Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/J8NitB1i9Ppc78H5UQgUgPe6Sc8.roa
File:                     J8NitB1i9Ppc78H5UQgUgPe6Sc8.roa (raw, json)
Hash identifier:          uE6DePfWOOK0FbMcCEQOPt9YawlFmg1QaaR5PRQXMDg=
Subject key identifier:   27:C3:62:B4:1D:62:F4:FA:5C:EF:C1:F9:51:08:14:80:F7:BA:49:CF
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0198C83CCD8EF96A80C620EA9E8C925C5463
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/J8NitB1i9Ppc78H5UQgUgPe6Sc8.roa
Signing time:             Wed 20 Aug 2025 16:08:04 +0000
ROA not before:           Wed 20 Aug 2025 16:08:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        45.128.78.0/24 maxlen: 24
                          84.21.188.0/24 maxlen: 24
                          2a13:18c6:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c8:3c:cd:8e:f9:6a:80:c6:20:ea:9e:8c:92:5c:54:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 20 16:08:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27c362b41d62f4fa5cefc1f951081480f7ba49cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6a:97:bf:df:30:a5:a5:bc:20:7a:82:b8:bf:
                    22:55:2b:b1:46:52:a6:d8:20:b7:a6:bb:22:6b:2a:
                    9a:74:e2:dc:03:d8:fe:fc:2f:f7:da:32:c0:38:2d:
                    f3:8d:5a:1f:ba:02:fa:be:46:fa:42:2f:ca:13:3a:
                    f7:51:75:90:e2:a8:d7:fa:b2:6a:c7:65:af:c6:d4:
                    f2:3d:d8:f1:6a:f2:4a:82:fa:4f:8f:01:f4:3c:d2:
                    ff:4d:e2:f6:c7:c8:10:be:36:05:ca:5f:4e:78:a8:
                    39:65:e0:ef:87:7e:05:6f:38:2f:05:65:2b:45:1f:
                    dd:18:41:73:65:24:7d:69:fa:e6:c7:43:1d:91:6e:
                    d1:ed:52:02:ba:0c:99:f8:8a:fb:7f:2c:74:6b:3a:
                    71:7b:51:ef:92:22:81:a2:7f:c4:22:cc:01:6e:6e:
                    9e:83:c0:95:68:43:00:5d:35:af:6d:f1:24:0e:b2:
                    3b:9e:af:81:d5:62:55:18:4b:0f:27:d4:1e:d6:af:
                    3d:ff:22:e6:7b:d6:44:c7:9c:99:6d:30:21:b9:26:
                    ca:fb:77:b1:cb:d1:85:e2:68:ec:e4:be:c3:08:d9:
                    eb:44:e9:12:7a:6d:23:08:ca:b5:a2:00:5e:b0:31:
                    0e:65:17:1c:27:78:7e:4e:15:9c:76:24:bf:dd:cd:
                    98:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:C3:62:B4:1D:62:F4:FA:5C:EF:C1:F9:51:08:14:80:F7:BA:49:CF
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/J8NitB1i9Ppc78H5UQgUgPe6Sc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.78.0/24
                  84.21.188.0/24
                IPv6:
                  2a13:18c6:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:6b:15:d3:60:da:e9:ca:44:a8:df:27:5a:f5:e2:4e:b2:15:
         58:70:29:c5:c4:df:8a:4d:e9:e5:e4:44:89:7d:a8:b4:79:09:
         9c:70:0c:36:dc:18:92:c0:78:f0:46:81:d4:81:5e:71:4b:56:
         3d:96:58:07:36:3b:a3:8c:2c:ba:61:2c:a1:9a:2f:9b:13:26:
         ef:5a:82:b5:c3:ef:e9:03:63:40:02:63:cd:ab:3a:27:56:41:
         98:98:96:4d:39:c4:ec:cc:7c:0c:a1:f7:ba:7a:b8:82:cf:f6:
         9c:c7:00:f7:12:e9:d7:23:08:1d:d8:d6:b8:62:08:9f:6e:94:
         9a:7e:81:41:80:3f:44:48:82:9e:37:f3:17:75:46:7f:58:a0:
         18:bf:74:17:1c:5f:4c:d3:78:ed:ea:98:fe:91:f7:38:40:6c:
         07:9c:36:a2:f4:91:3f:57:83:94:8b:9c:0a:3e:d6:47:82:09:
         f3:50:5e:d6:c8:4d:70:5b:08:6d:9c:63:bd:43:b0:2a:25:56:
         c4:9c:79:9e:7f:56:b9:4b:bc:4f:16:b8:81:bb:4a:f4:ae:4c:
         d2:d5:2c:87:6f:55:8b:e2:f2:18:b1:a5:12:c0:1e:b4:b7:c1:
         1e:6d:ab:4b:33:32:0a:c7:ae:b8:79:72:0e:e2:b8:a2:ef:6e:
         4f:6e:59:9f
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZjIPM2O+WqAxiDqnoySXFRjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODIwMTYwODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2MzNjJiNDFkNjJmNGZhNWNlZmMxZjk1MTA4MTQ4MGY3YmE0OWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWqXv98wpaW8IHqCuL8iVSuxRlKm
2CC3prsiayqadOLcA9j+/C/32jLAOC3zjVofugL6vkb6Qi/KEzr3UXWQ4qjX+rJq
x2WvxtTyPdjxavJKgvpPjwH0PNL/TeL2x8gQvjYFyl9OeKg5ZeDvh34FbzgvBWUr
RR/dGEFzZSR9afrmx0MdkW7R7VICugyZ+Ir7fyx0azpxe1HvkiKBon/EIswBbm6e
g8CVaEMAXTWvbfEkDrI7nq+B1WJVGEsPJ9Qe1q89/yLme9ZEx5yZbTAhuSbK+3ex
y9GF4mjs5L7DCNnrROkSem0jCMq1ogBesDEOZRccJ3h+ThWcdiS/3c2YuQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFCfDYrQdYvT6XO/B+VEIFID3uknPMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvSjhOaXRCMWk5UHBjNzhINVVRZ1VnUGU2U2M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQALYBOAwQA
VBW8MA8EAgACMAkDBwAqExjGAQAwDQYJKoZIhvcNAQELBQADggEBAEprFdNg2unK
RKjfJ1r14k6yFVhwKcXE34pN6eXkRIl9qLR5CZxwDDbcGJLAePBGgdSBXnFLVj2W
WAc2O6OMLLphLKGaL5sTJu9agrXD7+kDY0ACY82rOidWQZiYlk05xOzMfAyh97p6
uILP9pzHAPcS6dcjCB3Y1rhiCJ9ulJp+gUGAP0RIgp438xd1Rn9YoBi/dBccX0zT
eO3qmP6R9zhAbAecNqL0kT9Xg5SLnAo+1keCCfNQXtbITXBbCG2cY71DsColVsSc
eZ5/VrlLvE8WuIG7SvSuTNLVLIdvVYvi8hixpRLAHrS3wR5tq0szMgrHrrh5cg7i
uKLvbk9uWZ8=
-----END CERTIFICATE-----