Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/aOIjfYULj8ZZW-4gX-UQwdrDQ9U.roa
File:                     aOIjfYULj8ZZW-4gX-UQwdrDQ9U.roa (raw, json)
Hash identifier:          0raPVOn63vL6rgNpBZdFkEjdsenkXzmQ/PYsO0nF2sE=
Subject key identifier:   68:E2:23:7D:85:0B:8F:C6:59:5B:EE:20:5F:E5:10:C1:DA:C3:43:D5
Certificate issuer:       /CN=9681fc8c7337c6a1d20b84800df862a27e5fdbd7
Certificate serial:       019715E9BC6229A2EC0378C38D3176303B6D
Authority key identifier: 96:81:FC:8C:73:37:C6:A1:D2:0B:84:80:0D:F8:62:A2:7E:5F:DB:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/aOIjfYULj8ZZW-4gX-UQwdrDQ9U.roa
Signing time:             Wed 28 May 2025 08:02:09 +0000
ROA not before:           Wed 28 May 2025 08:02:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1257
IP address blocks:        195.8.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:e9:bc:62:29:a2:ec:03:78:c3:8d:31:76:30:3b:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9681fc8c7337c6a1d20b84800df862a27e5fdbd7
        Validity
            Not Before: May 28 08:02:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68e2237d850b8fc6595bee205fe510c1dac343d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0d:1f:57:38:20:f0:e6:da:01:af:8f:47:09:
                    bf:3a:f2:f9:6a:36:37:8d:de:ae:12:fd:94:6d:14:
                    ca:00:53:9f:98:e4:5e:5d:94:53:4c:d2:a8:63:bd:
                    f8:b2:a5:d1:85:9f:7c:63:ae:fd:d8:23:45:8e:fc:
                    30:76:8b:4e:2a:b9:95:0c:6b:b9:20:df:4b:7e:59:
                    a3:98:ff:b6:a1:3f:f0:c6:00:1e:13:63:ce:4d:8f:
                    88:4c:0f:4a:2c:4e:e3:f0:12:f6:fb:75:2a:9f:b9:
                    cc:13:83:e2:4c:7d:10:91:05:c9:69:77:44:2d:e7:
                    33:e1:e2:25:a2:af:4d:1e:1f:c5:60:fc:80:2f:0b:
                    3d:ba:ec:3c:ed:1c:bc:5a:9e:0d:a8:24:59:10:82:
                    aa:9b:14:7a:03:ad:b3:b7:45:52:f8:f9:f9:4d:08:
                    60:72:96:34:21:88:67:34:fe:bb:d8:b4:0b:80:80:
                    d2:bd:e6:59:4b:11:5a:bf:bd:1a:9e:a7:5e:ba:20:
                    0e:82:cc:5f:36:27:01:69:3f:03:a4:76:82:90:bd:
                    07:3d:0a:9b:0b:a6:20:b6:50:cf:8b:96:1f:46:6a:
                    06:9d:a3:d6:b9:20:ea:5a:d8:ed:42:48:8b:f9:ab:
                    7f:87:cc:4e:1e:70:90:f9:7a:4a:ff:d6:00:93:bc:
                    73:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E2:23:7D:85:0B:8F:C6:59:5B:EE:20:5F:E5:10:C1:DA:C3:43:D5
            X509v3 Authority Key Identifier:
                keyid:96:81:FC:8C:73:37:C6:A1:D2:0B:84:80:0D:F8:62:A2:7E:5F:DB:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/loH8jHM3xqHSC4SADfhion5f29c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/aOIjfYULj8ZZW-4gX-UQwdrDQ9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/40e5d5-ed41-4dd3-9332-53d96099d7b1/1/loH8jHM3xqHSC4SADfhion5f29c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:c7:6b:7b:82:b6:09:2d:f8:5b:90:21:cf:5d:e8:c4:4f:31:
