Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/dX64oYdO84sYoaZssnfnNSnjjZ8.roa
File:                     dX64oYdO84sYoaZssnfnNSnjjZ8.roa (raw, json)
Hash identifier:          gsXE0J7PM3QNxgRheiXzLzqDJ2lY8wkV0/36i7HSBdo=
Subject key identifier:   75:7E:B8:A1:87:4E:F3:8B:18:A1:A6:6C:B2:77:E7:35:29:E3:8D:9F
Certificate issuer:       /CN=03364fcedd691357733cd5ccd7029db8e61d1e3a
Certificate serial:       0198BF8CFAE3FDF8D3D52168C07A65AAF4A5
Authority key identifier: 03:36:4F:CE:DD:69:13:57:73:3C:D5:CC:D7:02:9D:B8:E6:1D:1E:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/dX64oYdO84sYoaZssnfnNSnjjZ8.roa
Signing time:             Mon 18 Aug 2025 23:39:04 +0000
ROA not before:           Mon 18 Aug 2025 23:39:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        185.84.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bf:8c:fa:e3:fd:f8:d3:d5:21:68:c0:7a:65:aa:f4:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03364fcedd691357733cd5ccd7029db8e61d1e3a
        Validity
            Not Before: Aug 18 23:39:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=757eb8a1874ef38b18a1a66cb277e73529e38d9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:2c:6b:ed:10:90:4e:1d:4d:a5:99:db:a8:41:
                    56:b2:eb:72:de:47:13:9f:ab:8a:c2:61:af:c3:2a:
                    56:08:99:21:95:7c:62:f1:8c:81:44:9e:40:25:a2:
                    08:47:a3:8f:f7:8d:58:17:2d:55:9a:62:a4:33:1b:
                    95:28:4a:40:cb:fd:4d:8c:10:cc:93:38:4e:07:53:
                    3e:9b:2a:1e:02:9b:ac:ff:c4:16:e9:e7:ad:e2:24:
                    2e:ba:39:44:6a:f6:84:2c:00:0b:f0:93:a8:64:ce:
                    e1:30:ef:3f:45:52:6d:fa:7c:86:c8:c2:94:31:7e:
                    b7:2b:4f:1c:c0:7b:dc:ab:8d:63:b7:08:76:7b:75:
                    eb:8a:c9:ba:f0:df:ed:95:53:6f:84:4c:d2:35:68:
                    4f:5b:43:60:e4:40:96:29:39:23:1c:ec:74:3f:67:
                    30:56:5d:ad:dc:0c:11:f3:24:ce:aa:48:a4:58:55:
                    fa:ec:15:33:e0:9b:18:72:d0:4c:70:11:ab:78:b1:
                    b4:56:b4:4c:21:59:ab:c8:b8:43:63:ab:68:ca:d9:
                    21:07:bf:22:a2:ee:cc:64:bb:95:f6:f2:0c:d9:2b:
                    83:7e:86:9a:55:ca:2d:4b:d9:db:b2:35:28:78:5f:
                    8e:82:6c:91:45:b1:9f:9e:0f:fe:aa:57:9d:12:af:
                    8a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:7E:B8:A1:87:4E:F3:8B:18:A1:A6:6C:B2:77:E7:35:29:E3:8D:9F
            X509v3 Authority Key Identifier:
                keyid:03:36:4F:CE:DD:69:13:57:73:3C:D5:CC:D7:02:9D:B8:E6:1D:1E:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/dX64oYdO84sYoaZssnfnNSnjjZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:d1:3a:31:f1:66:4d:91:27:0f:a1:f5:56:c4:73:b4:14:4c:
