Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/n-Wmrebr6lzK0J6ASQgmm9zQzw8.roa
File:                     n-Wmrebr6lzK0J6ASQgmm9zQzw8.roa (raw, json)
Hash identifier:          gSUCEOpCYsWN0Xnm1rGEL1t6dJaB8XsJukmiSO9QmS0=
Subject key identifier:   9F:E5:A6:AD:E6:EB:EA:5C:CA:D0:9E:80:49:08:26:9B:DC:D0:CF:0F
Certificate issuer:       /CN=2811818f95be6690e8aabc5befa217346abcd574
Certificate serial:       01987F576177C2E411EB39D2975BB0E122CC
Authority key identifier: 28:11:81:8F:95:BE:66:90:E8:AA:BC:5B:EF:A2:17:34:6A:BC:D5:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBGBj5W-ZpDoqrxb76IXNGq81XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/n-Wmrebr6lzK0J6ASQgmm9zQzw8.roa
Signing time:             Wed 06 Aug 2025 12:24:49 +0000
ROA not before:           Wed 06 Aug 2025 12:24:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202561
IP address blocks:        212.108.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/KBGBj5W-ZpDoqrxb76IXNGq81XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/KBGBj5W-ZpDoqrxb76IXNGq81XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBGBj5W-ZpDoqrxb76IXNGq81XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:57:61:77:c2:e4:11:eb:39:d2:97:5b:b0:e1:22:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2811818f95be6690e8aabc5befa217346abcd574
        Validity
            Not Before: Aug  6 12:24:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fe5a6ade6ebea5ccad09e804908269bdcd0cf0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1c:e1:61:1a:7a:4f:9e:63:70:3f:df:0c:ee:
                    52:e4:61:5b:6c:7b:66:84:fe:19:af:14:16:a6:4e:
                    31:66:ab:37:1d:04:d3:b1:c3:f0:70:e4:03:bc:c7:
                    80:54:6b:fc:0a:63:6c:d9:d9:cc:ab:57:4f:ac:5b:
                    8b:5f:87:0d:50:81:ca:79:6f:57:66:53:af:89:a0:
                    e7:dd:ad:25:d3:56:d3:cb:e2:d8:ba:c3:bd:c2:2c:
                    3f:5d:d4:33:76:3d:60:65:90:f3:c6:ae:73:3d:1b:
                    0c:6f:8a:3c:a5:4a:a7:5a:36:e3:44:a3:37:f0:2d:
                    3e:55:c0:fe:f7:f9:de:4f:16:85:e8:2b:23:8b:63:
                    f4:9a:21:ce:54:52:98:23:04:d0:d4:73:74:32:25:
                    a9:e0:20:ca:12:64:7d:55:7a:76:ad:75:d4:b1:f7:
                    94:03:77:83:da:93:57:cd:f9:b4:a4:35:08:5f:d3:
                    dd:29:86:65:49:93:64:aa:f3:3e:f4:4b:ab:0e:97:
                    56:1a:69:d5:c6:a4:61:68:b0:0e:81:d1:6c:95:91:
                    2b:c9:aa:77:ba:67:14:2e:56:91:9f:ec:d7:2e:f9:
                    51:4f:6c:7e:e8:99:2c:a4:e4:5d:de:8e:7f:da:aa:
                    36:7e:d7:4b:9e:a4:6c:94:c8:f3:95:36:9a:d9:7a:
                    bf:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:E5:A6:AD:E6:EB:EA:5C:CA:D0:9E:80:49:08:26:9B:DC:D0:CF:0F
            X509v3 Authority Key Identifier:
