Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/_b4C80puZ4QQZiCjVn1A8db2DMM.roa
File:                     _b4C80puZ4QQZiCjVn1A8db2DMM.roa (raw, json)
Hash identifier:          BTn925eDDhMQbieFlWe3FviXvz8DAA+vgg6fsWjWAFs=
Subject key identifier:   FD:BE:02:F3:4A:6E:67:84:10:66:20:A3:56:7D:40:F1:D6:F6:0C:C3
Certificate issuer:       /CN=d9ba32024e2cb6142295112fe61f6b1bc3457bcb
Certificate serial:       019833A6CB53064A44FEFEF7F8DED3E726BF
Authority key identifier: D9:BA:32:02:4E:2C:B6:14:22:95:11:2F:E6:1F:6B:1B:C3:45:7B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2boyAk4sthQilREv5h9rG8NFe8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/_b4C80puZ4QQZiCjVn1A8db2DMM.roa
Signing time:             Tue 22 Jul 2025 19:40:25 +0000
ROA not before:           Tue 22 Jul 2025 19:40:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12502
IP address blocks:        195.93.166.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/2boyAk4sthQilREv5h9rG8NFe8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/2boyAk4sthQilREv5h9rG8NFe8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2boyAk4sthQilREv5h9rG8NFe8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:33:a6:cb:53:06:4a:44:fe:fe:f7:f8:de:d3:e7:26:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ba32024e2cb6142295112fe61f6b1bc3457bcb
        Validity
            Not Before: Jul 22 19:40:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdbe02f34a6e6784106620a3567d40f1d6f60cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:89:9a:b2:4e:64:0b:a7:d0:0d:74:8f:ab:d2:
                    8f:a7:bb:c0:d1:66:ae:e5:5d:aa:45:f0:c2:34:a6:
                    07:76:4d:0e:52:26:a9:55:eb:be:a7:34:08:d4:3b:
                    23:dc:dd:fe:e7:06:c4:b7:1d:8f:13:2e:83:ad:35:
                    f8:5b:36:12:dd:96:b0:12:39:75:d1:06:cb:b0:00:
                    45:1e:a8:af:48:48:1c:04:9e:3e:d9:b7:18:18:57:
                    10:dc:83:fa:f1:79:6f:37:e6:62:f9:85:13:37:2c:
                    f4:47:27:81:d1:41:6b:83:49:36:b0:4a:d8:30:7c:
                    ea:2e:eb:a7:ee:61:0e:2e:fc:a0:14:ae:3d:16:a6:
                    77:01:ce:db:71:27:a5:12:0f:0b:48:57:bb:7a:1f:
                    78:33:0f:29:0c:f5:31:b8:94:e2:10:33:3f:4c:cc:
                    c7:02:fb:78:d7:6b:59:4f:de:d4:1b:bf:ed:3a:2e:
                    74:1f:ed:40:61:64:6b:60:cc:7a:c7:b6:f4:00:01:
                    29:5f:5c:16:ce:89:1b:30:cc:18:f8:25:3f:13:d5:
                    f3:31:a4:72:be:e4:e8:91:3b:f9:bd:3f:67:16:1a:
                    e9:c3:19:0e:ba:c8:33:70:8b:02:51:5e:6c:dc:5b:
                    f2:a9:30:47:3c:67:df:63:fd:d7:ae:5f:ee:ce:a6:
                    61:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:BE:02:F3:4A:6E:67:84:10:66:20:A3:56:7D:40:F1:D6:F6:0C:C3
            X509v3 Authority Key Identifier:
