Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/f4_XIVmsIZE5Q2N24spgeU0yDjk.roa
File:                     f4_XIVmsIZE5Q2N24spgeU0yDjk.roa (raw, json)
Hash identifier:          9PnPL8Uj92c8N0K6S0DkkLyk9Siv5wZEJPC/dCt0/ys=
Subject key identifier:   7F:8F:D7:21:59:AC:21:91:39:43:63:76:E2:CA:60:79:4D:32:0E:39
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       0198AA0757C8DFB2198182B8DA589F037982
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/f4_XIVmsIZE5Q2N24spgeU0yDjk.roa
Signing time:             Thu 14 Aug 2025 19:21:04 +0000
ROA not before:           Thu 14 Aug 2025 19:21:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        110.172.188.0/24 maxlen: 24
                          114.69.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:aa:07:57:c8:df:b2:19:81:82:b8:da:58:9f:03:79:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Aug 14 19:21:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f8fd72159ac219139436376e2ca60794d320e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c6:cb:9b:58:69:83:c4:36:29:9e:ca:45:c1:
                    e4:c3:c7:c6:35:c2:57:59:7c:32:0d:f7:a8:19:3a:
                    d5:00:94:ff:fe:f3:65:57:d6:44:46:98:bb:9d:8b:
                    7b:d8:03:65:0e:60:81:d3:d0:db:34:99:53:5d:75:
                    93:a8:48:8d:4c:f4:80:9c:14:c6:5c:44:77:06:0d:
                    23:50:aa:c0:50:92:da:76:3c:88:9e:c5:db:0f:4c:
                    0e:a0:b2:5e:f1:1a:08:ca:16:99:a7:c5:47:95:b1:
                    39:83:4d:5c:1e:b9:19:82:4f:0f:4c:e0:14:61:1f:
                    a4:7a:8f:a6:fe:a1:85:68:38:47:53:3f:c3:01:35:
                    5a:ec:68:22:c2:7a:9c:69:f7:9f:61:18:d8:85:a4:
                    90:9c:0f:85:15:b1:08:94:d5:93:1e:39:b5:89:93:
                    ac:5a:dd:a9:c9:8e:0a:4b:2e:47:b9:67:74:3f:c0:
                    39:1f:1a:c5:18:9a:2b:78:27:68:f9:38:05:b5:3e:
                    a5:e5:0a:c8:51:17:06:85:ab:a7:ff:44:e9:29:0f:
                    29:4a:a4:52:4f:12:8a:34:f7:e7:4e:c9:8e:4f:43:
                    0c:b5:aa:40:2c:11:f1:b3:a4:b1:69:12:a0:2e:c2:
                    cc:e4:b6:88:6b:9d:4e:f0:e7:08:82:96:ff:0d:24:
                    8f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:8F:D7:21:59:AC:21:91:39:43:63:76:E2:CA:60:79:4D:32:0E:39
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/f4_XIVmsIZE5Q2N24spgeU0yDjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.172.188.0/24
                  114.69.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:3b:7e:80:d2:a3:e8:ee:8a:e7:1b:9e:5f:fe:6b:e4:94:0e:
         f0:9c:07:d6:f2:88:46:a3:b7:79:c2:17:3d:f2:ae:49:27:62:
         9e:2e:82:dc:e6:fb:26:41:b5:b5:fb:5c:dc:8c:aa:28:1e:fb:
         72:90:02:d3:e0:94:e4:94:6e:02:be:96:ed:36:c5:ce:fc:53:
         f2:38:aa:26:12:6e:b3:51:1c:2d:c9:91:66:82:d5:41:07:33:
         09:3f:da:36:92:a9:1a:0b:de:7a:93:77:9d:00:d5:d6:2f:a3:
         19:5e:36:d9:7b:4b:dd:54:51:de:cf:c6:04:07:48:6d:8b:f4:
         58:ed:e7:f3:2c:d6:1e:02:c8:2f:de:4f:1e:0b:95:67:b5:c4:
         8a:14:32:62:19:57:3a:15:0f:ed:67:e0:ab:d5:43:07:5e:f0:
         10:1a:c5:9d:3e:40:f7:a2:2a:dd:0a:ba:f5:78:4f:73:1e:12:
         b0:5e:0c:55:0c:81:63:c4:48:77:af:77:0c:f4:af:59:96:8f:
         d0:80:c2:11:c6:2d:a7:22:be:f6:99:74:4b:8c:8d:12:c0:dc:
         e9:7b:85:da:db:ce:82:53:c9:95:bd:fd:24:d3:f4:58:49:a0:
         63:f1:91:bf:81:e8:e0:8d:50:2b:0a:ba:fb:33:e4:79:7d:39:
         cd:e4:4a:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiqB1fI37IZgYK42lifA3mCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjUwODE0MTkyMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjhmZDcyMTU5YWMyMTkxMzk0MzYzNzZlMmNhNjA3OTRkMzIwZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMbLm1hpg8Q2KZ7KRcHkw8fGNcJX
WXwyDfeoGTrVAJT//vNlV9ZERpi7nYt72ANlDmCB09DbNJlTXXWTqEiNTPSAnBTG
XER3Bg0jUKrAUJLadjyInsXbD0wOoLJe8RoIyhaZp8VHlbE5g01cHrkZgk8PTOAU
YR+keo+m/qGFaDhHUz/DATVa7GgiwnqcafefYRjYhaSQnA+FFbEIlNWTHjm1iZOs
Wt2pyY4KSy5HuWd0P8A5HxrFGJoreCdo+TgFtT6l5QrIURcGhaun/0TpKQ8pSqRS
TxKKNPfnTsmOT0MMtapALBHxs6SxaRKgLsLM5LaIa51O8OcIgpb/DSSPxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH+P1yFZrCGROUNjduLKYHlNMg45MB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvZjRfWElWbXNJWkU1UTJOMjRzcGdlVTB5RGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbqy8AwQA
ckX2MA0GCSqGSIb3DQEBCwUAA4IBAQAlO36A0qPo7ornG55f/mvklA7wnAfW8ohG
o7d5whc98q5JJ2KeLoLc5vsmQbW1+1zcjKooHvtykALT4JTklG4CvpbtNsXO/FPy
OKomEm6zURwtyZFmgtVBBzMJP9o2kqkaC956k3edANXWL6MZXjbZe0vdVFHez8YE
B0hti/RY7efzLNYeAsgv3k8eC5VntcSKFDJiGVc6FQ/tZ+Cr1UMHXvAQGsWdPkD3
oirdCrr1eE9zHhKwXgxVDIFjxEh3r3cM9K9Zlo/QgMIRxi2nIr72mXRLjI0SwNzp
e4Xa286CU8mVvf0k0/RYSaBj8ZG/gejgjVArCrr7M+R5fTnN5EoT
-----END CERTIFICATE-----