Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/e2daba-16a0-418a-b7c5-34a4845c1d8c/1/1-DF5D8tTh9lJKIY0izY4he5CjNI.roa
File:                     1-DF5D8tTh9lJKIY0izY4he5CjNI.roa (raw, json)
Hash identifier:          spndr+yaPIzAms5NTzOXkrBxWrHm5eT2WPxTRQhq++s=
Subject key identifier:   F8:31:79:0F:CB:53:87:D9:49:28:86:34:8B:36:38:85:EE:42:8C:D2
Certificate issuer:       /CN=00cadc5c7ba262a9a5b1d087369da5be797fba16
Certificate serial:       01995D3BCA789D48D3668695B42A8E9F4CB0
Authority key identifier: 00:CA:DC:5C:7B:A2:62:A9:A5:B1:D0:87:36:9D:A5:BE:79:7F:BA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AMrcXHuiYqmlsdCHNp2lvnl_uhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/e2daba-16a0-418a-b7c5-34a4845c1d8c/1/1-DF5D8tTh9lJKIY0izY4he5CjNI.roa
Signing time:             Thu 18 Sep 2025 14:30:23 +0000
ROA not before:           Thu 18 Sep 2025 14:30:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205966
IP address blocks:        167.150.200.0/24 maxlen: 24
                          2001:678:10dc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/e2daba-16a0-418a-b7c5-34a4845c1d8c/1/AMrcXHuiYqmlsdCHNp2lvnl_uhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/e2daba-16a0-418a-b7c5-34a4845c1d8c/1/AMrcXHuiYqmlsdCHNp2lvnl_uhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AMrcXHuiYqmlsdCHNp2lvnl_uhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5d:3b:ca:78:9d:48:d3:66:86:95:b4:2a:8e:9f:4c:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00cadc5c7ba262a9a5b1d087369da5be797fba16
        Validity
            Not Before: Sep 18 14:30:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f831790fcb5387d9492886348b363885ee428cd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:13:6b:26:f8:fa:f4:20:e7:44:dc:28:12:f8:
                    88:be:74:a8:2a:96:ab:3b:52:18:af:ff:c4:d3:a1:
                    f2:41:83:8b:bf:64:d6:f6:06:e7:5a:bc:de:58:71:
                    ae:78:d2:28:e0:a4:ec:80:b1:db:7b:da:45:1c:66:
                    c6:74:b3:3c:49:c1:cc:aa:fa:08:ba:cc:db:91:9c:
                    fd:72:66:aa:dc:26:9f:27:b9:e3:cd:43:a7:3d:1f:
                    f0:c7:49:a2:50:f2:52:ae:14:e7:08:98:80:1f:c8:
                    65:4d:47:09:fa:62:82:a4:31:17:be:b0:d1:5a:9b:
                    eb:6a:78:3e:38:07:c5:81:86:a8:08:43:54:24:76:
                    c8:1a:61:1d:4d:c3:e9:ed:4a:c7:d6:51:bc:b3:7b:
                    d6:37:c1:d2:3f:91:2c:e0:3e:94:83:60:d7:7e:02:
                    fc:73:23:8a:93:35:fa:b6:4e:83:b4:46:e6:d8:17:
                    18:95:93:84:0c:d2:10:ae:63:c4:48:f7:9d:92:d2:
                    40:a6:67:63:63:25:3c:16:f7:70:a5:44:5a:0f:1e:
                    7e:2d:2d:57:1f:f8:8f:60:05:a5:8e:71:87:78:31:
                    94:b1:67:52:b2:33:43:11:d3:dc:bf:27:83:4e:73:
                    89:55:e4:af:ea:a1:66:1b:1b:6e:9b:21:a0:bb:7b:
                    88:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:31:79:0F:CB:53:87:D9:49:28:86:34:8B:36:38:85:EE:42:8C:D2
            X509v3 Authority Key Identifier:
                keyid:00:CA:DC:5C:7B:A2:62:A9:A5:B1:D0:87:36:9D:A5:BE:79:7F:BA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AMrcXHuiYqmlsdCHNp2lvnl_uhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/e2daba-16a0-418a-b7c5-34a4845c1d8c/1/1-DF5D8tTh9lJKIY0izY4he5CjNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/e2daba-16a0-418a-b7c5-34a4845c1d8c/1/AMrcXHuiYqmlsdCHNp2lvnl_uhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.150.200.0/24
                IPv6:
                  2001:678:10dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:9f:cf:8b:6c:f1:f5:4b:71:33:7f:9a:af:0d:f6:ca:a0:ee:
         43:ec:ac:2b:2d:12:49:6b:e6:0c:90:47:bb:ad:30:dc:70:d7:
         5f:63:2b:5e:ff:36:0b:ba:54:d6:2a:48:14:69:e3:ed:ba:a2:
         0d:e3:85:2d:47:4b:0c:5e:32:b9:0d:e2:44:88:5b:d1:cb:50:
         a8:87:99:f6:55:6d:36:c8:d6:3e:60:66:a0:0b:a2:0f:a8:c8:
         71:af:1c:63:c3:58:bf:ce:c9:88:13:00:4a:44:e6:ca:16:52:
         57:48:d9:29:00:ae:47:84:ca:09:71:3f:48:46:9f:34:df:78:
         8a:d4:49:da:2d:f6:8d:9e:eb:95:7d:e7:4b:69:5a:75:0b:12:
         f0:48:12:bf:ce:e0:75:f2:96:3e:58:30:c1:57:ad:8d:aa:e5:
         44:30:8f:ab:98:28:fc:7b:da:58:7f:32:9c:6f:40:a1:eb:11:
         e5:d0:21:0a:95:99:b9:b2:d5:b5:4e:75:aa:e4:df:c3:4b:da:
         d5:be:4b:18:f0:20:54:19:44:70:aa:f1:c1:50:3f:12:b8:09:
         58:d3:3f:ad:c4:5a:aa:bd:b2:36:72:8c:fa:65:06:d5:f2:36:
         77:01:96:95:bc:22:5b:fe:6b:a0:4f:80:5b:57:31:4e:0e:61:
         b9:5b:a7:6f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZldO8p4nUjTZoaVtCqOn0ywMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwY2FkYzVjN2JhMjYyYTlhNWIxZDA4NzM2OWRhNWJlNzk3
ZmJhMTYwHhcNMjUwOTE4MTQzMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODMxNzkwZmNiNTM4N2Q5NDkyODg2MzQ4YjM2Mzg4NWVlNDI4Y2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBNrJvj69CDnRNwoEviIvnSoKpar
O1IYr//E06HyQYOLv2TW9gbnWrzeWHGueNIo4KTsgLHbe9pFHGbGdLM8ScHMqvoI
uszbkZz9cmaq3CafJ7njzUOnPR/wx0miUPJSrhTnCJiAH8hlTUcJ+mKCpDEXvrDR
Wpvrang+OAfFgYaoCENUJHbIGmEdTcPp7UrH1lG8s3vWN8HSP5Es4D6Ug2DXfgL8
cyOKkzX6tk6DtEbm2BcYlZOEDNIQrmPESPedktJApmdjYyU8FvdwpURaDx5+LS1X
H/iPYAWljnGHeDGUsWdSsjNDEdPcvyeDTnOJVeSv6qFmGxtumyGgu3uIZQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPgxeQ/LU4fZSSiGNIs2OIXuQozSMB8GA1UdIwQY
MBaAFADK3Fx7omKppbHQhzadpb55f7oWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU1yY1hIdWlZcW1sc2RDSE5wMmx2bmxfdWhZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9lMmRhYmEtMTZhMC00MThhLWI3YzUt
MzRhNDg0NWMxZDhjLzEvMS1ERjVEOHRUaDlsSktJWTBpelk0aGU1Q2pOSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmUvZTJkYWJhLTE2YTAtNDE4YS1iN2M1LTM0YTQ4NDVjMWQ4
Yy8xL0FNcmNYSHVpWXFtbHNkQ0hOcDJsdm5sX3VoWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAKeWyDAP
BAIAAjAJAwcAIAEGeBDcMA0GCSqGSIb3DQEBCwUAA4IBAQBLn8+LbPH1S3Ezf5qv
DfbKoO5D7KwrLRJJa+YMkEe7rTDccNdfYyte/zYLulTWKkgUaePtuqIN44UtR0sM
XjK5DeJEiFvRy1Coh5n2VW02yNY+YGagC6IPqMhxrxxjw1i/zsmIEwBKRObKFlJX
SNkpAK5HhMoJcT9IRp8033iK1EnaLfaNnuuVfedLaVp1CxLwSBK/zuB18pY+WDDB
V62NquVEMI+rmCj8e9pYfzKcb0Ch6xHl0CEKlZm5stW1TnWq5N/DS9rVvksY8CBU
GURwqvHBUD8SuAlY0z+txFqqvbI2coz6ZQbV8jZ3AZaVvCJb/mugT4BbVzFODmG5
W6dv
-----END CERTIFICATE-----