Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/AaqGc6BSfnPK1j4fwRiQ9B5z8Ko.roa
File:                     AaqGc6BSfnPK1j4fwRiQ9B5z8Ko.roa (raw, json)
Hash identifier:          JZb3yca7iWrB+TqkYDnL3xcicD4SCErsZ4tkUL7SBA4=
Subject key identifier:   01:AA:86:73:A0:52:7E:73:CA:D6:3E:1F:C1:18:90:F4:1E:73:F0:AA
Certificate issuer:       /CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
Certificate serial:       0197A1FCABC7B4028B96C6BD768571690779
Authority key identifier: 8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/AaqGc6BSfnPK1j4fwRiQ9B5z8Ko.roa
Signing time:             Tue 24 Jun 2025 12:49:40 +0000
ROA not before:           Tue 24 Jun 2025 12:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     271935
IP address blocks:        185.27.144.0/23 maxlen: 24
                          185.27.146.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a1:fc:ab:c7:b4:02:8b:96:c6:bd:76:85:71:69:07:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
        Validity
            Not Before: Jun 24 12:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01aa8673a0527e73cad63e1fc11890f41e73f0aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e0:2c:8a:72:5b:64:01:75:64:c9:38:8d:cf:
                    29:d0:78:96:f6:d2:df:c8:24:cf:de:80:7b:b6:a8:
                    2d:45:32:da:8f:c4:d3:b8:48:2b:d1:99:7e:46:ba:
                    96:10:72:4c:74:03:d9:da:84:10:1b:f6:c6:18:60:
                    f7:58:31:0f:3f:b1:9f:b6:77:10:5f:20:5b:f3:2f:
                    f7:4c:24:b5:ab:cc:da:ad:5b:64:8a:9b:ef:b0:fa:
                    6a:07:90:d0:ba:26:fd:39:66:1b:68:20:46:e6:3d:
                    3d:26:60:f2:3b:63:8f:4c:48:12:e1:50:75:42:05:
                    24:84:a1:e0:41:fb:be:83:bc:e3:50:0e:c6:92:54:
                    a2:94:a0:85:e6:43:c6:b9:ea:c6:13:b4:3b:ae:64:
                    fd:2b:cd:99:21:65:44:bc:58:a5:6a:4e:f6:6e:47:
                    b9:fa:ea:81:9d:75:97:88:d3:f0:c6:2a:56:db:24:
                    4d:80:57:97:30:e6:d5:d7:2e:1e:76:44:90:ae:62:
                    5c:9b:cb:59:fb:d6:79:58:16:43:c5:41:bd:f6:78:
                    d4:9a:b4:7c:ce:f2:bf:88:ae:e4:39:6c:bd:0f:9a:
                    69:8d:91:91:78:0d:8e:1e:3f:fb:c4:03:cd:cf:41:
                    ee:27:6f:f6:22:c0:b7:d7:a9:32:f5:53:ce:03:19:
                    64:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:AA:86:73:A0:52:7E:73:CA:D6:3E:1F:C1:18:90:F4:1E:73:F0:AA
            X509v3 Authority Key Identifier:
                keyid:8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/AaqGc6BSfnPK1j4fwRiQ9B5z8Ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:6f:f6:b5:fb:63:e2:53:cf:a2:df:da:86:78:32:b6:14:f8:
         09:55:05:ad:60:a1:39:0d:b5:50:aa:53:0c:86:fa:2d:52:c0:
         53:5f:52:8c:1b:e7:56:63:8f:6d:2e:6f:ca:80:64:c6:c1:8b:
         ed:72:2c:76:aa:e7:72:75:e7:00:a4:ec:1f:56:1f:bb:95:12:
         69:fb:a6:16:50:d3:c8:7f:98:dd:76:36:38:94:57:17:6f:ad:
         85:38:78:4b:31:6f:44:ec:3c:c8:b2:62:cd:ea:dc:f2:b7:7a:
         8c:9b:25:8e:cc:09:a5:16:46:a9:35:85:35:ee:8f:b7:f7:43:
         78:05:8b:89:02:0e:35:ea:80:b9:31:81:2a:35:f9:14:9e:98:
         82:8a:15:50:51:1a:39:a0:cd:68:9e:b9:20:77:bd:4d:27:f9:
         57:e9:45:19:64:0c:07:b6:81:78:d5:99:d8:59:ca:13:ff:b4:
         37:30:e2:f6:1e:2f:32:48:ae:14:74:63:8d:d9:5e:70:3f:62:
         16:6a:b4:bf:87:47:24:cc:94:9b:b9:2d:ab:9d:cd:73:0b:aa:
         60:91:50:6a:f3:88:24:00:4e:fa:bc:71:b9:b1:66:4f:b5:a9:
         2c:d3:68:a5:0e:99:21:a3:60:99:bf:98:d9:c6:fe:73:41:d4:
         b5:27:4b:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeh/KvHtAKLlsa9doVxaQd5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjk4ZDYzOTcwYWIwM2NkZmJmNTE0ZmEwZThlZDIxMzEw
OTg1ZjEwHhcNMjUwNjI0MTI0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWFhODY3M2EwNTI3ZTczY2FkNjNlMWZjMTE4OTBmNDFlNzNmMGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteAsinJbZAF1ZMk4jc8p0HiW9tLf
yCTP3oB7tqgtRTLaj8TTuEgr0Zl+RrqWEHJMdAPZ2oQQG/bGGGD3WDEPP7GftncQ
XyBb8y/3TCS1q8zarVtkipvvsPpqB5DQuib9OWYbaCBG5j09JmDyO2OPTEgS4VB1
QgUkhKHgQfu+g7zjUA7GklSilKCF5kPGuerGE7Q7rmT9K82ZIWVEvFilak72bke5
+uqBnXWXiNPwxipW2yRNgFeXMObV1y4edkSQrmJcm8tZ+9Z5WBZDxUG99njUmrR8
zvK/iK7kOWy9D5ppjZGReA2OHj/7xAPNz0HuJ2/2IsC316ky9VPOAxlk/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGqhnOgUn5zytY+H8EYkPQec/CqMB8GA1UdIwQY
MBaAFI0pjWOXCrA8379RT6Do7SExCYXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDIt
NDk0NzEzYTk5NjNhLzEvQWFxR2M2QlNmblBLMWo0ZndSaVE5QjV6OEtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDItNDk0NzEzYTk5NjNh
LzEvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRuQMA0G
CSqGSIb3DQEBCwUAA4IBAQC2b/a1+2PiU8+i39qGeDK2FPgJVQWtYKE5DbVQqlMM
hvotUsBTX1KMG+dWY49tLm/KgGTGwYvtcix2qudydecApOwfVh+7lRJp+6YWUNPI
f5jddjY4lFcXb62FOHhLMW9E7DzIsmLN6tzyt3qMmyWOzAmlFkapNYU17o+390N4
BYuJAg416oC5MYEqNfkUnpiCihVQURo5oM1onrkgd71NJ/lX6UUZZAwHtoF41ZnY
WcoT/7Q3MOL2Hi8ySK4UdGON2V5wP2IWarS/h0ckzJSbuS2rnc1zC6pgkVBq84gk
AE76vHG5sWZPtaks02ilDpkho2CZv5jZxv5zQdS1J0sq
-----END CERTIFICATE-----