                keyid:D9:BA:32:02:4E:2C:B6:14:22:95:11:2F:E6:1F:6B:1B:C3:45:7B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2boyAk4sthQilREv5h9rG8NFe8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/_b4C80puZ4QQZiCjVn1A8db2DMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/2boyAk4sthQilREv5h9rG8NFe8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:c1:ca:02:c9:ff:06:1a:b8:ea:0d:fb:dc:8e:3f:13:3c:10:
         8f:75:8b:8f:70:2c:ac:a7:81:e0:72:d0:3b:a7:0d:48:85:26:
         4a:3e:d8:38:e8:df:73:26:a6:1b:fe:37:04:2e:ba:17:45:6f:
         92:de:8d:95:2d:5d:b7:2c:f8:72:07:de:9d:38:36:93:ad:c6:
         06:d5:3e:4a:93:d9:8f:a3:f2:fc:03:4a:c7:c2:45:33:60:19:
         81:a3:55:1a:fe:48:f5:73:85:21:d7:f6:ca:a5:ca:48:93:5e:
         f9:d6:2c:7f:1b:00:ec:4d:e2:96:49:38:33:dd:10:fd:8e:7e:
         35:cd:d9:2c:d1:31:4a:bc:15:21:c2:32:73:6e:66:29:49:1f:
         c8:74:e0:8d:7b:8e:f9:be:1a:b6:91:3c:60:e0:51:6b:63:e9:
         cd:ae:e3:e3:df:76:ad:e2:35:ba:89:06:82:d5:4f:bc:ce:5f:
         ac:23:20:fe:74:1d:01:5b:51:a7:bb:5f:f1:62:b1:01:c5:6e:
         e2:d8:22:4b:d6:f5:31:64:1f:5c:e0:3e:01:0b:22:ef:69:64:
         21:a6:db:65:80:42:98:19:22:9d:72:66:8d:bd:00:19:e9:4b:
         8c:24:24:14:2d:11:7b:56:a4:72:e0:cc:01:33:e9:62:8e:72:
         af:d0:ca:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgzpstTBkpE/v73+N7T5ya/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YmEzMjAyNGUyY2I2MTQyMjk1MTEyZmU2MWY2YjFiYzM0
NTdiY2IwHhcNMjUwNzIyMTk0MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGJlMDJmMzRhNmU2Nzg0MTA2NjIwYTM1NjdkNDBmMWQ2ZjYwY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtImask5kC6fQDXSPq9KPp7vA0Wau
5V2qRfDCNKYHdk0OUiapVeu+pzQI1Dsj3N3+5wbEtx2PEy6DrTX4WzYS3ZawEjl1
0QbLsABFHqivSEgcBJ4+2bcYGFcQ3IP68XlvN+Zi+YUTNyz0RyeB0UFrg0k2sErY
MHzqLuun7mEOLvygFK49FqZ3Ac7bcSelEg8LSFe7eh94Mw8pDPUxuJTiEDM/TMzH
Avt412tZT97UG7/tOi50H+1AYWRrYMx6x7b0AAEpX1wWzokbMMwY+CU/E9XzMaRy
vuTokTv5vT9nFhrpwxkOusgzcIsCUV5s3FvyqTBHPGffY/3Xrl/uzqZh9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2+AvNKbmeEEGYgo1Z9QPHW9gzDMB8GA1UdIwQY
MBaAFNm6MgJOLLYUIpURL+YfaxvDRXvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmJveUFrNHN0aFFpbFJFdjVoOXJHOE5GZThzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9mNjMzMDMtMTc2ZC00MTc2LWFiYmYt
N2RmOWU0YTIzOGNjLzEvX2I0QzgwcHVaNFFRWmlDalZuMUE4ZGIyRE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9mNjMzMDMtMTc2ZC00MTc2LWFiYmYtN2RmOWU0YTIzOGNj
LzEvMmJveUFrNHN0aFFpbFJFdjVoOXJHOE5GZThzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw12mMA0G
CSqGSIb3DQEBCwUAA4IBAQCnwcoCyf8GGrjqDfvcjj8TPBCPdYuPcCysp4HgctA7
pw1IhSZKPtg46N9zJqYb/jcELroXRW+S3o2VLV23LPhyB96dODaTrcYG1T5Kk9mP
o/L8A0rHwkUzYBmBo1Ua/kj1c4Uh1/bKpcpIk1751ix/GwDsTeKWSTgz3RD9jn41
zdks0TFKvBUhwjJzbmYpSR/IdOCNe475vhq2kTxg4FFrY+nNruPj33at4jW6iQaC
1U+8zl+sIyD+dB0BW1Gnu1/xYrEBxW7i2CJL1vUxZB9c4D4BCyLvaWQhpttlgEKY
GSKdcmaNvQAZ6UuMJCQULRF7VqRy4MwBM+lijnKv0Mo/
-----END CERTIFICATE-----