Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/1a09bb-01de-4be5-bce1-908648a20bc8/1/pQEKlsHKZvyCzhry4IGka8Bo9wI.roa
File:                     pQEKlsHKZvyCzhry4IGka8Bo9wI.roa (raw, json)
Hash identifier:          G6tdo3cOGBpxAVBJYaOYN4vtqsUYuOOcWC30vr8lJRY=
Subject key identifier:   A5:01:0A:96:C1:CA:66:FC:82:CE:1A:F2:E0:81:A4:6B:C0:68:F7:02
Certificate issuer:       /CN=d776ae09ab1bc94ace83fa6fd36ac522867b92ea
Certificate serial:       0198CCAB237B6BBCD3ADE4C3082948EA5A78
Authority key identifier: D7:76:AE:09:AB:1B:C9:4A:CE:83:FA:6F:D3:6A:C5:22:86:7B:92:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/13auCasbyUrOg_pv02rFIoZ7kuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/1a09bb-01de-4be5-bce1-908648a20bc8/1/pQEKlsHKZvyCzhry4IGka8Bo9wI.roa
Signing time:             Thu 21 Aug 2025 12:47:04 +0000
ROA not before:           Thu 21 Aug 2025 12:47:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205268
IP address blocks:        195.90.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/1a09bb-01de-4be5-bce1-908648a20bc8/1/13auCasbyUrOg_pv02rFIoZ7kuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/1a09bb-01de-4be5-bce1-908648a20bc8/1/13auCasbyUrOg_pv02rFIoZ7kuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/13auCasbyUrOg_pv02rFIoZ7kuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 18:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cc:ab:23:7b:6b:bc:d3:ad:e4:c3:08:29:48:ea:5a:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d776ae09ab1bc94ace83fa6fd36ac522867b92ea
        Validity
            Not Before: Aug 21 12:47:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5010a96c1ca66fc82ce1af2e081a46bc068f702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:1f:de:5b:36:23:a5:2d:42:25:21:5e:a7:16:
                    9f:90:43:c4:f2:97:ab:19:af:fe:e2:95:ec:dc:2a:
                    87:8f:14:05:62:4d:c0:13:d5:87:73:cb:12:a0:84:
                    2f:79:a9:5e:d7:6f:6b:90:bc:09:c1:d6:62:8b:46:
                    07:65:07:e3:a1:19:9a:09:6e:fe:11:5c:6e:fa:25:
                    05:aa:2b:1c:ae:bb:cf:7c:86:64:48:f8:fc:ad:74:
                    74:64:8a:f1:0c:09:cc:4f:49:70:58:ee:80:f3:e2:
                    25:8f:ca:d9:89:fc:54:70:22:6f:58:ae:be:06:d0:
                    49:ce:8d:59:eb:46:2c:0f:32:61:1e:6b:21:36:ea:
                    ea:2b:52:e1:a9:09:91:24:f4:0c:a1:a3:f6:22:b4:
                    3c:ed:74:c7:7f:99:c9:96:52:f3:b2:53:4c:64:69:
                    4b:30:28:a0:34:12:a7:dd:5c:48:88:6b:34:69:87:
                    4f:a7:aa:0d:43:19:b6:43:bd:cc:ea:c0:03:0a:ac:
                    6d:19:ca:a6:8d:0f:95:9d:3a:89:f6:36:89:87:e8:
                    0f:f2:df:22:74:5a:43:4c:fd:63:48:f9:6e:39:7e:
                    b9:e4:84:fe:46:40:b1:cb:d2:3f:e1:9f:29:9e:85:
                    85:df:4c:bb:b3:3d:c1:83:b1:db:5e:1b:0f:4f:69:
                    9d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:01:0A:96:C1:CA:66:FC:82:CE:1A:F2:E0:81:A4:6B:C0:68:F7:02
            X509v3 Authority Key Identifier:
                keyid:D7:76:AE:09:AB:1B:C9:4A:CE:83:FA:6F:D3:6A:C5:22:86:7B:92:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/13auCasbyUrOg_pv02rFIoZ7kuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/1a09bb-01de-4be5-bce1-908648a20bc8/1/pQEKlsHKZvyCzhry4IGka8Bo9wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/1a09bb-01de-4be5-bce1-908648a20bc8/1/13auCasbyUrOg_pv02rFIoZ7kuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.90.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:40:59:8b:bd:90:80:b6:26:69:cf:8f:0d:42:62:90:75:79:
         99:99:f2:df:88:7f:0a:dc:90:fd:a1:21:a1:39:ec:69:41:b3:
         33:7a:d7:86:5a:69:db:b1:6b:58:f9:84:4e:28:be:1d:1d:17:
         25:8f:97:aa:24:b1:07:d7:7b:35:0a:5e:94:32:b4:65:f1:95:
         1e:0b:8f:9f:01:5a:28:2b:f2:ed:0c:52:f3:8c:5e:f2:76:c3:
         7d:e4:40:69:72:0e:70:5f:c0:1f:cc:af:89:50:a0:4d:a8:e0:
         59:df:12:a5:ef:e7:57:0f:ec:6f:45:fa:6d:cc:90:05:0c:ba:
         0b:8e:5b:48:da:72:de:8b:f7:82:c9:21:51:4d:28:dd:07:23:
         91:60:65:00:3c:bc:a2:76:28:c7:a2:c7:65:9d:10:97:9e:9e:
         48:c4:c4:8b:d5:68:6e:32:ed:9f:25:2c:db:58:d4:ce:d9:de:
         01:84:86:c8:44:8e:7f:3f:93:a5:ec:bb:69:da:60:26:72:6a:
         cf:0f:5b:4e:d9:fd:b8:7e:fe:84:5f:d6:a2:73:e4:df:82:92:
         b3:59:42:e8:4a:51:dc:86:0f:15:32:cb:7d:1a:4e:82:17:a1:
         fb:4d:1a:07:49:7a:29:28:ea:d4:16:42:ad:66:a8:ed:e4:1c:
         d0:e3:8e:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjMqyN7a7zTreTDCClI6lp4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NzZhZTA5YWIxYmM5NGFjZTgzZmE2ZmQzNmFjNTIyODY3
YjkyZWEwHhcNMjUwODIxMTI0NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTAxMGE5NmMxY2E2NmZjODJjZTFhZjJlMDgxYTQ2YmMwNjhmNzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0B/eWzYjpS1CJSFepxafkEPE8per
Ga/+4pXs3CqHjxQFYk3AE9WHc8sSoIQveale129rkLwJwdZii0YHZQfjoRmaCW7+
EVxu+iUFqiscrrvPfIZkSPj8rXR0ZIrxDAnMT0lwWO6A8+Ilj8rZifxUcCJvWK6+
BtBJzo1Z60YsDzJhHmshNurqK1LhqQmRJPQMoaP2IrQ87XTHf5nJllLzslNMZGlL
MCigNBKn3VxIiGs0aYdPp6oNQxm2Q73M6sADCqxtGcqmjQ+VnTqJ9jaJh+gP8t8i
dFpDTP1jSPluOX655IT+RkCxy9I/4Z8pnoWF30y7sz3Bg7HbXhsPT2md5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUBCpbBymb8gs4a8uCBpGvAaPcCMB8GA1UdIwQY
MBaAFNd2rgmrG8lKzoP6b9NqxSKGe5LqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTNhdUNhc2J5VXJPZ19wdjAyckZJb1o3a3VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy8xYTA5YmItMDFkZS00YmU1LWJjZTEt
OTA4NjQ4YTIwYmM4LzEvcFFFS2xzSEtadnlDemhyeTRJR2thOEJvOXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy8xYTA5YmItMDFkZS00YmU1LWJjZTEtOTA4NjQ4YTIwYmM4
LzEvMTNhdUNhc2J5VXJPZ19wdjAyckZJb1o3a3VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1pnMA0G
CSqGSIb3DQEBCwUAA4IBAQCrQFmLvZCAtiZpz48NQmKQdXmZmfLfiH8K3JD9oSGh
OexpQbMzeteGWmnbsWtY+YROKL4dHRclj5eqJLEH13s1Cl6UMrRl8ZUeC4+fAVoo
K/LtDFLzjF7ydsN95EBpcg5wX8AfzK+JUKBNqOBZ3xKl7+dXD+xvRfptzJAFDLoL
jltI2nLei/eCySFRTSjdByORYGUAPLyidijHosdlnRCXnp5IxMSL1WhuMu2fJSzb
WNTO2d4BhIbIRI5/P5Ol7Ltp2mAmcmrPD1tO2f24fv6EX9aic+TfgpKzWULoSlHc
hg8VMst9Gk6CF6H7TRoHSXopKOrUFkKtZqjt5BzQ447a
-----END CERTIFICATE-----