Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/fso23fX_RepECeGcPBE3N8ZBn5w.roa
File:                     fso23fX_RepECeGcPBE3N8ZBn5w.roa (raw, json)
Hash identifier:          bJTWewfPdWXtYEONCryNM1zpz1pfZ79F4Yh1c0a7hDU=
Subject key identifier:   7E:CA:36:DD:F5:FF:45:EA:44:09:E1:9C:3C:11:37:37:C6:41:9F:9C
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0198CD4FEE6A1DAD70D9DD53492D16E2B694
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/fso23fX_RepECeGcPBE3N8ZBn5w.roa
Signing time:             Thu 21 Aug 2025 15:47:04 +0000
ROA not before:           Thu 21 Aug 2025 15:47:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202
IP address blocks:        157.25.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 04:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cd:4f:ee:6a:1d:ad:70:d9:dd:53:49:2d:16:e2:b6:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Aug 21 15:47:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7eca36ddf5ff45ea4409e19c3c113737c6419f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:4b:05:ea:b4:14:35:81:2e:2a:7c:db:71:31:
                    d4:d6:c1:ed:32:a6:38:11:20:c6:cf:2e:f0:1f:24:
                    08:54:c0:5e:8e:49:a2:4e:a6:ee:01:94:27:7d:40:
                    3a:d0:65:1f:6a:b5:5c:47:24:c9:47:62:6d:b8:34:
                    31:bb:2b:3d:ca:d6:1b:16:d4:11:5a:49:69:9e:8a:
                    d7:8c:5d:ca:5f:17:cc:74:7a:00:9d:38:b7:1e:98:
                    8c:c9:77:7a:79:23:8f:36:79:e0:7b:ff:e5:55:9c:
                    b0:27:41:ed:fe:eb:ec:4a:49:7c:ab:c3:80:10:80:
                    f6:83:27:da:8d:b6:f6:82:0a:7a:0a:e8:20:81:9a:
                    e4:7e:53:6f:89:34:6a:bb:7b:1f:6e:99:95:57:69:
                    03:d8:c3:13:c8:a9:a0:ac:b8:6d:65:96:92:af:98:
                    a5:0f:d1:c3:6c:49:ad:e1:d6:ba:8d:77:fa:33:70:
                    40:13:38:b6:2d:36:bb:a4:c4:5a:97:24:44:85:34:
                    9f:f8:fa:ff:66:aa:f4:a2:52:02:d7:3c:b8:72:d3:
                    a0:94:55:5d:0a:eb:c1:f0:54:6d:7c:ac:7b:6e:84:
                    a1:29:1c:6e:7e:7f:9b:34:13:82:10:0f:ae:60:c1:
                    42:76:18:4f:c5:7e:2c:f5:47:a6:19:3c:bf:73:7e:
                    e8:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:CA:36:DD:F5:FF:45:EA:44:09:E1:9C:3C:11:37:37:C6:41:9F:9C
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/fso23fX_RepECeGcPBE3N8ZBn5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.25.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:71:65:81:b3:21:c8:76:56:e2:29:73:95:5a:bb:d2:d4:b8:
         d9:24:52:1a:3c:92:73:79:f6:99:23:75:e8:13:5a:d3:19:89:
         a6:d3:6f:42:89:ea:83:97:6a:d4:aa:02:f4:86:e1:c8:b9:46:
         2d:b1:9f:6d:97:51:4b:b7:ef:42:fe:ac:94:b1:e0:5e:92:8c:
         a2:5c:85:a4:c1:83:65:99:1e:88:ae:82:21:e6:bd:f7:1f:f6:
         de:e7:ac:a7:40:34:c0:ed:c0:93:a5:8d:2b:12:1d:42:1a:9f:
         81:cf:96:0c:20:15:e9:40:04:d1:b4:06:2a:c5:04:99:09:30:
         3e:e1:c0:95:da:ab:7b:3b:ca:d0:03:79:06:33:f1:5e:a3:f8:
         34:c6:5d:f9:e2:f1:86:14:3e:58:b3:95:c0:27:6b:30:be:6f:
         80:69:34:10:87:a1:73:af:9e:ed:05:79:2d:ee:88:1c:1a:57:
         b2:59:16:a0:e1:5b:ec:8a:dd:23:93:f8:7f:91:ec:a3:90:40:
         69:6c:cc:70:25:ae:53:ba:81:3c:c9:0b:44:fe:05:16:5a:26:
         57:8d:cb:ce:a0:57:34:d9:2e:a7:8a:42:fe:1d:a7:32:09:cc:
         17:2b:77:f4:64:44:b2:c3:42:2b:d5:2a:84:21:8d:c6:04:d0:
         ab:ad:6e:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjNT+5qHa1w2d1TSS0W4raUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwODIxMTU0NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWNhMzZkZGY1ZmY0NWVhNDQwOWUxOWMzYzExMzczN2M2NDE5ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEsF6rQUNYEuKnzbcTHU1sHtMqY4
ESDGzy7wHyQIVMBejkmiTqbuAZQnfUA60GUfarVcRyTJR2JtuDQxuys9ytYbFtQR
WklpnorXjF3KXxfMdHoAnTi3HpiMyXd6eSOPNnnge//lVZywJ0Ht/uvsSkl8q8OA
EID2gyfajbb2ggp6CugggZrkflNviTRqu3sfbpmVV2kD2MMTyKmgrLhtZZaSr5il
D9HDbEmt4da6jXf6M3BAEzi2LTa7pMRalyREhTSf+Pr/Zqr0olIC1zy4ctOglFVd
CuvB8FRtfKx7boShKRxufn+bNBOCEA+uYMFCdhhPxX4s9UemGTy/c37oFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7KNt31/0XqRAnhnDwRNzfGQZ+cMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvZnNvMjNmWF9SZXBFQ2VHY1BCRTNOOFpCbjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnRmuMA0G
CSqGSIb3DQEBCwUAA4IBAQCkcWWBsyHIdlbiKXOVWrvS1LjZJFIaPJJzefaZI3Xo
E1rTGYmm029CieqDl2rUqgL0huHIuUYtsZ9tl1FLt+9C/qyUseBekoyiXIWkwYNl
mR6IroIh5r33H/be56ynQDTA7cCTpY0rEh1CGp+Bz5YMIBXpQATRtAYqxQSZCTA+
4cCV2qt7O8rQA3kGM/Feo/g0xl354vGGFD5Ys5XAJ2swvm+AaTQQh6Fzr57tBXkt
7ogcGleyWRag4Vvsit0jk/h/keyjkEBpbMxwJa5TuoE8yQtE/gUWWiZXjcvOoFc0
2S6nikL+HacyCcwXK3f0ZESyw0Ir1SqEIY3GBNCrrW7l
-----END CERTIFICATE-----