Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/fJTIAGeTTpQIAYlt95tAwQyhgjw.roa
File:                     fJTIAGeTTpQIAYlt95tAwQyhgjw.roa (raw, json)
Hash identifier:          MxEDbMXgB5hVDHkl7Slcj+ssGqrdGdKqKYraglm4Bwo=
Subject key identifier:   7C:94:C8:00:67:93:4E:94:08:01:89:6D:F7:9B:40:C1:0C:A1:82:3C
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0198CD64FCE6AEE767346DCBCF9F21125757
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/fJTIAGeTTpQIAYlt95tAwQyhgjw.roa
Signing time:             Thu 21 Aug 2025 16:10:04 +0000
ROA not before:           Thu 21 Aug 2025 16:10:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        157.25.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 04:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cd:64:fc:e6:ae:e7:67:34:6d:cb:cf:9f:21:12:57:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Aug 21 16:10:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c94c80067934e940801896df79b40c10ca1823c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:32:f7:51:99:0f:d2:71:e2:de:88:12:c1:a7:
                    c9:f8:e1:61:12:b5:cf:cf:bb:97:0f:17:e3:4e:68:
                    35:1e:aa:df:3f:4b:71:cd:97:81:64:a6:a4:f7:9a:
                    fe:1b:e0:d3:64:c0:d5:1e:4e:16:31:15:58:ce:91:
                    37:75:78:c0:d4:84:1d:42:ba:41:a7:cb:15:1a:e9:
                    95:f6:65:90:49:68:56:60:99:fb:45:5e:b7:e6:e3:
                    cc:fb:98:19:80:75:5e:2a:26:69:17:05:4d:3b:44:
                    ed:b5:73:62:11:9c:16:d7:13:2f:58:14:9d:53:2c:
                    22:69:57:16:8d:84:68:f2:a2:21:f1:80:61:1b:7d:
                    23:30:60:8e:47:24:d6:1e:7e:f6:7a:b7:ef:93:7f:
                    32:62:00:d2:cb:7c:b5:08:15:8b:ce:bb:94:85:db:
                    2d:f9:49:4e:95:f9:ee:2e:96:d9:6e:d1:f1:88:45:
                    30:6a:c2:4f:94:76:57:fb:fe:73:64:f6:be:8a:e5:
                    4b:e9:a0:3d:6b:91:81:b0:93:1e:b0:d0:17:b5:59:
                    74:4d:6c:7a:5e:50:c6:ef:67:2d:b2:d2:f8:99:a4:
                    0d:37:a2:f7:d3:97:7d:84:d4:c8:e3:90:f5:0b:d1:
                    a7:af:b3:a3:ff:6c:92:3d:bb:9a:93:67:ec:a9:a5:
                    d0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:94:C8:00:67:93:4E:94:08:01:89:6D:F7:9B:40:C1:0C:A1:82:3C
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/fJTIAGeTTpQIAYlt95tAwQyhgjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.25.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:c0:d9:48:6d:2a:1e:f1:70:bc:02:b6:f6:7a:35:aa:94:9e:
         33:99:b9:b1:c9:86:2d:dc:bd:10:ba:c2:03:97:be:1e:24:59:
         4c:d9:39:84:82:af:18:0c:fb:1a:1f:c1:07:73:d9:d9:f9:12:
         52:75:f5:24:35:52:be:16:8d:ad:b2:15:08:8f:85:be:5d:d4:
         f3:65:ef:0f:7a:ac:92:40:c6:51:5a:22:b3:d7:5d:b8:e4:9e:
         1c:84:e8:b7:5e:ed:c2:6c:ff:bf:a7:4f:2c:e8:12:58:4d:24:
         74:8a:74:97:bb:5b:b6:27:c1:16:a4:b7:dc:8b:07:e6:f0:ac:
         9e:7f:05:a0:5f:cc:59:58:4d:dc:21:32:2b:96:e1:92:42:34:
         90:3c:47:27:4b:46:03:7d:63:0e:2d:6b:a3:a1:78:ad:fd:bb:
         6f:34:50:13:95:68:3a:19:46:03:6a:e1:0c:f5:4a:96:6c:9e:
         10:fa:34:8b:78:a1:27:02:b0:1a:cf:e4:08:d4:89:f1:3f:43:
         c9:30:e6:ed:c0:29:eb:3a:8e:6e:e1:36:20:ce:1c:f4:79:df:
         df:34:00:65:70:9e:e0:58:07:cf:e5:f2:04:37:c0:64:96:89:
         8d:d2:3c:64:74:d0:b7:5c:9d:cf:a1:19:20:20:31:b1:4c:5a:
         3f:33:4f:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjNZPzmrudnNG3Lz58hEldXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwODIxMTYxMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzk0YzgwMDY3OTM0ZTk0MDgwMTg5NmRmNzliNDBjMTBjYTE4MjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzL3UZkP0nHi3ogSwafJ+OFhErXP
z7uXDxfjTmg1HqrfP0txzZeBZKak95r+G+DTZMDVHk4WMRVYzpE3dXjA1IQdQrpB
p8sVGumV9mWQSWhWYJn7RV635uPM+5gZgHVeKiZpFwVNO0TttXNiEZwW1xMvWBSd
UywiaVcWjYRo8qIh8YBhG30jMGCORyTWHn72erfvk38yYgDSy3y1CBWLzruUhdst
+UlOlfnuLpbZbtHxiEUwasJPlHZX+/5zZPa+iuVL6aA9a5GBsJMesNAXtVl0TWx6
XlDG72ctstL4maQNN6L305d9hNTI45D1C9Gnr7Oj/2ySPbuak2fsqaXQZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyUyABnk06UCAGJbfebQMEMoYI8MB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvZkpUSUFHZVRUcFFJQVlsdDk1dEF3UXloZ2p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnRmuMA0G
CSqGSIb3DQEBCwUAA4IBAQA5wNlIbSoe8XC8Arb2ejWqlJ4zmbmxyYYt3L0QusID
l74eJFlM2TmEgq8YDPsaH8EHc9nZ+RJSdfUkNVK+Fo2tshUIj4W+XdTzZe8PeqyS
QMZRWiKz11245J4chOi3Xu3CbP+/p08s6BJYTSR0inSXu1u2J8EWpLfciwfm8Kye
fwWgX8xZWE3cITIrluGSQjSQPEcnS0YDfWMOLWujoXit/btvNFATlWg6GUYDauEM
9UqWbJ4Q+jSLeKEnArAaz+QI1InxP0PJMObtwCnrOo5u4TYgzhz0ed/fNABlcJ7g
WAfP5fIEN8BklomN0jxkdNC3XJ3PoRkgIDGxTFo/M0+e
-----END CERTIFICATE-----