Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/Clzzp5xK-yp8rYv85D99LfyAh0E.roa
File:                     Clzzp5xK-yp8rYv85D99LfyAh0E.roa (raw, json)
Hash identifier:          fGSlKDGqBJuLLFO3poXUGL2bDi2qTj0GaL8Jf09spSU=
Subject key identifier:   0A:5C:F3:A7:9C:4A:FB:2A:7C:AD:8B:FC:E4:3F:7D:2D:FC:80:87:41
Certificate issuer:       /CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
Certificate serial:       0197B11C78EBE38EA254DFA2F550E27538C5
Authority key identifier: 17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/Clzzp5xK-yp8rYv85D99LfyAh0E.roa
Signing time:             Fri 27 Jun 2025 11:18:42 +0000
ROA not before:           Fri 27 Jun 2025 11:18:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        146.19.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b1:1c:78:eb:e3:8e:a2:54:df:a2:f5:50:e2:75:38:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
        Validity
            Not Before: Jun 27 11:18:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a5cf3a79c4afb2a7cad8bfce43f7d2dfc808741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a5:c2:22:5b:8f:96:4a:b0:17:95:c5:74:37:
                    aa:b3:5b:29:73:e1:66:00:14:c1:b5:59:01:51:88:
                    b0:18:6d:c2:7f:ac:7a:c2:b7:1f:7f:94:05:0b:f0:
                    b0:31:66:45:80:f0:d3:1f:ad:da:f8:6a:0b:e0:e0:
                    d7:d3:10:ed:9e:d1:9f:b7:39:50:61:c8:a0:bd:d3:
                    41:12:8c:fb:98:20:7d:cc:35:ce:91:e1:2f:1e:bb:
                    0a:ac:01:c2:08:99:40:e4:2d:09:07:12:56:85:36:
                    e8:ef:3b:6f:ad:25:05:a9:12:4d:57:d8:c6:bb:4c:
                    73:ce:f0:78:23:5a:4d:59:00:e8:74:7b:ff:d2:61:
                    2b:f4:2f:d1:a1:6e:1c:fd:e4:73:a8:04:1d:1d:af:
                    60:e7:b1:8a:8c:57:cc:ee:dc:40:7c:9a:80:21:2f:
                    8d:a7:8d:01:aa:cf:d6:c0:6f:a1:fd:72:30:f3:12:
                    fb:ff:88:4d:34:f2:24:30:fa:d9:ac:2d:e7:dd:e8:
                    a2:6a:c0:3c:db:e5:16:3d:b7:d1:6b:aa:13:bd:c9:
                    85:e1:d9:d4:56:63:1c:d7:1f:d1:8b:6f:a6:22:bc:
                    36:50:57:55:94:0a:9f:50:3d:8f:97:2f:c1:c7:15:
                    72:41:a7:de:06:00:52:44:7b:2e:1b:26:be:94:0c:
                    41:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:5C:F3:A7:9C:4A:FB:2A:7C:AD:8B:FC:E4:3F:7D:2D:FC:80:87:41
            X509v3 Authority Key Identifier:
                keyid:17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/Clzzp5xK-yp8rYv85D99LfyAh0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:b5:56:d6:62:da:d1:0d:c7:0a:8e:5a:24:9b:c7:1b:9b:67:
         b2:13:fd:29:27:5b:32:0a:53:f4:86:bd:bc:bf:36:3c:e5:70:
         ce:ec:73:c8:21:b3:53:e2:83:89:d5:72:8c:3e:47:18:5b:7c:
         1c:8e:91:e8:79:22:9d:d6:01:1c:cd:2c:15:df:c7:1b:35:6c:
         cb:20:56:67:07:23:43:f9:09:e4:40:af:08:4d:99:a9:95:3b:
         9e:38:8c:f4:76:47:a3:c9:86:04:1f:2a:ef:8f:2b:c4:3a:82:
         f5:94:89:5c:83:8a:9d:b6:6c:b8:fd:73:71:56:62:31:2d:37:
         94:ab:5c:41:f4:c3:34:6d:9c:bb:1b:e3:fc:30:93:0d:22:ae:
         3f:93:c3:77:89:65:f3:8d:88:ff:7e:47:76:59:87:79:44:24:
         a4:a2:f1:70:c5:d0:90:04:7b:b3:4e:e8:58:f3:c1:43:80:cd:
         06:2d:3a:7c:a5:62:fb:4c:c0:5b:01:df:2c:aa:1e:bd:81:93:
         ed:0f:41:4a:9b:44:f9:7b:28:39:a4:86:ac:d6:fe:14:0e:1e:
         35:6a:7b:13:07:aa:b5:0d:ba:47:d2:29:54:b1:5e:eb:02:04:
         20:4f:11:07:09:4d:d9:10:72:46:a1:9b:cc:ea:f1:12:09:49:
         5c:0c:b5:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZexHHjr446iVN+i9VDidTjFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjUwNDJmYzIwZDliYWIxNjc2ZTA5YWY3ZmYxYmE1YmZh
ZGFlNzUwHhcNMjUwNjI3MTExODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTVjZjNhNzljNGFmYjJhN2NhZDhiZmNlNDNmN2QyZGZjODA4NzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKXCIluPlkqwF5XFdDeqs1spc+Fm
ABTBtVkBUYiwGG3Cf6x6wrcff5QFC/CwMWZFgPDTH63a+GoL4ODX0xDtntGftzlQ
YcigvdNBEoz7mCB9zDXOkeEvHrsKrAHCCJlA5C0JBxJWhTbo7ztvrSUFqRJNV9jG
u0xzzvB4I1pNWQDodHv/0mEr9C/RoW4c/eRzqAQdHa9g57GKjFfM7txAfJqAIS+N
p40Bqs/WwG+h/XIw8xL7/4hNNPIkMPrZrC3n3eiiasA82+UWPbfRa6oTvcmF4dnU
VmMc1x/Ri2+mIrw2UFdVlAqfUD2Ply/BxxVyQafeBgBSRHsuGya+lAxBnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApc86ecSvsqfK2L/OQ/fS38gIdBMB8GA1UdIwQY
MBaAFBe1BC/CDZurFnbgmvf/G6W/ra51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQt
YmM2Nzk0ZTk1ZTVhLzEvQ2x6enA1eEsteXA4cll2ODVEOTlMZnlBaDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQtYmM2Nzk0ZTk1ZTVh
LzEvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMHMA0G
CSqGSIb3DQEBCwUAA4IBAQC8tVbWYtrRDccKjlokm8cbm2eyE/0pJ1syClP0hr28
vzY85XDO7HPIIbNT4oOJ1XKMPkcYW3wcjpHoeSKd1gEczSwV38cbNWzLIFZnByND
+QnkQK8ITZmplTueOIz0dkejyYYEHyrvjyvEOoL1lIlcg4qdtmy4/XNxVmIxLTeU
q1xB9MM0bZy7G+P8MJMNIq4/k8N3iWXzjYj/fkd2WYd5RCSkovFwxdCQBHuzTuhY
88FDgM0GLTp8pWL7TMBbAd8sqh69gZPtD0FKm0T5eyg5pIas1v4UDh41ansTB6q1
DbpH0ilUsV7rAgQgTxEHCU3ZEHJGoZvM6vESCUlcDLUO
-----END CERTIFICATE-----