Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/2f4a41-9f30-428e-acff-3363df0395c1/1/OILyzQ2UmvS21gSFd565SbxH7mA.roa
File:                     OILyzQ2UmvS21gSFd565SbxH7mA.roa (raw, json)
Hash identifier:          9fyLmCcJiT605kvUMhZI3DGLYcwb/Ju1g++2lmYXkfY=
Subject key identifier:   38:82:F2:CD:0D:94:9A:F4:B6:D6:04:85:77:9E:B9:49:BC:47:EE:60
Certificate issuer:       /CN=7e137aa7a3c6494434cf4f40a8b48ecfc020c9ef
Certificate serial:       01987AAFF69D1B26429292E4EA810AB17FF7
Authority key identifier: 7E:13:7A:A7:A3:C6:49:44:34:CF:4F:40:A8:B4:8E:CF:C0:20:C9:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fhN6p6PGSUQ0z09AqLSOz8Agye8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/2f4a41-9f30-428e-acff-3363df0395c1/1/OILyzQ2UmvS21gSFd565SbxH7mA.roa
Signing time:             Tue 05 Aug 2025 14:43:28 +0000
ROA not before:           Tue 05 Aug 2025 14:43:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20918
IP address blocks:        80.68.160.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/2f4a41-9f30-428e-acff-3363df0395c1/1/fhN6p6PGSUQ0z09AqLSOz8Agye8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/2f4a41-9f30-428e-acff-3363df0395c1/1/fhN6p6PGSUQ0z09AqLSOz8Agye8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fhN6p6PGSUQ0z09AqLSOz8Agye8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7a:af:f6:9d:1b:26:42:92:92:e4:ea:81:0a:b1:7f:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e137aa7a3c6494434cf4f40a8b48ecfc020c9ef
        Validity
            Not Before: Aug  5 14:43:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3882f2cd0d949af4b6d60485779eb949bc47ee60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a5:db:7b:c1:63:ce:3b:2a:25:0a:ef:19:68:
                    0e:38:76:f5:15:80:d2:66:70:d9:0e:4b:d7:53:d6:
                    63:04:ba:87:11:aa:47:88:59:c4:0d:b3:ad:8a:01:
                    c1:af:50:12:08:ce:56:36:a5:71:63:40:a8:f6:49:
                    23:39:30:0f:a7:3f:a6:e4:0d:1b:bd:13:8c:01:6f:
                    b5:db:97:6d:ca:1a:41:01:d8:07:03:a4:c8:b0:36:
                    68:ba:5a:06:13:d6:b1:99:71:0c:b9:cc:6e:80:61:
                    2d:c1:20:30:a5:26:f7:30:81:b2:73:e2:0c:12:82:
                    79:56:e9:3e:72:cd:23:29:90:cd:b6:a4:50:20:b0:
                    ec:40:7d:db:b3:f3:5c:e2:0f:94:92:1e:33:d7:6d:
                    46:6a:47:09:8e:ab:08:27:2e:42:15:63:45:ed:0f:
                    ad:22:aa:56:7f:79:eb:5d:1c:5a:3c:60:68:8b:83:
                    d3:02:6b:8c:17:3b:8d:bd:c6:98:77:df:fc:b5:c9:
                    38:5b:76:e5:45:7d:8a:dc:42:b1:d8:2d:9e:95:49:
                    0d:0d:49:de:d8:c8:e0:c9:e0:7a:d7:c9:58:71:91:
                    ff:d5:f9:d4:2b:c8:b0:53:d3:8b:22:a4:5e:08:9e:
                    97:80:31:59:0d:f9:46:8a:9f:2f:7a:66:c2:43:f9:
                    b3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:82:F2:CD:0D:94:9A:F4:B6:D6:04:85:77:9E:B9:49:BC:47:EE:60
            X509v3 Authority Key Identifier:
