Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/P6DmMh6gJbdEiU32OPNgOyp7mCY.roa
File:                     P6DmMh6gJbdEiU32OPNgOyp7mCY.roa (raw, json)
Hash identifier:          88yaz4q97O5d7cXTtRqRjBiGFSE36MGooJOUALTPCRA=
Subject key identifier:   3F:A0:E6:32:1E:A0:25:B7:44:89:4D:F6:38:F3:60:3B:2A:7B:98:26
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01981F1943F1AAD379AD337B60D9177EF415
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/P6DmMh6gJbdEiU32OPNgOyp7mCY.roa
Signing time:             Fri 18 Jul 2025 19:53:25 +0000
ROA not before:           Fri 18 Jul 2025 19:53:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7843
IP address blocks:        194.38.48.0/24 maxlen: 24
                          194.38.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1f:19:43:f1:aa:d3:79:ad:33:7b:60:d9:17:7e:f4:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jul 18 19:53:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fa0e6321ea025b744894df638f3603b2a7b9826
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:41:ab:f0:47:6b:55:5e:9f:c6:86:a3:36:7d:
                    88:f6:49:5b:83:2d:3d:41:68:6b:96:bc:12:a6:ee:
                    cc:db:f9:c2:52:37:f1:d4:bf:dc:4c:07:a7:02:72:
                    9c:08:3f:d3:4e:f5:6f:24:0a:a9:29:f9:3e:ee:ef:
                    11:f3:ef:ce:11:46:90:79:2c:24:c2:16:cc:3c:37:
                    70:d3:c3:71:77:d8:97:e7:13:22:6c:49:49:5a:a1:
                    35:d1:d3:98:97:00:68:db:f6:82:66:c5:d2:9d:d5:
                    b2:81:0f:1a:48:49:7e:ca:f4:61:b5:59:f7:c9:90:
                    04:63:20:a6:36:79:3b:54:9f:ba:f9:98:00:5d:60:
                    45:5f:03:79:7a:20:e8:03:97:61:35:11:bf:e6:ed:
                    c8:a8:1c:5b:0c:90:02:90:77:7d:26:f5:19:07:d4:
                    54:d3:5f:31:46:a7:ea:52:85:24:5a:ee:5a:96:51:
                    35:f8:04:00:2d:45:99:8d:59:60:08:17:33:30:c7:
                    9f:02:5e:c4:c7:f5:00:8b:bd:82:9c:05:f0:a5:de:
                    10:4b:85:15:9b:b9:84:41:2e:52:a2:23:be:3a:dc:
                    cf:b3:e9:34:7d:ba:d6:ce:64:53:49:f9:46:f5:7b:
                    9c:61:c9:d1:69:21:d0:49:06:ab:c2:3f:e9:3c:9c:
                    11:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:A0:E6:32:1E:A0:25:B7:44:89:4D:F6:38:F3:60:3B:2A:7B:98:26
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/P6DmMh6gJbdEiU32OPNgOyp7mCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.48.0/24
                  194.38.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:94:ab:83:cd:ad:3d:de:f2:bc:5a:f8:34:82:b6:89:60:e8:
         ce:52:4b:f7:36:44:62:42:61:5a:b9:65:3e:38:bd:4f:2d:2f:
         05:50:7f:1c:51:2d:f4:5e:5b:7f:37:27:be:c3:bd:e3:d3:bb:
         16:dd:78:3b:80:8e:c8:33:fa:e0:9f:29:aa:7e:d4:a3:60:9b:
         bc:1c:ed:95:32:6b:5d:9b:99:23:45:96:8e:38:36:bf:e9:c3:
         69:11:73:ea:84:2b:0f:d0:7d:55:ce:8a:89:f1:09:b7:35:88:
         8e:3f:30:fa:21:6c:6a:ba:4d:0b:fc:13:ef:09:6c:88:7f:2f:
         51:17:f4:31:14:45:8e:76:f6:f7:df:40:22:1f:63:de:8d:e8:
         83:f0:a2:b7:c4:05:f3:7f:35:13:e0:a6:64:12:96:b5:3f:55:
         bc:d8:dc:d7:35:f1:29:90:04:9d:b0:ff:86:de:c2:bf:3c:e1:
         cf:cb:26:42:08:45:96:35:9e:39:55:d9:ba:c7:85:89:9a:6e:
         5f:ab:0b:e0:fd:35:07:f9:9d:07:ea:22:cf:8a:2c:2e:09:84:
         66:40:c6:47:b7:13:da:6d:48:c8:be:f5:72:6f:4b:0e:c5:61:
         01:97:8a:b4:6e:f5:fd:2f:44:90:57:7f:67:fd:94:3e:a2:bc:
         6c:99:a4:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgfGUPxqtN5rTN7YNkXfvQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwNzE4MTk1MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmEwZTYzMjFlYTAyNWI3NDQ4OTRkZjYzOGYzNjAzYjJhN2I5ODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UGr8EdrVV6fxoajNn2I9klbgy09
QWhrlrwSpu7M2/nCUjfx1L/cTAenAnKcCD/TTvVvJAqpKfk+7u8R8+/OEUaQeSwk
whbMPDdw08Nxd9iX5xMibElJWqE10dOYlwBo2/aCZsXSndWygQ8aSEl+yvRhtVn3
yZAEYyCmNnk7VJ+6+ZgAXWBFXwN5eiDoA5dhNRG/5u3IqBxbDJACkHd9JvUZB9RU
018xRqfqUoUkWu5allE1+AQALUWZjVlgCBczMMefAl7Ex/UAi72CnAXwpd4QS4UV
m7mEQS5SoiO+OtzPs+k0fbrWzmRTSflG9XucYcnRaSHQSQarwj/pPJwRfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD+g5jIeoCW3RIlN9jjzYDsqe5gmMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvUDZEbU1oNmdKYmRFaVUzMk9QTmdPeXA3bUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwiYwAwQA
wiYyMA0GCSqGSIb3DQEBCwUAA4IBAQAtlKuDza093vK8Wvg0graJYOjOUkv3NkRi
QmFauWU+OL1PLS8FUH8cUS30Xlt/Nye+w73j07sW3Xg7gI7IM/rgnymqftSjYJu8
HO2VMmtdm5kjRZaOODa/6cNpEXPqhCsP0H1VzoqJ8Qm3NYiOPzD6IWxquk0L/BPv
CWyIfy9RF/QxFEWOdvb330AiH2PejeiD8KK3xAXzfzUT4KZkEpa1P1W82NzXNfEp
kASdsP+G3sK/POHPyyZCCEWWNZ45Vdm6x4WJmm5fqwvg/TUH+Z0H6iLPiiwuCYRm
QMZHtxPabUjIvvVyb0sOxWEBl4q0bvX9L0SQV39n/ZQ+orxsmaRK
-----END CERTIFICATE-----