Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/skoFlpQBI8LF51NmTT39lnjZrMk.roa
File:                     skoFlpQBI8LF51NmTT39lnjZrMk.roa (raw, json)
Hash identifier:          l+MFPkSAFr/Bu/aMzD3WDDtaslazJr/lXcJRueoJtKQ=
Subject key identifier:   B2:4A:05:96:94:01:23:C2:C5:E7:53:66:4D:3D:FD:96:78:D9:AC:C9
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01981F19423CF3117413EE63DD9E0038F62B
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/skoFlpQBI8LF51NmTT39lnjZrMk.roa
Signing time:             Fri 18 Jul 2025 19:53:25 +0000
ROA not before:           Fri 18 Jul 2025 19:53:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        194.38.48.0/24 maxlen: 24
                          194.38.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1f:19:42:3c:f3:11:74:13:ee:63:dd:9e:00:38:f6:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jul 18 19:53:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b24a0596940123c2c5e753664d3dfd9678d9acc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b4:7f:70:27:a3:ac:18:a1:43:8f:c5:ac:aa:
                    78:41:1b:41:4d:94:2e:63:5d:71:db:61:70:26:a5:
                    b6:1f:46:1c:31:13:24:3f:3d:79:c1:3e:7b:08:21:
                    3c:cb:12:0d:61:19:fc:30:58:e6:6c:11:aa:12:a6:
                    ed:61:a4:60:e4:e5:8e:e2:dd:c2:7f:30:9a:9d:12:
                    db:65:26:f5:31:32:80:fe:cd:7f:14:ac:1a:83:fd:
                    d4:47:33:a5:0a:e4:8c:ad:a3:50:57:6e:a3:20:7b:
                    d4:d4:50:7d:0a:9d:72:46:79:e6:e6:fc:1b:29:7d:
                    cb:8e:81:58:b0:d1:1a:eb:49:4d:5f:24:b9:17:52:
                    8a:68:e8:ed:da:86:5b:c0:13:33:ec:30:ec:53:79:
                    fe:b2:0c:5a:d6:e4:2b:99:99:31:f1:5a:4f:80:4c:
                    27:99:d9:54:e7:2a:7f:e7:48:50:87:e0:7e:d2:2e:
                    0b:0b:fd:f1:21:df:08:ec:cc:75:0d:1e:e8:46:eb:
                    3a:35:a9:bd:23:51:43:1a:ad:c2:21:f8:cb:c6:b1:
                    91:ab:88:a1:44:db:e6:8b:dc:98:06:f1:7e:a9:80:
                    4e:5f:a8:43:b4:04:d3:26:d2:04:4f:57:0b:ff:83:
                    9d:ad:5d:66:61:46:45:49:bc:4a:d7:a0:c3:56:1c:
                    27:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:4A:05:96:94:01:23:C2:C5:E7:53:66:4D:3D:FD:96:78:D9:AC:C9
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/skoFlpQBI8LF51NmTT39lnjZrMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.48.0/24
                  194.38.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:ff:76:b1:09:9b:86:ce:ac:e5:2d:52:30:2b:2c:36:18:f2:
         60:ee:b4:a9:91:8a:0e:91:10:45:38:e9:d3:f6:bd:19:f1:8e:
         c9:71:b9:99:86:ef:83:0b:81:e9:2e:47:af:46:a4:4b:1b:8a:
         5c:92:cc:db:5b:22:65:d2:22:dd:16:c5:77:2f:a5:6c:c8:5b:
         e0:85:c1:7a:22:50:cf:8c:ef:3f:7b:47:bd:af:c2:08:6d:83:
         99:de:2a:2f:1a:99:d7:fc:85:50:38:75:ac:6d:21:2e:d9:87:
         cb:b8:0f:ac:48:2b:ed:eb:14:9b:ac:0f:ba:27:47:e6:6e:ca:
         f6:a4:32:88:3f:11:e8:ba:0a:3d:bb:e3:ec:58:5d:a1:7f:6b:
         b3:6e:9d:29:f7:d7:99:b6:40:c8:38:c5:25:62:f7:85:0e:66:
         80:9e:90:bd:5c:b1:7c:bf:60:92:10:42:2f:ba:94:18:aa:c5:
         09:16:00:b6:b0:87:75:77:4d:ae:de:5c:95:47:59:cf:06:f8:
         2e:3b:8b:1f:4c:7d:30:91:75:43:99:ce:47:aa:68:56:89:d9:
         b1:39:11:57:a5:de:1a:af:cb:75:ad:8b:93:96:d1:f7:ad:a0:
         98:88:bf:73:f3:88:e4:6e:a2:01:7d:7e:9d:17:53:54:5b:ef:
         3d:be:58:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgfGUI88xF0E+5j3Z4AOPYrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwNzE4MTk1MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjRhMDU5Njk0MDEyM2MyYzVlNzUzNjY0ZDNkZmQ5Njc4ZDlhY2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7R/cCejrBihQ4/FrKp4QRtBTZQu
Y11x22FwJqW2H0YcMRMkPz15wT57CCE8yxINYRn8MFjmbBGqEqbtYaRg5OWO4t3C
fzCanRLbZSb1MTKA/s1/FKwag/3URzOlCuSMraNQV26jIHvU1FB9Cp1yRnnm5vwb
KX3LjoFYsNEa60lNXyS5F1KKaOjt2oZbwBMz7DDsU3n+sgxa1uQrmZkx8VpPgEwn
mdlU5yp/50hQh+B+0i4LC/3xId8I7Mx1DR7oRus6Nam9I1FDGq3CIfjLxrGRq4ih
RNvmi9yYBvF+qYBOX6hDtATTJtIET1cL/4OdrV1mYUZFSbxK16DDVhwnZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLJKBZaUASPCxedTZk09/ZZ42azJMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvc2tvRmxwUUJJOExGNTFObVRUMzlsbmpack1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwiYwAwQA
wiYyMA0GCSqGSIb3DQEBCwUAA4IBAQB6/3axCZuGzqzlLVIwKyw2GPJg7rSpkYoO
kRBFOOnT9r0Z8Y7JcbmZhu+DC4HpLkevRqRLG4pckszbWyJl0iLdFsV3L6VsyFvg
hcF6IlDPjO8/e0e9r8IIbYOZ3iovGpnX/IVQOHWsbSEu2YfLuA+sSCvt6xSbrA+6
J0fmbsr2pDKIPxHougo9u+PsWF2hf2uzbp0p99eZtkDIOMUlYveFDmaAnpC9XLF8
v2CSEEIvupQYqsUJFgC2sId1d02u3lyVR1nPBvguO4sfTH0wkXVDmc5HqmhWidmx
ORFXpd4ar8t1rYuTltH3raCYiL9z84jkbqIBfX6dF1NUW+89vlgd
-----END CERTIFICATE-----