Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/sCtuq4u8Sh0hAFbGRtS0LLqudEo.roa
File:                     sCtuq4u8Sh0hAFbGRtS0LLqudEo.roa (raw, json)
Hash identifier:          xN5eiFSfdOlzZrpYs0YFGLCefvx1Ss8FaZSTJJW7Fpg=
Subject key identifier:   B0:2B:6E:AB:8B:BC:4A:1D:21:00:56:C6:46:D4:B4:2C:BA:AE:74:4A
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0199A4708A169CE954045D29C88B30DAA970
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/sCtuq4u8Sh0hAFbGRtS0LLqudEo.roa
Signing time:             Thu 02 Oct 2025 10:21:02 +0000
ROA not before:           Thu 02 Oct 2025 10:21:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205923
IP address blocks:        158.173.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a4:70:8a:16:9c:e9:54:04:5d:29:c8:8b:30:da:a9:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Oct  2 10:21:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b02b6eab8bbc4a1d210056c646d4b42cbaae744a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2d:e6:f3:84:dd:32:1f:ca:12:6c:67:49:39:
                    6d:0c:ce:af:57:58:89:9f:7b:5c:40:10:f4:9a:d1:
                    4a:f9:e8:63:d6:a1:c4:5a:fa:67:02:23:f5:74:6b:
                    b4:e8:94:56:41:4a:94:6d:08:df:ce:d6:28:75:39:
                    f4:90:c0:b5:4c:51:1f:d9:fa:8c:fe:73:77:82:1a:
                    4f:24:f1:4d:73:73:9b:f7:7b:08:4b:88:88:c7:7d:
                    16:02:43:b9:bd:7b:0c:35:17:34:0d:ce:ff:82:27:
                    e5:66:c9:95:97:26:05:62:26:e1:4c:27:f9:84:ba:
                    52:dc:58:16:09:4a:e5:66:1d:0f:05:72:03:5c:cd:
                    57:58:80:e6:84:c6:cb:e2:45:8d:d9:b1:e2:03:2a:
                    21:52:9f:35:21:05:db:c6:76:88:9f:92:0a:1b:96:
                    16:0e:c3:5f:7b:ff:ed:5c:a5:64:e4:39:6c:83:d7:
                    33:61:69:a2:31:5b:a9:c3:33:16:8f:0f:f1:94:b3:
                    62:4b:e8:b1:2e:99:8b:12:f0:13:87:67:4d:fa:cf:
                    9b:f9:c7:62:28:ae:e9:0e:c1:c3:f8:88:f5:e5:e1:
                    d3:64:cd:c7:c6:18:af:00:f9:01:8d:be:bf:95:d8:
                    5e:20:96:16:56:35:07:db:bb:73:50:d0:62:bf:e5:
                    de:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:2B:6E:AB:8B:BC:4A:1D:21:00:56:C6:46:D4:B4:2C:BA:AE:74:4A
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/sCtuq4u8Sh0hAFbGRtS0LLqudEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:c6:f5:8b:d5:ce:b9:ee:b0:11:31:a9:2a:8e:f7:7c:af:2e:
         22:b9:c6:2b:63:2a:68:dc:82:7c:53:c0:66:fd:dc:ac:a2:73:
         dc:79:d0:38:64:36:2a:c3:b7:d3:31:f1:ff:3c:1b:1c:d4:e9:
         bc:72:04:cc:b6:82:c6:1b:21:62:04:9f:a0:fe:0a:f2:8a:5f:
         94:1a:67:ac:87:97:f7:41:31:5f:3b:63:b1:87:4d:da:fc:59:
         d0:d4:19:ad:01:21:b7:e5:bc:9a:9a:96:b8:0b:04:47:00:b7:
         3a:80:8a:80:6d:a7:9e:52:07:6d:08:73:54:8b:f1:41:13:b4:
         7b:ca:fa:0c:33:a8:52:52:55:f9:33:d4:9e:0c:39:d3:8f:69:
         71:90:9f:c6:ef:82:87:a5:c5:d6:ab:6c:4a:82:4c:fd:f4:81:
         63:76:cb:62:37:5d:7c:8f:0a:5b:ed:91:49:6a:59:90:7f:8e:
         ba:38:84:74:8e:41:1c:7b:74:a7:a9:f6:bf:12:02:de:4a:ae:
         31:51:60:45:91:28:ed:bc:bf:19:26:ad:88:12:38:5a:fc:5f:
         4e:3c:f1:5a:f0:07:88:cd:28:a7:28:4e:7e:14:1a:97:38:4d:
         e0:c6:32:ae:54:18:ff:e7:bb:e2:bf:8e:c8:0d:3d:89:e2:22:
         11:69:d4:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmkcIoWnOlUBF0pyIsw2qlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUxMDAyMTAyMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDJiNmVhYjhiYmM0YTFkMjEwMDU2YzY0NmQ0YjQyY2JhYWU3NDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwi3m84TdMh/KEmxnSTltDM6vV1iJ
n3tcQBD0mtFK+ehj1qHEWvpnAiP1dGu06JRWQUqUbQjfztYodTn0kMC1TFEf2fqM
/nN3ghpPJPFNc3Ob93sIS4iIx30WAkO5vXsMNRc0Dc7/giflZsmVlyYFYibhTCf5
hLpS3FgWCUrlZh0PBXIDXM1XWIDmhMbL4kWN2bHiAyohUp81IQXbxnaIn5IKG5YW
DsNfe//tXKVk5Dlsg9czYWmiMVupwzMWjw/xlLNiS+ixLpmLEvATh2dN+s+b+cdi
KK7pDsHD+Ij15eHTZM3HxhivAPkBjb6/ldheIJYWVjUH27tzUNBiv+XeCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLArbquLvEodIQBWxkbUtCy6rnRKMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvc0N0dXE0dThTaDBoQUZiR1J0UzBMTHF1ZEVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq2gMA0G
CSqGSIb3DQEBCwUAA4IBAQDKxvWL1c657rARMakqjvd8ry4iucYrYypo3IJ8U8Bm
/dysonPcedA4ZDYqw7fTMfH/PBsc1Om8cgTMtoLGGyFiBJ+g/gryil+UGmesh5f3
QTFfO2Oxh03a/FnQ1BmtASG35byampa4CwRHALc6gIqAbaeeUgdtCHNUi/FBE7R7
yvoMM6hSUlX5M9SeDDnTj2lxkJ/G74KHpcXWq2xKgkz99IFjdstiN118jwpb7ZFJ
almQf466OIR0jkEce3Snqfa/EgLeSq4xUWBFkSjtvL8ZJq2IEjha/F9OPPFa8AeI
zSinKE5+FBqXOE3gxjKuVBj/57viv47IDT2J4iIRadSz
-----END CERTIFICATE-----