Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/Aw2WfNbQ4RABuXRvgXOnLE3RbsA.roa
File:                     Aw2WfNbQ4RABuXRvgXOnLE3RbsA.roa (raw, json)
Hash identifier:          TFeeNKEqB5VRBcKtyJM73uNYiay/oDGFd7RJVR+kagE=
Subject key identifier:   03:0D:96:7C:D6:D0:E1:10:01:B9:74:6F:81:73:A7:2C:4D:D1:6E:C0
Certificate issuer:       /CN=522399c2789b1a5504f81671cff220c04eaf59f1
Certificate serial:       0198CB618AF519B32E4D59A2C740F76D4610
Authority key identifier: 52:23:99:C2:78:9B:1A:55:04:F8:16:71:CF:F2:20:C0:4E:AF:59:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UiOZwnibGlUE-BZxz_IgwE6vWfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/Aw2WfNbQ4RABuXRvgXOnLE3RbsA.roa
Signing time:             Thu 21 Aug 2025 06:47:04 +0000
ROA not before:           Thu 21 Aug 2025 06:47:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43216
IP address blocks:        195.238.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/UiOZwnibGlUE-BZxz_IgwE6vWfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/UiOZwnibGlUE-BZxz_IgwE6vWfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UiOZwnibGlUE-BZxz_IgwE6vWfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cb:61:8a:f5:19:b3:2e:4d:59:a2:c7:40:f7:6d:46:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=522399c2789b1a5504f81671cff220c04eaf59f1
        Validity
            Not Before: Aug 21 06:47:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=030d967cd6d0e11001b9746f8173a72c4dd16ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bc:62:15:8f:f5:22:8b:45:46:d8:6d:25:3e:
                    80:1b:4b:b6:f5:47:cb:e4:18:98:20:2d:4c:54:03:
                    53:96:5c:83:10:dc:15:07:27:66:48:15:0e:19:b3:
                    7c:67:af:5f:40:9d:48:32:c1:8b:3f:47:23:74:d8:
                    08:3a:61:ab:26:d3:06:ca:7c:5a:e2:3a:f3:1f:35:
                    f5:c2:7b:06:7d:fb:e3:2e:f5:f0:1f:9e:83:fe:bc:
                    aa:e1:4a:8d:46:f7:21:28:31:04:44:3e:d9:ed:a9:
                    1d:13:6e:5f:46:86:00:69:e1:4d:97:48:fa:a7:76:
                    07:df:21:09:88:35:d3:51:af:fd:ae:22:76:08:6e:
                    f9:6d:4d:76:ad:e8:eb:b9:77:73:85:13:0a:7d:77:
                    a6:e6:6f:24:e2:0e:7f:2b:15:6f:17:c2:45:1d:59:
                    be:c5:17:08:f9:24:13:67:8b:22:ba:81:84:38:31:
                    7b:90:85:68:f7:27:1f:37:33:ae:9a:eb:e6:5e:a1:
                    09:b8:a0:7a:50:c0:67:38:0e:af:e1:fd:b5:9c:36:
                    1f:02:27:39:c7:85:af:4e:9a:71:ae:a3:e2:f5:d2:
                    ee:37:34:15:57:df:c4:90:5c:10:a7:03:4f:98:fd:
                    8d:59:4c:af:ac:6d:59:37:57:ff:0a:72:89:2f:39:
                    35:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:0D:96:7C:D6:D0:E1:10:01:B9:74:6F:81:73:A7:2C:4D:D1:6E:C0
            X509v3 Authority Key Identifier:
