0b5a50c7235b9b6f600e17dca7077eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:72:8a:ef:a7:e9:96:85:0d:52:10:05:c1:cc:
                    cd:05:fd:31:5a:d0:1e:85:b5:cb:48:d1:b5:ab:21:
                    ce:6a:95:11:f0:60:0f:fd:3a:b6:26:fa:4c:4c:7b:
                    7e:e8:98:8a:0c:5e:69:83:44:af:bb:b9:9c:9b:14:
                    f4:96:8b:f9:b6:85:80:5a:ec:38:bc:e7:83:c4:ac:
                    6b:4f:ba:31:f1:7d:7c:06:29:0a:51:fc:8b:9d:d7:
                    f3:49:a0:12:3a:69:de:ed:70:77:e6:f0:15:ed:92:
                    d2:73:06:d3:f3:37:d3:85:b7:33:1b:46:06:9d:73:
                    7c:05:bd:fe:c6:f2:2d:be:20:ff:fe:a7:d5:11:c5:
                    66:ae:fe:21:39:cd:e0:95:26:1f:eb:58:ce:6a:26:
                    27:70:d0:87:c4:39:05:d6:6e:4f:a7:bd:0c:05:b6:
                    0b:39:b7:6e:3e:19:7e:48:a3:43:a3:c3:30:88:a8:
                    84:59:44:ab:e3:d1:cf:37:f2:4a:96:fa:72:55:11:
                    9e:e3:a2:d0:a5:38:2c:4e:0f:75:45:50:2a:b6:e4:
                    1b:64:a1:c0:4d:ab:8b:bf:ab:f5:c0:06:0f:39:de:
                    a4:a3:5f:7f:9a:1b:60:53:8b:dc:65:cb:a1:75:af:
                    66:10:9a:69:e3:a8:f6:e9:53:f8:68:7c:45:db:9d:
                    df:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:BE:9F:96:F0:B5:A5:0C:72:35:B9:B6:F6:00:E1:7D:CA:70:77:EB
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mL6flvC1pQxyNbm29gDhfcpwd-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:c0:d9:86:d3:65:a6:fc:91:72:1c:53:6c:df:d9:13:57:91:
         1b:39:56:d8:49:b3:90:36:bd:ef:6c:58:fe:1f:07:51:ee:08:
         96:d1:29:d6:05:32:2b:64:66:c6:a4:7e:12:0a:8d:71:6f:e7:
         47:56:27:02:55:c6:92:45:a9:13:47:17:f6:7b:f1:8b:00:4b:
         76:33:a1:d0:6d:d3:60:a8:94:3d:25:71:e3:23:37:72:bc:66:
         26:c2:6f:b1:09:18:c3:6e:09:eb:0d:b9:d2:53:5a:77:d5:78:
         21:d9:45:a2:8f:6a:aa:be:98:66:f2:b2:fa:82:a7:d3:e2:b2:
         31:8f:bb:9e:66:c0:1b:69:77:f1:e7:2f:0c:79:f1:3b:f7:e4:
         48:c4:75:2e:39:f5:da:f8:22:01:7f:bf:da:cd:c5:22:59:1f:
         d5:7d:52:f7:92:91:c1:56:6a:58:30:bb:96:c6:71:bd:6c:b4:
         c7:a3:ad:d7:fc:4b:67:2c:2f:50:77:fd:6f:b1:f8:f3:2b:aa:
         c3:eb:55:26:1a:ce:51:c9:76:42:41:70:30:67:95:d2:39:a3:
         a4:ea:49:b5:aa:07:eb:5f:9f:af:d4:8f:11:10:fe:11:c0:50:
         7c:72:b6:46:60:ae:42:c4:57:51:42:87:c1:88:1f:bf:3e:73:
         be:98:6f:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjCa7MtxHcSdoGGXVEi0HbcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwODE5MTMwMTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGJlOWY5NmYwYjVhNTBjNzIzNWI5YjZmNjAwZTE3ZGNhNzA3N2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnKK76fploUNUhAFwczNBf0xWtAe
hbXLSNG1qyHOapUR8GAP/Tq2JvpMTHt+6JiKDF5pg0Svu7mcmxT0lov5toWAWuw4
vOeDxKxrT7ox8X18BikKUfyLndfzSaASOmne7XB35vAV7ZLScwbT8zfThbczG0YG
nXN8Bb3+xvItviD//qfVEcVmrv4hOc3glSYf61jOaiYncNCHxDkF1m5Pp70MBbYL
ObduPhl+SKNDo8MwiKiEWUSr49HPN/JKlvpyVRGe46LQpTgsTg91RVAqtuQbZKHA
TauLv6v1wAYPOd6ko19/mhtgU4vcZcuhda9mEJpp46j26VP4aHxF253fGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJi+n5bwtaUMcjW5tvYA4X3KcHfrMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvbUw2Zmx2QzFwUXh5TmJtMjlnRGhmY3B3ZC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq2QMA0G
CSqGSIb3DQEBCwUAA4IBAQCewNmG02Wm/JFyHFNs39kTV5EbOVbYSbOQNr3vbFj+
HwdR7giW0SnWBTIrZGbGpH4SCo1xb+dHVicCVcaSRakTRxf2e/GLAEt2M6HQbdNg
qJQ9JXHjIzdyvGYmwm+xCRjDbgnrDbnSU1p31Xgh2UWij2qqvphm8rL6gqfT4rIx
j7ueZsAbaXfx5y8MefE79+RIxHUuOfXa+CIBf7/azcUiWR/VfVL3kpHBVmpYMLuW
xnG9bLTHo63X/EtnLC9Qd/1vsfjzK6rD61UmGs5RyXZCQXAwZ5XSOaOk6km1qgfr
X5+v1I8REP4RwFB8crZGYK5CxFdRQofBiB+/PnO+mG8M
-----END CERTIFICATE-----