                keyid:28:11:81:8F:95:BE:66:90:E8:AA:BC:5B:EF:A2:17:34:6A:BC:D5:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBGBj5W-ZpDoqrxb76IXNGq81XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/n-Wmrebr6lzK0J6ASQgmm9zQzw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/KBGBj5W-ZpDoqrxb76IXNGq81XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:ee:6a:79:96:0e:d8:4f:89:ec:78:8d:c0:c1:b5:07:6a:72:
         2d:54:16:c8:1f:7b:40:6d:c0:90:da:7f:ed:b0:13:e7:ee:fa:
         99:4a:0d:fa:97:71:bf:2d:22:f8:d4:79:91:52:f6:91:be:6f:
         86:dc:f1:5d:74:51:4f:b0:2f:38:e5:fe:c3:21:8c:a5:80:82:
         2b:84:26:bf:c1:e5:c7:0a:51:d2:90:a9:b8:6a:13:8a:6d:26:
         5f:2f:03:b5:b3:e5:57:d9:87:7e:cf:10:d1:f3:89:5a:c9:f8:
         a6:a6:ff:ab:52:32:3f:5f:5f:7e:da:d6:12:2f:b5:ad:9d:8e:
         27:09:af:0f:f7:a6:df:95:90:c1:29:f9:b8:ba:0f:5d:f0:00:
         9c:86:a6:7a:ab:3b:1c:7e:0b:ca:2a:0c:c9:6f:5f:ec:38:e5:
         81:8e:ad:08:8e:a2:1f:e3:36:66:b4:b6:08:51:86:e1:10:9d:
         21:64:44:ba:d9:26:59:13:2e:5e:8a:ba:d4:c1:67:87:eb:ab:
         da:ce:00:c9:d5:e6:dc:89:47:68:e1:ed:7b:2a:52:67:c3:56:
         7a:cf:45:f5:99:6b:7f:af:fa:88:fd:87:45:b3:1b:96:0f:90:
         a6:b6:ad:fd:77:4c:fc:2a:80:65:6f:bc:bb:0f:77:d5:07:5c:
         10:c3:1b:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh/V2F3wuQR6znSl1uw4SLMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTE4MThmOTViZTY2OTBlOGFhYmM1YmVmYTIxNzM0NmFi
Y2Q1NzQwHhcNMjUwODA2MTIyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmU1YTZhZGU2ZWJlYTVjY2FkMDllODA0OTA4MjY5YmRjZDBjZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBzhYRp6T55jcD/fDO5S5GFbbHtm
hP4ZrxQWpk4xZqs3HQTTscPwcOQDvMeAVGv8CmNs2dnMq1dPrFuLX4cNUIHKeW9X
ZlOviaDn3a0l01bTy+LYusO9wiw/XdQzdj1gZZDzxq5zPRsMb4o8pUqnWjbjRKM3
8C0+VcD+9/neTxaF6Csji2P0miHOVFKYIwTQ1HN0MiWp4CDKEmR9VXp2rXXUsfeU
A3eD2pNXzfm0pDUIX9PdKYZlSZNkqvM+9EurDpdWGmnVxqRhaLAOgdFslZEryap3
umcULlaRn+zXLvlRT2x+6JkspORd3o5/2qo2ftdLnqRslMjzlTaa2Xq/cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/lpq3m6+pcytCegEkIJpvc0M8PMB8GA1UdIwQY
MBaAFCgRgY+VvmaQ6Kq8W++iFzRqvNV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JHQmo1Vy1acERvcXJ4Yjc2SVhOR3E4MVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS84OWU2NTUtYmQ3OS00OTg0LWI2NDkt
NDJlNTdlZjYwMDBhLzEvbi1XbXJlYnI2bHpLMEo2QVNRZ21tOXpRenc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS84OWU2NTUtYmQ3OS00OTg0LWI2NDktNDJlNTdlZjYwMDBh
LzEvS0JHQmo1Vy1acERvcXJ4Yjc2SVhOR3E4MVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxyMA0G
CSqGSIb3DQEBCwUAA4IBAQAC7mp5lg7YT4nseI3AwbUHanItVBbIH3tAbcCQ2n/t
sBPn7vqZSg36l3G/LSL41HmRUvaRvm+G3PFddFFPsC845f7DIYylgIIrhCa/weXH
ClHSkKm4ahOKbSZfLwO1s+VX2Yd+zxDR84layfimpv+rUjI/X19+2tYSL7WtnY4n
Ca8P96bflZDBKfm4ug9d8ACchqZ6qzscfgvKKgzJb1/sOOWBjq0IjqIf4zZmtLYI
UYbhEJ0hZES62SZZEy5eirrUwWeH66vazgDJ1ebciUdo4e17KlJnw1Z6z0X1mWt/
r/qI/YdFsxuWD5Cmtq39d0z8KoBlb7y7D3fVB1wQwxvQ
-----END CERTIFICATE-----