Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ALT4OFpnQ3K5rf8-uhejR_nePEM.roa
File:                     ALT4OFpnQ3K5rf8-uhejR_nePEM.roa (raw, json)
Hash identifier:          tpYFNQGrUpDOhJ6Sbv2L/FeVKFbqfQA9feiTMKgWw4U=
Subject key identifier:   00:B4:F8:38:5A:67:43:72:B9:AD:FF:3E:BA:17:A3:47:F9:DE:3C:43
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0198E0CCA5C12FF7F66A86234A894691F411
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ALT4OFpnQ3K5rf8-uhejR_nePEM.roa
Signing time:             Mon 25 Aug 2025 10:36:04 +0000
ROA not before:           Mon 25 Aug 2025 10:36:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44043
IP address blocks:        80.97.162.0/24 maxlen: 24
                          194.102.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e0:cc:a5:c1:2f:f7:f6:6a:86:23:4a:89:46:91:f4:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Aug 25 10:36:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00b4f8385a674372b9adff3eba17a347f9de3c43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:a7:ab:bd:55:44:71:87:1e:14:36:bb:54:ca:
                    fb:b4:3c:3f:70:05:79:e3:f8:b1:f5:9d:65:f6:cd:
                    ca:b8:be:74:38:77:9a:cb:87:d0:ca:0e:61:5b:03:
                    9f:f5:52:a0:ac:f6:91:a9:31:1a:b8:63:46:94:93:
                    ae:1d:34:20:15:ee:2b:8b:b7:31:15:91:5e:fd:eb:
                    cb:8e:e7:23:44:7b:38:da:9d:23:e5:1e:48:03:39:
                    71:2e:84:23:46:d9:ee:cd:b4:aa:53:0e:26:a1:cf:
                    1e:b6:1c:2c:79:8c:96:7c:1a:45:c0:0b:0e:be:90:
                    60:4a:64:d8:65:3b:5a:bb:89:55:f0:4f:cd:61:43:
                    47:d9:8d:9e:c2:c7:17:2c:d0:54:b4:7c:b8:11:14:
                    e9:47:8d:35:ce:d0:fe:55:e3:e0:70:be:20:57:8c:
                    31:cb:48:22:11:25:2a:15:04:dd:2e:bc:49:eb:42:
                    bd:b1:ea:f7:41:fb:77:a0:f0:18:a3:0f:c5:45:e1:
                    a4:ee:d1:bf:d5:69:ca:8f:0c:ca:8a:21:3c:a6:20:
                    e5:80:16:f7:a4:8e:a7:71:aa:55:c5:2d:63:72:ae:
                    47:3b:f8:79:3a:d3:bc:e6:78:02:65:a5:64:55:4d:
                    60:f8:bb:bf:6e:6e:98:f0:41:61:e7:ac:42:74:15:
                    e1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:B4:F8:38:5A:67:43:72:B9:AD:FF:3E:BA:17:A3:47:F9:DE:3C:43
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ALT4OFpnQ3K5rf8-uhejR_nePEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.97.162.0/24
                  194.102.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:75:ee:1d:68:24:75:9e:31:f4:85:67:86:9c:fd:ac:79:15:
         05:05:64:e3:3d:26:17:72:f1:27:ee:e8:37:0e:3b:46:b1:38:
         06:d3:58:98:5f:3f:73:de:a9:4f:47:1b:d6:2e:7a:d2:ca:f7:
         28:90:ed:bf:41:cf:d3:ea:4c:8f:f5:0a:61:59:b2:4c:e8:6f:
         8f:3c:a8:99:ce:37:46:94:f6:b0:01:bf:ca:35:d6:0e:fc:35:
         93:b7:8f:78:02:73:e5:98:99:57:ff:42:4c:2b:11:c6:44:02:
         c3:37:c5:f8:72:d0:8f:30:8d:5e:66:66:1d:cc:f5:65:13:2e:
         b9:bd:c6:43:c3:6b:21:65:07:4a:40:7e:5d:8e:3b:49:8e:26:
         58:f9:0b:1e:ab:0e:f7:cf:0e:71:e4:cf:8e:4b:49:4c:c5:d3:
         ea:ee:b0:b2:00:70:c0:76:e7:d6:7d:1c:3f:b5:c2:5a:4b:e3:
         d4:9b:30:94:c7:a2:22:99:15:ec:a2:60:ed:fe:ea:97:0d:74:
         9f:48:c3:b3:e7:3a:0b:3b:26:a2:c2:a0:3f:4f:13:6c:b5:cf:
         0e:07:92:f4:49:54:51:e9:62:dd:06:4e:38:00:0c:90:62:5e:
         81:80:0c:7a:0b:22:98:2c:a9:30:f1:4a:a5:44:ef:18:cc:f6:
         0c:80:26:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjgzKXBL/f2aoYjSolGkfQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwODI1MTAzNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGI0ZjgzODVhNjc0MzcyYjlhZGZmM2ViYTE3YTM0N2Y5ZGUzYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaervVVEcYceFDa7VMr7tDw/cAV5
4/ix9Z1l9s3KuL50OHeay4fQyg5hWwOf9VKgrPaRqTEauGNGlJOuHTQgFe4ri7cx
FZFe/evLjucjRHs42p0j5R5IAzlxLoQjRtnuzbSqUw4moc8ethwseYyWfBpFwAsO
vpBgSmTYZTtau4lV8E/NYUNH2Y2ewscXLNBUtHy4ERTpR401ztD+VePgcL4gV4wx
y0giESUqFQTdLrxJ60K9ser3Qft3oPAYow/FReGk7tG/1WnKjwzKiiE8piDlgBb3
pI6ncapVxS1jcq5HO/h5OtO85ngCZaVkVU1g+Lu/bm6Y8EFh56xCdBXhzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAC0+DhaZ0Nyua3/ProXo0f53jxDMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvQUxUNE9GcG5RM0s1cmY4LXVoZWpSX25lUEVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUGGiAwQA
wmbaMA0GCSqGSIb3DQEBCwUAA4IBAQBude4daCR1njH0hWeGnP2seRUFBWTjPSYX
cvEn7ug3DjtGsTgG01iYXz9z3qlPRxvWLnrSyvcokO2/Qc/T6kyP9QphWbJM6G+P
PKiZzjdGlPawAb/KNdYO/DWTt494AnPlmJlX/0JMKxHGRALDN8X4ctCPMI1eZmYd
zPVlEy65vcZDw2shZQdKQH5djjtJjiZY+Qseqw73zw5x5M+OS0lMxdPq7rCyAHDA
dufWfRw/tcJaS+PUmzCUx6IimRXsomDt/uqXDXSfSMOz5zoLOyaiwqA/TxNstc8O
B5L0SVRR6WLdBk44AAyQYl6BgAx6CyKYLKkw8UqlRO8YzPYMgCYx
-----END CERTIFICATE-----