Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-N3faPm8Th-e-QxR1it5tprCTsg.roa
File:                     1-N3faPm8Th-e-QxR1it5tprCTsg.roa (raw, json)
Hash identifier:          3LGVj7mpgJA/NUWR31fcwQYiDAUPS39xCpbHXscG2os=
Subject key identifier:   F8:DD:DF:68:F9:BC:4E:1F:9E:F9:0C:51:D6:2B:79:B6:9A:C2:4E:C8
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197D4DFC24252E0FEC0C57D28233A56715B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-N3faPm8Th-e-QxR1it5tprCTsg.roa
Signing time:             Fri 04 Jul 2025 09:58:43 +0000
ROA not before:           Fri 04 Jul 2025 09:58:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44436
IP address blocks:        94.183.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 16:32:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:df:c2:42:52:e0:fe:c0:c5:7d:28:23:3a:56:71:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul  4 09:58:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8dddf68f9bc4e1f9ef90c51d62b79b69ac24ec8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b5:91:da:0e:52:53:39:aa:ca:63:68:52:7f:
                    25:f3:67:77:db:ab:4f:90:a5:d3:b6:93:a6:62:1f:
                    e1:f0:bc:ff:47:b3:1c:b8:85:ab:11:18:b0:3f:e7:
                    9e:c1:d3:20:60:46:8e:61:0d:fd:89:68:1a:8a:37:
                    f2:f3:ed:86:20:e8:37:01:0d:68:6f:4a:cf:ff:98:
                    1b:a2:b8:42:ea:3c:ef:38:38:51:63:bf:cd:41:7e:
                    9e:11:50:cf:58:47:56:bc:be:82:2e:db:45:d1:35:
                    34:40:8b:8e:e1:5f:d9:1f:28:b6:0d:93:b1:7d:02:
                    be:0b:9b:37:71:35:9a:3d:73:66:ee:d5:00:42:36:
                    36:08:32:37:94:7f:cf:7d:d5:5b:6c:29:67:d7:62:
                    55:9d:d1:9d:54:e6:c5:df:e8:5b:95:04:ae:d3:78:
                    23:da:a1:66:7b:1a:75:a0:6b:66:2d:70:5b:83:94:
                    08:93:e4:46:2c:b7:d7:fa:46:23:a5:99:21:07:ce:
                    96:6b:c6:fd:cd:49:4d:d4:ba:64:07:58:3f:f7:52:
                    08:4c:7c:84:f4:bf:a7:32:c7:91:17:8d:75:5c:87:
                    51:07:c0:b8:5e:7f:f8:72:00:45:36:6e:d3:fd:42:
                    99:dc:16:14:f4:ed:e6:10:bb:36:c6:23:fd:3f:dc:
                    c5:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:DD:DF:68:F9:BC:4E:1F:9E:F9:0C:51:D6:2B:79:B6:9A:C2:4E:C8
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-N3faPm8Th-e-QxR1it5tprCTsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:59:7a:94:9e:a8:04:70:18:54:57:35:75:4a:aa:7e:7a:80:
         f4:85:e3:d3:cd:69:87:54:17:6f:4d:63:d1:60:f0:b0:2e:79:
         3f:d3:b7:2c:1e:86:1b:c9:46:96:8f:13:41:d1:be:34:47:1a:
         26:6c:cb:f6:fc:8f:a9:f9:88:f1:f7:ba:bc:9b:cb:49:9a:7f:
         79:03:ab:f7:9b:48:77:da:a2:f8:2e:fd:a4:92:65:41:d3:12:
         1e:64:f5:36:1c:17:bc:d0:19:b7:dc:3e:df:c0:d2:3f:1f:c4:
         05:08:f5:6b:0f:da:27:b7:7f:21:5e:cc:fe:04:e3:62:3d:e4:
         39:14:e8:50:7f:3b:23:0b:11:73:6a:3e:26:f3:a3:ba:2f:53:
         8f:85:71:a4:69:a0:03:98:ed:62:8f:fc:f3:b5:d2:92:79:5a:
         c7:10:45:57:b6:f0:4b:15:7e:f4:fb:90:a9:18:56:27:8b:c1:
         df:f8:4c:40:5d:b9:d9:7e:80:6c:38:4d:49:28:63:08:16:d6:
         a7:0c:a6:2e:b9:74:92:19:1a:da:e0:7e:0e:bf:08:50:e2:c8:
         01:c4:8e:d4:f7:30:26:04:f9:2f:41:d0:09:a3:92:69:4e:58:
         1c:f6:51:e9:0e:8a:b3:db:6b:eb:9e:81:d0:7a:e7:8c:75:dc:
         0b:95:ed:ac
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfU38JCUuD+wMV9KCM6VnFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzA0MDk1ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGRkZGY2OGY5YmM0ZTFmOWVmOTBjNTFkNjJiNzliNjlhYzI0ZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLWR2g5SUzmqymNoUn8l82d326tP
kKXTtpOmYh/h8Lz/R7McuIWrERiwP+eewdMgYEaOYQ39iWgaijfy8+2GIOg3AQ1o
b0rP/5gborhC6jzvODhRY7/NQX6eEVDPWEdWvL6CLttF0TU0QIuO4V/ZHyi2DZOx
fQK+C5s3cTWaPXNm7tUAQjY2CDI3lH/PfdVbbCln12JVndGdVObF3+hblQSu03gj
2qFmexp1oGtmLXBbg5QIk+RGLLfX+kYjpZkhB86Wa8b9zUlN1LpkB1g/91IITHyE
9L+nMseRF411XIdRB8C4Xn/4cgBFNm7T/UKZ3BYU9O3mELs2xiP9P9zFewIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjd32j5vE4fnvkMUdYrebaawk7IMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMS1OM2ZhUG04VGgtZS1ReFIxaXQ1dHByQ1RzZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTIvNTExZjk1LWU0YmYtNDNmMS1hZjJmLWI4MTFjZmNiOWZk
NS8xL1R4c0pYNnRuWXp3Qko5WWY5b1Y0Wk9wckpjVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF63oDAN
BgkqhkiG9w0BAQsFAAOCAQEAZFl6lJ6oBHAYVFc1dUqqfnqA9IXj081ph1QXb01j
0WDwsC55P9O3LB6GG8lGlo8TQdG+NEcaJmzL9vyPqfmI8fe6vJvLSZp/eQOr95tI
d9qi+C79pJJlQdMSHmT1NhwXvNAZt9w+38DSPx/EBQj1aw/aJ7d/IV7M/gTjYj3k
ORToUH87IwsRc2o+JvOjui9Tj4VxpGmgA5jtYo/887XSknlaxxBFV7bwSxV+9PuQ
qRhWJ4vB3/hMQF252X6AbDhNSShjCBbWpwymLrl0khka2uB+Dr8IUOLIAcSO1Pcw
JgT5L0HQCaOSaU5YHPZR6Q6Ks9tr656B0HrnjHXcC5XtrA==
-----END CERTIFICATE-----