Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/DRqkuBEinQOqvGRLtyttGFuAw_A.roa
File:                     DRqkuBEinQOqvGRLtyttGFuAw_A.roa (raw, json)
Hash identifier:          JVCGVOt0ab/NpeMTi+g4KKvOXMxnz2j02xCj4KzemQI=
Subject key identifier:   0D:1A:A4:B8:11:22:9D:03:AA:BC:64:4B:B7:2B:6D:18:5B:80:C3:F0
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0197A6C5A703DB792E5E3059BC6FCF99A0D9
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/DRqkuBEinQOqvGRLtyttGFuAw_A.roa
Signing time:             Wed 25 Jun 2025 11:07:40 +0000
ROA not before:           Wed 25 Jun 2025 11:07:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211953
IP address blocks:        176.235.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:c5:a7:03:db:79:2e:5e:30:59:bc:6f:cf:99:a0:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jun 25 11:07:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d1aa4b811229d03aabc644bb72b6d185b80c3f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:c5:42:1a:d3:32:36:f7:bc:18:a2:0a:12:a4:
                    f9:d9:cf:67:81:c9:8e:ce:4d:a0:1a:12:73:41:d6:
                    b2:39:7c:09:05:31:50:1c:31:12:da:cf:40:10:d4:
                    96:0a:43:4f:c5:2d:74:3a:86:d6:ba:b8:f7:46:bd:
                    ad:91:52:e6:1d:52:2b:03:17:2a:4b:ca:cc:c4:f7:
                    7a:14:da:83:cd:f4:c3:31:38:c7:07:18:87:8e:dd:
                    ac:ff:87:cc:08:8e:44:90:49:64:43:72:2a:d8:fe:
                    a0:a9:76:09:8d:48:0a:89:c9:37:b8:91:20:ce:8a:
                    e6:de:d4:1e:4c:6b:4c:1c:58:cd:9d:9d:40:02:3f:
                    ec:d6:fb:a4:b2:19:38:9b:5e:44:4a:0a:6a:12:f5:
                    de:ed:9b:00:ed:b6:f2:92:5e:7b:7d:11:be:12:78:
                    85:bd:7a:61:49:ae:72:ad:14:de:86:15:2a:59:94:
                    7c:39:95:e2:33:1e:8c:53:6a:89:65:05:8d:ed:30:
                    f7:9f:89:d3:5b:fb:7f:f7:bc:34:2b:ca:d1:97:82:
                    02:66:3a:cb:8e:62:99:f6:8a:f5:49:57:a2:43:fa:
                    06:d6:79:c7:8a:6d:5c:81:1d:f3:8f:97:9a:08:eb:
                    e0:d8:58:91:3f:75:11:4b:b8:7e:0b:54:1a:65:12:
                    f2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1A:A4:B8:11:22:9D:03:AA:BC:64:4B:B7:2B:6D:18:5B:80:C3:F0
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/DRqkuBEinQOqvGRLtyttGFuAw_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.235.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:d8:2f:7c:f7:65:46:b0:94:e5:d9:a9:18:7d:95:49:7e:d5:
         e7:3d:10:71:3c:dc:20:d5:d0:aa:8f:d7:5d:9d:e7:45:e5:39:
         6f:ec:22:67:fd:96:72:e1:2e:22:c3:13:0e:81:82:f0:23:3f:
         a5:78:51:a1:16:a1:97:43:2e:26:49:69:63:45:e1:f5:c6:63:
         e3:6b:cb:71:7c:af:d0:92:75:05:56:88:4d:b0:c9:d6:ed:ec:
         86:9d:d5:31:da:6d:5c:89:b6:57:9b:a5:8b:e1:a3:9e:56:06:
         0e:8d:68:1c:a4:89:24:e5:46:4b:ba:43:5b:27:73:b4:90:fa:
         00:7d:6a:07:a7:74:75:1d:7d:60:e7:91:09:3a:06:c1:82:b3:
         9c:06:2a:3d:95:e4:d8:c0:9f:a7:ac:31:57:03:9f:07:b6:e8:
         74:c0:0b:f7:d8:a4:5b:da:4e:23:79:b9:f2:e8:7f:39:05:c0:
         a9:51:81:dd:9d:72:9f:52:37:6b:28:53:d9:ff:93:63:60:47:
         43:9b:8c:93:21:51:23:5e:e1:22:21:b7:19:09:e7:33:e5:08:
         e1:d3:fc:dc:03:11:03:e8:91:90:9b:91:4e:5f:03:b5:d2:c6:
         de:f4:b7:24:7d:9a:f8:e0:58:48:52:69:03:15:f7:e8:4b:93:
         a9:58:1f:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZemxacD23kuXjBZvG/PmaDZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwNjI1MTEwNzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFhYTRiODExMjI5ZDAzYWFiYzY0NGJiNzJiNmQxODViODBjM2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4sVCGtMyNve8GKIKEqT52c9ngcmO
zk2gGhJzQdayOXwJBTFQHDES2s9AENSWCkNPxS10OobWurj3Rr2tkVLmHVIrAxcq
S8rMxPd6FNqDzfTDMTjHBxiHjt2s/4fMCI5EkElkQ3Iq2P6gqXYJjUgKick3uJEg
zorm3tQeTGtMHFjNnZ1AAj/s1vukshk4m15ESgpqEvXe7ZsA7bbykl57fRG+EniF
vXphSa5yrRTehhUqWZR8OZXiMx6MU2qJZQWN7TD3n4nTW/t/97w0K8rRl4ICZjrL
jmKZ9or1SVeiQ/oG1nnHim1cgR3zj5eaCOvg2FiRP3URS7h+C1QaZRLydQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0apLgRIp0DqrxkS7crbRhbgMPwMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvRFJxa3VCRWluUU9xdkdSTHR5dHRHRnVBd19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsOusMA0G
CSqGSIb3DQEBCwUAA4IBAQCE2C9892VGsJTl2akYfZVJftXnPRBxPNwg1dCqj9dd
nedF5Tlv7CJn/ZZy4S4iwxMOgYLwIz+leFGhFqGXQy4mSWljReH1xmPja8txfK/Q
knUFVohNsMnW7eyGndUx2m1cibZXm6WL4aOeVgYOjWgcpIkk5UZLukNbJ3O0kPoA
fWoHp3R1HX1g55EJOgbBgrOcBio9leTYwJ+nrDFXA58Htuh0wAv32KRb2k4jebny
6H85BcCpUYHdnXKfUjdrKFPZ/5NjYEdDm4yTIVEjXuEiIbcZCecz5Qjh0/zcAxED
6JGQm5FOXwO10sbe9LckfZr44FhIUmkDFffoS5OpWB9N
-----END CERTIFICATE-----