Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/091641-55ed-403b-a687-5ed077eb8be0/1/OGmt6hTizBTWFlQiZVVHVA04Y3U.roa
File:                     OGmt6hTizBTWFlQiZVVHVA04Y3U.roa (raw, json)
Hash identifier:          xCC8yaYb4MbRSmuBq04Jv3nbwpYcLxsiyEFiClMW7jI=
Subject key identifier:   38:69:AD:EA:14:E2:CC:14:D6:16:54:22:65:55:47:54:0D:38:63:75
Certificate issuer:       /CN=3e99534493cba9c89dbde262f87a1587a4aa99df
Certificate serial:       01980CA3F6C771E485B9AFE1E0BF83DB20FE
Authority key identifier: 3E:99:53:44:93:CB:A9:C8:9D:BD:E2:62:F8:7A:15:87:A4:AA:99:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PplTRJPLqcidveJi-HoVh6Sqmd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/091641-55ed-403b-a687-5ed077eb8be0/1/OGmt6hTizBTWFlQiZVVHVA04Y3U.roa
Signing time:             Tue 15 Jul 2025 05:52:08 +0000
ROA not before:           Tue 15 Jul 2025 05:52:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198022
IP address blocks:        194.36.60.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/091641-55ed-403b-a687-5ed077eb8be0/1/PplTRJPLqcidveJi-HoVh6Sqmd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/091641-55ed-403b-a687-5ed077eb8be0/1/PplTRJPLqcidveJi-HoVh6Sqmd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PplTRJPLqcidveJi-HoVh6Sqmd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 05:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0c:a3:f6:c7:71:e4:85:b9:af:e1:e0:bf:83:db:20:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e99534493cba9c89dbde262f87a1587a4aa99df
        Validity
            Not Before: Jul 15 05:52:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3869adea14e2cc14d6165422655547540d386375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:69:7b:3c:6a:29:81:14:54:77:75:84:b7:9f:
                    cc:68:ec:8a:c4:d9:be:bb:ff:d4:0e:be:96:3e:3e:
                    a3:ca:31:02:2b:07:ae:7a:31:86:b8:37:c2:f4:21:
                    6c:6c:4d:f8:9f:b6:d2:9b:64:6d:fa:33:fe:e8:4d:
                    fd:63:45:19:7c:fd:17:41:c5:93:35:40:7f:61:69:
                    0a:41:47:24:35:18:bf:68:54:b2:51:47:9b:4d:ff:
                    7d:81:06:db:71:bb:d9:ba:20:31:31:7a:83:5c:10:
                    8c:e6:78:d4:39:d9:74:dc:31:8b:1b:99:23:61:d9:
                    e8:d1:b7:f4:62:ea:42:8b:5b:6d:79:f1:96:d2:e7:
                    a5:34:46:09:a1:53:b0:90:35:e2:e5:f7:a6:75:41:
                    28:16:e9:61:7b:61:12:2b:66:40:19:21:6d:68:1c:
                    6c:56:25:97:e7:f4:00:04:d5:eb:37:fd:fa:26:69:
                    33:f0:eb:91:ec:e8:49:88:24:6a:c9:7a:92:02:3f:
                    a6:a3:4b:c9:53:66:cd:bc:a1:42:f5:d9:22:fb:21:
                    a4:1c:2b:8e:8d:e7:2a:03:a4:d6:ff:14:a3:a8:35:
                    f3:2a:fd:1e:19:46:8e:66:08:f7:d6:9f:9b:a3:e0:
                    bb:26:5b:00:12:fa:dc:54:29:ce:c5:e6:db:70:6e:
                    4b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:69:AD:EA:14:E2:CC:14:D6:16:54:22:65:55:47:54:0D:38:63:75
            X509v3 Authority Key Identifier:
