Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/1-7dAZzRBbFa11Vn8DGlQ2QYhnKQ.roa
File:                     1-7dAZzRBbFa11Vn8DGlQ2QYhnKQ.roa (raw, json)
Hash identifier:          paOrHtzZ6Pf1no7vHSa5YDI9HD1Gf08R7MZd074FoNM=
Subject key identifier:   FB:B7:40:67:34:41:6C:56:B5:D5:59:FC:0C:69:50:D9:06:21:9C:A4
Certificate issuer:       /CN=635d5b644e22fb488e4d6c0012b0aabf238e61e5
Certificate serial:       0198A444BB385ABC0049D25983359575AA03
Authority key identifier: 63:5D:5B:64:4E:22:FB:48:8E:4D:6C:00:12:B0:AA:BF:23:8E:61:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/1-7dAZzRBbFa11Vn8DGlQ2QYhnKQ.roa
Signing time:             Wed 13 Aug 2025 16:30:24 +0000
ROA not before:           Wed 13 Aug 2025 16:30:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        217.65.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a4:44:bb:38:5a:bc:00:49:d2:59:83:35:95:75:aa:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=635d5b644e22fb488e4d6c0012b0aabf238e61e5
        Validity
            Not Before: Aug 13 16:30:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fbb7406734416c56b5d559fc0c6950d906219ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:a5:03:77:c1:72:6a:9a:d6:c3:6a:b1:09:c7:
                    18:b9:05:12:2f:82:f7:de:17:95:cd:f6:12:ff:2a:
                    a3:19:d2:cd:f4:c7:61:b6:dc:46:3f:61:91:f1:3c:
                    9d:cd:b9:aa:55:3d:b3:e1:48:db:29:ea:09:f3:83:
                    0b:f7:44:4e:55:cc:18:9c:d1:be:30:3f:35:ad:88:
                    c4:2b:81:5c:01:b5:a8:18:06:5e:83:aa:94:7c:d9:
                    52:0c:3a:58:47:69:4a:8b:ef:37:50:1a:e3:c4:43:
                    56:27:85:ed:28:3e:e2:5d:36:80:fe:45:f3:32:46:
                    7c:69:72:4f:b6:7c:75:dd:c3:8b:51:3e:c9:71:0d:
                    5a:51:ac:ed:03:89:0d:37:d5:29:13:18:eb:f9:7b:
                    92:16:37:cb:9b:e0:05:cb:16:d4:83:fc:f1:c4:92:
                    99:1e:0e:a3:40:48:74:43:9c:65:50:f3:4e:5b:c4:
                    be:72:1f:93:7c:1d:a6:72:2d:cf:e8:6d:a1:6e:93:
                    25:e9:11:d5:21:95:0b:c7:fe:e6:93:bd:04:03:e3:
                    71:17:c2:b9:73:a4:8a:11:a2:05:6e:07:21:56:cd:
                    f1:f0:23:c1:e1:76:d5:e3:c1:cd:e2:0c:3e:b0:3a:
                    8a:8a:ef:93:80:a2:23:44:4e:20:6b:1f:ee:d2:27:
                    77:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:B7:40:67:34:41:6C:56:B5:D5:59:FC:0C:69:50:D9:06:21:9C:A4
            X509v3 Authority Key Identifier:
                keyid:63:5D:5B:64:4E:22:FB:48:8E:4D:6C:00:12:B0:AA:BF:23:8E:61:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/1-7dAZzRBbFa11Vn8DGlQ2QYhnKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.65.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:27:ac:3e:5a:fb:31:57:df:27:c3:75:83:40:f9:75:71:3c:
         51:62:28:1e:db:7d:c8:66:a3:a9:59:55:f3:b3:23:b6:d3:1e:
         c4:0a:a5:7d:88:1c:27:39:87:eb:bd:72:58:7a:52:bf:cd:90:
         ef:9f:99:08:3d:28:63:33:50:ef:44:14:d2:71:f7:ef:9f:6b:
         31:a5:74:df:70:b6:a6:c1:c2:a8:b0:46:0e:ea:a2:15:6c:cb:
         87:88:bb:c7:66:23:85:a3:6a:e9:ec:f6:48:14:5e:9d:d2:8a:
         5d:d5:6d:2e:c3:af:43:a2:ff:34:22:61:33:18:85:7f:23:7d:
         53:cd:85:33:e9:3c:74:c2:dd:8e:73:7d:ea:d9:ba:e1:98:d5:
         99:76:a4:db:40:cc:31:a8:3d:24:25:17:f2:9f:a8:00:f0:e7:
         d0:20:e3:24:c1:e3:57:59:80:b4:97:f6:b8:88:e6:7d:73:9c:
         ea:61:eb:bc:a8:2c:8e:ea:4c:5e:93:33:b9:06:ef:26:4c:e3:
         c8:71:a0:42:24:ed:4f:65:df:16:16:01:ed:52:b3:a9:07:4b:
         fc:85:78:51:d8:b0:64:84:3e:88:6e:98:6d:1c:45:ed:38:c3:
         db:03:6c:2b:27:ab:3b:5f:58:35:c9:78:33:82:b5:79:0d:5a:
         e2:9d:d4:ff
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZikRLs4WrwASdJZgzWVdaoDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNWQ1YjY0NGUyMmZiNDg4ZTRkNmMwMDEyYjBhYWJmMjM4
ZTYxZTUwHhcNMjUwODEzMTYzMDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmI3NDA2NzM0NDE2YzU2YjVkNTU5ZmMwYzY5NTBkOTA2MjE5Y2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5qUDd8FyaprWw2qxCccYuQUSL4L3
3heVzfYS/yqjGdLN9MdhttxGP2GR8TydzbmqVT2z4UjbKeoJ84ML90ROVcwYnNG+
MD81rYjEK4FcAbWoGAZeg6qUfNlSDDpYR2lKi+83UBrjxENWJ4XtKD7iXTaA/kXz
MkZ8aXJPtnx13cOLUT7JcQ1aUaztA4kNN9UpExjr+XuSFjfLm+AFyxbUg/zxxJKZ
Hg6jQEh0Q5xlUPNOW8S+ch+TfB2mci3P6G2hbpMl6RHVIZULx/7mk70EA+NxF8K5
c6SKEaIFbgchVs3x8CPB4XbV48HN4gw+sDqKiu+TgKIjRE4gax/u0id3bQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPu3QGc0QWxWtdVZ/AxpUNkGIZykMB8GA1UdIwQY
MBaAFGNdW2ROIvtIjk1sABKwqr8jjmHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTExYlpFNGktMGlPVFd3QUVyQ3F2eU9PWWVVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9mZTdmYzItNDFjYy00NjdkLTk4MGIt
ZjVhZjYxNmI1NDgzLzEvMS03ZEFaelJCYkZhMTFWbjhER2xRMlFZaG5LUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTgvZmU3ZmMyLTQxY2MtNDY3ZC05ODBiLWY1YWY2MTZiNTQ4
My8xL1kxMWJaRTRpLTBpT1RXd0FFckNxdnlPT1llVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANlBSDAN
BgkqhkiG9w0BAQsFAAOCAQEACiesPlr7MVffJ8N1g0D5dXE8UWIoHtt9yGajqVlV
87MjttMexAqlfYgcJzmH671yWHpSv82Q75+ZCD0oYzNQ70QU0nH3759rMaV033C2
psHCqLBGDuqiFWzLh4i7x2YjhaNq6ez2SBRendKKXdVtLsOvQ6L/NCJhMxiFfyN9
U82FM+k8dMLdjnN96tm64ZjVmXak20DMMag9JCUX8p+oAPDn0CDjJMHjV1mAtJf2
uIjmfXOc6mHrvKgsjupMXpMzuQbvJkzjyHGgQiTtT2XfFhYB7VKzqQdL/IV4Udiw
ZIQ+iG6YbRxF7TjD2wNsKyerO19YNcl4M4K1eQ1a4p3U/w==
-----END CERTIFICATE-----