Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/T3TYQGzkIt875WMcJue8Tlu8qcE.roa
File:                     T3TYQGzkIt875WMcJue8Tlu8qcE.roa (raw, json)
Hash identifier:          zrjAaYCf4QNugLTCHzX4Z7vGYzZPktrc0+f+lzFF6qE=
Subject key identifier:   4F:74:D8:40:6C:E4:22:DF:3B:E5:63:1C:26:E7:BC:4E:5B:BC:A9:C1
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       01982BD1CBD328436E2325AAA907BB025FD5
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/T3TYQGzkIt875WMcJue8Tlu8qcE.roa
Signing time:             Mon 21 Jul 2025 07:10:25 +0000
ROA not before:           Mon 21 Jul 2025 07:10:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        188.214.228.0/22 maxlen: 24
                          188.215.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2b:d1:cb:d3:28:43:6e:23:25:aa:a9:07:bb:02:5f:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Jul 21 07:10:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f74d8406ce422df3be5631c26e7bc4e5bbca9c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:88:a7:87:09:55:c0:74:ca:ea:bb:9f:ec:14:
                    6e:15:ae:7d:4d:d4:9c:70:86:8d:c3:1e:0b:e9:da:
                    23:7e:5d:95:ac:10:ad:ea:90:05:2c:21:00:28:63:
                    c9:51:fc:46:3c:6f:56:9e:31:0a:f4:43:56:de:ec:
                    ef:d0:dd:49:b6:9b:32:8d:f8:e0:26:06:3d:d1:cc:
                    33:01:dd:ee:cd:89:70:6c:cd:38:70:af:d9:f3:33:
                    4d:4e:bc:72:31:3d:a3:e9:d6:96:c9:2f:67:44:f5:
                    8d:00:0f:97:2c:5e:4e:c3:ba:1d:1c:8f:cc:4b:0d:
                    f0:ed:7f:a5:55:ba:16:53:63:ad:90:75:33:5b:c3:
                    46:15:d5:32:4b:0c:41:05:fe:0e:88:87:07:7b:53:
                    5e:1f:fb:2c:0f:a8:cb:8f:e4:1b:16:2c:d2:5b:40:
                    c5:70:ed:44:43:af:b5:34:49:73:91:68:d6:2e:5c:
                    98:fd:78:78:46:58:3c:00:35:40:b0:42:b8:b1:28:
                    d3:95:84:f1:f9:ba:2b:76:e8:e9:8f:93:f4:99:71:
                    25:c6:22:86:be:4f:66:bb:63:85:2a:13:48:98:7b:
                    ff:84:c3:eb:32:cd:bd:f8:a8:9f:90:ac:5b:e2:9e:
                    37:a6:96:9b:82:47:81:39:27:e7:f7:58:e0:72:b9:
                    3c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:74:D8:40:6C:E4:22:DF:3B:E5:63:1C:26:E7:BC:4E:5B:BC:A9:C1
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/T3TYQGzkIt875WMcJue8Tlu8qcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.228.0/22
                  188.215.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:21:65:4f:66:76:0d:a6:b4:61:9d:9f:ab:f9:53:d8:44:99:
         b0:5d:ae:5d:b7:d9:67:37:23:e7:67:82:37:6f:4f:98:44:3a:
         56:16:cf:7f:f2:f2:0d:54:b2:8d:1b:21:74:3c:34:08:68:ca:
         8d:57:1d:6b:f9:4c:14:5e:6d:05:7a:49:f5:f0:08:bb:9b:a5:
         68:90:38:78:95:a5:6a:de:39:f0:2d:06:e3:94:bf:e5:b8:78:
         7e:f0:3e:9d:bf:49:0d:b9:a9:6d:f8:2f:82:44:7d:29:65:ad:
         e1:7c:8b:8c:7d:88:3c:ae:10:e4:6c:0a:14:03:48:78:0e:e7:
         fb:6e:ff:06:1e:18:3c:f4:19:df:a4:d2:ce:e3:c4:fb:8a:4d:
         5e:53:b8:63:9b:ce:56:60:73:7c:26:e7:24:fc:ec:b9:5f:a7:
         68:5d:76:dc:cc:38:4e:c0:d3:13:65:ef:48:81:38:9b:cd:ed:
         79:bb:62:98:86:7b:00:39:0e:d3:72:2a:90:82:4c:e1:7f:bb:
         b3:58:a7:71:52:46:9d:a0:0c:63:df:f3:3e:89:90:06:d7:e0:
         e1:b0:20:cb:33:80:b4:0e:7b:92:eb:d1:92:da:aa:86:17:e1:
         32:69:f3:89:aa:e1:50:46:7e:1d:a9:af:7e:1e:f8:92:7a:30:
         61:d7:09:d3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgr0cvTKENuIyWqqQe7Al/VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjUwNzIxMDcxMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjc0ZDg0MDZjZTQyMmRmM2JlNTYzMWMyNmU3YmM0ZTViYmNhOWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IinhwlVwHTK6ruf7BRuFa59TdSc
cIaNwx4L6dojfl2VrBCt6pAFLCEAKGPJUfxGPG9WnjEK9ENW3uzv0N1Jtpsyjfjg
JgY90cwzAd3uzYlwbM04cK/Z8zNNTrxyMT2j6daWyS9nRPWNAA+XLF5Ow7odHI/M
Sw3w7X+lVboWU2OtkHUzW8NGFdUySwxBBf4OiIcHe1NeH/ssD6jLj+QbFizSW0DF
cO1EQ6+1NElzkWjWLlyY/Xh4Rlg8ADVAsEK4sSjTlYTx+bordujpj5P0mXElxiKG
vk9mu2OFKhNImHv/hMPrMs29+KifkKxb4p43ppabgkeBOSfn91jgcrk8pwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE902EBs5CLfO+VjHCbnvE5bvKnBMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvVDNUWVFHemtJdDg3NVdNY0p1ZThUbHU4cWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCvNbkAwQC
vNfsMA0GCSqGSIb3DQEBCwUAA4IBAQCEIWVPZnYNprRhnZ+r+VPYRJmwXa5dt9ln
NyPnZ4I3b0+YRDpWFs9/8vINVLKNGyF0PDQIaMqNVx1r+UwUXm0Fekn18Ai7m6Vo
kDh4laVq3jnwLQbjlL/luHh+8D6dv0kNualt+C+CRH0pZa3hfIuMfYg8rhDkbAoU
A0h4Duf7bv8GHhg89BnfpNLO48T7ik1eU7hjm85WYHN8Juck/Oy5X6doXXbczDhO
wNMTZe9IgTibze15u2KYhnsAOQ7TciqQgkzhf7uzWKdxUkadoAxj3/M+iZAG1+Dh
sCDLM4C0DnuS69GS2qqGF+EyafOJquFQRn4dqa9+HviSejBh1wnT
-----END CERTIFICATE-----