Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/0nhKpg6aTvNvmJS9FSTDz9whKPY.roa
File:                     0nhKpg6aTvNvmJS9FSTDz9whKPY.roa (raw, json)
Hash identifier:          BAuCUJyb+aMTyV83JHNXoLLVKDy90dIRVoxtIGNX9js=
Subject key identifier:   D2:78:4A:A6:0E:9A:4E:F3:6F:98:94:BD:15:24:C3:CF:DC:21:28:F6
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0198A90AA773D20FDA9465B604AED5F191A5
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/0nhKpg6aTvNvmJS9FSTDz9whKPY.roa
Signing time:             Thu 14 Aug 2025 14:45:04 +0000
ROA not before:           Thu 14 Aug 2025 14:45:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44547
IP address blocks:        193.124.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a9:0a:a7:73:d2:0f:da:94:65:b6:04:ae:d5:f1:91:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Aug 14 14:45:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2784aa60e9a4ef36f9894bd1524c3cfdc2128f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:62:e3:c3:bc:c0:3f:c7:f3:a8:06:bb:95:50:
                    a4:6c:6b:c5:4c:0c:41:27:13:30:c5:67:3f:70:6c:
                    21:37:aa:af:f1:c7:90:ee:2a:49:03:12:3c:67:f6:
                    d7:d0:7f:9f:7c:a4:a3:14:cf:2b:2c:8e:a6:e7:7d:
                    51:89:70:cf:8b:9c:33:b8:11:aa:78:b7:24:d0:3a:
                    3b:71:13:90:07:34:4c:22:df:58:c6:c2:bd:c8:6d:
                    70:c3:0b:f3:38:83:fe:a2:79:08:00:9f:dc:e9:e7:
                    ec:f5:c2:dd:5c:37:a6:08:85:db:d1:e9:7f:40:0c:
                    34:db:dc:9a:08:41:ec:bf:db:43:d4:5e:5e:a2:6f:
                    fd:08:a1:ba:5c:62:f4:c1:dc:b8:34:9d:4b:39:1f:
                    7c:b5:5c:fc:db:b1:bf:a0:a1:82:0c:3c:92:e3:a6:
                    46:40:cd:da:3e:e1:c8:11:3b:c9:a6:3b:85:a0:59:
                    98:9d:71:85:4e:eb:2c:fb:ff:35:ca:59:fd:57:4e:
                    cf:64:0a:8d:ec:9e:9b:f8:f2:a8:a6:5d:be:8e:a3:
                    bb:90:a6:28:f4:36:b8:f5:8e:2c:de:85:9e:1c:27:
                    4c:92:f7:6e:72:3d:ec:ee:ea:6e:5c:ae:89:42:f1:
                    b2:c8:16:7d:52:e2:11:d5:02:c1:86:43:60:82:e5:
                    15:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:78:4A:A6:0E:9A:4E:F3:6F:98:94:BD:15:24:C3:CF:DC:21:28:F6
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/0nhKpg6aTvNvmJS9FSTDz9whKPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:1a:9e:11:e4:c7:60:a4:78:e1:fa:89:3b:63:c5:33:28:56:
         a7:1b:88:a3:86:15:f5:3b:d2:22:4e:9e:e5:90:80:c8:45:da:
         2b:6b:af:a5:c7:fc:73:c9:8b:64:d6:b5:fe:40:e3:09:af:19:
         89:c8:ba:39:e7:48:6d:a8:0d:7d:f5:2d:78:4e:43:41:0a:94:
         d9:e1:01:3e:eb:97:6e:50:6a:96:42:72:d5:f5:1e:90:c4:36:
         bc:5e:ff:15:54:28:e8:42:d3:e7:e0:21:60:1a:81:ed:f8:77:
         87:8f:85:44:bd:e8:90:b8:3c:4b:4f:15:43:55:e8:ed:fd:c2:
         1b:c3:9e:8b:75:6b:7c:29:92:48:97:74:c2:dd:b1:f4:c5:b4:
         b5:d9:95:9e:f0:7b:1c:da:94:73:9c:41:a6:70:e1:62:28:10:
         fc:57:0c:26:49:50:34:44:3f:d0:3e:9a:ac:75:04:2a:a7:c8:
         b2:9c:23:0d:2d:d0:fa:bf:39:31:2e:13:9c:a6:95:c1:53:b2:
         4c:9c:3e:22:54:46:8c:d3:df:85:50:84:02:1e:af:b0:c7:8d:
         2f:69:c4:34:9b:2e:23:3f:7e:39:19:eb:7d:3d:92:1e:81:93:
         8a:f1:e7:af:dd:83:89:a8:cf:06:eb:db:14:f9:42:a4:75:60:
         f4:23:41:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZipCqdz0g/alGW2BK7V8ZGlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwODE0MTQ0NTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjc4NGFhNjBlOWE0ZWYzNmY5ODk0YmQxNTI0YzNjZmRjMjEyOGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22Ljw7zAP8fzqAa7lVCkbGvFTAxB
JxMwxWc/cGwhN6qv8ceQ7ipJAxI8Z/bX0H+ffKSjFM8rLI6m531RiXDPi5wzuBGq
eLck0Do7cROQBzRMIt9YxsK9yG1wwwvzOIP+onkIAJ/c6efs9cLdXDemCIXb0el/
QAw029yaCEHsv9tD1F5eom/9CKG6XGL0wdy4NJ1LOR98tVz827G/oKGCDDyS46ZG
QM3aPuHIETvJpjuFoFmYnXGFTuss+/81yln9V07PZAqN7J6b+PKopl2+jqO7kKYo
9Da49Y4s3oWeHCdMkvducj3s7upuXK6JQvGyyBZ9UuIR1QLBhkNgguUVzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJ4SqYOmk7zb5iUvRUkw8/cISj2MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvMG5oS3BnNmFUdk52bUpTOUZTVER6OXdoS1BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXxQMA0G
CSqGSIb3DQEBCwUAA4IBAQBgGp4R5MdgpHjh+ok7Y8UzKFanG4ijhhX1O9IiTp7l
kIDIRdora6+lx/xzyYtk1rX+QOMJrxmJyLo550htqA199S14TkNBCpTZ4QE+65du
UGqWQnLV9R6QxDa8Xv8VVCjoQtPn4CFgGoHt+HeHj4VEveiQuDxLTxVDVejt/cIb
w56LdWt8KZJIl3TC3bH0xbS12ZWe8Hsc2pRznEGmcOFiKBD8VwwmSVA0RD/QPpqs
dQQqp8iynCMNLdD6vzkxLhOcppXBU7JMnD4iVEaM09+FUIQCHq+wx40vacQ0my4j
P345Get9PZIegZOK8eev3YOJqM8G69sU+UKkdWD0I0F6
-----END CERTIFICATE-----