Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/mEeEQY0ey8CTsOe4ojz1GXXgLAY.roa
File:                     mEeEQY0ey8CTsOe4ojz1GXXgLAY.roa (raw, json)
Hash identifier:          UNpewFCfGryY81edEZKVL/+q37bqXwMGckJf/qXqj3E=
Subject key identifier:   98:47:84:41:8D:1E:CB:C0:93:B0:E7:B8:A2:3C:F5:19:75:E0:2C:06
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       0197317C96F63D7F977BF710B6ECF955F171
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/mEeEQY0ey8CTsOe4ojz1GXXgLAY.roa
Signing time:             Mon 02 Jun 2025 16:32:17 +0000
ROA not before:           Mon 02 Jun 2025 16:32:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        80.93.192.0/24 maxlen: 24
                          80.93.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:31:7c:96:f6:3d:7f:97:7b:f7:10:b6:ec:f9:55:f1:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: Jun  2 16:32:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=984784418d1ecbc093b0e7b8a23cf51975e02c06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:dc:ed:87:97:fa:78:88:b0:f3:86:ac:40:13:
                    43:b3:f3:31:cb:a0:52:0b:a5:3e:d5:c9:c1:a4:72:
                    7c:84:4a:51:e0:fd:89:4d:0a:b0:57:f5:83:03:d8:
                    9e:cd:30:d5:7d:dc:40:70:39:38:f5:05:b0:d0:aa:
                    c5:6d:b8:a2:ce:93:98:48:1f:2f:b1:a3:6f:46:2b:
                    5b:54:da:f2:7f:04:33:c6:2d:b2:44:3f:e2:4b:27:
                    d0:42:22:38:98:c4:59:05:5a:cd:ed:97:4d:6f:7f:
                    12:a6:72:1c:0e:35:15:7c:bb:d2:64:03:79:8d:39:
                    f2:92:8e:55:af:f3:19:eb:48:8f:ea:d4:87:7a:73:
                    bb:b6:8b:a1:a4:06:79:ae:3a:ac:d5:d9:cb:ad:8a:
                    6b:d0:38:d0:20:99:85:1d:97:d2:82:93:15:42:0a:
                    10:cc:c0:2d:ba:dc:34:41:38:91:ff:bc:75:70:a3:
                    94:be:17:5c:ed:30:9f:28:d4:62:ca:a6:3c:fd:18:
                    5e:26:be:19:c5:07:64:a8:78:c8:b6:ea:ef:b6:d5:
                    7b:ba:43:63:26:7d:e1:ed:f4:23:f4:02:ff:ca:e7:
                    3d:dd:94:78:c0:3c:72:73:10:47:42:f8:2c:86:0e:
                    4c:ac:8d:c9:1c:66:6c:93:7a:42:50:b5:43:4f:4b:
                    e3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:47:84:41:8D:1E:CB:C0:93:B0:E7:B8:A2:3C:F5:19:75:E0:2C:06
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/mEeEQY0ey8CTsOe4ojz1GXXgLAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.192.0/24
                  80.93.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:08:9c:55:c5:49:f8:79:f3:5c:81:6c:e1:7d:16:ed:b8:99:
         9c:12:13:a3:bf:6e:7f:3c:2d:2b:e6:94:66:61:53:09:0f:28:
         ed:0c:62:62:9d:05:27:9f:ef:9a:d6:b2:01:52:f1:df:fb:0d:
         4a:92:dc:d9:23:cf:9e:d1:9c:74:fb:3b:e9:1c:25:7e:34:85:
         b3:e5:ce:df:be:da:be:2e:a4:f6:4a:74:72:d5:2e:12:12:72:
         ad:26:38:29:0c:53:2a:34:81:48:ba:82:7b:9b:b4:32:21:5d:
         40:7b:f9:7a:25:af:44:1c:7f:e3:70:fe:02:be:bd:de:0e:82:
         17:9f:4d:be:27:b2:e8:2b:28:18:14:6c:c9:5b:1f:c9:2a:19:
         9c:0f:89:c6:53:6a:d8:d1:a4:9e:dc:7e:c9:a5:f3:4b:12:f7:
         a8:01:3b:1d:a5:fb:60:e8:b7:68:b0:19:e9:cb:6c:b4:cb:40:
         46:dc:46:37:24:cf:8c:5b:bd:bf:c5:1f:a1:52:34:f6:69:75:
         5e:8c:3d:77:e2:c1:bd:ce:ea:06:89:17:d7:8e:39:d5:9f:80:
         b2:a5:bc:f3:6d:c0:f2:ea:3f:c0:c2:d2:48:d3:db:4f:86:47:
         ee:64:8a:c7:77:41:5b:f0:87:29:80:d0:91:f3:22:ef:9a:c3:
         e9:f7:b7:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcxfJb2PX+Xe/cQtuz5VfFxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjUwNjAyMTYzMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODQ3ODQ0MThkMWVjYmMwOTNiMGU3YjhhMjNjZjUxOTc1ZTAyYzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdzth5f6eIiw84asQBNDs/Mxy6BS
C6U+1cnBpHJ8hEpR4P2JTQqwV/WDA9iezTDVfdxAcDk49QWw0KrFbbiizpOYSB8v
saNvRitbVNryfwQzxi2yRD/iSyfQQiI4mMRZBVrN7ZdNb38SpnIcDjUVfLvSZAN5
jTnyko5Vr/MZ60iP6tSHenO7touhpAZ5rjqs1dnLrYpr0DjQIJmFHZfSgpMVQgoQ
zMAtutw0QTiR/7x1cKOUvhdc7TCfKNRiyqY8/RheJr4ZxQdkqHjIturvttV7ukNj
Jn3h7fQj9AL/yuc93ZR4wDxycxBHQvgshg5MrI3JHGZsk3pCULVDT0vjdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJhHhEGNHsvAk7DnuKI89Rl14CwGMB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvbUVlRVFZMGV5OENUc09lNG9qejFHWFhnTEFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUF3AAwQA
UF3OMA0GCSqGSIb3DQEBCwUAA4IBAQBZCJxVxUn4efNcgWzhfRbtuJmcEhOjv25/
PC0r5pRmYVMJDyjtDGJinQUnn++a1rIBUvHf+w1KktzZI8+e0Zx0+zvpHCV+NIWz
5c7fvtq+LqT2SnRy1S4SEnKtJjgpDFMqNIFIuoJ7m7QyIV1Ae/l6Ja9EHH/jcP4C
vr3eDoIXn02+J7LoKygYFGzJWx/JKhmcD4nGU2rY0aSe3H7JpfNLEveoATsdpftg
6LdosBnpy2y0y0BG3EY3JM+MW72/xR+hUjT2aXVejD134sG9zuoGiRfXjjnVn4Cy
pbzzbcDy6j/AwtJI09tPhkfuZIrHd0Fb8IcpgNCR8yLvmsPp97eM
-----END CERTIFICATE-----