Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/9oj7usn1jvbz0tFxG2Z5p-wgXKA.roa
File:                     9oj7usn1jvbz0tFxG2Z5p-wgXKA.roa (raw, json)
Hash identifier:          m2qYpphO1X68KFD3WfxpihFPRyWFaQCoGfFTXzr/Rf8=
Subject key identifier:   F6:88:FB:BA:C9:F5:8E:F6:F3:D2:D1:71:1B:66:79:A7:EC:20:5C:A0
Certificate issuer:       /CN=78e98dee9aadc86b4dfa9e168d921bd80ba3f3a6
Certificate serial:       0198A7E70FE277620C2156269C50EEDE2B54
Authority key identifier: 78:E9:8D:EE:9A:AD:C8:6B:4D:FA:9E:16:8D:92:1B:D8:0B:A3:F3:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eOmN7pqtyGtN-p4WjZIb2Auj86Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/9oj7usn1jvbz0tFxG2Z5p-wgXKA.roa
Signing time:             Thu 14 Aug 2025 09:26:34 +0000
ROA not before:           Thu 14 Aug 2025 09:26:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8528
IP address blocks:        138.21.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/eOmN7pqtyGtN-p4WjZIb2Auj86Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/eOmN7pqtyGtN-p4WjZIb2Auj86Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eOmN7pqtyGtN-p4WjZIb2Auj86Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 04:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:e7:0f:e2:77:62:0c:21:56:26:9c:50:ee:de:2b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78e98dee9aadc86b4dfa9e168d921bd80ba3f3a6
        Validity
            Not Before: Aug 14 09:26:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f688fbbac9f58ef6f3d2d1711b6679a7ec205ca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c7:5e:7c:53:7d:2e:0f:60:1e:2e:c1:ad:e9:
                    83:f0:5e:b7:33:62:a1:cb:31:4d:fd:06:41:d9:ba:
                    f2:d5:a1:02:cc:4d:70:4d:1e:f0:e8:84:dc:4f:74:
                    ce:dd:a7:d5:6c:3f:bd:ce:80:2c:a0:fa:3c:4a:5f:
                    c9:a3:9a:fa:41:a5:56:28:53:52:34:12:8e:86:98:
                    83:42:67:14:b6:db:c1:2f:38:b9:75:46:e5:66:db:
                    ec:d0:47:cf:7f:b2:56:dc:83:89:9a:9d:e4:cf:6e:
                    78:cf:bd:a1:3b:a9:03:f8:c8:70:c7:6d:c8:41:2e:
                    e4:ed:45:c8:cf:05:1f:ad:f4:47:ca:d7:4c:66:6b:
                    f6:72:13:d1:9f:16:36:2b:e6:98:d8:af:f4:62:f4:
                    26:cf:43:19:a1:1f:83:97:fe:39:f5:56:86:bd:90:
                    b4:82:fc:d5:46:c0:12:de:69:ff:fb:a7:02:b1:dd:
                    9f:1d:14:0f:bd:37:94:99:fa:8c:d2:4c:79:86:81:
                    d2:cb:91:f4:93:92:55:62:a9:a3:49:f3:65:ff:11:
                    00:60:63:ac:87:d6:10:d2:d8:fe:f3:eb:24:b2:32:
                    2d:06:0e:73:92:07:a6:48:d3:57:e6:7a:35:4c:1c:
                    d3:88:be:42:fb:15:d3:1a:3a:b6:01:a1:68:8c:ca:
                    9b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:88:FB:BA:C9:F5:8E:F6:F3:D2:D1:71:1B:66:79:A7:EC:20:5C:A0
            X509v3 Authority Key Identifier:
