Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/0qafQTKpUINoCVOYOkW5UnOWR94.roa
File:                     0qafQTKpUINoCVOYOkW5UnOWR94.roa (raw, json)
Hash identifier:          MusUL5944aEPud+AesWo0c3hbkne3BfD5w+aqIADrZU=
Subject key identifier:   D2:A6:9F:41:32:A9:50:83:68:09:53:98:3A:45:B9:52:73:96:47:DE
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       0199B83F9CD8CF217E9D1D9D7996FFB8CE54
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/0qafQTKpUINoCVOYOkW5UnOWR94.roa
Signing time:             Mon 06 Oct 2025 06:40:00 +0000
ROA not before:           Mon 06 Oct 2025 06:40:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        2.59.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b8:3f:9c:d8:cf:21:7e:9d:1d:9d:79:96:ff:b8:ce:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Oct  6 06:40:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2a69f4132a95083680953983a45b952739647de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:99:7f:79:22:04:45:ab:7c:f1:2d:12:a5:6c:
                    40:ce:12:e1:ea:e1:7a:18:c1:75:5a:49:96:93:3e:
                    5a:e3:ec:d8:a9:06:c3:8b:38:18:1f:bf:04:32:19:
                    84:30:93:2b:79:3f:3c:ab:75:a2:12:11:35:de:d3:
                    6d:0f:be:01:bb:0e:a2:a6:92:3f:d9:18:a1:80:27:
                    c9:81:36:32:5d:1f:8b:f1:da:ba:77:c6:c4:f3:2f:
                    d0:63:e4:11:05:67:8f:10:18:47:9b:f2:4f:b9:b2:
                    f8:a6:16:ff:25:b2:56:90:16:6c:c7:99:fb:23:2e:
                    31:9f:cf:1c:b7:c9:b6:28:50:1e:6e:8a:6a:eb:70:
                    2a:68:57:42:74:93:24:0e:7f:41:b4:6c:9f:a6:50:
                    b2:24:4a:33:21:7d:67:80:bb:e0:46:c9:3a:47:5d:
                    7b:90:3e:dc:ca:c9:cd:b4:2a:2c:5a:83:53:ea:07:
                    37:e9:35:5c:de:1c:c7:19:47:d0:4a:54:e2:9c:3a:
                    b6:7c:fe:a1:a5:eb:4b:cf:f8:59:e3:d0:a5:d8:29:
                    44:62:1f:32:b7:b0:f0:82:c5:18:c3:bb:aa:d0:68:
                    e5:17:a4:80:af:13:89:e4:09:f0:05:9d:69:16:b0:
                    18:13:ea:10:7a:e0:11:f2:ec:69:ca:ac:6f:d9:2e:
                    b9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:A6:9F:41:32:A9:50:83:68:09:53:98:3A:45:B9:52:73:96:47:DE
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/0qafQTKpUINoCVOYOkW5UnOWR94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:fd:17:cb:ba:a6:f1:e3:30:3a:96:0b:6f:fb:50:0c:64:5c:
         b1:25:30:f1:9c:eb:90:f0:d9:d1:cc:00:4b:32:d7:4a:5c:a4:
         16:19:28:70:bc:16:04:1f:0a:2d:9d:85:e3:53:a2:26:47:2d:
         03:8d:b4:cf:ff:0e:b8:b8:b3:4f:b8:c4:2d:4f:f3:5e:9b:db:
         9b:e6:52:e9:79:ce:c0:b3:a7:15:41:02:1d:ee:69:f6:83:d7:
         38:11:c8:51:82:cd:0a:f4:da:37:06:28:10:61:e2:a5:ab:9a:
         6c:fe:8f:d2:4f:a5:3c:60:18:24:67:95:35:9f:88:34:33:99:
         d3:5d:7f:dd:58:41:fa:72:ae:1b:75:65:ff:24:e8:e6:5e:2e:
         dc:cf:8c:76:94:73:9c:54:04:28:b7:6b:4f:d5:69:35:09:23:
         68:ff:4f:c0:3d:1f:41:85:50:25:2b:82:32:18:d8:29:c3:71:
         49:31:d5:63:19:63:49:22:79:0d:97:f4:8e:d5:9a:0f:fb:b4:
         9a:6e:7b:3c:6d:c1:f2:ea:15:1c:3a:e8:fb:ff:51:f4:83:20:
         11:47:9d:ba:cc:13:cf:91:86:65:82:9e:b8:e8:a7:87:c1:b1:
         a2:b8:dd:e8:a2:b4:45:c8:60:69:2d:74:74:43:02:88:32:1e:
         79:f0:ea:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm4P5zYzyF+nR2deZb/uM5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjUxMDA2MDY0MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmE2OWY0MTMyYTk1MDgzNjgwOTUzOTgzYTQ1Yjk1MjczOTY0N2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZl/eSIERat88S0SpWxAzhLh6uF6
GMF1WkmWkz5a4+zYqQbDizgYH78EMhmEMJMreT88q3WiEhE13tNtD74Buw6ippI/
2RihgCfJgTYyXR+L8dq6d8bE8y/QY+QRBWePEBhHm/JPubL4phb/JbJWkBZsx5n7
Iy4xn88ct8m2KFAebopq63AqaFdCdJMkDn9BtGyfplCyJEozIX1ngLvgRsk6R117
kD7cysnNtCosWoNT6gc36TVc3hzHGUfQSlTinDq2fP6hpetLz/hZ49Cl2ClEYh8y
t7DwgsUYw7uq0GjlF6SArxOJ5AnwBZ1pFrAYE+oQeuAR8uxpyqxv2S65hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKmn0EyqVCDaAlTmDpFuVJzlkfeMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvMHFhZlFUS3BVSU5vQ1ZPWU9rVzVVbk9XUjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAju0MA0G
CSqGSIb3DQEBCwUAA4IBAQAe/RfLuqbx4zA6lgtv+1AMZFyxJTDxnOuQ8NnRzABL
MtdKXKQWGShwvBYEHwotnYXjU6ImRy0DjbTP/w64uLNPuMQtT/Nem9ub5lLpec7A
s6cVQQId7mn2g9c4EchRgs0K9No3BigQYeKlq5ps/o/ST6U8YBgkZ5U1n4g0M5nT
XX/dWEH6cq4bdWX/JOjmXi7cz4x2lHOcVAQot2tP1Wk1CSNo/0/APR9BhVAlK4Iy
GNgpw3FJMdVjGWNJInkNl/SO1ZoP+7Sabns8bcHy6hUcOuj7/1H0gyARR526zBPP
kYZlgp646KeHwbGiuN3oorRFyGBpLXR0QwKIMh558Oog
-----END CERTIFICATE-----