Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/dESzUpMviwtTKAbBmdcEnSrDmb8.roa
File:                     dESzUpMviwtTKAbBmdcEnSrDmb8.roa (raw, json)
Hash identifier:          t6YDlmbHdL/fLbmXo8sZDgLUB7U10S0kh8xDcseSIRM=
Subject key identifier:   74:44:B3:52:93:2F:8B:0B:53:28:06:C1:99:D7:04:9D:2A:C3:99:BF
Certificate issuer:       /CN=93b76ac9f7a84ad790ad57c880bc9f862ad4c9e7
Certificate serial:       0197F495354D91E6FE2F1A3FADDF58E642E0
Authority key identifier: 93:B7:6A:C9:F7:A8:4A:D7:90:AD:57:C8:80:BC:9F:86:2A:D4:C9:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k7dqyfeoSteQrVfIgLyfhirUyec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/dESzUpMviwtTKAbBmdcEnSrDmb8.roa
Signing time:             Thu 10 Jul 2025 13:45:08 +0000
ROA not before:           Thu 10 Jul 2025 13:45:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        94.136.231.0/24 maxlen: 24
                          94.136.236.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/k7dqyfeoSteQrVfIgLyfhirUyec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/k7dqyfeoSteQrVfIgLyfhirUyec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k7dqyfeoSteQrVfIgLyfhirUyec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:95:35:4d:91:e6:fe:2f:1a:3f:ad:df:58:e6:42:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93b76ac9f7a84ad790ad57c880bc9f862ad4c9e7
        Validity
            Not Before: Jul 10 13:45:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7444b352932f8b0b532806c199d7049d2ac399bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bb:b6:58:39:70:77:ff:e5:d9:21:75:34:ab:
                    a9:38:45:92:9b:94:66:39:69:6b:0a:ff:5d:75:d7:
                    05:09:d4:77:8f:ac:1d:56:33:43:94:44:e6:38:30:
                    6d:0e:a9:a1:b3:b6:05:19:c5:42:c7:9e:36:8a:05:
                    8d:9b:3d:5a:53:2e:22:1c:e5:1f:d1:bb:68:54:ff:
                    48:a3:49:88:06:0f:32:97:6f:ca:34:6f:56:59:ff:
                    4b:60:67:96:de:bb:16:c4:03:72:73:1b:e2:db:54:
                    4a:48:fd:17:39:4d:3f:33:b0:d7:2a:9d:c0:f9:25:
                    cd:f9:05:75:d1:88:2c:2f:18:53:ef:59:6d:02:e5:
                    48:f4:56:a0:8f:38:8a:43:2e:9d:17:fd:f3:72:ac:
                    0d:c0:59:65:ad:31:b4:79:7b:32:5a:09:93:97:ef:
                    0e:45:f0:48:a3:87:c7:04:dd:18:1f:3b:29:3a:93:
                    8e:6d:de:cf:58:cf:45:45:6a:0b:e2:49:c8:fe:3a:
                    9e:64:87:92:db:14:78:29:b3:72:75:67:f0:19:3d:
                    38:86:96:38:f7:79:e2:e2:76:64:37:40:bf:ed:85:
                    9e:4e:81:70:b9:17:e8:e2:d2:68:88:05:15:42:fc:
                    3d:de:d0:59:b3:04:ec:e5:27:67:06:c4:60:e0:f7:
                    29:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:44:B3:52:93:2F:8B:0B:53:28:06:C1:99:D7:04:9D:2A:C3:99:BF
            X509v3 Authority Key Identifier:
                keyid:93:B7:6A:C9:F7:A8:4A:D7:90:AD:57:C8:80:BC:9F:86:2A:D4:C9:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k7dqyfeoSteQrVfIgLyfhirUyec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/dESzUpMviwtTKAbBmdcEnSrDmb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/k7dqyfeoSteQrVfIgLyfhirUyec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.136.231.0/24
                  94.136.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:4f:f1:a7:37:14:68:32:b8:65:8f:40:d4:cd:77:1d:1b:98:
         71:a8:70:9d:7f:86:18:8a:66:2b:f9:ad:46:88:c7:4a:7d:e0:
         fc:e8:e4:a9:b9:7a:90:67:df:48:fc:58:4b:32:ae:39:f1:35:
         d7:88:8c:a0:17:e8:b1:f9:34:11:d5:6d:f4:05:1c:41:ac:cb:
         ba:51:e7:a8:d1:52:f3:88:ae:9c:f9:15:6d:a6:9f:34:1e:f7:
         23:02:e9:76:88:94:ab:59:cc:51:e2:b5:d8:2e:38:11:e0:42:
         a0:48:fc:ca:36:30:62:4c:dc:dc:f6:52:5f:b2:4a:9a:f6:4b:
         d8:8c:d5:4a:c9:46:53:fe:2e:6b:09:4a:ac:2c:a5:ff:fe:87:
         e7:e0:e6:66:c4:c2:1e:19:a7:f6:a1:cc:ca:34:16:8c:e2:b2:
         77:7e:1d:45:b2:cb:9d:7e:2a:9e:56:94:9c:0e:31:e2:6b:40:
         22:e9:d0:cd:bc:d5:ae:12:a8:39:9f:dd:82:89:db:7b:9f:60:
         05:87:c6:24:fe:d3:ba:c0:cb:58:6a:69:8f:f4:a6:de:44:60:
         73:03:07:2d:81:f0:35:5e:4d:29:09:5d:3c:c9:83:ae:3e:16:
         c3:fa:8a:53:63:45:e1:e7:a2:f0:f5:e6:4c:a0:e9:09:45:49:
         92:5c:44:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZf0lTVNkeb+Lxo/rd9Y5kLgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYjc2YWM5ZjdhODRhZDc5MGFkNTdjODgwYmM5Zjg2MmFk
NGM5ZTcwHhcNMjUwNzEwMTM0NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDQ0YjM1MjkzMmY4YjBiNTMyODA2YzE5OWQ3MDQ5ZDJhYzM5OWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbu2WDlwd//l2SF1NKupOEWSm5Rm
OWlrCv9dddcFCdR3j6wdVjNDlETmODBtDqmhs7YFGcVCx542igWNmz1aUy4iHOUf
0btoVP9Io0mIBg8yl2/KNG9WWf9LYGeW3rsWxANycxvi21RKSP0XOU0/M7DXKp3A
+SXN+QV10YgsLxhT71ltAuVI9FagjziKQy6dF/3zcqwNwFllrTG0eXsyWgmTl+8O
RfBIo4fHBN0YHzspOpOObd7PWM9FRWoL4knI/jqeZIeS2xR4KbNydWfwGT04hpY4
93ni4nZkN0C/7YWeToFwuRfo4tJoiAUVQvw93tBZswTs5SdnBsRg4PcpiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHREs1KTL4sLUygGwZnXBJ0qw5m/MB8GA1UdIwQY
MBaAFJO3asn3qErXkK1XyIC8n4Yq1MnnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazdkcXlmZW9TdGVRclZmSWdMeWZoaXJVeWVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kMzNjZTAtNjlhMC00YmEzLWIzYzkt
OTk4Mjc4ZjRmYmIyLzEvZEVTelVwTXZpd3RUS0FiQm1kY0VuU3JEbWI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kMzNjZTAtNjlhMC00YmEzLWIzYzktOTk4Mjc4ZjRmYmIy
LzEvazdkcXlmZW9TdGVRclZmSWdMeWZoaXJVeWVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXojnAwQB
XojsMA0GCSqGSIb3DQEBCwUAA4IBAQCRT/GnNxRoMrhlj0DUzXcdG5hxqHCdf4YY
imYr+a1GiMdKfeD86OSpuXqQZ99I/FhLMq458TXXiIygF+ix+TQR1W30BRxBrMu6
Ueeo0VLziK6c+RVtpp80HvcjAul2iJSrWcxR4rXYLjgR4EKgSPzKNjBiTNzc9lJf
skqa9kvYjNVKyUZT/i5rCUqsLKX//ofn4OZmxMIeGaf2oczKNBaM4rJ3fh1Fssud
fiqeVpScDjHia0Ai6dDNvNWuEqg5n92Cidt7n2AFh8Yk/tO6wMtYammP9KbeRGBz
AwctgfA1Xk0pCV08yYOuPhbD+opTY0Xh56Lw9eZMoOkJRUmSXET9
-----END CERTIFICATE-----