Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/dAFfVeRQHDh0WmpSmmqEgkhLBtY.roa
File:                     dAFfVeRQHDh0WmpSmmqEgkhLBtY.roa (raw, json)
Hash identifier:          u3HHw4rNRzAfW0hfQSsiDVFPNAx+TXWvqrwLoXpaKig=
Subject key identifier:   74:01:5F:55:E4:50:1C:38:74:5A:6A:52:9A:6A:84:82:48:4B:06:D6
Certificate issuer:       /CN=48a2e811f00bae16a447423f11e24217142cff7c
Certificate serial:       0197C2A28E44F9618A3D93254BA866E53F83
Authority key identifier: 48:A2:E8:11:F0:0B:AE:16:A4:47:42:3F:11:E2:42:17:14:2C:FF:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKLoEfALrhakR0I_EeJCFxQs_3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/dAFfVeRQHDh0WmpSmmqEgkhLBtY.roa
Signing time:             Mon 30 Jun 2025 20:58:42 +0000
ROA not before:           Mon 30 Jun 2025 20:58:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        89.37.41.0/24 maxlen: 24
                          188.241.7.0/24 maxlen: 24
                          2a14:ac80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/SKLoEfALrhakR0I_EeJCFxQs_3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/SKLoEfALrhakR0I_EeJCFxQs_3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKLoEfALrhakR0I_EeJCFxQs_3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Jul 2025 20:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c2:a2:8e:44:f9:61:8a:3d:93:25:4b:a8:66:e5:3f:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48a2e811f00bae16a447423f11e24217142cff7c
        Validity
            Not Before: Jun 30 20:58:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74015f55e4501c38745a6a529a6a8482484b06d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d7:8a:8a:56:ce:5d:76:b0:ca:9d:64:dc:eb:
                    0f:47:ab:65:48:bd:17:41:0f:6b:e1:28:18:30:91:
                    31:ad:de:fd:48:d3:12:c8:e5:0b:0e:72:b8:1c:2e:
                    ae:99:b5:47:97:c8:0e:54:4b:eb:e2:c2:18:f5:04:
                    b3:36:81:15:cd:4b:5f:79:02:6c:51:ed:c8:12:d3:
                    6a:e8:68:fd:70:90:f0:21:20:35:12:8b:83:b9:37:
                    6c:79:e7:16:d6:fd:64:65:97:1a:95:f8:ff:2b:e4:
                    4b:2d:05:97:f8:a2:9c:d9:4a:37:04:7a:0c:5d:44:
                    6a:25:38:8e:73:96:b7:28:a5:53:64:53:de:44:d4:
                    06:50:b9:c8:b4:4c:3a:33:39:ac:f8:2b:68:4b:95:
                    c7:0f:70:7d:a5:5b:1a:2b:d8:6c:18:2e:e9:9d:6c:
                    5d:e2:82:ae:02:40:d3:c1:79:3c:f1:d5:93:27:41:
                    46:2f:a2:fd:60:0f:99:c0:1e:6c:62:a3:a5:8c:38:
                    9b:8d:28:d3:34:0c:ed:b3:3b:a1:3d:75:bb:b2:aa:
                    dd:11:fc:3d:34:58:a2:44:a7:0c:d6:21:7e:5c:aa:
                    53:53:07:a3:87:22:ba:d7:54:3f:48:16:4c:bf:67:
                    25:a7:d5:6a:10:ff:8f:20:b3:5f:e3:e2:28:20:4f:
                    4f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:01:5F:55:E4:50:1C:38:74:5A:6A:52:9A:6A:84:82:48:4B:06:D6
            X509v3 Authority Key Identifier:
                keyid:48:A2:E8:11:F0:0B:AE:16:A4:47:42:3F:11:E2:42:17:14:2C:FF:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKLoEfALrhakR0I_EeJCFxQs_3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/dAFfVeRQHDh0WmpSmmqEgkhLBtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/SKLoEfALrhakR0I_EeJCFxQs_3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.41.0/24
                  188.241.7.0/24
                IPv6:
                  2a14:ac80::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:f9:18:f5:77:3b:e7:32:91:2a:75:79:f6:6f:73:5a:44:a1:
         e1:ee:50:56:fd:53:17:e4:62:cd:b4:2b:3b:1b:38:e4:65:4d:
         be:c8:8f:f2:ed:8b:bf:81:07:1a:c8:35:d3:98:3f:f0:f3:8a:
         0c:25:dd:93:ab:7e:2b:a4:21:25:c1:9a:7f:79:da:1b:42:4d:
         19:e7:a3:47:f2:4a:63:a6:9b:25:ca:30:ed:3b:ed:5b:89:c8:
         ec:c6:43:c7:05:4e:7e:dd:78:a1:bb:52:b2:57:0a:90:a6:69:
         69:4f:09:ad:95:9e:d3:83:c6:f4:7e:e8:28:a3:db:6b:56:17:
         11:62:fd:dd:eb:8f:47:9f:c1:54:c0:72:dd:db:55:7b:68:1d:
         10:e9:56:52:26:ee:a0:42:cd:b1:9d:de:3a:ab:0d:0c:af:f6:
         55:e2:95:2a:08:9a:04:72:79:b9:c7:2a:9d:78:47:d1:48:25:
         83:31:17:8c:3e:46:b6:eb:ab:2c:96:15:59:2a:24:a0:06:13:
         89:8f:56:6b:b2:d5:2c:be:5b:c4:a9:8e:ff:d1:ec:21:5c:86:
         99:2a:6a:1c:0b:eb:90:54:3e:97:7f:0e:ca:9e:92:9c:a1:1c:
         fd:fc:50:e5:06:7a:20:1c:1a:c9:94:98:21:7d:aa:17:ab:27:
         b6:82:94:02
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZfCoo5E+WGKPZMlS6hm5T+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YTJlODExZjAwYmFlMTZhNDQ3NDIzZjExZTI0MjE3MTQy
Y2ZmN2MwHhcNMjUwNjMwMjA1ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDAxNWY1NWU0NTAxYzM4NzQ1YTZhNTI5YTZhODQ4MjQ4NGIwNmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdeKilbOXXawyp1k3OsPR6tlSL0X
QQ9r4SgYMJExrd79SNMSyOULDnK4HC6umbVHl8gOVEvr4sIY9QSzNoEVzUtfeQJs
Ue3IEtNq6Gj9cJDwISA1EouDuTdseecW1v1kZZcalfj/K+RLLQWX+KKc2Uo3BHoM
XURqJTiOc5a3KKVTZFPeRNQGULnItEw6Mzms+CtoS5XHD3B9pVsaK9hsGC7pnWxd
4oKuAkDTwXk88dWTJ0FGL6L9YA+ZwB5sYqOljDibjSjTNAztszuhPXW7sqrdEfw9
NFiiRKcM1iF+XKpTUwejhyK611Q/SBZMv2clp9VqEP+PILNf4+IoIE9PmwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHQBX1XkUBw4dFpqUppqhIJISwbWMB8GA1UdIwQY
MBaAFEii6BHwC64WpEdCPxHiQhcULP98MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0tMb0VmQUxyaGFrUjBJX0VlSkNGeFFzXzN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8zMzQ0NGMtMDUyOS00ZmE5LWI3MTIt
MWFiYWRkMWIxMmQ2LzEvZEFGZlZlUlFIRGgwV21wU21tcUVna2hMQnRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8zMzQ0NGMtMDUyOS00ZmE5LWI3MTItMWFiYWRkMWIxMmQ2
LzEvU0tMb0VmQUxyaGFrUjBJX0VlSkNGeFFzXzN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAWSUpAwQA
vPEHMA8EAgACMAkDBwAqFKyAAAAwDQYJKoZIhvcNAQELBQADggEBAFX5GPV3O+cy
kSp1efZvc1pEoeHuUFb9UxfkYs20KzsbOORlTb7Ij/Lti7+BBxrINdOYP/Dzigwl
3ZOrfiukISXBmn952htCTRnno0fySmOmmyXKMO077VuJyOzGQ8cFTn7deKG7UrJX
CpCmaWlPCa2VntODxvR+6Cij22tWFxFi/d3rj0efwVTAct3bVXtoHRDpVlIm7qBC
zbGd3jqrDQyv9lXilSoImgRyebnHKp14R9FIJYMxF4w+RrbrqyyWFVkqJKAGE4mP
Vmuy1Sy+W8Spjv/R7CFchpkqahwL65BUPpd/DsqekpyhHP38UOUGeiAcGsmUmCF9
qherJ7aClAI=
-----END CERTIFICATE-----