Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/4azyPv9b0HvoQrPyVczrcGsGuEc.roa
File:                     4azyPv9b0HvoQrPyVczrcGsGuEc.roa (raw, json)
Hash identifier:          JIQngEAfqhVm7ye/GAlnUqiGzlplrejNOhuJMwi0W6U=
Subject key identifier:   E1:AC:F2:3E:FF:5B:D0:7B:E8:42:B3:F2:55:CC:EB:70:6B:06:B8:47
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       0197B18DFFC35604EFFD4E9B06BE653E620D
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/4azyPv9b0HvoQrPyVczrcGsGuEc.roa
Signing time:             Fri 27 Jun 2025 13:22:42 +0000
ROA not before:           Fri 27 Jun 2025 13:22:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1147
IP address blocks:        145.98.0.0/21 maxlen: 24
                          145.127.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b1:8d:ff:c3:56:04:ef:fd:4e:9b:06:be:65:3e:62:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jun 27 13:22:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1acf23eff5bd07be842b3f255cceb706b06b847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ed:71:c5:d0:fe:e3:1a:d6:c5:6f:b6:b8:a6:
                    a0:80:74:63:24:de:8b:23:4a:66:00:4e:6a:cb:eb:
                    b8:f9:61:7e:74:3e:02:db:b4:4e:c5:cb:15:8f:e3:
                    ea:0d:48:2d:5e:b6:3b:df:8c:51:c5:62:6f:bb:91:
                    9c:12:ea:93:d5:49:ac:c2:e2:45:5a:04:c4:45:dd:
                    b4:a0:30:40:0e:62:8b:7f:03:d1:e6:50:f8:3a:6b:
                    58:a5:fd:77:41:43:8f:f4:fc:ca:43:6c:14:de:00:
                    73:2c:66:77:d3:d3:ce:ae:37:90:c8:ab:88:dd:98:
                    8f:e5:b0:48:a9:ef:21:ee:d9:42:02:55:b5:f0:87:
                    ca:f5:f7:bf:26:fb:f3:63:67:8d:07:3c:50:7a:5a:
                    cc:dd:cb:7c:af:0b:fe:89:3c:16:e3:16:17:46:e7:
                    96:48:18:ce:04:7d:74:e5:07:5c:7d:9a:da:cd:65:
                    24:2a:c2:94:39:28:84:fe:51:53:37:7c:12:d5:d8:
                    aa:ec:05:2a:d8:49:61:f1:6a:81:c1:9a:e1:49:d9:
                    c1:3a:8f:51:5e:ed:ce:de:b0:b0:38:af:d7:8b:09:
                    66:3b:31:9c:2c:97:3b:1f:4a:3f:c8:62:1d:71:57:
                    6f:21:ac:c1:e0:0e:18:a8:01:72:4e:e2:47:d7:ba:
                    c0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:AC:F2:3E:FF:5B:D0:7B:E8:42:B3:F2:55:CC:EB:70:6B:06:B8:47
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/4azyPv9b0HvoQrPyVczrcGsGuEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.98.0.0/21
                  145.127.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         a4:9c:79:b2:5d:77:5a:dd:9b:e1:f5:db:9a:c9:43:f4:01:39:
         8e:4d:be:fb:08:d8:d2:41:9a:70:78:50:9d:de:d8:43:a0:5c:
         5c:74:c8:63:d1:86:b5:2e:39:20:64:f3:92:e8:28:0b:a0:62:
         0a:04:c2:de:4c:97:df:2e:8b:b7:2a:4d:97:ff:7c:78:cb:d5:
         1b:4f:16:15:0e:f0:92:15:a2:98:a7:05:86:7f:9f:2c:78:90:
         21:76:84:ce:cf:07:66:52:19:22:31:35:38:df:a1:34:f4:ff:
         99:63:6a:f4:88:51:08:a9:90:24:15:8d:d6:87:ed:a5:91:99:
         4f:e9:81:5f:b0:08:c3:0c:50:c7:d4:88:10:69:ad:68:cd:2c:
         ba:28:5e:2b:25:c9:d2:aa:cd:60:dc:3c:29:5c:59:78:1d:bc:
         50:2f:ab:9e:5a:11:88:b8:8c:ed:24:9f:fa:c4:19:cd:0c:19:
         14:f8:a2:0d:d7:22:f7:5a:58:06:1b:ae:d2:50:ba:b2:7b:13:
         1a:e6:43:a7:f2:0c:2b:7f:1a:c0:b5:a7:51:aa:d7:d2:d4:ad:
         6c:ba:a6:53:35:ca:b2:27:0d:d1:69:5e:44:30:c6:d1:6a:ae:
         e1:95:f9:40:85:d6:3c:4c:4a:0f:28:6a:07:74:f5:bc:88:0e:
         27:27:52:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZexjf/DVgTv/U6bBr5lPmINMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjUwNjI3MTMyMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWFjZjIzZWZmNWJkMDdiZTg0MmIzZjI1NWNjZWI3MDZiMDZiODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmu1xxdD+4xrWxW+2uKaggHRjJN6L
I0pmAE5qy+u4+WF+dD4C27ROxcsVj+PqDUgtXrY734xRxWJvu5GcEuqT1UmswuJF
WgTERd20oDBADmKLfwPR5lD4OmtYpf13QUOP9PzKQ2wU3gBzLGZ309POrjeQyKuI
3ZiP5bBIqe8h7tlCAlW18IfK9fe/JvvzY2eNBzxQelrM3ct8rwv+iTwW4xYXRueW
SBjOBH105QdcfZrazWUkKsKUOSiE/lFTN3wS1diq7AUq2Elh8WqBwZrhSdnBOo9R
Xu3O3rCwOK/XiwlmOzGcLJc7H0o/yGIdcVdvIazB4A4YqAFyTuJH17rAhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOGs8j7/W9B76EKz8lXM63BrBrhHMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvNGF6eVB2OWIwSHZvUXJQeVZjenJjR3NHdUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDkWIAAwQH
kX+AMA0GCSqGSIb3DQEBCwUAA4IBAQCknHmyXXda3Zvh9duayUP0ATmOTb77CNjS
QZpweFCd3thDoFxcdMhj0Ya1LjkgZPOS6CgLoGIKBMLeTJffLou3Kk2X/3x4y9Ub
TxYVDvCSFaKYpwWGf58seJAhdoTOzwdmUhkiMTU436E09P+ZY2r0iFEIqZAkFY3W
h+2lkZlP6YFfsAjDDFDH1IgQaa1ozSy6KF4rJcnSqs1g3DwpXFl4HbxQL6ueWhGI
uIztJJ/6xBnNDBkU+KIN1yL3WlgGG67SULqyexMa5kOn8gwrfxrAtadRqtfS1K1s
uqZTNcqyJw3RaV5EMMbRaq7hlflAhdY8TEoPKGoHdPW8iA4nJ1JY
-----END CERTIFICATE-----