Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/3925e9-65ea-462e-ae28-d2c29dc042e7/1/H_2gNWDkQMk7xYa4CXE3bEG8_PQ.roa
File:                     H_2gNWDkQMk7xYa4CXE3bEG8_PQ.roa (raw, json)
Hash identifier:          966jsInoUQGV3YL0kBV6Ow41AMogxPqqfWLLamybyOw=
Subject key identifier:   1F:FD:A0:35:60:E4:40:C9:3B:C5:86:B8:09:71:37:6C:41:BC:FC:F4
Certificate issuer:       /CN=7df0897eab3eed6e24eddd676e8bf9377fb4480c
Certificate serial:       019788256CD24161B5355E79B92B59924D96
Authority key identifier: 7D:F0:89:7E:AB:3E:ED:6E:24:ED:DD:67:6E:8B:F9:37:7F:B4:48:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffCJfqs-7W4k7d1nbov5N3-0SAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/3925e9-65ea-462e-ae28-d2c29dc042e7/1/H_2gNWDkQMk7xYa4CXE3bEG8_PQ.roa
Signing time:             Thu 19 Jun 2025 12:24:03 +0000
ROA not before:           Thu 19 Jun 2025 12:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35313
IP address blocks:        188.137.168.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/3925e9-65ea-462e-ae28-d2c29dc042e7/1/ffCJfqs-7W4k7d1nbov5N3-0SAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/3925e9-65ea-462e-ae28-d2c29dc042e7/1/ffCJfqs-7W4k7d1nbov5N3-0SAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffCJfqs-7W4k7d1nbov5N3-0SAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:25:6c:d2:41:61:b5:35:5e:79:b9:2b:59:92:4d:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df0897eab3eed6e24eddd676e8bf9377fb4480c
        Validity
            Not Before: Jun 19 12:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ffda03560e440c93bc586b80971376c41bcfcf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c7:7b:20:36:3d:22:a7:6e:d3:69:24:f0:f9:
                    46:7c:74:ad:d2:22:05:26:56:dd:f2:4f:91:ab:bd:
                    f6:a6:05:3e:91:04:26:cc:88:a0:9e:02:b8:0a:dc:
                    1b:2f:b2:b4:d1:11:0d:2d:76:f3:21:0e:75:96:f7:
                    b9:18:45:1b:32:5b:c5:f3:48:bf:0f:b8:2e:89:03:
                    fe:ed:33:ad:2b:da:e9:66:9b:bc:c4:96:53:b2:18:
                    50:2f:39:17:21:be:7c:89:14:46:e0:46:fa:6a:46:
                    ba:57:ce:aa:f1:86:85:59:ef:ee:2c:f7:a5:ca:ee:
                    09:1f:91:bd:b5:21:2c:ad:7f:45:d1:e9:65:14:ca:
                    3f:54:f2:08:87:dd:f0:f0:b5:29:5f:2c:54:db:2c:
                    d7:47:a9:a7:de:e2:0d:ca:4c:77:22:00:d8:fc:9b:
                    fa:55:6d:60:98:27:12:62:c8:18:1a:d2:e5:e7:d2:
                    7e:5b:df:d1:7a:5f:6c:6e:a6:64:cf:9b:85:7d:3b:
                    d1:09:e0:40:19:7a:c0:5a:07:2d:a0:2d:ec:87:2a:
                    cb:9c:6a:57:c2:0c:61:9f:53:08:00:66:3f:c9:13:
                    e2:7c:b2:33:00:2e:60:d4:50:1c:ea:72:3a:11:05:
                    96:60:c3:c2:d9:19:cf:21:a8:26:87:f6:58:a8:3d:
                    36:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:FD:A0:35:60:E4:40:C9:3B:C5:86:B8:09:71:37:6C:41:BC:FC:F4
            X509v3 Authority Key Identifier:
