Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/7aed99-a47d-4ec7-b4c5-fa1486ea798c/1/1-AcyZzR_rYiM2ehdDTTg0kr4UTw.roa
File:                     1-AcyZzR_rYiM2ehdDTTg0kr4UTw.roa (raw, json)
Hash identifier:          qHmoXJmRx4dkuxN3uy5t1kjSUTwhuDfIP867Nh4f5Ts=
Subject key identifier:   F8:07:32:67:34:7F:AD:88:8C:D9:E8:5D:0D:34:E0:D2:4A:F8:51:3C
Certificate issuer:       /CN=3c22643ba6a0eaef57329bf5bdc90b31c386f8a7
Certificate serial:       0198ADE5EF7FE7717C752107990845ADECBD
Authority key identifier: 3C:22:64:3B:A6:A0:EA:EF:57:32:9B:F5:BD:C9:0B:31:C3:86:F8:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PCJkO6ag6u9XMpv1vckLMcOG-Kc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/7aed99-a47d-4ec7-b4c5-fa1486ea798c/1/1-AcyZzR_rYiM2ehdDTTg0kr4UTw.roa
Signing time:             Fri 15 Aug 2025 13:23:04 +0000
ROA not before:           Fri 15 Aug 2025 13:23:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        212.102.144.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/7aed99-a47d-4ec7-b4c5-fa1486ea798c/1/PCJkO6ag6u9XMpv1vckLMcOG-Kc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/7aed99-a47d-4ec7-b4c5-fa1486ea798c/1/PCJkO6ag6u9XMpv1vckLMcOG-Kc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PCJkO6ag6u9XMpv1vckLMcOG-Kc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ad:e5:ef:7f:e7:71:7c:75:21:07:99:08:45:ad:ec:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c22643ba6a0eaef57329bf5bdc90b31c386f8a7
        Validity
            Not Before: Aug 15 13:23:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8073267347fad888cd9e85d0d34e0d24af8513c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:eb:56:1a:14:93:2e:31:50:af:92:93:18:d9:
                    66:25:ff:3c:8c:70:12:84:bc:fa:69:8a:08:b8:5f:
                    7c:93:bb:e8:0e:b7:59:e3:41:5c:bc:4a:dd:f0:9f:
                    28:0a:77:84:df:44:76:bc:75:5e:fb:6d:d5:60:fd:
                    45:0a:52:ce:03:12:40:71:b6:bb:f4:5d:27:a8:63:
                    ce:5d:7e:52:5f:79:57:6b:68:4e:5c:fd:cc:0f:a1:
                    99:14:35:1f:e5:b0:92:95:4b:9e:c0:ff:2b:26:09:
                    b2:93:53:16:b3:c0:e4:b7:f5:d5:55:98:57:bf:b4:
                    47:dd:e9:af:97:7a:33:91:1c:28:ce:6d:08:5b:39:
                    09:84:ca:e3:1a:b1:6e:1d:2f:88:16:fb:03:60:cc:
                    ea:e0:cd:cf:fa:cb:71:fa:ee:8c:0d:f2:1d:dc:23:
                    9a:87:08:ec:e1:56:06:85:ff:1f:7d:99:76:f4:2a:
                    e2:ab:c5:29:72:f2:b9:04:19:85:09:ba:db:dd:85:
                    ab:5a:ac:06:6c:df:fc:c0:c7:00:2f:a6:70:1f:ab:
                    f6:78:ec:ee:32:74:d4:ac:52:ad:3a:38:9f:e6:49:
                    fc:32:57:d8:d1:a1:fc:cf:c6:ea:44:ca:d6:c3:76:
                    02:fb:c1:b8:36:f7:9e:70:00:3e:1e:cd:ee:79:49:
                    10:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:07:32:67:34:7F:AD:88:8C:D9:E8:5D:0D:34:E0:D2:4A:F8:51:3C
            X509v3 Authority Key Identifier:
                keyid:3C:22:64:3B:A6:A0:EA:EF:57:32:9B:F5:BD:C9:0B:31:C3:86:F8:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PCJkO6ag6u9XMpv1vckLMcOG-Kc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/7aed99-a47d-4ec7-b4c5-fa1486ea798c/1/1-AcyZzR_rYiM2ehdDTTg0kr4UTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/7aed99-a47d-4ec7-b4c5-fa1486ea798c/1/PCJkO6ag6u9XMpv1vckLMcOG-Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         63:1c:39:9d:a2:b7:d2:f5:54:2a:01:0d:77:80:97:17:ff:7d:
         54:d5:ab:e8:5f:cb:c6:d5:dd:a1:08:e8:ee:fb:99:c7:de:ab:
         35:c7:64:29:12:a9:41:a7:c5:ec:98:f4:49:b0:b1:79:e0:10:
         e3:b5:9a:a9:0b:88:0f:59:52:96:b1:54:5a:43:53:f4:71:de:
         6e:68:2d:77:35:33:53:76:ad:2e:ff:6d:37:7a:8a:2c:5b:17:
         f6:8b:67:9c:4f:5b:e3:4b:b0:a9:6f:e0:34:d1:af:9c:44:6a:
         dc:a8:83:6d:ab:0a:b2:9d:cf:96:c0:1f:58:c1:81:e1:20:ed:
         b5:93:19:2b:e4:a1:e0:f9:d3:11:bf:c1:62:a1:b2:93:03:d3:
         82:71:5b:2c:63:5f:12:27:c8:e6:46:6c:d0:8e:33:ec:fc:46:
         7f:b6:d3:06:a6:6b:e5:0b:01:b2:59:94:5a:7f:10:a1:1a:de:
         7a:c7:e2:03:12:3e:2e:a2:2b:4f:5c:26:66:60:ed:b2:f5:36:
         b8:fc:93:2d:61:a0:32:e0:cc:e0:85:83:0b:cb:68:ba:93:60:
         64:15:e6:fe:a6:12:3c:9f:5b:a8:1c:30:6a:65:c4:ac:97:64:
         44:d9:54:76:c1:3b:13:92:96:f1:87:e6:72:ae:40:67:ba:39:
         d6:90:18:a2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZit5e9/53F8dSEHmQhFrey9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMjI2NDNiYTZhMGVhZWY1NzMyOWJmNWJkYzkwYjMxYzM4
NmY4YTcwHhcNMjUwODE1MTMyMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODA3MzI2NzM0N2ZhZDg4OGNkOWU4NWQwZDM0ZTBkMjRhZjg1MTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+tWGhSTLjFQr5KTGNlmJf88jHAS
hLz6aYoIuF98k7voDrdZ40FcvErd8J8oCneE30R2vHVe+23VYP1FClLOAxJAcba7
9F0nqGPOXX5SX3lXa2hOXP3MD6GZFDUf5bCSlUuewP8rJgmyk1MWs8Dkt/XVVZhX
v7RH3emvl3ozkRwozm0IWzkJhMrjGrFuHS+IFvsDYMzq4M3P+stx+u6MDfId3COa
hwjs4VYGhf8ffZl29Criq8UpcvK5BBmFCbrb3YWrWqwGbN/8wMcAL6ZwH6v2eOzu
MnTUrFKtOjif5kn8MlfY0aH8z8bqRMrWw3YC+8G4NveecAA+Hs3ueUkQIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgHMmc0f62IjNnoXQ004NJK+FE8MB8GA1UdIwQY
MBaAFDwiZDumoOrvVzKb9b3JCzHDhvinMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUENKa082YWc2dTlYTXB2MXZja0xNY09HLUtjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny83YWVkOTktYTQ3ZC00ZWM3LWI0YzUt
ZmExNDg2ZWE3OThjLzEvMS1BY3laelJfcllpTTJlaGREVFRnMGtyNFVUdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTcvN2FlZDk5LWE0N2QtNGVjNy1iNGM1LWZhMTQ4NmVhNzk4
Yy8xL1BDSmtPNmFnNnU5WE1wdjF2Y2tMTWNPRy1LYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBNRmkDAN
BgkqhkiG9w0BAQsFAAOCAQEAYxw5naK30vVUKgENd4CXF/99VNWr6F/LxtXdoQjo
7vuZx96rNcdkKRKpQafF7Jj0SbCxeeAQ47WaqQuID1lSlrFUWkNT9HHebmgtdzUz
U3atLv9tN3qKLFsX9otnnE9b40uwqW/gNNGvnERq3KiDbasKsp3PlsAfWMGB4SDt
tZMZK+Sh4PnTEb/BYqGykwPTgnFbLGNfEifI5kZs0I4z7PxGf7bTBqZr5QsBslmU
Wn8QoRreesfiAxI+LqIrT1wmZmDtsvU2uPyTLWGgMuDM4IWDC8toupNgZBXm/qYS
PJ9bqBwwamXErJdkRNlUdsE7E5KW8Yfmcq5AZ7o51pAYog==
-----END CERTIFICATE-----