                keyid:78:E9:8D:EE:9A:AD:C8:6B:4D:FA:9E:16:8D:92:1B:D8:0B:A3:F3:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eOmN7pqtyGtN-p4WjZIb2Auj86Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/9oj7usn1jvbz0tFxG2Z5p-wgXKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/eOmN7pqtyGtN-p4WjZIb2Auj86Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.21.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         37:d2:da:53:77:b1:f6:08:09:a5:dc:19:9d:64:6b:68:c5:3d:
         47:a2:f1:92:8a:1d:6c:83:28:dc:76:35:c2:4a:48:85:2f:cc:
         cb:01:03:ed:7a:a9:05:b2:65:bc:9d:6a:5f:9a:c8:97:48:1e:
         3c:d7:30:f4:4b:dd:9f:35:0c:0c:19:66:17:9d:ae:61:db:16:
         6c:4d:46:bb:a6:25:92:6f:a9:87:51:09:a5:d7:10:f6:b5:5a:
         ca:94:d9:07:c0:26:78:01:83:bf:e7:3c:b7:6a:55:39:65:2e:
         e4:ad:15:0e:67:7e:93:7f:3c:a4:ac:96:82:34:e9:ff:7e:88:
         9b:03:e5:5a:bd:56:72:10:67:7d:a9:04:6f:41:bf:b7:4e:af:
         95:16:4b:37:d0:7e:51:54:f4:b2:b1:30:a7:aa:d4:05:83:3f:
         8b:85:f6:5c:c4:ec:a4:3c:20:8a:1e:43:83:d5:ba:da:b1:eb:
         47:e4:46:eb:a1:08:4e:b3:3c:f9:4b:9d:47:ee:d0:78:61:7b:
         50:84:83:b7:63:bb:a8:5e:eb:e5:22:1b:fa:23:bc:54:72:69:
         4b:eb:3e:d9:cc:29:c1:97:51:92:c1:e1:bc:89:68:7a:ad:b3:
         d9:25:a8:98:96:ff:c9:c0:e8:07:37:b5:58:1c:73:87:6e:ec:
         ef:8c:91:23
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZin5w/id2IMIVYmnFDu3itUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZTk4ZGVlOWFhZGM4NmI0ZGZhOWUxNjhkOTIxYmQ4MGJh
M2YzYTYwHhcNMjUwODE0MDkyNjM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjg4ZmJiYWM5ZjU4ZWY2ZjNkMmQxNzExYjY2NzlhN2VjMjA1Y2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MdefFN9Lg9gHi7BremD8F63M2Kh
yzFN/QZB2bry1aECzE1wTR7w6ITcT3TO3afVbD+9zoAsoPo8Sl/Jo5r6QaVWKFNS
NBKOhpiDQmcUttvBLzi5dUblZtvs0EfPf7JW3IOJmp3kz254z72hO6kD+Mhwx23I
QS7k7UXIzwUfrfRHytdMZmv2chPRnxY2K+aY2K/0YvQmz0MZoR+Dl/459VaGvZC0
gvzVRsAS3mn/+6cCsd2fHRQPvTeUmfqM0kx5hoHSy5H0k5JVYqmjSfNl/xEAYGOs
h9YQ0tj+8+sksjItBg5zkgemSNNX5no1TBzTiL5C+xXTGjq2AaFojMqbQQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPaI+7rJ9Y7289LRcRtmeafsIFygMB8GA1UdIwQY
MBaAFHjpje6archrTfqeFo2SG9gLo/OmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU9tTjdwcXR5R3ROLXA0V2paSWIyQXVqODZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9jMWNjOTUtNzUyOS00MjcwLWE2ZWMt
NWM3MTk1NmE1Mzc3LzEvOW9qN3VzbjFqdmJ6MHRGeEcyWjVwLXdnWEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9jMWNjOTUtNzUyOS00MjcwLWE2ZWMtNWM3MTk1NmE1Mzc3
LzEvZU9tTjdwcXR5R3ROLXA0V2paSWIyQXVqODZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAihUwDQYJ
KoZIhvcNAQELBQADggEBADfS2lN3sfYICaXcGZ1ka2jFPUei8ZKKHWyDKNx2NcJK
SIUvzMsBA+16qQWyZbydal+ayJdIHjzXMPRL3Z81DAwZZhedrmHbFmxNRrumJZJv
qYdRCaXXEPa1WsqU2QfAJngBg7/nPLdqVTllLuStFQ5nfpN/PKSsloI06f9+iJsD
5Vq9VnIQZ32pBG9Bv7dOr5UWSzfQflFU9LKxMKeq1AWDP4uF9lzE7KQ8IIoeQ4PV
utqx60fkRuuhCE6zPPlLnUfu0Hhhe1CEg7dju6he6+UiG/ojvFRyaUvrPtnMKcGX
UZLB4byJaHqts9klqJiW/8nA6Ac3tVgcc4du7O+MkSM=
-----END CERTIFICATE-----