Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/dvBxJJqlGtZryzY3toj8ouVTkLU.roa
File:                     dvBxJJqlGtZryzY3toj8ouVTkLU.roa (raw, json)
Hash identifier:          eVjQO6sO3g8AfAqbAH1xc3TZsx59WAMu1L2LYGKpeik=
Subject key identifier:   76:F0:71:24:9A:A5:1A:D6:6B:CB:36:37:B6:88:FC:A2:E5:53:90:B5
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       0197F3EAAD2648563FE22CB8752804AC8D2C
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/dvBxJJqlGtZryzY3toj8ouVTkLU.roa
Signing time:             Thu 10 Jul 2025 10:38:52 +0000
ROA not before:           Thu 10 Jul 2025 10:38:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204300
IP address blocks:        94.131.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:ea:ad:26:48:56:3f:e2:2c:b8:75:28:04:ac:8d:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jul 10 10:38:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76f071249aa51ad66bcb3637b688fca2e55390b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:68:70:ac:a0:cb:7b:99:b2:9a:76:46:b3:c7:
                    50:2c:36:a3:32:88:9c:52:86:74:37:e4:6e:a7:9f:
                    97:b3:21:81:70:7b:42:3f:38:ca:fd:9f:f1:d1:15:
                    96:73:e5:73:db:b7:04:b1:17:87:17:23:59:1a:e1:
                    2a:1d:7f:66:27:61:9a:57:06:59:69:6e:d0:b5:6f:
                    ee:77:ff:53:54:8c:59:e9:31:eb:2e:f6:56:2b:67:
                    83:84:1f:15:f2:05:89:52:25:2a:d0:34:37:86:44:
                    21:1f:7d:69:0c:77:0f:f6:e2:c3:1f:22:f0:02:cf:
                    81:93:04:ae:af:01:67:6e:7e:9c:ec:27:d8:56:4e:
                    ad:ee:64:50:ac:d9:30:8b:a4:96:c9:ff:25:60:eb:
                    97:17:a0:ce:bc:d8:7f:89:7a:95:3f:b5:c3:0a:58:
                    14:9e:64:f7:cd:d7:c7:aa:eb:f8:a5:fe:95:a4:03:
                    6e:96:23:ff:86:e2:67:dc:8a:68:9b:48:d7:2c:18:
                    7f:e4:6f:d7:d7:d0:95:12:12:fe:a3:02:b6:de:6e:
                    29:73:67:ac:ba:94:29:6b:c1:29:d9:2c:16:49:f9:
                    34:24:b1:e3:0f:de:3c:ce:04:44:31:de:67:7e:e5:
                    1b:b4:6f:1c:97:ca:87:4b:82:9b:a9:e8:16:60:cc:
                    19:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:F0:71:24:9A:A5:1A:D6:6B:CB:36:37:B6:88:FC:A2:E5:53:90:B5
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/dvBxJJqlGtZryzY3toj8ouVTkLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:9c:09:1d:34:00:14:c9:4e:9a:4e:24:57:77:b7:78:54:b2:
         09:70:d7:08:f0:28:f1:9a:ab:05:1b:06:53:a9:6f:f7:06:a8:
         e2:b2:3f:ba:f2:2c:28:a7:03:52:43:1d:02:e2:43:38:c6:18:
         b0:0c:ed:bc:e3:dd:39:01:09:01:9e:93:78:4e:87:79:e7:1f:
         4a:8a:c7:0d:dd:73:ef:ea:1a:8b:78:3e:3a:d9:8a:88:f4:9a:
         c7:6f:92:90:8f:e1:45:20:4a:65:7c:b4:1e:02:e3:b1:ef:76:
         d0:fd:07:42:f7:7b:12:e6:1d:60:b3:e0:d0:73:8d:21:b7:cb:
         8c:e9:3f:98:48:bb:4e:f1:14:8c:38:d9:04:08:53:48:90:82:
         50:31:5c:39:26:27:14:d5:fd:ea:1e:ed:58:a2:30:c3:f2:92:
         1d:62:cf:96:e1:ef:ed:05:03:ce:32:9f:f5:3d:ef:63:7e:5f:
         50:20:19:cc:64:16:62:0f:1b:c9:36:a2:82:fc:2a:36:56:37:
         21:b5:97:f5:e3:d3:87:ab:64:ed:f7:2d:77:b0:68:3a:82:6e:
         98:86:44:dd:5e:6f:d9:91:59:0b:75:63:48:ac:b9:6b:92:31:
         4c:41:47:2d:24:7a:d5:94:21:47:f1:9e:6f:58:f3:b3:8c:d1:
         74:33:0a:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfz6q0mSFY/4iy4dSgErI0sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwNzEwMTAzODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmYwNzEyNDlhYTUxYWQ2NmJjYjM2MzdiNjg4ZmNhMmU1NTM5MGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmhwrKDLe5mymnZGs8dQLDajMoic
UoZ0N+Rup5+XsyGBcHtCPzjK/Z/x0RWWc+Vz27cEsReHFyNZGuEqHX9mJ2GaVwZZ
aW7QtW/ud/9TVIxZ6THrLvZWK2eDhB8V8gWJUiUq0DQ3hkQhH31pDHcP9uLDHyLw
As+BkwSurwFnbn6c7CfYVk6t7mRQrNkwi6SWyf8lYOuXF6DOvNh/iXqVP7XDClgU
nmT3zdfHquv4pf6VpANuliP/huJn3Ipom0jXLBh/5G/X19CVEhL+owK23m4pc2es
upQpa8Ep2SwWSfk0JLHjD948zgREMd5nfuUbtG8cl8qHS4KbqegWYMwZcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbwcSSapRrWa8s2N7aI/KLlU5C1MB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvZHZCeEpKcWxHdFpyeXpZM3RvajhvdVZUa0xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXoMcMA0G
CSqGSIb3DQEBCwUAA4IBAQBUnAkdNAAUyU6aTiRXd7d4VLIJcNcI8CjxmqsFGwZT
qW/3Bqjisj+68iwopwNSQx0C4kM4xhiwDO284905AQkBnpN4Tod55x9KiscN3XPv
6hqLeD462YqI9JrHb5KQj+FFIEplfLQeAuOx73bQ/QdC93sS5h1gs+DQc40ht8uM
6T+YSLtO8RSMONkECFNIkIJQMVw5JicU1f3qHu1YojDD8pIdYs+W4e/tBQPOMp/1
Pe9jfl9QIBnMZBZiDxvJNqKC/Co2VjchtZf149OHq2Tt9y13sGg6gm6YhkTdXm/Z
kVkLdWNIrLlrkjFMQUctJHrVlCFH8Z5vWPOzjNF0MwrF
-----END CERTIFICATE-----