Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/cACLsETFkrWp2y3uSppllbzeN8M.roa
File:                     cACLsETFkrWp2y3uSppllbzeN8M.roa (raw, json)
Hash identifier:          69+xRQ628SJEg1B3Gvd/lIbJ0dPAum9FWWtmKpGIALk=
Subject key identifier:   70:00:8B:B0:44:C5:92:B5:A9:DB:2D:EE:4A:9A:65:95:BC:DE:37:C3
Certificate issuer:       /CN=abc113c7aea6b714a060e9f7c3e71569e603d395
Certificate serial:       0198A9988F0455B9BC51964652D999445FDB
Authority key identifier: AB:C1:13:C7:AE:A6:B7:14:A0:60:E9:F7:C3:E7:15:69:E6:03:D3:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8ETx66mtxSgYOn3w-cVaeYD05U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/cACLsETFkrWp2y3uSppllbzeN8M.roa
Signing time:             Thu 14 Aug 2025 17:20:04 +0000
ROA not before:           Thu 14 Aug 2025 17:20:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50413
IP address blocks:        195.78.106.0/24 maxlen: 24
                          195.78.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/q8ETx66mtxSgYOn3w-cVaeYD05U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/q8ETx66mtxSgYOn3w-cVaeYD05U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8ETx66mtxSgYOn3w-cVaeYD05U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a9:98:8f:04:55:b9:bc:51:96:46:52:d9:99:44:5f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc113c7aea6b714a060e9f7c3e71569e603d395
        Validity
            Not Before: Aug 14 17:20:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70008bb044c592b5a9db2dee4a9a6595bcde37c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:54:88:25:bc:02:90:7b:70:3c:46:5c:a0:21:
                    5b:4b:f2:ec:3b:bb:66:31:18:1a:11:25:bc:aa:02:
                    7d:43:0b:36:c6:2f:48:c8:67:62:c6:40:a1:c2:2c:
                    9b:57:a7:4c:07:0f:b9:e4:40:f1:51:cd:b4:21:ea:
                    c5:06:65:66:d0:4f:9b:92:a7:39:f6:e5:db:ae:90:
                    8f:83:8f:85:0b:3a:aa:8c:e1:24:98:38:23:49:d6:
                    d6:c5:aa:dc:4d:cd:13:03:c4:0c:d8:34:f0:fb:13:
                    39:14:71:88:97:70:d5:f8:96:35:cc:e9:8b:74:3d:
                    a1:f4:8a:4a:32:39:df:5e:1b:93:6f:b3:60:18:84:
                    dc:da:56:56:9c:40:60:11:b1:a0:6a:8b:fc:89:5b:
                    91:bb:fd:a6:eb:46:1b:fb:c0:f8:f8:65:24:55:6b:
                    76:44:72:d7:71:e7:a9:ba:96:56:f3:51:98:16:e8:
                    00:3f:38:27:c7:cf:5c:e1:f6:cc:9b:8c:04:f2:de:
                    8f:aa:1e:ce:ad:f5:dd:6a:67:34:4f:07:8c:c5:92:
                    12:09:42:cb:24:d0:76:e7:e4:2e:54:74:89:43:75:
                    3e:9b:43:2c:38:2a:1e:78:72:9e:88:a4:c6:12:ea:
                    6f:3b:e8:a1:bf:42:77:5d:8b:15:3c:75:5c:f9:36:
                    c6:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:00:8B:B0:44:C5:92:B5:A9:DB:2D:EE:4A:9A:65:95:BC:DE:37:C3
            X509v3 Authority Key Identifier:
                keyid:AB:C1:13:C7:AE:A6:B7:14:A0:60:E9:F7:C3:E7:15:69:E6:03:D3:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8ETx66mtxSgYOn3w-cVaeYD05U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/cACLsETFkrWp2y3uSppllbzeN8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/q8ETx66mtxSgYOn3w-cVaeYD05U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.78.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:df:28:fd:6c:ed:97:d5:23:d3:4c:21:f2:7a:ea:b1:99:a6:
         43:65:f5:9b:4a:56:f4:95:fc:43:a5:10:bc:d1:09:8b:12:30:
         e7:5f:13:bc:62:58:56:12:db:5a:b3:77:d1:0f:36:19:4b:64:
         a2:1b:da:53:ce:21:20:5e:86:95:66:63:15:e8:43:5d:38:c8:
         39:fb:f4:5f:63:9c:53:55:07:7a:af:d0:59:89:a2:2e:d3:f9:
         26:0e:36:05:aa:37:30:a5:d8:63:2b:1b:14:3b:0a:fc:59:d2:
         16:de:aa:09:57:8e:5b:2f:6b:f4:35:9a:73:7e:af:82:f9:42:
         79:b1:e0:92:32:c9:b4:39:5e:ef:72:f5:68:74:a1:c7:1d:6e:
         4e:1b:a5:ec:d9:ed:49:a6:11:b9:3b:29:95:21:0d:8d:cf:ff:
         dd:75:f4:ad:d1:53:68:c6:0f:d3:66:82:70:62:af:f8:11:e9:
         f5:73:95:a3:53:4d:87:b6:10:bb:cc:6a:ed:bc:71:1b:31:2d:
         1c:28:42:8a:4c:7e:91:4d:5c:67:31:2f:fb:1e:47:cf:4b:a5:
         61:a5:de:92:4a:2e:61:78:c0:a2:09:25:bd:68:b1:c3:3b:d9:
         c6:5c:b5:ad:1e:c8:0a:c6:19:b6:d3:a4:21:45:b6:a2:a1:7d:
         1e:47:d6:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZipmI8EVbm8UZZGUtmZRF/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzExM2M3YWVhNmI3MTRhMDYwZTlmN2MzZTcxNTY5ZTYw
M2QzOTUwHhcNMjUwODE0MTcyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDAwOGJiMDQ0YzU5MmI1YTlkYjJkZWU0YTlhNjU5NWJjZGUzN2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VSIJbwCkHtwPEZcoCFbS/LsO7tm
MRgaESW8qgJ9Qws2xi9IyGdixkChwiybV6dMBw+55EDxUc20IerFBmVm0E+bkqc5
9uXbrpCPg4+FCzqqjOEkmDgjSdbWxarcTc0TA8QM2DTw+xM5FHGIl3DV+JY1zOmL
dD2h9IpKMjnfXhuTb7NgGITc2lZWnEBgEbGgaov8iVuRu/2m60Yb+8D4+GUkVWt2
RHLXceepupZW81GYFugAPzgnx89c4fbMm4wE8t6Pqh7OrfXdamc0TweMxZISCULL
JNB25+QuVHSJQ3U+m0MsOCoeeHKeiKTGEupvO+ihv0J3XYsVPHVc+TbGuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAAi7BExZK1qdst7kqaZZW83jfDMB8GA1UdIwQY
MBaAFKvBE8euprcUoGDp98PnFWnmA9OVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThFVHg2Nm10eFNnWU9uM3ctY1ZhZVlEMDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9jMGFkNGQtMjBmZS00YTkzLWFmMDYt
MWQwYTRlYzgyN2FiLzEvY0FDTHNFVEZrcldwMnkzdVNwcGxsYnplTjhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9jMGFkNGQtMjBmZS00YTkzLWFmMDYtMWQwYTRlYzgyN2Fi
LzEvcThFVHg2Nm10eFNnWU9uM3ctY1ZhZVlEMDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw05qMA0G
CSqGSIb3DQEBCwUAA4IBAQAl3yj9bO2X1SPTTCHyeuqxmaZDZfWbSlb0lfxDpRC8
0QmLEjDnXxO8YlhWEttas3fRDzYZS2SiG9pTziEgXoaVZmMV6ENdOMg5+/RfY5xT
VQd6r9BZiaIu0/kmDjYFqjcwpdhjKxsUOwr8WdIW3qoJV45bL2v0NZpzfq+C+UJ5
seCSMsm0OV7vcvVodKHHHW5OG6Xs2e1JphG5OymVIQ2Nz//ddfSt0VNoxg/TZoJw
Yq/4Een1c5WjU02HthC7zGrtvHEbMS0cKEKKTH6RTVxnMS/7HkfPS6Vhpd6SSi5h
eMCiCSW9aLHDO9nGXLWtHsgKxhm206QhRbaioX0eR9bw
-----END CERTIFICATE-----