Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/JQHcV8OOuQy1QSZyp2cuqOKhFPY.roa
File:                     JQHcV8OOuQy1QSZyp2cuqOKhFPY.roa (raw, json)
Hash identifier:          aBTrfIT3ktKIIu+swwWMWw3Bg8+yjsrokXyn1wHp47Y=
Subject key identifier:   25:01:DC:57:C3:8E:B9:0C:B5:41:26:72:A7:67:2E:A8:E2:A1:14:F6
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       0198984D642B6B520A4D3C53D1FE06D6FE6A
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/JQHcV8OOuQy1QSZyp2cuqOKhFPY.roa
Signing time:             Mon 11 Aug 2025 08:44:25 +0000
ROA not before:           Mon 11 Aug 2025 08:44:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215483
IP address blocks:        194.44.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 02:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:4d:64:2b:6b:52:0a:4d:3c:53:d1:fe:06:d6:fe:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Aug 11 08:44:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2501dc57c38eb90cb5412672a7672ea8e2a114f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:1c:69:00:80:84:73:06:85:71:34:18:90:04:
                    87:f2:14:9d:5b:07:e1:00:5e:9d:7e:41:b1:a6:7b:
                    30:0b:94:02:b1:fd:1d:8c:81:eb:f8:e3:00:8d:64:
                    6f:4e:6f:23:b1:64:1d:b7:25:80:c2:41:d3:08:60:
                    dc:ab:4a:b6:dd:04:db:6b:08:d3:c1:dd:3e:d0:d4:
                    9d:ed:66:2a:60:5c:9a:7c:2e:88:4c:dd:3c:33:f1:
                    d7:6a:74:66:25:11:44:b5:50:65:c4:83:a2:5f:e6:
                    f1:5c:e3:ff:2b:2d:d6:f3:b4:bc:e0:63:ca:9e:de:
                    3d:00:22:62:87:35:c6:6e:18:da:30:ce:4b:f0:5a:
                    35:3e:ea:18:d7:80:fe:69:09:db:af:95:72:a9:23:
                    73:36:6e:de:e7:11:b8:17:df:a5:0f:eb:51:c8:47:
                    11:47:b4:64:f3:2d:bd:c3:ab:bf:8f:c5:83:19:8f:
                    70:ee:b9:9a:67:da:7e:af:cf:9d:22:bf:64:fd:b7:
                    c3:43:32:a7:42:5c:11:bd:30:31:25:17:c9:0a:dc:
                    b1:a2:45:b4:ef:a0:ce:64:96:10:87:8d:5a:8d:e4:
                    80:8f:9a:ff:c5:01:b6:d4:95:26:0a:b7:c5:5c:3c:
                    9b:d0:eb:d4:e0:39:b7:7c:3b:59:b0:e3:19:0c:42:
                    43:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:01:DC:57:C3:8E:B9:0C:B5:41:26:72:A7:67:2E:A8:E2:A1:14:F6
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/JQHcV8OOuQy1QSZyp2cuqOKhFPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:e6:29:e6:36:88:c5:c7:cd:9c:c3:00:61:7a:79:6e:11:22:
         d4:08:8d:ef:af:38:a6:68:b2:2a:73:d7:44:52:82:76:ae:70:
         bf:05:8e:27:b1:fc:cb:c5:a1:0c:32:c8:d5:5d:1d:7e:2b:7b:
         86:49:ea:4c:84:7b:22:76:a1:7e:b9:42:f8:1e:9e:f1:99:bc:
         c7:bb:16:5d:31:b1:9a:90:94:e0:2c:61:97:e9:3d:ed:22:02:
         de:d8:45:74:62:10:26:6f:61:50:70:98:69:de:d6:19:09:70:
         ce:48:78:c8:2c:b3:5f:c7:9a:43:2e:cc:56:7c:d5:9e:67:f3:
         41:d5:ac:a7:ce:5a:86:30:f2:6d:b6:7c:57:3d:bc:1e:cb:84:
         f4:bb:f3:76:64:56:6d:4e:cf:87:42:8d:8a:bb:18:9e:eb:c6:
         91:02:01:8b:ad:1e:93:0f:4d:0a:43:c0:ac:d9:79:7c:ae:61:
         27:e2:83:1c:99:c3:55:57:e6:a3:f6:d6:96:45:af:75:8b:33:
         28:4f:95:ed:53:6b:da:ef:c9:5c:4c:16:37:ce:b6:7a:4b:02:
         b9:40:92:6e:98:8a:ab:e4:9b:58:d1:6e:fc:50:66:26:83:d3:
         b5:f2:63:5a:2f:86:4b:45:85:52:5a:b8:68:56:e3:71:24:a3:
         73:22:ed:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYTWQra1IKTTxT0f4G1v5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjUwODExMDg0NDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTAxZGM1N2MzOGViOTBjYjU0MTI2NzJhNzY3MmVhOGUyYTExNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hxpAICEcwaFcTQYkASH8hSdWwfh
AF6dfkGxpnswC5QCsf0djIHr+OMAjWRvTm8jsWQdtyWAwkHTCGDcq0q23QTbawjT
wd0+0NSd7WYqYFyafC6ITN08M/HXanRmJRFEtVBlxIOiX+bxXOP/Ky3W87S84GPK
nt49ACJihzXGbhjaMM5L8Fo1PuoY14D+aQnbr5VyqSNzNm7e5xG4F9+lD+tRyEcR
R7Rk8y29w6u/j8WDGY9w7rmaZ9p+r8+dIr9k/bfDQzKnQlwRvTAxJRfJCtyxokW0
76DOZJYQh41ajeSAj5r/xQG21JUmCrfFXDyb0OvU4Dm3fDtZsOMZDEJDQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUB3FfDjrkMtUEmcqdnLqjioRT2MB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvSlFIY1Y4T091UXkxUVNaeXAyY3VxT0toRlBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiznMA0G
CSqGSIb3DQEBCwUAA4IBAQCS5inmNojFx82cwwBhenluESLUCI3vrzimaLIqc9dE
UoJ2rnC/BY4nsfzLxaEMMsjVXR1+K3uGSepMhHsidqF+uUL4Hp7xmbzHuxZdMbGa
kJTgLGGX6T3tIgLe2EV0YhAmb2FQcJhp3tYZCXDOSHjILLNfx5pDLsxWfNWeZ/NB
1aynzlqGMPJttnxXPbwey4T0u/N2ZFZtTs+HQo2Kuxie68aRAgGLrR6TD00KQ8Cs
2Xl8rmEn4oMcmcNVV+aj9taWRa91izMoT5XtU2va78lcTBY3zrZ6SwK5QJJumIqr
5JtY0W78UGYmg9O18mNaL4ZLRYVSWrhoVuNxJKNzIu1K
-----END CERTIFICATE-----