Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/Q8GhfkJiK1i0aNFsl1zpqBN38ok.roa
File:                     Q8GhfkJiK1i0aNFsl1zpqBN38ok.roa (raw, json)
Hash identifier:          zSrNTOjH2jHkfF8npGjnRGpLF3j5CwGhLlQ8eGbMR74=
Subject key identifier:   43:C1:A1:7E:42:62:2B:58:B4:68:D1:6C:97:5C:E9:A8:13:77:F2:89
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       0197B66774B56A40ACA7EACFF85A0DC80481
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/Q8GhfkJiK1i0aNFsl1zpqBN38ok.roa
Signing time:             Sat 28 Jun 2025 11:58:42 +0000
ROA not before:           Sat 28 Jun 2025 11:58:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215939
IP address blocks:        94.74.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 02:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b6:67:74:b5:6a:40:ac:a7:ea:cf:f8:5a:0d:c8:04:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Jun 28 11:58:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43c1a17e42622b58b468d16c975ce9a81377f289
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:66:cd:83:34:43:5e:70:e3:55:bd:0c:67:9f:
                    44:ec:6a:b6:d8:12:5f:0a:db:24:f5:5a:7c:82:0e:
                    68:1f:79:bf:19:ce:00:16:15:bb:94:10:b0:5e:f3:
                    ac:d3:8d:17:78:3f:2a:0a:01:3c:c6:03:8f:b4:63:
                    3c:d9:6e:cb:32:e3:c4:c2:af:34:f0:b4:2a:4f:4a:
                    58:b9:6e:41:3b:3f:d4:fb:55:c0:9a:7e:9b:4e:34:
                    02:b4:a6:64:e6:62:3f:63:44:10:59:3b:cd:05:1d:
                    f9:18:37:31:b6:6a:94:cf:9b:a8:ad:78:6d:85:f6:
                    23:b9:4c:8f:57:f8:7e:7f:39:47:9d:cd:58:ce:36:
                    ee:15:40:10:70:ac:15:14:c8:e0:8b:91:9e:5a:16:
                    df:1a:76:65:e7:fd:6f:e7:e5:98:ea:44:98:1a:29:
                    9c:ec:40:38:bf:aa:6a:ff:0f:10:13:f1:ce:d0:aa:
                    64:2a:5f:41:a2:2f:a5:a0:bb:87:2c:9b:04:39:43:
                    23:95:63:da:47:a3:fb:81:9a:10:68:14:fc:e4:5d:
                    51:9d:f3:73:12:5b:d5:40:49:16:1d:6b:1b:33:fd:
                    65:9b:f3:0f:c4:02:36:24:af:10:be:10:21:9e:29:
                    ad:ed:6e:19:9f:27:63:ec:f6:a2:29:eb:11:36:4c:
                    1b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C1:A1:7E:42:62:2B:58:B4:68:D1:6C:97:5C:E9:A8:13:77:F2:89
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/Q8GhfkJiK1i0aNFsl1zpqBN38ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.74.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:fb:10:98:88:8b:04:dd:e7:7b:d5:e4:72:a8:dc:2d:95:e6:
         aa:16:b5:ea:f1:5b:80:ac:b9:59:d5:a8:64:df:16:95:0e:6c:
         2e:f7:23:df:95:41:fd:9b:f5:5b:d3:cf:f8:75:9e:15:69:0c:
         b0:cd:0a:d0:7a:5f:37:45:99:13:cd:07:0b:64:5a:7d:1c:3f:
         87:25:23:3f:de:00:eb:39:7f:bd:c7:37:e8:4c:32:3d:10:0d:
         0c:3e:9c:e9:fe:30:3b:96:09:cf:6b:4c:5b:02:ad:e8:c3:53:
         07:1f:0b:23:69:5b:23:f3:a9:19:7a:75:55:a6:fa:f0:90:ba:
         ea:83:a3:8b:c8:13:d3:5c:ba:3e:c2:68:35:c7:da:18:3b:50:
         ea:fa:39:c4:56:24:3f:bb:dc:93:8c:98:98:f5:8f:26:d8:0d:
         82:46:6c:c1:e4:22:4e:65:88:dd:19:d6:22:71:81:fd:0e:0a:
         a4:25:de:6b:89:9f:b8:68:8d:b0:57:e9:1b:f6:3a:38:12:00:
         8f:aa:b8:22:00:cf:d1:ca:b4:49:5b:7b:b1:b8:97:2a:d7:be:
         f3:e5:05:5f:a2:55:fe:cb:f8:33:de:bf:7e:6e:fa:06:49:b9:
         bb:20:54:11:16:8e:60:3e:c0:76:77:05:f9:95:80:3e:71:15:
         c0:4e:0c:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe2Z3S1akCsp+rP+FoNyASBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUwNjI4MTE1ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2MxYTE3ZTQyNjIyYjU4YjQ2OGQxNmM5NzVjZTlhODEzNzdmMjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/GbNgzRDXnDjVb0MZ59E7Gq22BJf
Ctsk9Vp8gg5oH3m/Gc4AFhW7lBCwXvOs040XeD8qCgE8xgOPtGM82W7LMuPEwq80
8LQqT0pYuW5BOz/U+1XAmn6bTjQCtKZk5mI/Y0QQWTvNBR35GDcxtmqUz5uorXht
hfYjuUyPV/h+fzlHnc1YzjbuFUAQcKwVFMjgi5GeWhbfGnZl5/1v5+WY6kSYGimc
7EA4v6pq/w8QE/HO0KpkKl9Boi+loLuHLJsEOUMjlWPaR6P7gZoQaBT85F1RnfNz
ElvVQEkWHWsbM/1lm/MPxAI2JK8QvhAhnimt7W4Znydj7PaiKesRNkwbEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPBoX5CYitYtGjRbJdc6agTd/KJMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvUThHaGZrSmlLMWkwYU5Gc2wxenBxQk4zOG9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXkq7MA0G
CSqGSIb3DQEBCwUAA4IBAQBH+xCYiIsE3ed71eRyqNwtleaqFrXq8VuArLlZ1ahk
3xaVDmwu9yPflUH9m/Vb08/4dZ4VaQywzQrQel83RZkTzQcLZFp9HD+HJSM/3gDr
OX+9xzfoTDI9EA0MPpzp/jA7lgnPa0xbAq3ow1MHHwsjaVsj86kZenVVpvrwkLrq
g6OLyBPTXLo+wmg1x9oYO1Dq+jnEViQ/u9yTjJiY9Y8m2A2CRmzB5CJOZYjdGdYi
cYH9DgqkJd5riZ+4aI2wV+kb9jo4EgCPqrgiAM/RyrRJW3uxuJcq177z5QVfolX+
y/gz3r9+bvoGSbm7IFQRFo5gPsB2dwX5lYA+cRXATgx/
-----END CERTIFICATE-----