Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2ea0e9-27f7-4d71-a900-27be09118c61/1/dPTbW5NvAJKveanwf9xsMOGfn5Y.roa
File:                     dPTbW5NvAJKveanwf9xsMOGfn5Y.roa (raw, json)
Hash identifier:          DpFROJeoc1UpOy7/3HzFb7ViY51RvdrZHobQAff/jls=
Subject key identifier:   74:F4:DB:5B:93:6F:00:92:AF:79:A9:F0:7F:DC:6C:30:E1:9F:9F:96
Certificate issuer:       /CN=197fc930e4aa59b0303459f755698e8f998f471e
Certificate serial:       0197B00710C9BC727B4F65AEF4AAE5A21979
Authority key identifier: 19:7F:C9:30:E4:AA:59:B0:30:34:59:F7:55:69:8E:8F:99:8F:47:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GX_JMOSqWbAwNFn3VWmOj5mPRx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2ea0e9-27f7-4d71-a900-27be09118c61/1/dPTbW5NvAJKveanwf9xsMOGfn5Y.roa
Signing time:             Fri 27 Jun 2025 06:15:42 +0000
ROA not before:           Fri 27 Jun 2025 06:15:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        138.200.0.0/20 maxlen: 24
                          138.200.0.0/21 maxlen: 21
                          138.200.8.0/22 maxlen: 22
                          138.200.12.0/23 maxlen: 23
                          138.200.14.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2ea0e9-27f7-4d71-a900-27be09118c61/1/GX_JMOSqWbAwNFn3VWmOj5mPRx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2ea0e9-27f7-4d71-a900-27be09118c61/1/GX_JMOSqWbAwNFn3VWmOj5mPRx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GX_JMOSqWbAwNFn3VWmOj5mPRx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b0:07:10:c9:bc:72:7b:4f:65:ae:f4:aa:e5:a2:19:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=197fc930e4aa59b0303459f755698e8f998f471e
        Validity
            Not Before: Jun 27 06:15:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74f4db5b936f0092af79a9f07fdc6c30e19f9f96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:30:3d:62:6e:19:d1:4e:17:ac:ad:bf:72:4b:
                    39:6f:92:84:3a:60:20:60:d1:d6:3f:18:34:96:05:
                    87:b3:03:ea:1c:fe:0b:73:bc:1b:f7:79:ec:7d:4e:
                    7e:ca:fb:45:9a:1d:4d:d8:2f:70:81:9e:c1:79:3b:
                    13:e1:6f:69:ec:81:cb:6a:20:b1:1e:21:3b:b5:07:
                    b9:9a:c7:8c:6c:f4:59:8b:cd:d5:35:74:57:7c:56:
                    16:5e:a8:cf:70:31:e5:83:dc:86:0a:52:6e:d3:15:
                    eb:2f:9c:7c:e4:9c:e6:db:b6:5f:e4:05:08:6d:87:
                    b0:97:8a:63:21:6a:a8:2b:48:0d:02:d9:10:52:04:
                    f8:e7:f2:38:95:fe:c3:e4:3e:7f:47:09:c8:b4:ae:
                    f0:42:ef:e3:11:e7:78:5a:fa:93:b2:86:cb:d5:83:
                    44:58:b5:81:6f:4a:e8:8c:97:85:53:03:ad:29:13:
                    b1:64:ef:46:12:a5:c3:c4:3e:50:05:70:2b:75:a8:
                    8c:55:cb:95:96:49:95:1d:6c:38:c3:39:b9:dd:31:
                    08:60:39:a1:96:d6:c1:93:e9:19:d0:3a:f7:5a:4b:
                    f8:7d:cb:f3:c6:ab:99:ca:6c:da:fb:41:8b:51:86:
                    39:a8:a0:25:3c:de:8c:3e:c4:21:69:e4:8f:10:18:
                    89:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F4:DB:5B:93:6F:00:92:AF:79:A9:F0:7F:DC:6C:30:E1:9F:9F:96