         66:8c:7a:67:c9:7b:88:43:f0:24:ec:f1:ec:d1:d2:db:ce:1a:
         15:94:b1:85:56:0f:cf:61:05:69:7f:f8:6b:db:ac:89:95:39:
         d6:e9:1b:6a:2b:87:f8:25:30:7b:6b:b6:eb:00:d5:ac:0d:5c:
         b7:c8:f6:d7:cb:cf:b2:46:19:8d:59:91:46:48:59:30:cd:0d:
         19:a0:2a:73:e7:60:d5:ec:51:9b:9d:1f:a9:ee:a4:c2:62:48:
         38:fe:eb:b4:99:51:63:d0:bf:1c:55:29:a9:44:1d:0f:86:b1:
         a6:0a:5e:d6:32:e3:8b:da:0d:62:a3:22:70:f9:fd:48:d7:26:
         9b:14:4b:06:00:7f:07:cf:20:60:5d:af:1e:74:ae:91:46:7b:
         f7:7d:61:2b:ea:8c:1d:11:6b:63:2a:6d:69:20:76:62:cd:26:
         c6:c5:19:5b:d0:0b:57:8f:ff:7f:66:4c:ff:e6:19:91:1f:16:
         f5:10:ea:04:98:50:cd:91:95:36:97:bc:6f:00:99:85:17:fc:
         84:18:72:75:55:66:1c:c3:18:88:48:d2:71:81:4a:4a:a1:3c:
         f8:65:9f:05:74:00:ba:c2:1f:ea:46:a5:30:e2:38:df:86:9a:
         25:c5:38:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcV6bxiKaLsA3jDjTF2MDttMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ODFmYzhjNzMzN2M2YTFkMjBiODQ4MDBkZjg2MmEyN2U1
ZmRiZDcwHhcNMjUwNTI4MDgwMjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGUyMjM3ZDg1MGI4ZmM2NTk1YmVlMjA1ZmU1MTBjMWRhYzM0M2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0g0fVzgg8ObaAa+PRwm/OvL5ajY3
jd6uEv2UbRTKAFOfmOReXZRTTNKoY734sqXRhZ98Y6792CNFjvwwdotOKrmVDGu5
IN9LflmjmP+2oT/wxgAeE2POTY+ITA9KLE7j8BL2+3Uqn7nME4PiTH0QkQXJaXdE
Lecz4eIloq9NHh/FYPyALws9uuw87Ry8Wp4NqCRZEIKqmxR6A62zt0VS+Pn5TQhg
cpY0IYhnNP672LQLgIDSveZZSxFav70anqdeuiAOgsxfNicBaT8DpHaCkL0HPQqb
C6YgtlDPi5YfRmoGnaPWuSDqWtjtQkiL+at/h8xOHnCQ+XpK/9YAk7xzzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjiI32FC4/GWVvuIF/lEMHaw0PVMB8GA1UdIwQY
MBaAFJaB/IxzN8ah0guEgA34YqJ+X9vXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG9IOGpITTN4cUhTQzRTQURmaGlvbjVmMjljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny80MGU1ZDUtZWQ0MS00ZGQzLTkzMzIt
NTNkOTYwOTlkN2IxLzEvYU9JamZZVUxqOFpaVy00Z1gtVVF3ZHJEUTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny80MGU1ZDUtZWQ0MS00ZGQzLTkzMzItNTNkOTYwOTlkN2Ix
LzEvbG9IOGpITTN4cUhTQzRTQURmaGlvbjVmMjljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwhiMA0G
CSqGSIb3DQEBCwUAA4IBAQByx2t7grYJLfhbkCHPXejETzFmjHpnyXuIQ/Ak7PHs
0dLbzhoVlLGFVg/PYQVpf/hr26yJlTnW6RtqK4f4JTB7a7brANWsDVy3yPbXy8+y
RhmNWZFGSFkwzQ0ZoCpz52DV7FGbnR+p7qTCYkg4/uu0mVFj0L8cVSmpRB0PhrGm
Cl7WMuOL2g1ioyJw+f1I1yabFEsGAH8HzyBgXa8edK6RRnv3fWEr6owdEWtjKm1p
IHZizSbGxRlb0AtXj/9/Zkz/5hmRHxb1EOoEmFDNkZU2l7xvAJmFF/yEGHJ1VWYc
wxiISNJxgUpKoTz4ZZ8FdAC6wh/qRqUw4jjfhpolxTh6
-----END CERTIFICATE-----