Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/88b6cc-2b42-41e2-99a9-4e24b119c147/1/cOJF3c93EdtdcnQUgbiiqTgw_1M.roa
File:                     cOJF3c93EdtdcnQUgbiiqTgw_1M.roa (raw, json)
Hash identifier:          zobvfeY7LZCgjAH4tIKeBPeHEqZ12dFg210JqNHCaCk=
Subject key identifier:   70:E2:45:DD:CF:77:11:DB:5D:72:74:14:81:B8:A2:A9:38:30:FF:53
Certificate issuer:       /CN=099faab2161118db1b77c1a74ecccb73e7681c36
Certificate serial:       019808F8A306D24154E9C7396363017E1873
Authority key identifier: 09:9F:AA:B2:16:11:18:DB:1B:77:C1:A7:4E:CC:CB:73:E7:68:1C:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CZ-qshYRGNsbd8GnTszLc-doHDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/88b6cc-2b42-41e2-99a9-4e24b119c147/1/cOJF3c93EdtdcnQUgbiiqTgw_1M.roa
Signing time:             Mon 14 Jul 2025 12:46:08 +0000
ROA not before:           Mon 14 Jul 2025 12:46:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20860
IP address blocks:        93.174.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/88b6cc-2b42-41e2-99a9-4e24b119c147/1/CZ-qshYRGNsbd8GnTszLc-doHDY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/88b6cc-2b42-41e2-99a9-4e24b119c147/1/CZ-qshYRGNsbd8GnTszLc-doHDY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CZ-qshYRGNsbd8GnTszLc-doHDY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:f8:a3:06:d2:41:54:e9:c7:39:63:63:01:7e:18:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=099faab2161118db1b77c1a74ecccb73e7681c36
        Validity
            Not Before: Jul 14 12:46:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70e245ddcf7711db5d72741481b8a2a93830ff53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3d:72:3e:bd:2c:56:07:09:45:f3:eb:6c:44:
                    a2:95:94:4f:c7:0d:e8:32:54:fc:57:29:96:45:04:
                    fe:d8:69:10:cf:52:c5:92:dd:18:26:78:00:57:f5:
                    d3:ba:c3:ef:21:63:04:66:2d:85:19:cf:9c:b3:11:
                    c3:e7:3e:d3:ce:89:0e:af:32:ab:c9:62:43:ec:35:
                    c0:9a:c4:c2:3e:22:dc:46:2e:fc:92:45:13:b5:c3:
                    fd:6e:18:34:35:71:13:9b:5c:8c:07:92:92:45:7d:
                    45:88:f6:62:0f:45:39:33:44:88:7c:5f:c0:88:0b:
                    bd:dd:04:d7:ca:a1:bf:d8:a6:ff:8b:42:a1:c3:f5:
                    1e:13:f6:69:66:71:8b:42:d1:03:90:21:dd:93:ab:
                    b8:cc:fb:6d:41:05:b6:5f:b7:a6:38:b3:1d:bf:19:
                    4f:25:19:d3:ee:94:47:be:df:a2:10:12:a4:12:d0:
                    fa:39:a0:ba:a8:84:d2:c2:da:f9:ad:a7:e7:55:0e:
                    5a:70:e8:b2:5b:5a:65:e2:8d:2a:79:db:a3:52:02:
                    12:b0:b8:2f:2f:27:31:13:0e:26:24:af:54:fb:ab:
                    d2:8a:1e:54:b3:9d:85:44:72:93:04:0a:3b:c3:94:
                    7b:06:d4:be:19:8d:ef:51:52:f6:50:68:4c:26:c7:
                    0a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E2:45:DD:CF:77:11:DB:5D:72:74:14:81:B8:A2:A9:38:30:FF:53
            X509v3 Authority Key Identifier:
