Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/t794Rq3oD5hjUa_fm7_FJ1kTjgY.roa
File:                     t794Rq3oD5hjUa_fm7_FJ1kTjgY.roa (raw, json)
Hash identifier:          e8v8ak73SzlgLcU/OgDyl114eL/kRo4XPjTTeE0Y/3s=
Subject key identifier:   B7:BF:78:46:AD:E8:0F:98:63:51:AF:DF:9B:BF:C5:27:59:13:8E:06
Certificate issuer:       /CN=d9ba32024e2cb6142295112fe61f6b1bc3457bcb
Certificate serial:       01982D8A2802F94716EF5C43D48DF2914220
Authority key identifier: D9:BA:32:02:4E:2C:B6:14:22:95:11:2F:E6:1F:6B:1B:C3:45:7B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2boyAk4sthQilREv5h9rG8NFe8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/t794Rq3oD5hjUa_fm7_FJ1kTjgY.roa
Signing time:             Mon 21 Jul 2025 15:11:25 +0000
ROA not before:           Mon 21 Jul 2025 15:11:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25394
IP address blocks:        194.30.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/2boyAk4sthQilREv5h9rG8NFe8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/2boyAk4sthQilREv5h9rG8NFe8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2boyAk4sthQilREv5h9rG8NFe8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:8a:28:02:f9:47:16:ef:5c:43:d4:8d:f2:91:42:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ba32024e2cb6142295112fe61f6b1bc3457bcb
        Validity
            Not Before: Jul 21 15:11:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7bf7846ade80f986351afdf9bbfc52759138e06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:cc:bb:15:f0:c5:ef:fe:0e:7f:28:40:de:5f:
                    79:15:c0:9d:04:e2:c4:2f:b1:21:fd:73:83:1c:dd:
                    56:f3:5b:ec:4d:52:52:bb:e8:c8:6e:73:82:9c:c1:
                    8a:87:bb:14:47:94:e8:95:06:00:40:9c:24:41:e5:
                    29:f0:1e:e1:41:e1:7a:4b:e2:50:a7:3b:65:af:f9:
                    8b:43:80:96:c1:b0:a2:08:90:02:3b:ab:8c:32:11:
                    45:b9:ce:7e:55:d2:98:a2:e1:43:8b:f4:29:07:75:
                    2a:03:32:af:47:16:0d:1a:d1:b8:7c:85:3f:f9:52:
                    43:10:f8:7f:8d:b5:6d:1a:62:fe:ef:56:58:65:95:
                    f8:78:0a:d5:ed:33:d3:2f:72:42:fe:d4:dc:8f:58:
                    bf:fa:c8:71:38:04:5a:9d:5c:99:05:f8:4c:cb:c8:
                    2f:fd:89:b8:c9:ef:ac:a1:2a:84:99:68:09:9b:05:
                    fa:f5:66:a2:1d:9a:66:74:a5:e7:9f:d0:9e:33:14:
                    56:ff:60:bf:e6:e3:de:7f:7d:f0:55:f8:d5:24:93:
                    42:c4:25:da:0f:bd:a8:0a:d3:23:23:74:c2:4d:22:
                    bc:35:72:dc:48:a8:7e:62:c9:a0:d8:2d:14:9c:7b:
                    a6:9f:06:5d:d4:b9:18:98:9f:b5:8d:2c:45:9f:19:
                    1f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:BF:78:46:AD:E8:0F:98:63:51:AF:DF:9B:BF:C5:27:59:13:8E:06
            X509v3 Authority Key Identifier:
