Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/Rbk5PVjqlkpGo1SxsQ_tSeJLPbo.roa
File:                     Rbk5PVjqlkpGo1SxsQ_tSeJLPbo.roa (raw, json)
Hash identifier:          BRLtcU6d3bxk4bV/7KHF4XZmiUFqH8jja8emVx8VywY=
Subject key identifier:   45:B9:39:3D:58:EA:96:4A:46:A3:54:B1:B1:0F:ED:49:E2:4B:3D:BA
Certificate issuer:       /CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
Certificate serial:       0198F0CEE723D1E400C17A548D1976DE1F38
Authority key identifier: DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/Rbk5PVjqlkpGo1SxsQ_tSeJLPbo.roa
Signing time:             Thu 28 Aug 2025 13:12:28 +0000
ROA not before:           Thu 28 Aug 2025 13:12:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2541
IP address blocks:        193.169.144.0/24 maxlen: 24
                          193.169.145.0/24 maxlen: 24
                          195.78.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f0:ce:e7:23:d1:e4:00:c1:7a:54:8d:19:76:de:1f:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
        Validity
            Not Before: Aug 28 13:12:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45b9393d58ea964a46a354b1b10fed49e24b3dba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:25:94:1b:69:d6:21:16:16:e4:22:28:aa:87:
                    d1:cb:0f:92:17:c8:49:92:da:36:ad:6b:03:c1:07:
                    b8:d0:25:40:ea:76:06:85:c2:6c:0d:73:8d:ef:ed:
                    1c:90:5f:8a:a4:63:c0:25:87:41:9a:de:e0:9d:33:
                    d5:e5:f9:3c:39:80:ce:0f:25:14:ae:fc:dc:31:d0:
                    19:94:59:a1:37:d0:87:d4:85:10:8b:c4:44:70:57:
                    14:6f:ad:48:ca:16:dc:6a:fa:da:71:38:0d:de:7e:
                    72:72:5a:7e:04:d5:27:41:9d:88:99:fe:43:b9:e6:
                    ba:1d:2c:aa:7a:10:90:6b:64:3f:40:4f:65:94:da:
                    64:90:c4:19:f8:8a:42:a0:9c:96:c8:8d:d1:a6:35:
                    ec:53:01:f7:35:7c:b8:2d:45:35:87:de:6e:6c:ef:
                    7c:0d:db:54:63:c0:39:2b:a3:a4:6e:ef:ac:e2:be:
                    69:60:9d:f9:07:3a:2e:d0:61:14:65:ac:ab:02:67:
                    e9:7f:bc:e6:ff:1f:eb:e4:2e:9d:25:4e:49:cd:76:
                    23:dc:9a:a1:75:5f:8f:13:61:a5:d0:23:b3:58:36:
                    d9:f0:9c:2e:df:d8:4a:2b:06:d1:46:97:03:8c:6f:
                    ed:7b:54:ac:ea:cd:0a:7e:c4:fe:17:97:eb:02:68:
                    66:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:B9:39:3D:58:EA:96:4A:46:A3:54:B1:B1:0F:ED:49:E2:4B:3D:BA
            X509v3 Authority Key Identifier:
                keyid:DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/Rbk5PVjqlkpGo1SxsQ_tSeJLPbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.144.0/23
                  195.78.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:37:62:da:df:87:76:f7:1f:d5:b6:b1:49:aa:d3:16:be:d1:
         eb:b0:3b:39:cf:38:83:b0:42:a8:0d:96:07:c6:16:32:2b:76:
         0d:88:17:01:23:de:14:f0:c5:b0:b1:c5:ea:2b:e2:46:13:d0:
         b2:c4:ec:76:7c:e9:f6:07:0c:7b:23:a9:36:66:f8:c8:86:59:
         b7:cb:93:5f:27:81:a0:74:45:8f:23:bd:64:b3:3e:ec:50:45:
         7a:5e:1d:4b:3d:05:d8:26:f9:ba:b1:97:51:8d:52:39:73:4d:
         4a:e4:f8:76:65:b0:aa:17:ff:de:fb:25:c0:57:70:99:65:12:
         b2:30:67:03:1e:20:98:94:d0:60:f8:c4:56:ad:f3:5b:c9:6c:
         df:ca:73:61:0b:be:cd:cf:98:4d:89:76:4d:d6:bb:7d:76:91:
         d5:ac:a4:55:2b:46:98:e0:df:9b:1b:a5:d9:ab:12:98:ef:bc:
         06:79:33:06:db:d4:6e:63:93:8f:30:4d:dc:30:8f:72:fd:f8:
         0c:06:bb:01:8c:7f:00:6d:9a:aa:7f:02:17:a1:b9:fb:b0:7d:
         87:69:ae:df:69:e0:84:94:e2:e6:d8:06:04:6a:02:41:fb:00:
         a2:90:4c:f1:d5:70:03:1b:72:c7:83:a9:28:d6:44:a0:42:f6:
         54:41:c0:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjwzucj0eQAwXpUjRl23h84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNzgyMWUxYmNiZjZlMDc0ZWE0ODE0YWFhNWM2M2UzYmE4
MTNjNWYwHhcNMjUwODI4MTMxMjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWI5MzkzZDU4ZWE5NjRhNDZhMzU0YjFiMTBmZWQ0OWUyNGIzZGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/CWUG2nWIRYW5CIoqofRyw+SF8hJ
kto2rWsDwQe40CVA6nYGhcJsDXON7+0ckF+KpGPAJYdBmt7gnTPV5fk8OYDODyUU
rvzcMdAZlFmhN9CH1IUQi8REcFcUb61IyhbcavracTgN3n5yclp+BNUnQZ2Imf5D
uea6HSyqehCQa2Q/QE9llNpkkMQZ+IpCoJyWyI3RpjXsUwH3NXy4LUU1h95ubO98
DdtUY8A5K6Okbu+s4r5pYJ35Bzou0GEUZayrAmfpf7zm/x/r5C6dJU5JzXYj3Jqh
dV+PE2Gl0COzWDbZ8Jwu39hKKwbRRpcDjG/te1Ss6s0KfsT+F5frAmhmwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEW5OT1Y6pZKRqNUsbEP7UniSz26MB8GA1UdIwQY
MBaAFNx4IeG8v24HTqSBSqpcY+O6gTxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYt
ZDQ4YjQyZWYxNTliLzEvUmJrNVBWanFsa3BHbzFTeHNRX3RTZUpMUGJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYtZDQ4YjQyZWYxNTli
LzEvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwamQAwQA
w058MA0GCSqGSIb3DQEBCwUAA4IBAQBoN2La34d29x/VtrFJqtMWvtHrsDs5zziD
sEKoDZYHxhYyK3YNiBcBI94U8MWwscXqK+JGE9CyxOx2fOn2Bwx7I6k2ZvjIhlm3
y5NfJ4GgdEWPI71ksz7sUEV6Xh1LPQXYJvm6sZdRjVI5c01K5Ph2ZbCqF//e+yXA
V3CZZRKyMGcDHiCYlNBg+MRWrfNbyWzfynNhC77Nz5hNiXZN1rt9dpHVrKRVK0aY
4N+bG6XZqxKY77wGeTMG29RuY5OPME3cMI9y/fgMBrsBjH8AbZqqfwIXobn7sH2H
aa7faeCElOLm2AYEagJB+wCikEzx1XADG3LHg6ko1kSgQvZUQcB3
-----END CERTIFICATE-----