Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/106b3f-55a3-4558-8013-4bee3274c698/1/yIyDsEh1dvcmsUPH7E2Ou8dLDUQ.roa
File:                     yIyDsEh1dvcmsUPH7E2Ou8dLDUQ.roa (raw, json)
Hash identifier:          wtZTOXp1JfHeuiQ37lVv2g4xea2Kfo548MrcJ05G7l8=
Subject key identifier:   C8:8C:83:B0:48:75:76:F7:26:B1:43:C7:EC:4D:8E:BB:C7:4B:0D:44
Certificate issuer:       /CN=3109a8d70fa4478935b05c0621f6889552405daf
Certificate serial:       0197B2CBAF343CA22BB01283F8BE523A5A45
Authority key identifier: 31:09:A8:D7:0F:A4:47:89:35:B0:5C:06:21:F6:88:95:52:40:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MQmo1w-kR4k1sFwGIfaIlVJAXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/106b3f-55a3-4558-8013-4bee3274c698/1/yIyDsEh1dvcmsUPH7E2Ou8dLDUQ.roa
Signing time:             Fri 27 Jun 2025 19:09:42 +0000
ROA not before:           Fri 27 Jun 2025 19:09:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206869
IP address blocks:        195.138.56.0/24 maxlen: 24
                          2a06:d40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/106b3f-55a3-4558-8013-4bee3274c698/1/MQmo1w-kR4k1sFwGIfaIlVJAXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/106b3f-55a3-4558-8013-4bee3274c698/1/MQmo1w-kR4k1sFwGIfaIlVJAXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MQmo1w-kR4k1sFwGIfaIlVJAXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b2:cb:af:34:3c:a2:2b:b0:12:83:f8:be:52:3a:5a:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3109a8d70fa4478935b05c0621f6889552405daf
        Validity
            Not Before: Jun 27 19:09:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c88c83b0487576f726b143c7ec4d8ebbc74b0d44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:70:47:3f:09:cb:b6:00:ef:ab:4e:5d:a1:5b:
                    e5:20:19:ea:f7:f9:0e:a8:74:ec:70:bb:e1:9e:1f:
                    e0:83:0e:de:c9:b9:07:e4:da:94:83:93:7a:b2:bc:
                    95:4d:77:d0:d5:34:e5:ab:a8:e4:12:21:75:66:6c:
                    cb:fa:b8:f8:3a:73:5f:63:75:34:ae:dc:fa:35:f3:
                    4f:a6:fe:de:b5:3a:9a:8b:c7:34:b5:3b:66:d8:a2:
                    bc:e9:77:19:2d:8d:03:00:18:e8:70:b0:8c:ed:66:
                    c2:e4:e6:a4:75:b9:8a:5e:26:33:6b:86:51:e8:27:
                    68:69:06:c8:f1:c5:7a:5f:cc:b2:21:e3:97:8b:c8:
                    3f:a2:44:a6:a3:0d:c6:36:af:13:25:1d:36:ac:7d:
                    c7:c4:0d:f5:62:c6:97:cf:3a:79:ec:35:6e:a7:1e:
                    62:af:75:cf:84:e9:81:bf:d3:cd:19:77:c1:28:88:
                    4a:82:45:8a:c1:2a:2c:bc:1a:19:3e:e7:6a:25:0b:
                    7f:fa:47:57:e6:80:8e:ce:ba:08:df:cd:ea:15:72:
                    ad:6d:37:16:2a:44:bb:cc:6c:eb:bc:60:65:21:de:
                    f7:79:98:cd:6c:a3:d8:5f:e9:65:64:f2:a7:eb:a2:
                    33:75:6d:8a:2c:c1:71:83:da:26:7a:dd:ec:23:30:
                    1d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:8C:83:B0:48:75:76:F7:26:B1:43:C7:EC:4D:8E:BB:C7:4B:0D:44
            X509v3 Authority Key Identifier:
                keyid:31:09:A8:D7:0F:A4:47:89:35:B0:5C:06:21:F6:88:95:52:40:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MQmo1w-kR4k1sFwGIfaIlVJAXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/106b3f-55a3-4558-8013-4bee3274c698/1/yIyDsEh1dvcmsUPH7E2Ou8dLDUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/106b3f-55a3-4558-8013-4bee3274c698/1/MQmo1w-kR4k1sFwGIfaIlVJAXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.138.56.0/24
                IPv6:
                  2a06:d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:a1:c0:f0:2d:5c:d7:f2:f9:18:e3:7d:ff:02:18:af:3a:e1:
         0d:53:ae:32:91:b4:44:15:81:ee:c7:24:22:55:8b:05:cc:3c:
         2f:3e:1d:c6:9a:e4:5c:e6:21:f9:65:8e:a9:bf:65:aa:c4:98:
         da:6a:9b:9a:45:6e:5b:da:53:f7:d0:aa:b9:82:d6:25:eb:8f:
         e5:c0:4e:ce:9c:a7:84:96:22:9a:d2:f2:c6:16:b7:94:e3:7b:
         8c:0b:a3:06:e3:f6:45:78:ff:30:13:cf:4b:d4:ea:b8:67:f7:
         e6:78:68:05:fa:d2:1b:e7:87:61:89:08:a0:dd:19:ce:e0:4a:
         b3:1b:4b:30:72:5c:f9:14:c6:be:d5:bf:b2:ea:59:e3:48:9f:
         db:45:af:ee:f2:e0:f2:40:81:cb:29:88:dd:a2:cd:c0:bd:ad:
         8c:b3:ac:0a:84:39:ca:16:d8:ad:3c:b6:e8:ff:cb:15:f0:9f:
         24:ea:74:39:a6:47:0b:bc:51:61:96:c5:bd:c9:bc:6e:e5:db:
         04:df:00:05:ea:5f:c1:8f:41:be:df:ff:3f:c3:f1:f8:49:58:
         fb:6b:ce:f8:d1:c9:39:20:ca:19:9e:35:c6:63:e8:65:9d:ec:
         61:f3:23:e6:be:b7:5f:15:66:73:b1:de:e4:72:75:4f:78:82:
         ba:01:f8:bc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZeyy680PKIrsBKD+L5SOlpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMDlhOGQ3MGZhNDQ3ODkzNWIwNWMwNjIxZjY4ODk1NTI0
MDVkYWYwHhcNMjUwNjI3MTkwOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODhjODNiMDQ4NzU3NmY3MjZiMTQzYzdlYzRkOGViYmM3NGIwZDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHBHPwnLtgDvq05doVvlIBnq9/kO
qHTscLvhnh/ggw7eybkH5NqUg5N6sryVTXfQ1TTlq6jkEiF1ZmzL+rj4OnNfY3U0
rtz6NfNPpv7etTqai8c0tTtm2KK86XcZLY0DABjocLCM7WbC5OakdbmKXiYza4ZR
6CdoaQbI8cV6X8yyIeOXi8g/okSmow3GNq8TJR02rH3HxA31YsaXzzp57DVupx5i
r3XPhOmBv9PNGXfBKIhKgkWKwSosvBoZPudqJQt/+kdX5oCOzroI383qFXKtbTcW
KkS7zGzrvGBlId73eZjNbKPYX+llZPKn66IzdW2KLMFxg9omet3sIzAddwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMiMg7BIdXb3JrFDx+xNjrvHSw1EMB8GA1UdIwQY
MBaAFDEJqNcPpEeJNbBcBiH2iJVSQF2vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVFtbzF3LWtSNGsxc0Z3R0lmYUlsVkpBWGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8xMDZiM2YtNTVhMy00NTU4LTgwMTMt
NGJlZTMyNzRjNjk4LzEveUl5RHNFaDFkdmNtc1VQSDdFMk91OGRMRFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8xMDZiM2YtNTVhMy00NTU4LTgwMTMtNGJlZTMyNzRjNjk4
LzEvTVFtbzF3LWtSNGsxc0Z3R0lmYUlsVkpBWGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw4o4MA0E
AgACMAcDBQAqBg1AMA0GCSqGSIb3DQEBCwUAA4IBAQBfocDwLVzX8vkY433/Ahiv
OuENU64ykbREFYHuxyQiVYsFzDwvPh3GmuRc5iH5ZY6pv2WqxJjaapuaRW5b2lP3
0Kq5gtYl64/lwE7OnKeEliKa0vLGFreU43uMC6MG4/ZFeP8wE89L1Oq4Z/fmeGgF
+tIb54dhiQig3RnO4EqzG0swclz5FMa+1b+y6lnjSJ/bRa/u8uDyQIHLKYjdos3A
va2Ms6wKhDnKFtitPLbo/8sV8J8k6nQ5pkcLvFFhlsW9ybxu5dsE3wAF6l/Bj0G+
3/8/w/H4SVj7a8740ck5IMoZnjXGY+hlnexh8yPmvrdfFWZzsd7kcnVPeIK6Afi8
-----END CERTIFICATE-----