                keyid:7D:F0:89:7E:AB:3E:ED:6E:24:ED:DD:67:6E:8B:F9:37:7F:B4:48:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffCJfqs-7W4k7d1nbov5N3-0SAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/3925e9-65ea-462e-ae28-d2c29dc042e7/1/H_2gNWDkQMk7xYa4CXE3bEG8_PQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/3925e9-65ea-462e-ae28-d2c29dc042e7/1/ffCJfqs-7W4k7d1nbov5N3-0SAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.137.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1c:47:74:35:31:c9:8e:41:e9:45:04:fb:88:1b:a6:47:21:7c:
         69:47:02:f1:81:5d:d2:76:fb:aa:89:3d:ee:b1:0e:58:43:ac:
         a7:35:57:2b:de:a5:84:60:c1:d5:0b:c2:76:e1:81:a6:e0:4c:
         ca:00:03:77:42:89:1c:ca:89:e7:aa:4a:00:45:16:ec:0d:a8:
         73:88:50:fe:ed:f4:f9:c7:b2:f8:b7:a0:4d:4f:41:d8:b9:ee:
         da:df:00:81:a3:bf:ec:7b:5b:ef:cf:54:77:22:16:3e:e8:67:
         1a:18:3d:93:7b:84:7a:42:57:a4:c0:a9:55:38:2b:f4:6e:41:
         c2:09:24:6e:65:1b:fa:01:13:68:2e:fb:24:e6:51:61:25:18:
         3d:77:6f:d2:62:7b:43:b7:7c:44:dc:25:c2:0e:33:8f:c2:9e:
         9e:21:2f:6b:a2:8e:38:22:0a:c0:ee:92:00:92:19:25:e9:81:
         95:8d:63:53:68:d1:ad:18:c8:6f:76:fa:30:b2:42:a9:06:56:
         24:91:31:e2:e3:ac:2b:fe:55:08:2a:2e:03:2a:ec:45:23:1d:
         29:65:2a:f5:58:79:1b:66:e0:97:7e:95:b4:d0:53:14:d6:d3:
         10:f9:a2:25:5b:a0:88:b5:32:f0:62:b1:6a:d1:fb:47:18:cb:
         c7:0c:c1:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeIJWzSQWG1NV55uStZkk2WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjA4OTdlYWIzZWVkNmUyNGVkZGQ2NzZlOGJmOTM3N2Zi
NDQ4MGMwHhcNMjUwNjE5MTIyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmZkYTAzNTYwZTQ0MGM5M2JjNTg2YjgwOTcxMzc2YzQxYmNmY2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8d7IDY9Iqdu02kk8PlGfHSt0iIF
Jlbd8k+Rq732pgU+kQQmzIigngK4CtwbL7K00RENLXbzIQ51lve5GEUbMlvF80i/
D7guiQP+7TOtK9rpZpu8xJZTshhQLzkXIb58iRRG4Eb6aka6V86q8YaFWe/uLPel
yu4JH5G9tSEsrX9F0ellFMo/VPIIh93w8LUpXyxU2yzXR6mn3uINykx3IgDY/Jv6
VW1gmCcSYsgYGtLl59J+W9/Rel9sbqZkz5uFfTvRCeBAGXrAWgctoC3shyrLnGpX
wgxhn1MIAGY/yRPifLIzAC5g1FAc6nI6EQWWYMPC2RnPIagmh/ZYqD02hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/9oDVg5EDJO8WGuAlxN2xBvPz0MB8GA1UdIwQY
MBaAFH3wiX6rPu1uJO3dZ26L+Td/tEgMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZDSmZxcy03VzRrN2QxbmJvdjVOMy0wU0F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8zOTI1ZTktNjVlYS00NjJlLWFlMjgt
ZDJjMjlkYzA0MmU3LzEvSF8yZ05XRGtRTWs3eFlhNENYRTNiRUc4X1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8zOTI1ZTktNjVlYS00NjJlLWFlMjgtZDJjMjlkYzA0MmU3
LzEvZmZDSmZxcy03VzRrN2QxbmJvdjVOMy0wU0F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvImoMA0G
CSqGSIb3DQEBCwUAA4IBAQAcR3Q1McmOQelFBPuIG6ZHIXxpRwLxgV3SdvuqiT3u
sQ5YQ6ynNVcr3qWEYMHVC8J24YGm4EzKAAN3QokcyonnqkoARRbsDahziFD+7fT5
x7L4t6BNT0HYue7a3wCBo7/se1vvz1R3IhY+6GcaGD2Te4R6QlekwKlVOCv0bkHC
CSRuZRv6ARNoLvsk5lFhJRg9d2/SYntDt3xE3CXCDjOPwp6eIS9roo44IgrA7pIA
khkl6YGVjWNTaNGtGMhvdvowskKpBlYkkTHi46wr/lUIKi4DKuxFIx0pZSr1WHkb
ZuCXfpW00FMU1tMQ+aIlW6CItTLwYrFq0ftHGMvHDMHC
-----END CERTIFICATE-----