                keyid:09:9F:AA:B2:16:11:18:DB:1B:77:C1:A7:4E:CC:CB:73:E7:68:1C:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CZ-qshYRGNsbd8GnTszLc-doHDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/88b6cc-2b42-41e2-99a9-4e24b119c147/1/cOJF3c93EdtdcnQUgbiiqTgw_1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/88b6cc-2b42-41e2-99a9-4e24b119c147/1/CZ-qshYRGNsbd8GnTszLc-doHDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:af:7e:8b:02:f5:e9:5c:6c:27:33:f7:d4:2e:b4:b3:93:56:
         92:6e:3c:ba:e9:0c:f2:84:a2:79:26:6c:93:bc:6e:bd:ae:7a:
         83:69:e8:f6:79:55:9c:30:69:16:c7:45:38:c8:31:91:52:d7:
         f7:13:9d:c4:f1:46:03:d3:df:0c:6b:6b:0f:8f:73:58:1b:f0:
         32:1f:15:84:9a:3f:44:95:bc:18:cd:f4:3b:fa:15:5e:80:33:
         40:fe:33:01:05:76:f6:51:12:d7:70:e7:59:c4:1c:6d:e2:ec:
         63:46:95:5c:72:0c:ee:13:86:f6:a3:08:d5:86:79:47:8b:47:
         fb:13:2f:16:44:f6:d3:fa:ba:b6:05:67:1e:57:a7:44:fb:3e:
         1d:0d:bd:87:0a:5a:3b:e7:3a:f2:ea:02:26:db:a3:ba:8f:b5:
         1a:17:e4:2a:7b:1b:a5:e8:e5:0e:47:17:ce:ea:13:e6:04:ae:
         bb:39:cd:68:35:4e:ec:95:e2:4f:1a:ba:7d:79:c4:51:14:44:
         14:69:f9:34:c0:95:ea:c1:cc:6c:85:a3:68:58:64:71:21:05:
         ea:54:f8:24:d7:ba:04:a2:1a:90:44:67:f3:d6:51:0c:08:84:
         27:8e:26:e5:f2:2c:37:1c:58:d0:73:c1:db:f7:47:57:cf:c1:
         5d:e6:6b:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgI+KMG0kFU6cc5Y2MBfhhzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OWZhYWIyMTYxMTE4ZGIxYjc3YzFhNzRlY2NjYjczZTc2
ODFjMzYwHhcNMjUwNzE0MTI0NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGUyNDVkZGNmNzcxMWRiNWQ3Mjc0MTQ4MWI4YTJhOTM4MzBmZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArz1yPr0sVgcJRfPrbESilZRPxw3o
MlT8VymWRQT+2GkQz1LFkt0YJngAV/XTusPvIWMEZi2FGc+csxHD5z7TzokOrzKr
yWJD7DXAmsTCPiLcRi78kkUTtcP9bhg0NXETm1yMB5KSRX1FiPZiD0U5M0SIfF/A
iAu93QTXyqG/2Kb/i0Khw/UeE/ZpZnGLQtEDkCHdk6u4zPttQQW2X7emOLMdvxlP
JRnT7pRHvt+iEBKkEtD6OaC6qITSwtr5rafnVQ5acOiyW1pl4o0qedujUgISsLgv
LycxEw4mJK9U+6vSih5Us52FRHKTBAo7w5R7BtS+GY3vUVL2UGhMJscKdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDiRd3PdxHbXXJ0FIG4oqk4MP9TMB8GA1UdIwQY
MBaAFAmfqrIWERjbG3fBp07My3PnaBw2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1otcXNoWVJHTnNiZDhHblRzekxjLWRvSERZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84OGI2Y2MtMmI0Mi00MWUyLTk5YTkt
NGUyNGIxMTljMTQ3LzEvY09KRjNjOTNFZHRkY25RVWdiaWlxVGd3XzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84OGI2Y2MtMmI0Mi00MWUyLTk5YTktNGUyNGIxMTljMTQ3
LzEvQ1otcXNoWVJHTnNiZDhHblRzekxjLWRvSERZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXa4MMA0G
CSqGSIb3DQEBCwUAA4IBAQDGr36LAvXpXGwnM/fULrSzk1aSbjy66QzyhKJ5JmyT
vG69rnqDaej2eVWcMGkWx0U4yDGRUtf3E53E8UYD098Ma2sPj3NYG/AyHxWEmj9E
lbwYzfQ7+hVegDNA/jMBBXb2URLXcOdZxBxt4uxjRpVccgzuE4b2owjVhnlHi0f7
Ey8WRPbT+rq2BWceV6dE+z4dDb2HClo75zry6gIm26O6j7UaF+Qqexul6OUORxfO
6hPmBK67Oc1oNU7sleJPGrp9ecRRFEQUafk0wJXqwcxshaNoWGRxIQXqVPgk17oE
ohqQRGfz1lEMCIQnjibl8iw3HFjQc8Hb90dXz8Fd5mvd
-----END CERTIFICATE-----