Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/2a5155-1336-4507-9a3f-f0a7e1ca3c85/1/ctE-xjtRaK2N_xv7jPgdr16mAqk.roa
File:                     ctE-xjtRaK2N_xv7jPgdr16mAqk.roa (raw, json)
Hash identifier:          6dqptnwwlw4mSqTSZoD2O9lUv3DCB5Cf6H1piQtg/m0=
Subject key identifier:   72:D1:3E:C6:3B:51:68:AD:8D:FF:1B:FB:8C:F8:1D:AF:5E:A6:02:A9
Certificate issuer:       /CN=6816171b3f91b1d10b0445987f611428abf13e1a
Certificate serial:       019691613A45D4B7F57BDB0E2EA958E4328D
Authority key identifier: 68:16:17:1B:3F:91:B1:D1:0B:04:45:98:7F:61:14:28:AB:F1:3E:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aBYXGz-RsdELBEWYf2EUKKvxPho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/2a5155-1336-4507-9a3f-f0a7e1ca3c85/1/ctE-xjtRaK2N_xv7jPgdr16mAqk.roa
Signing time:             Fri 02 May 2025 14:23:10 +0000
ROA not before:           Fri 02 May 2025 14:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        147.172.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/2a5155-1336-4507-9a3f-f0a7e1ca3c85/1/aBYXGz-RsdELBEWYf2EUKKvxPho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/2a5155-1336-4507-9a3f-f0a7e1ca3c85/1/aBYXGz-RsdELBEWYf2EUKKvxPho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aBYXGz-RsdELBEWYf2EUKKvxPho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:91:61:3a:45:d4:b7:f5:7b:db:0e:2e:a9:58:e4:32:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6816171b3f91b1d10b0445987f611428abf13e1a
        Validity
            Not Before: May  2 14:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72d13ec63b5168ad8dff1bfb8cf81daf5ea602a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:12:10:da:13:e2:c0:cc:b6:ef:69:c7:f5:b9:
                    89:cc:d9:bf:38:24:4d:2e:77:77:2e:df:0b:8a:a3:
                    8c:24:b5:86:55:22:c9:24:0e:b2:f7:ed:c2:d3:c2:
                    77:01:2d:2b:22:a2:23:70:d5:c6:ee:dc:4e:9a:f6:
                    b5:d1:9b:32:3a:5c:ad:4e:19:e6:ba:4b:c8:36:de:
                    fc:38:5c:10:8c:03:49:67:7c:0f:45:29:55:24:91:
                    b9:fc:52:2a:20:38:10:c8:f9:8e:8e:8a:15:f2:28:
                    e6:82:07:1c:f1:92:b9:c0:96:c7:ce:b4:20:ee:93:
                    41:29:cb:53:fe:e2:51:e5:69:73:97:23:e7:a6:2e:
                    04:1a:e6:07:3c:e7:71:dc:bd:2c:33:bc:33:cc:bb:
                    d4:55:9f:19:10:5b:97:4b:a3:1d:e0:b8:ae:81:23:
                    08:6a:7e:91:54:02:78:ca:1d:f0:16:a5:44:7d:57:
                    46:f4:59:b2:1c:92:46:66:c3:22:09:f8:81:ca:78:
                    31:68:4e:1b:b3:73:b3:49:5d:ac:31:1f:41:5b:7c:
                    ab:07:ad:a5:18:aa:83:c1:fa:60:f4:a8:16:ad:f1:
                    05:74:a6:f0:13:e8:97:ca:be:5b:29:25:79:4b:b4:
                    84:e4:f9:ff:13:00:e4:b8:57:27:18:43:e4:9c:2d:
                    32:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:D1:3E:C6:3B:51:68:AD:8D:FF:1B:FB:8C:F8:1D:AF:5E:A6:02:A9
            X509v3 Authority Key Identifier:
