Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/s5S6Z4KhX2bMq7s9QCZ0uL9ZgRU.roa
File:                     s5S6Z4KhX2bMq7s9QCZ0uL9ZgRU.roa (raw, json)
Hash identifier:          Ouq/hQgVGzXD9ZqN7c/vO+smJiQGT4HTwFKwXxYM1/I=
Subject key identifier:   B3:94:BA:67:82:A1:5F:66:CC:AB:BB:3D:40:26:74:B8:BF:59:81:15
Certificate issuer:       /CN=e8b3eed1c7aca636d6245852b802e0e73754df63
Certificate serial:       019781E8F6E844B2B6632F56C16E81C2E3A5
Authority key identifier: E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/s5S6Z4KhX2bMq7s9QCZ0uL9ZgRU.roa
Signing time:             Wed 18 Jun 2025 07:20:17 +0000
ROA not before:           Wed 18 Jun 2025 07:20:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401776
IP address blocks:        185.11.142.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:81:e8:f6:e8:44:b2:b6:63:2f:56:c1:6e:81:c2:e3:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b3eed1c7aca636d6245852b802e0e73754df63
        Validity
            Not Before: Jun 18 07:20:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b394ba6782a15f66ccabbb3d402674b8bf598115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f2:f2:17:04:05:1d:ac:a4:c6:62:e6:4d:1d:
                    59:21:43:8b:c0:74:ba:a6:b8:cc:92:27:96:c1:bb:
                    f6:77:d4:46:e2:28:02:10:54:47:f8:4d:50:af:f8:
                    c5:c7:52:fc:d0:10:78:5c:41:d8:d8:56:df:7f:45:
                    5a:a0:a7:fe:12:bd:34:a6:d2:56:7e:fb:df:b6:03:
                    19:0e:bc:2e:a3:17:d7:1a:3b:60:8f:98:ab:a9:b5:
                    58:f5:0c:39:12:99:70:58:7b:83:11:2f:76:dd:cc:
                    fb:be:3a:4b:60:b9:3d:d6:af:dd:93:29:a6:2c:8e:
                    59:ba:83:34:e3:5a:11:ff:75:58:46:e1:6a:0e:dd:
                    20:a3:13:eb:0e:b7:ea:86:3d:c8:15:eb:76:da:5c:
                    f1:f7:9c:bb:72:ac:45:cd:ce:df:a6:2f:33:40:18:
                    f9:47:32:1b:88:52:e2:52:06:fc:bd:d9:38:ce:63:
                    19:01:0c:e1:2b:d3:29:57:d6:96:ba:03:e3:46:26:
                    39:e7:71:9c:8f:e0:e2:4c:e9:8a:89:5a:7e:ef:47:
                    b3:b7:93:e1:98:a7:be:b8:46:42:5f:70:bc:e1:ad:
                    35:c1:61:6e:35:01:e5:54:d7:b5:d0:7f:85:84:28:
                    78:92:b0:d6:c8:e7:be:5f:31:63:17:c0:e0:f2:7b:
                    c6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:94:BA:67:82:A1:5F:66:CC:AB:BB:3D:40:26:74:B8:BF:59:81:15
            X509v3 Authority Key Identifier:
                keyid:E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/s5S6Z4KhX2bMq7s9QCZ0uL9ZgRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:05:c6:bd:9f:de:d6:de:a0:81:9b:73:0d:45:dc:e1:58:88:
         3e:91:19:ff:68:bb:d0:2e:27:ca:48:62:60:7f:4a:92:ca:64:
         17:06:6d:83:1e:dc:27:5d:7b:21:14:62:80:16:c7:d4:f4:35:
         ac:e2:65:bb:89:a7:5c:a2:d1:14:8d:dd:3f:5a:d8:30:a0:22:
         d2:4e:e4:df:6f:bb:ad:8b:22:8e:07:27:6b:82:52:3d:d8:e2:
         47:38:8a:7e:35:c0:4b:0d:77:e4:93:44:f8:5e:00:75:d4:8e:
         55:75:bb:9e:ad:a9:f0:f3:14:c6:0c:52:13:55:bf:50:7a:d5:
         bf:74:b9:44:10:1e:1f:72:ef:f9:21:7d:f7:5d:28:8b:e2:9b:
         0e:24:5e:75:4a:6a:eb:69:90:22:62:0d:14:44:aa:ab:4c:df:
         2e:8f:5c:14:62:e7:17:d5:12:28:ff:8c:e8:22:63:d4:3b:ea:
         58:c4:a9:dc:3b:f3:5f:4c:35:89:74:3c:f2:67:24:99:83:92:
         a1:04:d5:b4:39:5b:e7:41:2c:42:87:a5:d5:bc:aa:90:aa:cc:
         4c:a5:0b:a7:62:7a:6e:a2:9e:45:53:68:b5:0e:4b:85:f6:fb:
         57:33:ec:e8:94:eb:e2:21:de:2f:cc:bb:2f:87:d5:a4:5b:f7:
         bc:4e:e6:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeB6PboRLK2Yy9WwW6BwuOlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjNlZWQxYzdhY2E2MzZkNjI0NTg1MmI4MDJlMGU3Mzc1
NGRmNjMwHhcNMjUwNjE4MDcyMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzk0YmE2NzgyYTE1ZjY2Y2NhYmJiM2Q0MDI2NzRiOGJmNTk4MTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1PLyFwQFHaykxmLmTR1ZIUOLwHS6
prjMkieWwbv2d9RG4igCEFRH+E1Qr/jFx1L80BB4XEHY2Fbff0VaoKf+Er00ptJW
fvvftgMZDrwuoxfXGjtgj5irqbVY9Qw5EplwWHuDES923cz7vjpLYLk91q/dkymm
LI5ZuoM041oR/3VYRuFqDt0goxPrDrfqhj3IFet22lzx95y7cqxFzc7fpi8zQBj5
RzIbiFLiUgb8vdk4zmMZAQzhK9MpV9aWugPjRiY553Gcj+DiTOmKiVp+70ezt5Ph
mKe+uEZCX3C84a01wWFuNQHlVNe10H+FhCh4krDWyOe+XzFjF8Dg8nvGBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOUumeCoV9mzKu7PUAmdLi/WYEVMB8GA1UdIwQY
MBaAFOiz7tHHrKY21iRYUrgC4Oc3VN9jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYt
OTQ2NDA0ZWMxYWE0LzEvczVTNlo0S2hYMmJNcTdzOVFDWjB1TDlaZ1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYtOTQ2NDA0ZWMxYWE0
LzEvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQuOMA0G
CSqGSIb3DQEBCwUAA4IBAQBIBca9n97W3qCBm3MNRdzhWIg+kRn/aLvQLifKSGJg
f0qSymQXBm2DHtwnXXshFGKAFsfU9DWs4mW7iadcotEUjd0/WtgwoCLSTuTfb7ut
iyKOBydrglI92OJHOIp+NcBLDXfkk0T4XgB11I5Vdbueranw8xTGDFITVb9QetW/
dLlEEB4fcu/5IX33XSiL4psOJF51SmrraZAiYg0URKqrTN8uj1wUYucX1RIo/4zo
ImPUO+pYxKncO/NfTDWJdDzyZySZg5KhBNW0OVvnQSxCh6XVvKqQqsxMpQunYnpu
op5FU2i1DkuF9vtXM+zolOviId4vzLsvh9WkW/e8TuYs
-----END CERTIFICATE-----