Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/8AgLpzaDL0h1dumVlt3QNUC0b8g.roa
File:                     8AgLpzaDL0h1dumVlt3QNUC0b8g.roa (raw, json)
Hash identifier:          dFMCTzeLz+/t3jrKpnjSyGNljO948X6d0ELCXJMhuAE=
Subject key identifier:   F0:08:0B:A7:36:83:2F:48:75:76:E9:95:96:DD:D0:35:40:B4:6F:C8
Certificate issuer:       /CN=1517d4f58af84f50ce42f13293ede4aff12d173f
Certificate serial:       019904C0EC4310866A6F662C633F7F83AA7A
Authority key identifier: 15:17:D4:F5:8A:F8:4F:50:CE:42:F1:32:93:ED:E4:AF:F1:2D:17:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/8AgLpzaDL0h1dumVlt3QNUC0b8g.roa
Signing time:             Mon 01 Sep 2025 10:09:36 +0000
ROA not before:           Mon 01 Sep 2025 10:09:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29447
IP address blocks:        37.160.0.0/14 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:04:c0:ec:43:10:86:6a:6f:66:2c:63:3f:7f:83:aa:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1517d4f58af84f50ce42f13293ede4aff12d173f
        Validity
            Not Before: Sep  1 10:09:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0080ba736832f487576e99596ddd03540b46fc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:80:42:07:9a:73:2e:9b:29:8d:ce:a4:01:4b:
                    3d:ff:28:7d:a5:a5:9f:d6:37:8e:6b:9e:3e:e8:be:
                    97:af:18:a7:bc:e0:33:48:14:25:5f:ae:95:d0:d1:
                    a1:5e:75:21:77:e3:00:ec:03:4c:b3:a0:76:60:20:
                    64:ba:71:ec:f2:c6:13:fd:85:c8:18:b5:46:ed:36:
                    2a:f1:77:93:0a:4e:f1:4d:50:d2:79:8c:d8:5b:40:
                    93:9a:be:85:d0:4a:36:b9:e7:99:e3:23:29:98:29:
                    ef:b2:00:1c:f9:52:f6:fc:66:6d:e7:46:43:d4:cb:
                    a8:02:6c:2b:ff:5c:b2:c7:1e:a8:df:9e:b0:2a:82:
                    4c:44:42:37:d6:66:44:03:14:56:ee:82:d8:68:ea:
                    0b:b5:a5:e8:24:1b:13:c2:b6:16:44:90:9e:42:2e:
                    b0:37:61:ad:aa:78:7e:20:76:f6:fd:ce:d6:bd:29:
                    16:f3:89:d9:73:71:3c:2b:d8:7f:24:bc:bb:56:eb:
                    9e:2d:eb:5e:4c:69:0c:6e:6a:ad:c5:0f:82:7f:f4:
                    f7:56:f2:3d:12:9c:68:81:98:79:e1:5f:38:66:b4:
                    4e:a8:fb:a0:e0:ba:93:df:e0:9e:6a:e4:28:fe:38:
                    f5:6b:70:dd:cf:be:d1:63:7d:ab:c2:aa:44:27:4f:
                    35:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:08:0B:A7:36:83:2F:48:75:76:E9:95:96:DD:D0:35:40:B4:6F:C8
            X509v3 Authority Key Identifier:
                keyid:15:17:D4:F5:8A:F8:4F:50:CE:42:F1:32:93:ED:E4:AF:F1:2D:17:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/8AgLpzaDL0h1dumVlt3QNUC0b8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.160.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         87:09:40:19:e1:e2:8f:ff:15:cc:bb:c4:80:f7:83:9e:fc:6b:
         ff:b6:a8:82:6c:72:d8:aa:99:85:8a:f3:cb:f0:67:1d:4a:63:
         b0:a8:21:a7:87:4d:fa:19:3f:84:73:16:a2:d6:cf:c1:21:e1:
         db:06:a8:3a:73:dd:83:7d:d8:dd:a6:27:8a:c2:e2:05:97:fb:
         a7:44:b3:87:aa:f3:3a:ff:63:f0:fa:c3:3d:29:c3:de:4b:30:
         c1:3f:65:38:d2:a4:eb:bc:1e:9c:ad:de:52:c1:b5:99:d9:eb:
         af:92:3a:5b:d9:df:44:d2:8e:0b:96:d9:ef:7e:2b:0d:39:44:
         34:c2:ec:c1:ba:29:ae:fc:3f:07:6b:d4:3e:cc:83:3c:d7:2e:
         23:78:c5:8b:61:fd:21:cd:a4:da:01:50:96:28:76:1d:5b:76:
         ee:59:4d:2e:8c:ea:5d:e1:13:e2:b9:62:24:0f:3a:dc:b6:7c:
         85:e0:b1:96:2a:02:d4:83:93:ae:13:b3:30:a1:2c:30:c2:8e:
         7a:2f:53:16:39:2a:52:53:8b:1b:54:34:fc:fb:bd:69:8b:e0:
         0b:5e:78:d8:bc:e2:ed:19:1e:da:0f:27:07:1a:12:80:21:05:
         6f:80:e1:e4:9a:ce:b6:97:8a:29:c9:55:fd:00:f7:d5:92:13:
         9e:2d:8f:f4
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZkEwOxDEIZqb2YsYz9/g6p6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MTdkNGY1OGFmODRmNTBjZTQyZjEzMjkzZWRlNGFmZjEy
ZDE3M2YwHhcNMjUwOTAxMTAwOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDA4MGJhNzM2ODMyZjQ4NzU3NmU5OTU5NmRkZDAzNTQwYjQ2ZmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoBCB5pzLpspjc6kAUs9/yh9paWf
1jeOa54+6L6XrxinvOAzSBQlX66V0NGhXnUhd+MA7ANMs6B2YCBkunHs8sYT/YXI
GLVG7TYq8XeTCk7xTVDSeYzYW0CTmr6F0Eo2ueeZ4yMpmCnvsgAc+VL2/GZt50ZD
1MuoAmwr/1yyxx6o356wKoJMREI31mZEAxRW7oLYaOoLtaXoJBsTwrYWRJCeQi6w
N2Gtqnh+IHb2/c7WvSkW84nZc3E8K9h/JLy7VuueLeteTGkMbmqtxQ+Cf/T3VvI9
EpxogZh54V84ZrROqPug4LqT3+CeauQo/jj1a3Ddz77RY32rwqpEJ081swIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPAIC6c2gy9IdXbplZbd0DVAtG/IMB8GA1UdIwQY
MBaAFBUX1PWK+E9QzkLxMpPt5K/xLRc/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlJmVTlZcjRUMURPUXZFeWstM2tyX0V0Rno4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9jNGY4MGMtN2I2OS00ZmVjLWFhNTQt
ZTVmOThkZGFmYzk4LzEvOEFnTHB6YURMMGgxZHVtVmx0M1FOVUMwYjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9jNGY4MGMtN2I2OS00ZmVjLWFhNTQtZTVmOThkZGFmYzk4
LzEvRlJmVTlZcjRUMURPUXZFeWstM2tyX0V0Rno4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMCJaAwDQYJ
KoZIhvcNAQELBQADggEBAIcJQBnh4o//Fcy7xID3g578a/+2qIJsctiqmYWK88vw
Zx1KY7CoIaeHTfoZP4RzFqLWz8Eh4dsGqDpz3YN92N2mJ4rC4gWX+6dEs4eq8zr/
Y/D6wz0pw95LMME/ZTjSpOu8Hpyt3lLBtZnZ66+SOlvZ30TSjguW2e9+Kw05RDTC
7MG6Ka78Pwdr1D7MgzzXLiN4xYth/SHNpNoBUJYodh1bdu5ZTS6M6l3hE+K5YiQP
Oty2fIXgsZYqAtSDk64TszChLDDCjnovUxY5KlJTixtUNPz7vWmL4AteeNi84u0Z
HtoPJwcaEoAhBW+A4eSazraXiinJVf0A99WSE54tj/Q=
-----END CERTIFICATE-----