                keyid:68:16:17:1B:3F:91:B1:D1:0B:04:45:98:7F:61:14:28:AB:F1:3E:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aBYXGz-RsdELBEWYf2EUKKvxPho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/2a5155-1336-4507-9a3f-f0a7e1ca3c85/1/ctE-xjtRaK2N_xv7jPgdr16mAqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/2a5155-1336-4507-9a3f-f0a7e1ca3c85/1/aBYXGz-RsdELBEWYf2EUKKvxPho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.172.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9e:3a:21:ea:a9:d8:6e:ec:0b:82:aa:1f:96:34:1a:2f:66:8d:
         cb:bc:62:90:60:a3:4f:ba:0f:4b:fe:26:b2:ec:1b:40:33:56:
         6d:c2:7d:0d:d3:f5:e7:e1:e8:82:52:ad:ca:92:78:27:7d:72:
         48:5b:9e:d2:d2:fa:69:2a:bd:7e:8f:cf:a0:f9:2d:a9:3f:fa:
         77:9f:d4:f8:86:9f:9d:a5:b9:4c:b7:d6:f4:c7:01:d3:37:6c:
         80:7c:66:3c:99:95:03:42:e8:57:e8:62:c9:e0:10:30:2f:09:
         23:75:ce:7f:4a:a2:00:e2:3e:94:70:53:c8:d2:49:99:78:cc:
         27:01:7d:36:0b:1f:31:24:30:a8:e0:33:c3:61:03:d7:02:1a:
         9f:86:69:74:ad:bd:22:70:a9:dd:62:5d:e7:32:7d:ba:04:f4:
         97:9c:83:47:7d:f2:cf:d4:48:a7:61:14:4e:ff:f8:e3:4c:29:
         c2:fc:e4:2c:65:c5:b7:5c:f1:91:04:0d:f0:18:bf:56:58:57:
         bf:55:fd:23:a2:20:83:98:1d:f9:88:08:62:9e:ed:38:8a:d1:
         52:db:75:9e:ac:7e:d3:b9:84:62:02:e5:99:04:eb:08:20:a8:
         75:ed:45:a7:ff:3b:12:a9:5d:f1:e6:f9:97:b2:01:23:2a:9e:
         58:9f:51:16
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZaRYTpF1Lf1e9sOLqlY5DKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MTYxNzFiM2Y5MWIxZDEwYjA0NDU5ODdmNjExNDI4YWJm
MTNlMWEwHhcNMjUwNTAyMTQyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmQxM2VjNjNiNTE2OGFkOGRmZjFiZmI4Y2Y4MWRhZjVlYTYwMmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxIQ2hPiwMy272nH9bmJzNm/OCRN
Lnd3Lt8LiqOMJLWGVSLJJA6y9+3C08J3AS0rIqIjcNXG7txOmva10ZsyOlytThnm
ukvINt78OFwQjANJZ3wPRSlVJJG5/FIqIDgQyPmOjooV8ijmggcc8ZK5wJbHzrQg
7pNBKctT/uJR5WlzlyPnpi4EGuYHPOdx3L0sM7wzzLvUVZ8ZEFuXS6Md4LiugSMI
an6RVAJ4yh3wFqVEfVdG9FmyHJJGZsMiCfiByngxaE4bs3OzSV2sMR9BW3yrB62l
GKqDwfpg9KgWrfEFdKbwE+iXyr5bKSV5S7SE5Pn/EwDkuFcnGEPknC0yiwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHLRPsY7UWitjf8b+4z4Ha9epgKpMB8GA1UdIwQY
MBaAFGgWFxs/kbHRCwRFmH9hFCir8T4aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUJZWEd6LVJzZEVMQkVXWWYyRVVLS3Z4UGhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8yYTUxNTUtMTMzNi00NTA3LTlhM2Yt
ZjBhN2UxY2EzYzg1LzEvY3RFLXhqdFJhSzJOX3h2N2pQZ2RyMTZtQXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8yYTUxNTUtMTMzNi00NTA3LTlhM2YtZjBhN2UxY2EzYzg1
LzEvYUJZWEd6LVJzZEVMQkVXWWYyRVVLS3Z4UGhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk6wwDQYJ
KoZIhvcNAQELBQADggEBAJ46Ieqp2G7sC4KqH5Y0Gi9mjcu8YpBgo0+6D0v+JrLs
G0AzVm3CfQ3T9efh6IJSrcqSeCd9ckhbntLS+mkqvX6Pz6D5Lak/+nef1PiGn52l
uUy31vTHAdM3bIB8ZjyZlQNC6FfoYsngEDAvCSN1zn9KogDiPpRwU8jSSZl4zCcB
fTYLHzEkMKjgM8NhA9cCGp+GaXStvSJwqd1iXecyfboE9Jecg0d98s/USKdhFE7/
+ONMKcL85Cxlxbdc8ZEEDfAYv1ZYV79V/SOiIIOYHfmICGKe7TiK0VLbdZ6sftO5
hGIC5ZkE6wggqHXtRaf/OxKpXfHm+ZeyASMqnlifURY=
-----END CERTIFICATE-----