Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/dkb5gZIob1tpW-aZ36OG6g6eqVg.roa
File:                     dkb5gZIob1tpW-aZ36OG6g6eqVg.roa (raw, json)
Hash identifier:          6qmzftK2St+wbMPcDJN5VBpBK/rYP12e7Qen5uHlL/g=
Subject key identifier:   76:46:F9:81:92:28:6F:5B:69:5B:E6:99:DF:A3:86:EA:0E:9E:A9:58
Certificate issuer:       /CN=237c83447d17183380f489bc946c8b9e300ffb1d
Certificate serial:       0198D3368C4D6063A7C67977597A62178C50
Authority key identifier: 23:7C:83:44:7D:17:18:33:80:F4:89:BC:94:6C:8B:9E:30:0F:FB:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I3yDRH0XGDOA9Im8lGyLnjAP-x0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/dkb5gZIob1tpW-aZ36OG6g6eqVg.roa
Signing time:             Fri 22 Aug 2025 19:17:04 +0000
ROA not before:           Fri 22 Aug 2025 19:17:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12684
IP address blocks:        84.235.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/I3yDRH0XGDOA9Im8lGyLnjAP-x0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/I3yDRH0XGDOA9Im8lGyLnjAP-x0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I3yDRH0XGDOA9Im8lGyLnjAP-x0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d3:36:8c:4d:60:63:a7:c6:79:77:59:7a:62:17:8c:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=237c83447d17183380f489bc946c8b9e300ffb1d
        Validity
            Not Before: Aug 22 19:17:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7646f98192286f5b695be699dfa386ea0e9ea958
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8f:e9:c1:23:83:b6:a9:e7:f6:08:fd:ef:4a:
                    31:3b:57:db:a8:fd:d9:ec:a2:e4:e2:30:21:e9:b9:
                    1f:c8:77:f2:0d:11:66:7a:34:8d:50:c0:36:2f:03:
                    63:ff:c4:b5:6e:60:a7:fb:49:d1:8b:0d:8a:30:f8:
                    a4:7d:cd:d8:4c:cb:55:7b:c1:70:4c:08:33:21:00:
                    9b:38:82:6d:f0:34:89:fe:4e:fc:30:2c:38:60:33:
                    08:30:94:8a:95:82:03:c8:9f:22:d4:f9:5f:4c:f8:
                    91:c9:c2:1c:66:1a:19:f5:f9:4a:4a:81:80:da:7a:
                    dc:79:50:48:c3:58:7b:57:e8:10:77:87:67:79:67:
                    3c:31:f7:47:aa:80:88:ad:a5:37:1d:f7:68:2d:43:
                    05:65:2a:6c:0d:ec:69:39:9a:e1:2d:8f:ad:7f:b6:
                    8f:57:f4:23:1d:8d:f8:18:10:36:6d:d0:76:a4:e7:
                    20:0b:ca:5e:da:f4:41:85:67:41:be:65:a9:2c:0e:
                    e1:95:a7:02:1c:50:25:a4:07:64:58:29:60:b4:50:
                    4e:72:15:2a:13:5c:50:82:9a:95:c3:04:3a:94:be:
                    cf:d0:f0:d0:93:c2:11:58:f4:fb:12:c7:74:82:6b:
                    b0:ee:0d:3f:1d:02:a0:b6:18:5b:56:ad:ea:f6:46:
                    a7:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:46:F9:81:92:28:6F:5B:69:5B:E6:99:DF:A3:86:EA:0E:9E:A9:58
            X509v3 Authority Key Identifier:
                keyid:23:7C:83:44:7D:17:18:33:80:F4:89:BC:94:6C:8B:9E:30:0F:FB:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I3yDRH0XGDOA9Im8lGyLnjAP-x0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/dkb5gZIob1tpW-aZ36OG6g6eqVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9d59e1-7a67-469d-b4da-8b3372234dc0/1/I3yDRH0XGDOA9Im8lGyLnjAP-x0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.235.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:9d:5c:fe:a8:84:4d:75:3d:07:f7:cf:81:cb:ee:2c:bd:1e:
         76:41:7b:8a:9b:37:8e:e7:e0:bf:25:62:06:84:ba:ad:24:8e:
         53:4d:3c:fc:6f:30:e6:84:7b:a7:1f:74:1d:dd:16:64:64:aa:
         4f:4f:33:13:17:5b:90:aa:10:e5:67:cf:e9:d9:00:5f:cb:c7:
         35:d9:7d:45:64:60:39:f2:a7:f1:d0:a7:04:4c:a0:50:c9:b5:
         94:79:54:33:14:e4:b4:5a:f9:1d:6f:29:b2:bf:fc:94:60:d5:
         ed:fc:17:0d:23:84:d7:df:99:27:1a:90:48:82:48:55:26:25:
         87:16:7f:b2:6f:c9:af:c3:a9:52:56:4f:6c:38:a4:3d:ba:a0:
         35:0d:8c:59:61:26:6d:24:a4:65:44:36:52:ae:8b:9f:ab:43:
         7c:54:2a:5c:90:b0:00:6d:0e:b5:16:53:42:8b:b4:df:5a:6c:
         e6:5a:a4:33:cd:12:91:69:ad:db:8d:38:77:d5:77:a1:7c:a9:
         f1:b0:6e:28:5f:36:7c:d4:44:4e:dc:1b:39:9c:d8:9e:7b:61:
         18:25:ee:3d:81:b4:50:f4:74:07:94:e5:90:02:6a:69:cc:6f:
         71:49:0d:36:b0:6f:58:a7:31:57:c4:43:8d:c9:32:27:22:9c:
         f6:14:19:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjTNoxNYGOnxnl3WXpiF4xQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzN2M4MzQ0N2QxNzE4MzM4MGY0ODliYzk0NmM4YjllMzAw
ZmZiMWQwHhcNMjUwODIyMTkxNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjQ2Zjk4MTkyMjg2ZjViNjk1YmU2OTlkZmEzODZlYTBlOWVhOTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqI/pwSODtqnn9gj970oxO1fbqP3Z
7KLk4jAh6bkfyHfyDRFmejSNUMA2LwNj/8S1bmCn+0nRiw2KMPikfc3YTMtVe8Fw
TAgzIQCbOIJt8DSJ/k78MCw4YDMIMJSKlYIDyJ8i1PlfTPiRycIcZhoZ9flKSoGA
2nrceVBIw1h7V+gQd4dneWc8MfdHqoCIraU3HfdoLUMFZSpsDexpOZrhLY+tf7aP
V/QjHY34GBA2bdB2pOcgC8pe2vRBhWdBvmWpLA7hlacCHFAlpAdkWClgtFBOchUq
E1xQgpqVwwQ6lL7P0PDQk8IRWPT7Esd0gmuw7g0/HQKgthhbVq3q9kanRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZG+YGSKG9baVvmmd+jhuoOnqlYMB8GA1UdIwQY
MBaAFCN8g0R9FxgzgPSJvJRsi54wD/sdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTN5RFJIMFhHRE9BOUltOGxHeUxuakFQLXgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS85ZDU5ZTEtN2E2Ny00NjlkLWI0ZGEt
OGIzMzcyMjM0ZGMwLzEvZGtiNWdaSW9iMXRwVy1hWjM2T0c2ZzZlcVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS85ZDU5ZTEtN2E2Ny00NjlkLWI0ZGEtOGIzMzcyMjM0ZGMw
LzEvSTN5RFJIMFhHRE9BOUltOGxHeUxuakFQLXgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVOuNMA0G
CSqGSIb3DQEBCwUAA4IBAQA/nVz+qIRNdT0H98+By+4svR52QXuKmzeO5+C/JWIG
hLqtJI5TTTz8bzDmhHunH3Qd3RZkZKpPTzMTF1uQqhDlZ8/p2QBfy8c12X1FZGA5
8qfx0KcETKBQybWUeVQzFOS0Wvkdbymyv/yUYNXt/BcNI4TX35knGpBIgkhVJiWH
Fn+yb8mvw6lSVk9sOKQ9uqA1DYxZYSZtJKRlRDZSroufq0N8VCpckLAAbQ61FlNC
i7TfWmzmWqQzzRKRaa3bjTh31XehfKnxsG4oXzZ81ERO3Bs5nNiee2EYJe49gbRQ
9HQHlOWQAmppzG9xSQ02sG9YpzFXxEONyTInIpz2FBm/
-----END CERTIFICATE-----