            X509v3 Authority Key Identifier:
                keyid:19:7F:C9:30:E4:AA:59:B0:30:34:59:F7:55:69:8E:8F:99:8F:47:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GX_JMOSqWbAwNFn3VWmOj5mPRx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2ea0e9-27f7-4d71-a900-27be09118c61/1/dPTbW5NvAJKveanwf9xsMOGfn5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2ea0e9-27f7-4d71-a900-27be09118c61/1/GX_JMOSqWbAwNFn3VWmOj5mPRx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.200.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         01:94:16:f3:58:b7:c8:f2:ef:b9:68:ca:8c:73:bf:00:bc:90:
         39:01:23:e3:6c:b0:37:5c:41:67:fa:99:73:1c:83:71:a6:21:
         15:00:af:2e:3f:2a:a5:1c:3f:59:10:11:ec:01:69:fe:7b:c7:
         13:99:3b:cb:f4:e3:7d:2e:6e:20:8b:64:6b:99:42:12:62:30:
         6b:e2:d6:d8:de:ab:e9:c4:ec:33:e4:45:03:59:5f:96:e5:8d:
         fa:20:9c:83:33:bf:aa:f1:15:5b:fc:93:25:82:e4:bc:75:e8:
         fd:44:ce:b6:b8:4d:d9:55:4c:bd:3a:1d:b0:58:df:2c:c2:f0:
         88:66:68:89:14:c6:20:c4:7c:38:e7:25:cb:c6:4a:c8:21:0b:
         09:4e:f6:fb:da:25:df:42:6c:76:70:8f:96:97:b5:32:a7:fc:
         77:a1:1f:95:30:fa:0d:15:4a:ed:22:0b:4b:e4:9f:ef:b2:2f:
         79:59:20:cd:72:0f:36:21:01:2d:2b:f3:57:0e:3b:3d:84:21:
         76:47:6f:4a:50:07:3d:2d:59:ed:4e:4a:8b:b3:a8:0e:97:05:
         77:f2:85:05:ba:79:77:81:97:97:35:ce:14:c9:81:40:a0:68:
         db:f1:83:f5:47:b6:93:13:27:fa:ea:38:2a:8b:e9:c2:82:35:
         cc:b7:ae:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZewBxDJvHJ7T2Wu9Krlohl5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5N2ZjOTMwZTRhYTU5YjAzMDM0NTlmNzU1Njk4ZThmOTk4
ZjQ3MWUwHhcNMjUwNjI3MDYxNTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGY0ZGI1YjkzNmYwMDkyYWY3OWE5ZjA3ZmRjNmMzMGUxOWY5Zjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDA9Ym4Z0U4XrK2/cks5b5KEOmAg
YNHWPxg0lgWHswPqHP4Lc7wb93nsfU5+yvtFmh1N2C9wgZ7BeTsT4W9p7IHLaiCx
HiE7tQe5mseMbPRZi83VNXRXfFYWXqjPcDHlg9yGClJu0xXrL5x85Jzm27Zf5AUI
bYewl4pjIWqoK0gNAtkQUgT45/I4lf7D5D5/RwnItK7wQu/jEed4WvqTsobL1YNE
WLWBb0rojJeFUwOtKROxZO9GEqXDxD5QBXArdaiMVcuVlkmVHWw4wzm53TEIYDmh
ltbBk+kZ0Dr3Wkv4fcvzxquZymza+0GLUYY5qKAlPN6MPsQhaeSPEBiJBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHT021uTbwCSr3mp8H/cbDDhn5+WMB8GA1UdIwQY
MBaAFBl/yTDkqlmwMDRZ91Vpjo+Zj0ceMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1hfSk1PU3FXYkF3TkZuM1ZXbU9qNW1QUng0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yZWEwZTktMjdmNy00ZDcxLWE5MDAt
MjdiZTA5MTE4YzYxLzEvZFBUYlc1TnZBSkt2ZWFud2Y5eHNNT0dmbjVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yZWEwZTktMjdmNy00ZDcxLWE5MDAtMjdiZTA5MTE4YzYx
LzEvR1hfSk1PU3FXYkF3TkZuM1ZXbU9qNW1QUng0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEisgAMA0G
CSqGSIb3DQEBCwUAA4IBAQABlBbzWLfI8u+5aMqMc78AvJA5ASPjbLA3XEFn+plz
HINxpiEVAK8uPyqlHD9ZEBHsAWn+e8cTmTvL9ON9Lm4gi2RrmUISYjBr4tbY3qvp
xOwz5EUDWV+W5Y36IJyDM7+q8RVb/JMlguS8dej9RM62uE3ZVUy9Oh2wWN8swvCI
ZmiJFMYgxHw45yXLxkrIIQsJTvb72iXfQmx2cI+Wl7Uyp/x3oR+VMPoNFUrtIgtL
5J/vsi95WSDNcg82IQEtK/NXDjs9hCF2R29KUAc9LVntTkqLs6gOlwV38oUFunl3
gZeXNc4UyYFAoGjb8YP1R7aTEyf66jgqi+nCgjXMt64X
-----END CERTIFICATE-----