Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/lIsU5M82Q_Q6z8rDWhFmVz7T4Ec.roa
File:                     lIsU5M82Q_Q6z8rDWhFmVz7T4Ec.roa (raw, json)
Hash identifier:          HB9E/o72V0zVeoUgJVG284a4pw9VdNVj0soXlhohpjM=
Subject key identifier:   94:8B:14:E4:CF:36:43:F4:3A:CF:CA:C3:5A:11:66:57:3E:D3:E0:47
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       0198984C792B599A1943504B9EC9118DE664
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/lIsU5M82Q_Q6z8rDWhFmVz7T4Ec.roa
Signing time:             Mon 11 Aug 2025 08:43:25 +0000
ROA not before:           Mon 11 Aug 2025 08:43:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50569
IP address blocks:        194.44.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 02:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:4c:79:2b:59:9a:19:43:50:4b:9e:c9:11:8d:e6:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Aug 11 08:43:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=948b14e4cf3643f43acfcac35a1166573ed3e047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:a7:cb:49:69:54:94:cc:e4:fc:df:33:f2:93:
                    8d:e2:ae:9e:b0:81:20:b6:9f:38:ec:d0:8c:89:18:
                    10:c7:18:19:2c:7b:2a:3a:ed:fd:76:a6:1a:74:08:
                    d4:76:f3:b7:7f:a5:66:46:28:34:eb:37:d2:93:dd:
                    a4:a2:7b:30:1c:05:47:0a:5d:1c:5b:98:fa:97:c8:
                    2c:96:59:42:a0:58:31:5c:a0:13:f7:3d:21:f6:5c:
                    9e:df:f6:37:45:0b:19:2a:72:91:da:33:74:98:25:
                    32:cc:8d:18:98:20:bd:68:27:90:b8:67:46:b8:31:
                    c1:c7:21:84:0b:06:e6:77:2c:d4:2e:10:52:2f:38:
                    e3:71:b4:d1:58:d6:01:4e:f6:89:ec:eb:14:d6:26:
                    10:18:6c:93:db:eb:cd:f9:1d:6e:db:27:a2:41:11:
                    ce:45:1e:1f:6f:ea:ca:fe:70:a1:12:6a:1b:85:11:
                    a9:f4:58:d4:b4:ba:8a:75:be:df:16:23:df:65:bd:
                    cd:4a:09:26:cb:19:f4:17:08:0a:e3:d6:bf:68:65:
                    fc:e3:60:81:f1:c3:27:8a:61:f8:16:22:de:cc:48:
                    98:13:fc:b5:a3:cf:5a:ab:69:3f:10:0f:c0:c0:64:
                    d1:c5:ec:79:da:d3:7c:4f:16:2d:91:48:49:f8:39:
                    b1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:8B:14:E4:CF:36:43:F4:3A:CF:CA:C3:5A:11:66:57:3E:D3:E0:47
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/lIsU5M82Q_Q6z8rDWhFmVz7T4Ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:8b:bd:3e:51:50:ba:90:88:7d:18:6c:69:b5:a3:9e:5f:d3:
         55:e6:0d:17:92:94:bf:3a:e9:9f:0d:f6:53:9c:c7:d4:c6:d0:
         3f:ed:1c:b4:eb:8e:43:68:92:2b:39:ee:af:c4:e1:ab:d7:41:
         74:3c:ca:81:09:24:80:be:c1:02:1a:da:bf:d4:a4:59:7e:95:
         07:2a:8a:28:eb:ad:71:07:3c:3e:f2:c0:32:53:1a:2c:4f:b9:
         1b:dd:01:27:2d:09:3d:b3:02:b7:bb:8a:19:dc:49:fb:e2:15:
         74:2b:63:68:36:ea:d6:36:7e:70:9f:4e:36:1f:ec:d5:11:eb:
         f4:cb:ce:2a:d2:37:da:07:2a:97:e9:33:cc:d0:55:82:0e:fe:
         4e:78:2f:19:c7:dd:45:54:47:63:9e:71:ae:3f:47:61:e3:9c:
         06:f1:99:92:f8:d9:f5:37:0d:03:96:da:dc:99:2e:9d:17:79:
         4e:32:58:d6:ab:11:bf:5e:64:d5:de:a6:b7:7b:4f:80:13:dc:
         af:75:dd:f4:b6:b1:9b:11:06:c7:2a:84:41:ea:a3:49:36:69:
         22:bd:98:64:7e:d9:cd:c6:0b:14:b7:c6:40:56:08:55:f1:78:
         80:0d:9b:ee:4a:a4:7e:78:5e:59:79:9b:ce:f6:5f:14:50:68:
         aa:dd:a8:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYTHkrWZoZQ1BLnskRjeZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjUwODExMDg0MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDhiMTRlNGNmMzY0M2Y0M2FjZmNhYzM1YTExNjY1NzNlZDNlMDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3qfLSWlUlMzk/N8z8pON4q6esIEg
tp847NCMiRgQxxgZLHsqOu39dqYadAjUdvO3f6VmRig06zfSk92konswHAVHCl0c
W5j6l8gslllCoFgxXKAT9z0h9lye3/Y3RQsZKnKR2jN0mCUyzI0YmCC9aCeQuGdG
uDHBxyGECwbmdyzULhBSLzjjcbTRWNYBTvaJ7OsU1iYQGGyT2+vN+R1u2yeiQRHO
RR4fb+rK/nChEmobhRGp9FjUtLqKdb7fFiPfZb3NSgkmyxn0FwgK49a/aGX842CB
8cMnimH4FiLezEiYE/y1o89aq2k/EA/AwGTRxex52tN8TxYtkUhJ+DmxaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSLFOTPNkP0Os/Kw1oRZlc+0+BHMB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvbElzVTVNODJRX1E2ejhyRFdoRm1WejdUNEVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiwcMA0G
CSqGSIb3DQEBCwUAA4IBAQCWi70+UVC6kIh9GGxptaOeX9NV5g0XkpS/OumfDfZT
nMfUxtA/7Ry0645DaJIrOe6vxOGr10F0PMqBCSSAvsECGtq/1KRZfpUHKooo661x
Bzw+8sAyUxosT7kb3QEnLQk9swK3u4oZ3En74hV0K2NoNurWNn5wn042H+zVEev0
y84q0jfaByqX6TPM0FWCDv5OeC8Zx91FVEdjnnGuP0dh45wG8ZmS+Nn1Nw0Dltrc
mS6dF3lOMljWqxG/XmTV3qa3e0+AE9yvdd30trGbEQbHKoRB6qNJNmkivZhkftnN
xgsUt8ZAVghV8XiADZvuSqR+eF5ZeZvO9l8UUGiq3aiK
-----END CERTIFICATE-----