Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/CC4ooXEu9TSgGvR1Wn5SviDLB0U.roa
File:                     CC4ooXEu9TSgGvR1Wn5SviDLB0U.roa (raw, json)
Hash identifier:          X9AZaYT0r4ykIhrAJ7fqxpeaRx6PRCmHb0mm9XrWzR8=
Subject key identifier:   08:2E:28:A1:71:2E:F5:34:A0:1A:F4:75:5A:7E:52:BE:20:CB:07:45
Certificate issuer:       /CN=4a0973c1f443ec4a8387aad7aca75d07b6faa9da
Certificate serial:       0198A95DF7614EAA01B1666C167E8DF79A6C
Authority key identifier: 4A:09:73:C1:F4:43:EC:4A:83:87:AA:D7:AC:A7:5D:07:B6:FA:A9:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SglzwfRD7EqDh6rXrKddB7b6qdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/CC4ooXEu9TSgGvR1Wn5SviDLB0U.roa
Signing time:             Thu 14 Aug 2025 16:16:04 +0000
ROA not before:           Thu 14 Aug 2025 16:16:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204457
IP address blocks:        87.121.22.0/24 maxlen: 24
                          185.248.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/SglzwfRD7EqDh6rXrKddB7b6qdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/SglzwfRD7EqDh6rXrKddB7b6qdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SglzwfRD7EqDh6rXrKddB7b6qdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a9:5d:f7:61:4e:aa:01:b1:66:6c:16:7e:8d:f7:9a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a0973c1f443ec4a8387aad7aca75d07b6faa9da
        Validity
            Not Before: Aug 14 16:16:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=082e28a1712ef534a01af4755a7e52be20cb0745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:46:79:96:fb:24:c2:f9:e1:c8:dd:9d:78:73:
                    60:5c:fd:d8:f4:95:0b:82:24:ad:5a:a9:26:73:91:
                    80:b4:09:57:de:8d:ee:a3:f9:77:39:ca:ee:9f:f5:
                    5b:2e:07:e2:e2:85:85:ff:0a:35:56:b7:2a:d7:c0:
                    1d:92:60:8d:98:4d:03:ea:1e:29:d5:c6:78:b8:5f:
                    16:e4:83:db:e2:b7:ef:4b:32:78:83:3d:4a:20:5e:
                    15:b2:f3:fa:30:52:0e:de:a4:c2:5f:70:c7:bd:4b:
                    99:26:11:d3:eb:f1:5a:c5:a8:40:ea:03:d3:8f:94:
                    21:e9:5b:05:e1:04:42:d2:15:6d:2f:a1:d3:3d:04:
                    2a:fc:fa:9f:10:9d:1e:5e:62:46:db:7b:7e:e6:bb:
                    40:ee:87:74:05:18:67:85:a7:3f:91:33:e1:ab:54:
                    7d:23:fe:d0:68:9b:0e:f1:e2:59:86:2b:27:a2:03:
                    97:ee:96:da:d0:0d:7a:dd:da:bc:02:ff:33:f0:8c:
                    aa:97:46:12:94:fe:5a:71:7a:1b:de:40:ec:f1:07:
                    dc:27:ef:c5:08:3b:ba:e8:64:56:20:62:44:9a:13:
                    fd:ea:32:02:ec:c4:bc:c4:d9:2a:3c:86:38:1b:3d:
                    1d:d2:04:61:fd:a6:25:c2:f2:c4:7b:75:aa:3c:40:
                    e8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:2E:28:A1:71:2E:F5:34:A0:1A:F4:75:5A:7E:52:BE:20:CB:07:45
            X509v3 Authority Key Identifier:
                keyid:4A:09:73:C1:F4:43:EC:4A:83:87:AA:D7:AC:A7:5D:07:B6:FA:A9:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SglzwfRD7EqDh6rXrKddB7b6qdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/CC4ooXEu9TSgGvR1Wn5SviDLB0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/SglzwfRD7EqDh6rXrKddB7b6qdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.22.0/24
                  185.248.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:a0:15:5b:ac:f8:51:e9:55:4a:97:6c:20:58:ec:8f:78:ee:
         5a:ce:bf:35:21:f4:df:44:56:a5:65:4c:fe:35:84:4c:4f:df:
         d1:1e:d7:40:fd:bc:fc:6e:e4:d9:0f:8f:76:89:ad:63:a9:42:
         29:96:68:2a:4f:6a:3c:a7:68:ee:19:a9:81:ef:08:64:e5:fc:
         16:2a:21:21:de:f3:63:fb:7c:46:b6:e0:41:a1:9c:f7:99:39:
         62:9e:e4:42:5f:31:cc:11:43:d7:6a:c7:6a:0a:f7:93:97:0f:
         20:b3:32:d1:2d:21:22:ee:1e:15:5f:2c:f1:7a:44:15:7d:7b:
         3d:e1:65:eb:4c:3d:ea:52:e6:7e:e3:b0:b4:bb:6c:c1:7a:95:
         24:db:e1:88:e5:75:d4:82:f1:06:b9:16:d3:55:db:8f:d0:45:
         0f:e2:cd:28:4d:bf:9c:60:7c:f1:6a:47:54:b3:00:6e:67:13:
         43:c8:8c:05:5a:53:f8:2e:5e:69:f3:98:61:4e:74:9a:d0:b1:
         a9:5e:34:83:a9:4c:61:fb:39:92:cb:4a:75:d0:88:d6:92:68:
         3c:36:ff:32:6d:5f:9c:77:d9:d7:12:59:84:be:78:53:3b:30:
         9d:a6:a1:06:fc:47:d7:71:ad:93:3d:fa:41:20:c4:f6:c7:e7:
         84:f9:d5:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZipXfdhTqoBsWZsFn6N95psMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhMDk3M2MxZjQ0M2VjNGE4Mzg3YWFkN2FjYTc1ZDA3YjZm
YWE5ZGEwHhcNMjUwODE0MTYxNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODJlMjhhMTcxMmVmNTM0YTAxYWY0NzU1YTdlNTJiZTIwY2IwNzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0Z5lvskwvnhyN2deHNgXP3Y9JUL
giStWqkmc5GAtAlX3o3uo/l3Ocrun/VbLgfi4oWF/wo1Vrcq18AdkmCNmE0D6h4p
1cZ4uF8W5IPb4rfvSzJ4gz1KIF4VsvP6MFIO3qTCX3DHvUuZJhHT6/FaxahA6gPT
j5Qh6VsF4QRC0hVtL6HTPQQq/PqfEJ0eXmJG23t+5rtA7od0BRhnhac/kTPhq1R9
I/7QaJsO8eJZhisnogOX7pba0A163dq8Av8z8Iyql0YSlP5acXob3kDs8QfcJ+/F
CDu66GRWIGJEmhP96jIC7MS8xNkqPIY4Gz0d0gRh/aYlwvLEe3WqPEDoLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAguKKFxLvU0oBr0dVp+Ur4gywdFMB8GA1UdIwQY
MBaAFEoJc8H0Q+xKg4eq16ynXQe2+qnaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2dsendmUkQ3RXFEaDZyWHJLZGRCN2I2cWRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xOGUwZjUtNGUxNC00MzFhLWI3OTMt
MTIxNzcyOWFmMWM4LzEvQ0M0b29YRXU5VFNnR3ZSMVduNVN2aURMQjBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xOGUwZjUtNGUxNC00MzFhLWI3OTMtMTIxNzcyOWFmMWM4
LzEvU2dsendmUkQ3RXFEaDZyWHJLZGRCN2I2cWRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3kWAwQC
ufgMMA0GCSqGSIb3DQEBCwUAA4IBAQABoBVbrPhR6VVKl2wgWOyPeO5azr81IfTf
RFalZUz+NYRMT9/RHtdA/bz8buTZD492ia1jqUIplmgqT2o8p2juGamB7whk5fwW
KiEh3vNj+3xGtuBBoZz3mTlinuRCXzHMEUPXasdqCveTlw8gszLRLSEi7h4VXyzx
ekQVfXs94WXrTD3qUuZ+47C0u2zBepUk2+GI5XXUgvEGuRbTVduP0EUP4s0oTb+c
YHzxakdUswBuZxNDyIwFWlP4Ll5p85hhTnSa0LGpXjSDqUxh+zmSy0p10IjWkmg8
Nv8ybV+cd9nXElmEvnhTOzCdpqEG/EfXca2TPfpBIMT2x+eE+dVS
-----END CERTIFICATE-----