                keyid:7E:13:7A:A7:A3:C6:49:44:34:CF:4F:40:A8:B4:8E:CF:C0:20:C9:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fhN6p6PGSUQ0z09AqLSOz8Agye8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/2f4a41-9f30-428e-acff-3363df0395c1/1/OILyzQ2UmvS21gSFd565SbxH7mA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/2f4a41-9f30-428e-acff-3363df0395c1/1/fhN6p6PGSUQ0z09AqLSOz8Agye8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.68.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         12:b1:6d:54:e4:ae:c4:2b:54:ca:a3:53:d9:45:8f:91:b6:50:
         34:fd:48:4a:2d:a0:72:1b:24:8f:b5:b4:d0:88:9a:6a:fc:5b:
         44:07:e9:16:3d:6d:e3:b7:16:20:a1:13:e3:7e:1e:26:3d:8d:
         1f:98:18:ff:a4:b8:da:7a:e9:07:b8:5f:3a:07:60:53:43:cd:
         96:d4:a1:08:a0:26:ef:e3:62:cd:ca:f7:8c:56:a5:dd:24:e9:
         0a:d7:86:d8:ca:b4:8e:3f:ff:d0:c6:6f:73:8e:62:0a:95:f6:
         a0:6d:51:9f:ea:46:be:dc:d3:11:45:a8:cc:e2:11:76:4a:90:
         ce:f0:3b:91:41:bf:40:46:6c:ca:e4:7e:bd:b5:be:58:03:3e:
         4d:17:7c:ba:7b:9a:26:83:4c:dd:7e:e5:5a:c3:85:b3:d4:3e:
         e0:95:8c:22:ee:68:31:e1:df:68:0b:00:d7:e5:a7:8b:02:e1:
         eb:70:a1:39:ac:0b:6d:d0:a9:77:52:d6:bd:5d:62:8a:1b:15:
         f5:42:b7:4e:1c:17:02:84:90:d3:54:a4:eb:a1:7f:d9:a5:93:
         ac:d2:87:17:b4:6b:d8:bf:68:80:e3:61:9a:81:30:d1:12:74:
         76:6a:44:91:bc:11:61:b1:b8:e3:1d:2b:52:54:95:7d:49:6c:
         fe:c6:f4:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh6r/adGyZCkpLk6oEKsX/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMTM3YWE3YTNjNjQ5NDQzNGNmNGY0MGE4YjQ4ZWNmYzAy
MGM5ZWYwHhcNMjUwODA1MTQ0MzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODgyZjJjZDBkOTQ5YWY0YjZkNjA0ODU3NzllYjk0OWJjNDdlZTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqXbe8FjzjsqJQrvGWgOOHb1FYDS
ZnDZDkvXU9ZjBLqHEapHiFnEDbOtigHBr1ASCM5WNqVxY0Co9kkjOTAPpz+m5A0b
vROMAW+125dtyhpBAdgHA6TIsDZouloGE9axmXEMucxugGEtwSAwpSb3MIGyc+IM
EoJ5Vuk+cs0jKZDNtqRQILDsQH3bs/Nc4g+Ukh4z121GakcJjqsIJy5CFWNF7Q+t
IqpWf3nrXRxaPGBoi4PTAmuMFzuNvcaYd9/8tck4W3blRX2K3EKx2C2elUkNDUne
2MjgyeB618lYcZH/1fnUK8iwU9OLIqReCJ6XgDFZDflGip8vembCQ/mzCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDiC8s0NlJr0ttYEhXeeuUm8R+5gMB8GA1UdIwQY
MBaAFH4TeqejxklENM9PQKi0js/AIMnvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmhONnA2UEdTVVEwejA5QXFMU096OEFneWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8yZjRhNDEtOWYzMC00MjhlLWFjZmYt
MzM2M2RmMDM5NWMxLzEvT0lMeXpRMlVtdlMyMWdTRmQ1NjVTYnhIN21BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8yZjRhNDEtOWYzMC00MjhlLWFjZmYtMzM2M2RmMDM5NWMx
LzEvZmhONnA2UEdTVVEwejA5QXFMU096OEFneWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUESgMA0G
CSqGSIb3DQEBCwUAA4IBAQASsW1U5K7EK1TKo1PZRY+RtlA0/UhKLaByGySPtbTQ
iJpq/FtEB+kWPW3jtxYgoRPjfh4mPY0fmBj/pLjaeukHuF86B2BTQ82W1KEIoCbv
42LNyveMVqXdJOkK14bYyrSOP//Qxm9zjmIKlfagbVGf6ka+3NMRRajM4hF2SpDO
8DuRQb9ARmzK5H69tb5YAz5NF3y6e5omg0zdfuVaw4Wz1D7glYwi7mgx4d9oCwDX
5aeLAuHrcKE5rAtt0Kl3Uta9XWKKGxX1QrdOHBcChJDTVKTroX/ZpZOs0ocXtGvY
v2iA42GagTDREnR2akSRvBFhsbjjHStSVJV9SWz+xvTR
-----END CERTIFICATE-----