Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/oVPiQMn-UegBx2J-TQORMG9g6K0.roa
File:                     oVPiQMn-UegBx2J-TQORMG9g6K0.roa (raw, json)
Hash identifier:          4SSzKPc2mgWhQk6lB1aOXRB/10H0pRazL5v2Txj6Wns=
Subject key identifier:   A1:53:E2:40:C9:FE:51:E8:01:C7:62:7E:4D:03:91:30:6F:60:E8:AD
Certificate issuer:       /CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
Certificate serial:       0198EA9006FE05A925767DFBCA94E1045E5A
Authority key identifier: 1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/oVPiQMn-UegBx2J-TQORMG9g6K0.roa
Signing time:             Wed 27 Aug 2025 08:06:04 +0000
ROA not before:           Wed 27 Aug 2025 08:06:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        194.88.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 07:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:90:06:fe:05:a9:25:76:7d:fb:ca:94:e1:04:5e:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
        Validity
            Not Before: Aug 27 08:06:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a153e240c9fe51e801c7627e4d0391306f60e8ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:52:2b:7f:1a:c3:b3:d0:a9:f2:6b:14:21:37:
                    88:1c:38:a8:1f:c1:06:18:ee:f8:5a:ae:79:95:ba:
                    38:76:26:82:c1:01:83:75:00:06:d9:f5:52:0f:74:
                    7f:76:d7:ad:68:28:a1:22:c1:1c:fb:73:48:c2:51:
                    1d:bc:04:5d:9a:39:b0:f1:70:cd:d5:a8:59:2a:78:
                    ef:43:5c:27:1e:2d:2c:8c:a0:53:47:b1:c5:aa:6f:
                    b2:f5:4d:f3:f9:2b:9d:ea:33:f4:ee:bd:fd:df:37:
                    37:b5:4c:be:d4:1e:25:59:b1:69:07:bb:25:01:b2:
                    b2:89:a0:d5:81:82:b8:2a:4b:86:e5:09:de:1b:1b:
                    f4:79:83:cf:9f:4e:7a:93:f4:f7:cf:c5:f4:12:20:
                    ec:ea:05:dc:fb:ef:15:5c:b6:8e:73:cf:42:25:8e:
                    bf:2d:dc:14:7b:21:ee:50:2f:da:8b:22:8a:26:c3:
                    5a:e0:9b:95:13:b1:69:28:09:69:8c:7d:8a:85:8e:
                    ae:0e:08:9a:a2:ef:0d:d6:1a:95:0c:6b:d4:e2:96:
                    c7:42:f3:d3:22:74:7d:eb:27:c7:b7:da:36:52:ab:
                    5f:0c:6b:a2:e3:84:c3:1d:f9:94:4f:ec:af:1e:38:
                    1d:56:59:aa:f4:85:18:a5:41:5a:7e:e2:8d:74:e6:
                    9e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:53:E2:40:C9:FE:51:E8:01:C7:62:7E:4D:03:91:30:6F:60:E8:AD
            X509v3 Authority Key Identifier:
                keyid:1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/oVPiQMn-UegBx2J-TQORMG9g6K0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:4e:a9:d6:17:12:67:da:70:1f:38:86:60:1c:19:2f:7d:6e:
         9c:a1:a4:a3:f0:44:c7:40:d3:97:71:a1:5a:59:83:66:70:d5:
         f6:6a:fb:6e:b5:ad:d1:44:6e:76:15:d4:de:14:53:de:6c:0f:
         e2:59:a1:1e:c3:89:11:f3:81:58:6b:66:13:95:7b:48:4b:b1:
         2f:90:3b:70:2f:77:aa:3c:bc:18:61:71:68:6c:07:53:d6:8c:
         1c:ef:fa:b3:5f:0c:52:e0:d1:0c:c1:9c:4b:78:78:6d:99:05:
         8c:19:df:c6:64:98:4d:51:c4:cd:29:8d:e8:c6:a7:f2:14:e6:
         07:49:48:d5:ba:4c:2a:86:8f:e1:f2:39:f9:f2:05:7f:4c:b5:
         7e:16:17:c2:6e:5a:5d:f1:01:02:88:d0:45:11:5d:e4:e8:c0:
         7a:c1:4e:3f:d4:e5:9b:a2:7f:8a:ca:ca:40:bc:a0:f8:fd:b3:
         9e:26:7e:fe:c7:17:34:42:4c:6d:0c:9d:b4:9f:67:b4:85:7f:
         13:b8:b8:4b:3f:6c:58:91:37:63:a8:a5:63:bc:27:81:a9:a6:
         44:ec:e7:0d:61:1f:28:de:ad:f6:6e:d8:9b:54:3f:f1:20:52:
         48:cc:b0:54:86:42:3a:30:db:80:21:9f:26:b8:f7:35:1c:f9:
         d2:8f:a0:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjqkAb+Bakldn37ypThBF5aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNGU2YTFkM2NjMWU0ZjNkYzAxYWI5NmM5NDE5NmI5YzQ5
ZDI5MTYwHhcNMjUwODI3MDgwNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTUzZTI0MGM5ZmU1MWU4MDFjNzYyN2U0ZDAzOTEzMDZmNjBlOGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VIrfxrDs9Cp8msUITeIHDioH8EG
GO74Wq55lbo4diaCwQGDdQAG2fVSD3R/dtetaCihIsEc+3NIwlEdvARdmjmw8XDN
1ahZKnjvQ1wnHi0sjKBTR7HFqm+y9U3z+Sud6jP07r393zc3tUy+1B4lWbFpB7sl
AbKyiaDVgYK4KkuG5QneGxv0eYPPn056k/T3z8X0EiDs6gXc++8VXLaOc89CJY6/
LdwUeyHuUC/aiyKKJsNa4JuVE7FpKAlpjH2KhY6uDgiaou8N1hqVDGvU4pbHQvPT
InR96yfHt9o2UqtfDGui44TDHfmUT+yvHjgdVlmq9IUYpUFafuKNdOaeIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFT4kDJ/lHoAcdifk0DkTBvYOitMB8GA1UdIwQY
MBaAFBxOah08weTz3AGrlslBlrnEnSkWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYt
MWE0MmY2MzJjMzA3LzEvb1ZQaVFNbi1VZWdCeDJKLVRRT1JNRzlnNkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYtMWE0MmY2MzJjMzA3
LzEvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwljoMA0G
CSqGSIb3DQEBCwUAA4IBAQAuTqnWFxJn2nAfOIZgHBkvfW6coaSj8ETHQNOXcaFa
WYNmcNX2avtuta3RRG52FdTeFFPebA/iWaEew4kR84FYa2YTlXtIS7EvkDtwL3eq
PLwYYXFobAdT1owc7/qzXwxS4NEMwZxLeHhtmQWMGd/GZJhNUcTNKY3oxqfyFOYH
SUjVukwqho/h8jn58gV/TLV+FhfCblpd8QECiNBFEV3k6MB6wU4/1OWbon+KyspA
vKD4/bOeJn7+xxc0QkxtDJ20n2e0hX8TuLhLP2xYkTdjqKVjvCeBqaZE7OcNYR8o
3q32btibVD/xIFJIzLBUhkI6MNuAIZ8muPc1HPnSj6AQ
-----END CERTIFICATE-----