Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/CAK19XLyWpDBKtyOh5VJFJlDLgs.roa
File:                     CAK19XLyWpDBKtyOh5VJFJlDLgs.roa (raw, json)
Hash identifier:          UlLhFCJZ2QmzzZ8qbAQI384c7jYogbUbzPQIMlTHrTw=
Subject key identifier:   08:02:B5:F5:72:F2:5A:90:C1:2A:DC:8E:87:95:49:14:99:43:2E:0B
Certificate issuer:       /CN=360a9601e02f8128ef646f5595336e0a57917caf
Certificate serial:       0197AC555360C26477FE578233AAC448FB85
Authority key identifier: 36:0A:96:01:E0:2F:81:28:EF:64:6F:55:95:33:6E:0A:57:91:7C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NgqWAeAvgSjvZG9VlTNuCleRfK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/CAK19XLyWpDBKtyOh5VJFJlDLgs.roa
Signing time:             Thu 26 Jun 2025 13:02:42 +0000
ROA not before:           Thu 26 Jun 2025 13:02:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29305
IP address blocks:        194.177.4.0/22 maxlen: 24
                          194.177.4.0/23 maxlen: 24
                          194.177.6.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/NgqWAeAvgSjvZG9VlTNuCleRfK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/NgqWAeAvgSjvZG9VlTNuCleRfK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NgqWAeAvgSjvZG9VlTNuCleRfK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ac:55:53:60:c2:64:77:fe:57:82:33:aa:c4:48:fb:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=360a9601e02f8128ef646f5595336e0a57917caf
        Validity
            Not Before: Jun 26 13:02:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0802b5f572f25a90c12adc8e8795491499432e0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:bd:e4:4c:f6:34:04:db:cf:91:0b:8c:59:e8:
                    1d:43:b4:0b:a6:3c:d3:46:63:01:d7:e5:93:45:24:
                    a0:81:76:d0:13:d6:63:81:28:42:aa:1b:a4:b8:48:
                    d9:76:b2:70:89:9c:94:83:fc:24:97:bc:ab:41:53:
                    75:58:7a:6d:f9:b7:9c:ab:5e:3c:cc:19:72:14:ea:
                    b6:c5:67:6c:2e:e1:90:88:7b:d7:dc:b8:19:60:74:
                    15:33:e1:94:8c:4d:09:ac:e1:51:c6:b0:69:eb:5d:
                    c3:13:4f:1f:3f:3b:35:8a:c4:eb:7d:cb:5c:c7:ad:
                    fa:28:a7:6a:00:cc:ca:9f:59:3c:a2:22:ac:8e:42:
                    37:fd:19:7e:4f:be:c9:1f:7a:89:45:ce:b3:b1:1f:
                    11:5c:68:66:4f:e1:ab:e1:11:25:fa:2e:38:56:c3:
                    2a:a1:07:eb:ff:c3:ab:e0:8b:aa:b6:1d:03:9f:91:
                    59:7f:04:ca:ab:4f:47:c2:2d:61:a8:3a:13:f4:e3:
                    aa:6d:1f:d4:94:6c:b1:0f:3c:26:af:35:17:af:f2:
                    0c:ec:dd:e7:28:16:10:9f:6b:34:ae:aa:9b:6e:47:
                    f9:46:bd:bc:86:11:ec:0b:b7:7b:82:6e:84:90:53:
                    cc:db:02:f0:1a:ad:7a:19:21:a9:18:a0:35:be:65:
                    b5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:02:B5:F5:72:F2:5A:90:C1:2A:DC:8E:87:95:49:14:99:43:2E:0B
            X509v3 Authority Key Identifier:
                keyid:36:0A:96:01:E0:2F:81:28:EF:64:6F:55:95:33:6E:0A:57:91:7C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NgqWAeAvgSjvZG9VlTNuCleRfK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/CAK19XLyWpDBKtyOh5VJFJlDLgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/NgqWAeAvgSjvZG9VlTNuCleRfK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.177.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:47:8b:61:24:7f:97:66:49:bf:f9:16:48:75:48:56:4c:ac:
         44:ae:87:1e:f8:c9:de:21:89:ef:bc:99:55:4c:db:d1:7d:d3:
         64:48:07:03:b6:67:f1:be:59:bd:19:f1:3c:06:51:dc:06:30:
         28:cd:b3:09:3d:17:97:f3:2e:70:e7:ff:0f:36:2a:0c:3a:3e:
         e0:46:37:f9:93:6b:d7:a0:69:0e:ea:c1:2f:05:2b:b8:f5:22:
         6b:4d:85:74:1a:6d:b8:9a:e5:d0:1f:9e:e5:17:0e:89:c1:0f:
         66:08:3a:20:9e:84:ce:0b:dd:33:11:ea:8e:9f:93:25:2e:dc:
         eb:9b:a0:79:12:de:30:a9:82:54:43:6b:5b:7c:9f:77:57:57:
         67:bd:8a:a3:ad:6f:59:18:01:7e:1d:ec:d3:eb:fb:45:8f:c2:
         9d:b6:fe:10:1e:64:55:37:aa:84:7d:37:88:57:d0:61:f4:00:
         47:ee:79:a1:4d:fa:8b:64:11:96:9e:d1:64:5a:bf:53:1c:b0:
         c3:68:3e:f2:e9:66:f0:f5:c5:78:00:7d:77:1d:9c:87:3b:94:
         18:e9:78:52:31:2b:46:b5:2a:31:7c:e8:cb:76:02:85:bf:49:
         e9:19:ae:fe:de:40:51:eb:b2:fa:7a:2b:e4:bd:ab:e6:b5:68:
         a3:0a:8c:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZesVVNgwmR3/leCM6rESPuFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MGE5NjAxZTAyZjgxMjhlZjY0NmY1NTk1MzM2ZTBhNTc5
MTdjYWYwHhcNMjUwNjI2MTMwMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODAyYjVmNTcyZjI1YTkwYzEyYWRjOGU4Nzk1NDkxNDk5NDMyZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqL3kTPY0BNvPkQuMWegdQ7QLpjzT
RmMB1+WTRSSggXbQE9ZjgShCqhukuEjZdrJwiZyUg/wkl7yrQVN1WHpt+becq148
zBlyFOq2xWdsLuGQiHvX3LgZYHQVM+GUjE0JrOFRxrBp613DE08fPzs1isTrfctc
x636KKdqAMzKn1k8oiKsjkI3/Rl+T77JH3qJRc6zsR8RXGhmT+Gr4REl+i44VsMq
oQfr/8Or4Iuqth0Dn5FZfwTKq09Hwi1hqDoT9OOqbR/UlGyxDzwmrzUXr/IM7N3n
KBYQn2s0rqqbbkf5Rr28hhHsC7d7gm6EkFPM2wLwGq16GSGpGKA1vmW1KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgCtfVy8lqQwSrcjoeVSRSZQy4LMB8GA1UdIwQY
MBaAFDYKlgHgL4Eo72RvVZUzbgpXkXyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmdxV0FlQXZnU2p2Wkc5VmxUTnVDbGVSZks4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9jM2NhODYtM2U3Ni00OGM0LTk4YWMt
YzJkMDAzNDIyMzVjLzEvQ0FLMTlYTHlXcERCS3R5T2g1VkpGSmxETGdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9jM2NhODYtM2U3Ni00OGM0LTk4YWMtYzJkMDAzNDIyMzVj
LzEvTmdxV0FlQXZnU2p2Wkc5VmxUTnVDbGVSZks4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwrEEMA0G
CSqGSIb3DQEBCwUAA4IBAQClR4thJH+XZkm/+RZIdUhWTKxEroce+MneIYnvvJlV
TNvRfdNkSAcDtmfxvlm9GfE8BlHcBjAozbMJPReX8y5w5/8PNioMOj7gRjf5k2vX
oGkO6sEvBSu49SJrTYV0Gm24muXQH57lFw6JwQ9mCDognoTOC90zEeqOn5MlLtzr
m6B5Et4wqYJUQ2tbfJ93V1dnvYqjrW9ZGAF+HezT6/tFj8Kdtv4QHmRVN6qEfTeI
V9Bh9ABH7nmhTfqLZBGWntFkWr9THLDDaD7y6Wbw9cV4AH13HZyHO5QY6XhSMStG
tSoxfOjLdgKFv0npGa7+3kBR67L6eivkvavmtWijCoyB
-----END CERTIFICATE-----