                keyid:D9:BA:32:02:4E:2C:B6:14:22:95:11:2F:E6:1F:6B:1B:C3:45:7B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2boyAk4sthQilREv5h9rG8NFe8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/t794Rq3oD5hjUa_fm7_FJ1kTjgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f63303-176d-4176-abbf-7df9e4a238cc/1/2boyAk4sthQilREv5h9rG8NFe8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.30.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:ea:39:b5:31:3d:d7:ec:cb:66:50:94:ca:22:2d:d4:d7:f3:
         c2:95:af:e0:7a:42:99:ec:e3:ee:70:1c:b6:e4:0a:76:63:41:
         a4:08:72:16:e5:5f:53:96:a5:2c:de:b5:70:d3:74:16:38:13:
         b1:06:81:e3:f2:1e:49:7f:df:2c:4f:9b:b4:8a:5c:29:d4:67:
         23:05:56:46:91:6c:7a:44:00:5e:49:8e:72:30:ce:00:ff:ab:
         5f:6b:dd:89:5a:a2:6b:a3:ac:14:94:f9:4d:2f:61:3d:a9:68:
         a4:d1:fd:51:d8:3e:ff:32:38:ce:82:aa:42:ef:b6:fd:f9:79:
         e2:c2:f7:d8:92:42:dc:61:1f:c4:94:6a:06:cb:35:5e:e8:ff:
         88:18:3f:2f:38:b8:79:c1:97:89:8e:f4:df:95:35:5a:bb:26:
         cd:1f:35:19:47:ac:7a:b5:98:7f:50:8f:61:cc:f0:68:f8:aa:
         07:31:e0:0f:08:30:f7:9b:a2:3f:18:b6:0f:e4:1c:dd:44:e0:
         e3:36:b2:54:44:94:27:ab:3b:39:2d:a1:43:30:88:cc:4b:b3:
         f4:b3:e5:2b:a8:56:15:d0:f8:e2:e4:27:26:84:03:f7:11:5d:
         40:1c:e2:83:63:5a:5c:56:fb:9d:a4:d4:35:c6:11:03:32:e4:
         92:97:e6:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgtiigC+UcW71xD1I3ykUIgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YmEzMjAyNGUyY2I2MTQyMjk1MTEyZmU2MWY2YjFiYzM0
NTdiY2IwHhcNMjUwNzIxMTUxMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2JmNzg0NmFkZTgwZjk4NjM1MWFmZGY5YmJmYzUyNzU5MTM4ZTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA78y7FfDF7/4OfyhA3l95FcCdBOLE
L7Eh/XODHN1W81vsTVJSu+jIbnOCnMGKh7sUR5TolQYAQJwkQeUp8B7hQeF6S+JQ
pztlr/mLQ4CWwbCiCJACO6uMMhFFuc5+VdKYouFDi/QpB3UqAzKvRxYNGtG4fIU/
+VJDEPh/jbVtGmL+71ZYZZX4eArV7TPTL3JC/tTcj1i/+shxOARanVyZBfhMy8gv
/Ym4ye+soSqEmWgJmwX69WaiHZpmdKXnn9CeMxRW/2C/5uPef33wVfjVJJNCxCXa
D72oCtMjI3TCTSK8NXLcSKh+Ysmg2C0UnHumnwZd1LkYmJ+1jSxFnxkfsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLe/eEat6A+YY1Gv35u/xSdZE44GMB8GA1UdIwQY
MBaAFNm6MgJOLLYUIpURL+YfaxvDRXvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmJveUFrNHN0aFFpbFJFdjVoOXJHOE5GZThzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9mNjMzMDMtMTc2ZC00MTc2LWFiYmYt
N2RmOWU0YTIzOGNjLzEvdDc5NFJxM29ENWhqVWFfZm03X0ZKMWtUamdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9mNjMzMDMtMTc2ZC00MTc2LWFiYmYtN2RmOWU0YTIzOGNj
LzEvMmJveUFrNHN0aFFpbFJFdjVoOXJHOE5GZThzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh6nMA0G
CSqGSIb3DQEBCwUAA4IBAQBG6jm1MT3X7MtmUJTKIi3U1/PCla/gekKZ7OPucBy2
5Ap2Y0GkCHIW5V9TlqUs3rVw03QWOBOxBoHj8h5Jf98sT5u0ilwp1GcjBVZGkWx6
RABeSY5yMM4A/6tfa92JWqJro6wUlPlNL2E9qWik0f1R2D7/MjjOgqpC77b9+Xni
wvfYkkLcYR/ElGoGyzVe6P+IGD8vOLh5wZeJjvTflTVauybNHzUZR6x6tZh/UI9h
zPBo+KoHMeAPCDD3m6I/GLYP5BzdRODjNrJURJQnqzs5LaFDMIjMS7P0s+UrqFYV
0Pji5CcmhAP3EV1AHOKDY1pcVvudpNQ1xhEDMuSSl+b6
-----END CERTIFICATE-----