         4f:f4:61:9d:7c:b7:46:ac:59:d2:11:ab:40:77:0c:40:b8:80:
         90:58:be:ab:70:b4:a9:6b:34:0b:13:ac:62:9c:92:b9:17:0c:
         b4:e0:e3:fa:83:b2:14:16:57:04:ce:10:31:ac:9e:29:f2:72:
         d7:b7:72:00:fd:01:ba:1e:2f:87:8b:81:c8:ad:78:cb:fc:ab:
         12:7e:fd:93:3a:3f:17:6f:06:62:fa:05:c1:5a:c1:9f:8b:e0:
         20:72:3f:2d:48:c2:d4:dc:9e:d4:63:92:16:02:49:0c:0d:d5:
         72:fb:20:8a:6e:b6:69:ed:50:f5:5b:91:2b:2d:6a:ee:55:61:
         44:4e:bb:81:fb:df:b9:f8:0e:db:ff:63:11:a7:a7:bf:57:ac:
         f7:73:1d:d1:53:18:54:03:39:d7:1c:d1:72:75:bc:93:ba:0c:
         42:a2:06:1a:52:f8:ee:37:a9:6d:4d:e4:12:72:5d:0a:2e:30:
         d9:d8:20:d9:c4:a2:22:bf:63:25:6c:b7:b4:8c:86:03:c0:5b:
         57:55:8a:fd:d9:c3:ae:bc:aa:8c:66:cb:ba:42:6c:b7:3b:a9:
         b7:91:4e:f7:f4:c7:c4:e1:b0:3e:b9:bd:1b:0e:49:93:6b:cc:
         f0:21:ca:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi/jPrj/fjT1SFowHplqvSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMzY0ZmNlZGQ2OTEzNTc3MzNjZDVjY2Q3MDI5ZGI4ZTYx
ZDFlM2EwHhcNMjUwODE4MjMzOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTdlYjhhMTg3NGVmMzhiMThhMWE2NmNiMjc3ZTczNTI5ZTM4ZDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyxr7RCQTh1NpZnbqEFWsuty3kcT
n6uKwmGvwypWCJkhlXxi8YyBRJ5AJaIIR6OP941YFy1VmmKkMxuVKEpAy/1NjBDM
kzhOB1M+myoeApus/8QW6eet4iQuujlEavaELAAL8JOoZM7hMO8/RVJt+nyGyMKU
MX63K08cwHvcq41jtwh2e3Xrism68N/tlVNvhEzSNWhPW0Ng5ECWKTkjHOx0P2cw
Vl2t3AwR8yTOqkikWFX67BUz4JsYctBMcBGreLG0VrRMIVmryLhDY6toytkhB78i
ou7MZLuV9vIM2SuDfoaaVcotS9nbsjUoeF+OgmyRRbGfng/+qledEq+KowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHV+uKGHTvOLGKGmbLJ35zUp442fMB8GA1UdIwQY
MBaAFAM2T87daRNXczzVzNcCnbjmHR46MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXpaUHp0MXBFMWR6UE5YTTF3S2R1T1lkSGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81NmY1MjYtNTNkZS00YzlkLWI0MDEt
YWJmMGI1OTQ2NDZmLzEvZFg2NG9ZZE84NHNZb2Fac3NuZm5OU25qalo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81NmY1MjYtNTNkZS00YzlkLWI0MDEtYWJmMGI1OTQ2NDZm
LzEvQXpaUHp0MXBFMWR6UE5YTTF3S2R1T1lkSGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVScMA0G
CSqGSIb3DQEBCwUAA4IBAQAE0Tox8WZNkScPofVWxHO0FExP9GGdfLdGrFnSEatA
dwxAuICQWL6rcLSpazQLE6xinJK5Fwy04OP6g7IUFlcEzhAxrJ4p8nLXt3IA/QG6
Hi+Hi4HIrXjL/KsSfv2TOj8XbwZi+gXBWsGfi+Agcj8tSMLU3J7UY5IWAkkMDdVy
+yCKbrZp7VD1W5ErLWruVWFETruB+9+5+A7b/2MRp6e/V6z3cx3RUxhUAznXHNFy
dbyTugxCogYaUvjuN6ltTeQScl0KLjDZ2CDZxKIiv2MlbLe0jIYDwFtXVYr92cOu
vKqMZsu6Qmy3O6m3kU739MfE4bA+ub0bDkmTa8zwIcor
-----END CERTIFICATE-----