Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/8K49Xpj4k5dyq2yRfoHAGiOSEeY.roa
File:                     8K49Xpj4k5dyq2yRfoHAGiOSEeY.roa (raw, json)
Hash identifier:          hmDY+ZS4NIOUWsCQUGN6/UlYo0A7Iss4LnNH2Vn6ChM=
Subject key identifier:   F0:AE:3D:5E:98:F8:93:97:72:AB:6C:91:7E:81:C0:1A:23:92:11:E6
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       0198AE92F935156A72CE656CC772C061D783
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/8K49Xpj4k5dyq2yRfoHAGiOSEeY.roa
Signing time:             Fri 15 Aug 2025 16:32:04 +0000
ROA not before:           Fri 15 Aug 2025 16:32:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11404
IP address blocks:        138.226.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ae:92:f9:35:15:6a:72:ce:65:6c:c7:72:c0:61:d7:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Aug 15 16:32:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0ae3d5e98f8939772ab6c917e81c01a239211e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:0f:57:7d:65:a2:e2:da:d8:9e:d6:a0:cf:48:
                    9b:0e:1e:0e:ae:8d:e6:67:73:ba:f6:52:1d:7d:07:
                    a2:60:d5:26:32:31:1d:6a:e9:77:d1:d8:65:d5:3c:
                    fe:2e:a1:56:1c:33:b2:18:e0:4a:f5:76:45:cf:a4:
                    76:99:cd:35:3c:7d:4b:17:ac:d9:c2:8a:f4:98:b5:
                    c6:d4:a9:3b:08:6c:b8:6a:39:80:9c:89:71:3f:c8:
                    4e:7d:79:89:1a:58:64:11:12:37:f4:d8:ef:98:8a:
                    ab:9e:d0:fd:4e:66:01:30:c4:82:7a:8d:6a:41:46:
                    d1:f8:c9:56:cc:9b:26:59:1f:6f:0c:ca:f7:81:bc:
                    4b:85:4e:29:f1:e6:7d:75:6e:af:dc:74:25:2a:c0:
                    18:44:05:63:50:87:44:57:70:c4:8b:70:5b:b4:d0:
                    21:fe:a1:f8:42:67:5a:d4:0d:41:87:89:ef:74:aa:
                    4b:f9:3c:31:87:6a:b0:79:8b:3b:53:30:c7:2e:24:
                    f0:d1:d1:9c:e1:91:2f:dd:dd:a0:74:48:f5:3d:77:
                    d2:52:00:2d:b1:5f:fa:4e:0a:ec:1f:06:5b:7e:f7:
                    74:4c:99:39:0a:af:5e:ae:9a:49:bf:9c:28:35:bb:
                    9f:c4:49:54:2a:99:1e:d3:16:c8:53:70:36:f7:f7:
                    1f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:AE:3D:5E:98:F8:93:97:72:AB:6C:91:7E:81:C0:1A:23:92:11:E6
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/8K49Xpj4k5dyq2yRfoHAGiOSEeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.226.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         19:c3:06:dc:7c:af:d4:d1:ff:9b:99:3e:90:16:53:37:98:0d:
         2f:22:db:cd:50:5a:82:d6:b4:da:f6:98:e9:33:40:08:82:81:
         cf:f8:99:5c:bc:43:df:a4:25:ac:6b:20:ce:30:e9:01:1f:eb:
         f1:38:54:76:b5:48:56:93:d9:53:ba:ac:97:74:fd:3a:7b:3d:
         34:3b:bf:1c:ab:67:46:15:00:1c:44:08:05:a7:dd:5d:18:b6:
         21:7d:16:d8:f6:e7:b8:b2:2d:ed:45:25:cf:99:28:4c:0d:7f:
         38:f9:b5:27:cc:fc:17:d7:63:45:1b:bc:69:d4:57:c7:80:44:
         60:39:0d:3d:b1:be:9c:05:0f:b5:fa:20:94:05:61:96:56:44:
         ac:e4:e9:f9:81:b1:5a:15:c9:67:00:45:98:5f:a2:84:ba:3d:
         c7:47:ee:cd:9d:65:da:58:d7:ff:03:f7:3d:b9:21:ec:4b:c6:
         28:69:db:38:ee:92:d6:35:07:2f:30:80:77:de:40:06:40:90:
         36:7f:3a:a7:5e:fd:85:6e:8d:5b:4e:29:9b:94:4f:5e:7f:09:
         b1:3d:2e:90:b0:b6:cd:1d:92:3e:eb:50:48:bf:3a:16:09:75:
         36:5d:e9:02:e3:a8:cf:0e:04:d4:69:be:3f:c5:ff:e9:ed:f2:
         6c:3f:7c:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiukvk1FWpyzmVsx3LAYdeDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjUwODE1MTYzMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGFlM2Q1ZTk4Zjg5Mzk3NzJhYjZjOTE3ZTgxYzAxYTIzOTIxMWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQ9XfWWi4trYntagz0ibDh4Oro3m
Z3O69lIdfQeiYNUmMjEdaul30dhl1Tz+LqFWHDOyGOBK9XZFz6R2mc01PH1LF6zZ
wor0mLXG1Kk7CGy4ajmAnIlxP8hOfXmJGlhkERI39NjvmIqrntD9TmYBMMSCeo1q
QUbR+MlWzJsmWR9vDMr3gbxLhU4p8eZ9dW6v3HQlKsAYRAVjUIdEV3DEi3BbtNAh
/qH4Qmda1A1Bh4nvdKpL+Twxh2qweYs7UzDHLiTw0dGc4ZEv3d2gdEj1PXfSUgAt
sV/6TgrsHwZbfvd0TJk5Cq9erppJv5woNbufxElUKpke0xbIU3A29/cf7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCuPV6Y+JOXcqtskX6BwBojkhHmMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvOEs0OVhwajRrNWR5cTJ5UmZvSEFHaU9TRWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDiuI4MA0G
CSqGSIb3DQEBCwUAA4IBAQAZwwbcfK/U0f+bmT6QFlM3mA0vItvNUFqC1rTa9pjp
M0AIgoHP+JlcvEPfpCWsayDOMOkBH+vxOFR2tUhWk9lTuqyXdP06ez00O78cq2dG
FQAcRAgFp91dGLYhfRbY9ue4si3tRSXPmShMDX84+bUnzPwX12NFG7xp1FfHgERg
OQ09sb6cBQ+1+iCUBWGWVkSs5On5gbFaFclnAEWYX6KEuj3HR+7NnWXaWNf/A/c9
uSHsS8Yoads47pLWNQcvMIB33kAGQJA2fzqnXv2Fbo1bTimblE9efwmxPS6QsLbN
HZI+61BIvzoWCXU2XekC46jPDgTUab4/xf/p7fJsP3wL
-----END CERTIFICATE-----