                keyid:3E:99:53:44:93:CB:A9:C8:9D:BD:E2:62:F8:7A:15:87:A4:AA:99:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PplTRJPLqcidveJi-HoVh6Sqmd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/091641-55ed-403b-a687-5ed077eb8be0/1/OGmt6hTizBTWFlQiZVVHVA04Y3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/091641-55ed-403b-a687-5ed077eb8be0/1/PplTRJPLqcidveJi-HoVh6Sqmd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:79:a2:0d:d5:6e:be:2c:3a:2e:74:70:52:c1:3e:42:40:1b:
         fc:a8:fe:cc:b5:dc:c4:3d:c4:bd:a2:0e:21:52:b0:58:b7:56:
         69:54:b2:4c:f1:e2:fd:32:9a:7e:81:45:af:e9:24:92:24:4f:
         22:f4:c7:06:2a:9d:da:82:23:6c:4d:9e:82:6a:2c:71:d4:0a:
         8b:dd:b7:a4:3f:2f:1f:3f:07:b2:8a:96:58:7a:f7:44:26:a7:
         09:ed:c4:18:5e:18:5d:84:4e:3e:ce:2b:0a:47:f0:07:3a:2f:
         40:37:15:9d:b2:f9:a0:37:4f:f1:58:39:8d:8e:8a:22:0c:cc:
         c1:9a:b2:f4:a6:a2:04:b5:4c:df:3f:d4:8d:36:d5:b0:cc:c1:
         49:e9:dc:2b:65:72:d3:72:19:5b:7b:3e:98:6a:7a:3e:1e:d2:
         c0:fa:a0:78:05:37:c9:4b:2d:14:16:44:c0:23:f1:4f:02:be:
         ec:4b:c3:57:cc:af:9b:97:87:b3:ae:34:9e:ed:86:87:41:41:
         81:82:21:54:fc:ab:c7:c5:eb:1a:2d:9b:63:75:03:53:f9:b4:
         25:35:10:a5:ad:d0:61:29:68:ed:97:27:6c:3b:70:01:d7:eb:
         cc:40:86:fe:0e:bc:19:92:f0:dc:0a:0b:11:40:25:71:01:51:
         63:cd:5a:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgMo/bHceSFua/h4L+D2yD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlOTk1MzQ0OTNjYmE5Yzg5ZGJkZTI2MmY4N2ExNTg3YTRh
YTk5ZGYwHhcNMjUwNzE1MDU1MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODY5YWRlYTE0ZTJjYzE0ZDYxNjU0MjI2NTU1NDc1NDBkMzg2Mzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWl7PGopgRRUd3WEt5/MaOyKxNm+
u//UDr6WPj6jyjECKweuejGGuDfC9CFsbE34n7bSm2Rt+jP+6E39Y0UZfP0XQcWT
NUB/YWkKQUckNRi/aFSyUUebTf99gQbbcbvZuiAxMXqDXBCM5njUOdl03DGLG5kj
Ydno0bf0YupCi1ttefGW0uelNEYJoVOwkDXi5femdUEoFulhe2ESK2ZAGSFtaBxs
ViWX5/QABNXrN/36Jmkz8OuR7OhJiCRqyXqSAj+mo0vJU2bNvKFC9dki+yGkHCuO
jecqA6TW/xSjqDXzKv0eGUaOZgj31p+bo+C7JlsAEvrcVCnOxebbcG5LgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhpreoU4swU1hZUImVVR1QNOGN1MB8GA1UdIwQY
MBaAFD6ZU0STy6nInb3iYvh6FYekqpnfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHBsVFJKUExxY2lkdmVKaS1Ib1ZoNlNxbWQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8wOTE2NDEtNTVlZC00MDNiLWE2ODct
NWVkMDc3ZWI4YmUwLzEvT0dtdDZoVGl6QlRXRmxRaVpWVkhWQTA0WTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8wOTE2NDEtNTVlZC00MDNiLWE2ODctNWVkMDc3ZWI4YmUw
LzEvUHBsVFJKUExxY2lkdmVKaS1Ib1ZoNlNxbWQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiQ8MA0G
CSqGSIb3DQEBCwUAA4IBAQBbeaIN1W6+LDoudHBSwT5CQBv8qP7MtdzEPcS9og4h
UrBYt1ZpVLJM8eL9Mpp+gUWv6SSSJE8i9McGKp3agiNsTZ6Caixx1AqL3bekPy8f
PweyipZYevdEJqcJ7cQYXhhdhE4+zisKR/AHOi9ANxWdsvmgN0/xWDmNjooiDMzB
mrL0pqIEtUzfP9SNNtWwzMFJ6dwrZXLTchlbez6Yano+HtLA+qB4BTfJSy0UFkTA
I/FPAr7sS8NXzK+bl4ezrjSe7YaHQUGBgiFU/KvHxesaLZtjdQNT+bQlNRClrdBh
KWjtlydsO3AB1+vMQIb+DrwZkvDcCgsRQCVxAVFjzVop
-----END CERTIFICATE-----