Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/mZGs39b9ciGwA8d2iiTe0Kov-wI.roa
File:                     mZGs39b9ciGwA8d2iiTe0Kov-wI.roa (raw, json)
Hash identifier:          6vnl4xJg+sUvkS6W0LiwoR3NhSoFCrkUTjCER9n/BUw=
Subject key identifier:   99:91:AC:DF:D6:FD:72:21:B0:03:C7:76:8A:24:DE:D0:AA:2F:FB:02
Certificate issuer:       /CN=d48555f9a52727f6bcf715cb4750a2a4a6c35161
Certificate serial:       0198C10283BCB209FCDF0F682B459D42566A
Authority key identifier: D4:85:55:F9:A5:27:27:F6:BC:F7:15:CB:47:50:A2:A4:A6:C3:51:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/mZGs39b9ciGwA8d2iiTe0Kov-wI.roa
Signing time:             Tue 19 Aug 2025 06:27:04 +0000
ROA not before:           Tue 19 Aug 2025 06:27:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39855
IP address blocks:        185.21.104.0/23 maxlen: 24
                          185.21.106.0/24 maxlen: 24
                          185.21.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c1:02:83:bc:b2:09:fc:df:0f:68:2b:45:9d:42:56:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48555f9a52727f6bcf715cb4750a2a4a6c35161
        Validity
            Not Before: Aug 19 06:27:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9991acdfd6fd7221b003c7768a24ded0aa2ffb02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:da:ed:a4:58:52:e6:b9:80:11:37:92:54:a4:
                    f2:e9:0f:fe:54:70:a0:cf:ee:40:3d:c4:a8:83:e7:
                    de:39:bd:e0:be:7b:7d:0a:19:66:7f:07:e9:fa:7e:
                    23:30:03:09:86:dd:12:1f:58:cd:87:c9:e5:6b:5c:
                    c5:66:86:b0:f2:f3:71:d8:ad:ac:93:9a:7f:0b:12:
                    af:20:e6:d1:6c:9c:ea:44:6b:34:41:fc:ca:7f:d3:
                    97:50:cb:9b:98:be:8e:7a:11:d5:92:0e:f7:12:f9:
                    3b:1b:c1:5b:a3:12:c8:7d:50:95:e3:6e:c5:5c:49:
                    6a:dc:2c:d1:07:51:85:15:81:c9:e2:02:1e:9f:6c:
                    20:f0:6c:60:d8:c3:33:e1:c1:30:34:0f:bf:e3:2a:
                    da:ab:3e:23:93:3e:5b:21:0d:22:83:9b:2e:64:10:
                    eb:f0:83:10:4f:66:27:70:f2:ac:f2:94:6c:5a:27:
                    4d:6c:51:24:74:56:62:77:07:ec:c2:1d:87:79:36:
                    ad:1b:5a:9f:29:fb:e0:53:92:f3:b7:94:6d:77:ec:
                    0e:fe:3a:e6:a0:d5:e8:55:6d:46:55:fd:2b:e4:b4:
                    03:36:9a:30:47:f0:e1:74:ce:48:e3:91:ad:67:05:
                    8d:23:6f:24:d8:0f:e7:c3:8b:b5:50:42:8c:98:7b:
                    46:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:91:AC:DF:D6:FD:72:21:B0:03:C7:76:8A:24:DE:D0:AA:2F:FB:02
            X509v3 Authority Key Identifier:
                keyid:D4:85:55:F9:A5:27:27:F6:BC:F7:15:CB:47:50:A2:A4:A6:C3:51:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/mZGs39b9ciGwA8d2iiTe0Kov-wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:62:ab:04:cf:65:8b:e5:99:c8:91:34:4f:a7:c6:1a:38:45:
         16:01:90:64:e9:1b:df:09:a2:24:d0:32:cc:e3:ea:07:51:21:
         9f:af:8e:71:fd:39:93:07:40:81:e9:1d:c9:92:08:ee:e7:28:
         64:50:51:d4:21:84:a0:58:79:57:23:0d:5b:1a:8b:ba:72:14:
         be:88:09:c4:02:54:0c:78:7a:be:35:2d:30:a9:62:c8:54:dd:
         8f:0d:b6:7d:b6:2c:55:5f:0b:e1:30:44:bc:2d:bb:b9:80:72:
         33:78:62:ce:bf:8c:fe:07:0a:6b:ee:98:2c:22:4a:63:a5:56:
         72:70:02:49:1d:9e:1e:a9:18:1e:e1:5c:e2:6c:30:3c:92:da:
         12:0a:20:b8:15:9e:e1:78:db:02:89:f1:5d:04:db:54:72:1a:
         3d:d3:6c:30:ba:b1:e9:4f:bc:8b:f2:f3:b1:43:98:4f:20:9d:
         31:6f:92:58:d7:fd:c9:f1:67:86:e4:a7:29:da:a5:08:0c:a8:
         82:ec:9e:ac:c6:ed:37:4c:4c:3b:a1:fd:be:f9:1a:67:eb:59:
         96:8c:06:93:5c:3a:16:86:35:5a:6f:7c:ac:2c:f8:d4:0e:d6:
         55:a3:10:0c:fc:f2:7e:d1:2e:fa:88:1e:fb:41:9f:6b:6e:bb:
         4e:b3:c7:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjBAoO8sgn83w9oK0WdQlZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ODU1NWY5YTUyNzI3ZjZiY2Y3MTVjYjQ3NTBhMmE0YTZj
MzUxNjEwHhcNMjUwODE5MDYyNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTkxYWNkZmQ2ZmQ3MjIxYjAwM2M3NzY4YTI0ZGVkMGFhMmZmYjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2trtpFhS5rmAETeSVKTy6Q/+VHCg
z+5APcSog+feOb3gvnt9Chlmfwfp+n4jMAMJht0SH1jNh8nla1zFZoaw8vNx2K2s
k5p/CxKvIObRbJzqRGs0QfzKf9OXUMubmL6OehHVkg73Evk7G8FboxLIfVCV427F
XElq3CzRB1GFFYHJ4gIen2wg8Gxg2MMz4cEwNA+/4yraqz4jkz5bIQ0ig5suZBDr
8IMQT2YncPKs8pRsWidNbFEkdFZidwfswh2HeTatG1qfKfvgU5Lzt5Rtd+wO/jrm
oNXoVW1GVf0r5LQDNpowR/DhdM5I45GtZwWNI28k2A/nw4u1UEKMmHtGEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmRrN/W/XIhsAPHdook3tCqL/sCMB8GA1UdIwQY
MBaAFNSFVfmlJyf2vPcVy0dQoqSmw1FhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlWVi1hVW5KX2E4OXhYTFIxQ2lwS2JEVVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9lNDU1NzctNjViMS00ZDQzLTg1M2Et
MDJhYmY4NTcyZmNiLzEvbVpHczM5YjljaUd3QThkMmlpVGUwS292LXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9lNDU1NzctNjViMS00ZDQzLTg1M2EtMDJhYmY4NTcyZmNi
LzEvMUlWVi1hVW5KX2E4OXhYTFIxQ2lwS2JEVVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRVoMA0G
CSqGSIb3DQEBCwUAA4IBAQAOYqsEz2WL5ZnIkTRPp8YaOEUWAZBk6RvfCaIk0DLM
4+oHUSGfr45x/TmTB0CB6R3Jkgju5yhkUFHUIYSgWHlXIw1bGou6chS+iAnEAlQM
eHq+NS0wqWLIVN2PDbZ9tixVXwvhMES8Lbu5gHIzeGLOv4z+Bwpr7pgsIkpjpVZy
cAJJHZ4eqRge4VzibDA8ktoSCiC4FZ7heNsCifFdBNtUcho902wwurHpT7yL8vOx
Q5hPIJ0xb5JY1/3J8WeG5Kcp2qUIDKiC7J6sxu03TEw7of2++Rpn61mWjAaTXDoW
hjVab3ysLPjUDtZVoxAM/PJ+0S76iB77QZ9rbrtOs8c5
-----END CERTIFICATE-----