                keyid:52:23:99:C2:78:9B:1A:55:04:F8:16:71:CF:F2:20:C0:4E:AF:59:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UiOZwnibGlUE-BZxz_IgwE6vWfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/Aw2WfNbQ4RABuXRvgXOnLE3RbsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/UiOZwnibGlUE-BZxz_IgwE6vWfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:2a:bc:7c:f3:02:c3:59:cd:2a:18:69:7a:c3:c7:f9:68:76:
         c6:7a:41:54:4d:4a:e7:92:89:c8:be:a2:a8:70:0b:cb:e9:4b:
         a2:b7:09:10:39:ac:38:d8:86:37:45:7b:9f:35:41:ed:83:d9:
         c3:58:61:32:a2:bf:b5:78:ba:ca:d2:21:a9:be:ee:2e:4d:47:
         0b:4e:5b:88:fb:6d:7a:c6:a3:e4:c7:3d:f7:04:f2:48:62:10:
         9e:78:7d:ea:74:9a:ad:ee:67:f6:28:45:f6:4f:43:f2:5c:33:
         30:c0:4b:0c:f1:95:e4:19:79:0a:37:22:84:89:bc:59:17:7b:
         18:c0:67:16:05:6e:5d:24:69:d3:12:06:a7:cf:e2:29:ea:73:
         5f:aa:13:b7:13:f4:de:8a:7d:82:44:05:0d:a6:31:8c:8c:62:
         0c:65:14:e8:dc:db:21:f1:a7:19:e3:50:7c:e6:af:58:00:f2:
         72:2e:6a:a5:fb:10:d4:f9:ae:0e:50:c8:5e:eb:e7:2a:ee:94:
         43:f7:48:5d:50:f9:60:3c:11:d4:cd:44:6c:ed:b9:2b:82:0e:
         f0:aa:49:9a:2d:ec:d3:3a:d2:5f:d6:ff:b8:1d:7b:a7:42:fb:
         0a:61:86:a9:16:4b:e7:00:cf:36:d3:9d:26:04:09:91:24:61:
         f7:f2:5b:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjLYYr1GbMuTVmix0D3bUYQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMjM5OWMyNzg5YjFhNTUwNGY4MTY3MWNmZjIyMGMwNGVh
ZjU5ZjEwHhcNMjUwODIxMDY0NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzBkOTY3Y2Q2ZDBlMTEwMDFiOTc0NmY4MTczYTcyYzRkZDE2ZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorxiFY/1IotFRthtJT6AG0u29UfL
5BiYIC1MVANTllyDENwVBydmSBUOGbN8Z69fQJ1IMsGLP0cjdNgIOmGrJtMGynxa
4jrzHzX1wnsGffvjLvXwH56D/ryq4UqNRvchKDEERD7Z7akdE25fRoYAaeFNl0j6
p3YH3yEJiDXTUa/9riJ2CG75bU12rejruXdzhRMKfXem5m8k4g5/KxVvF8JFHVm+
xRcI+SQTZ4siuoGEODF7kIVo9ycfNzOumuvmXqEJuKB6UMBnOA6v4f21nDYfAic5
x4WvTppxrqPi9dLuNzQVV9/EkFwQpwNPmP2NWUyvrG1ZN1f/CnKJLzk1ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMNlnzW0OEQAbl0b4FzpyxN0W7AMB8GA1UdIwQY
MBaAFFIjmcJ4mxpVBPgWcc/yIMBOr1nxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWlPWnduaWJHbFVFLUJaeHpfSWd3RTZ2V2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8yMmQwMTEtZWQ0Mi00ZDE0LWE2NzAt
ZDVkNTFkMzc5NDlkLzEvQXcyV2ZOYlE0UkFCdVhSdmdYT25MRTNSYnNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8yMmQwMTEtZWQ0Mi00ZDE0LWE2NzAtZDVkNTFkMzc5NDlk
LzEvVWlPWnduaWJHbFVFLUJaeHpfSWd3RTZ2V2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+78MA0G
CSqGSIb3DQEBCwUAA4IBAQAuKrx88wLDWc0qGGl6w8f5aHbGekFUTUrnkonIvqKo
cAvL6UuitwkQOaw42IY3RXufNUHtg9nDWGEyor+1eLrK0iGpvu4uTUcLTluI+216
xqPkxz33BPJIYhCeeH3qdJqt7mf2KEX2T0PyXDMwwEsM8ZXkGXkKNyKEibxZF3sY
wGcWBW5dJGnTEganz+Ip6nNfqhO3E/Tein2CRAUNpjGMjGIMZRTo3Nsh8acZ41B8
5q9YAPJyLmql+xDU+a4OUMhe6+cq7pRD90hdUPlgPBHUzURs7bkrgg7wqkmaLezT
OtJf1v+4HXunQvsKYYapFkvnAM82050mBAmRJGH38lt0
-----END CERTIFICATE-----