Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/DFT3C1ESd3ECdCvnig1o1yFhj2o.roa
File:                     DFT3C1ESd3ECdCvnig1o1yFhj2o.roa (raw, json)
Hash identifier:          jS0AoKDTzYr3flNicW2QJ9hQ40CKAmrksBy5pTz4mbk=
Subject key identifier:   0C:54:F7:0B:51:12:77:71:02:74:2B:E7:8A:0D:68:D7:21:61:8F:6A
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       01991487284BEEA13AE8203D8F714FB856EA
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/DFT3C1ESd3ECdCvnig1o1yFhj2o.roa
Signing time:             Thu 04 Sep 2025 11:40:25 +0000
ROA not before:           Thu 04 Sep 2025 11:40:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5430
IP address blocks:        194.97.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 20:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:14:87:28:4b:ee:a1:3a:e8:20:3d:8f:71:4f:b8:56:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Sep  4 11:40:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c54f70b5112777102742be78a0d68d721618f6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9c:55:41:81:99:bc:6b:90:f0:45:16:82:60:
                    28:19:e2:45:e6:e8:c1:3e:1d:30:6f:b3:52:e2:7d:
                    13:bf:34:13:82:37:a8:a9:63:9a:c3:89:38:2d:2d:
                    c3:1e:de:16:d4:1b:fb:e6:7a:bb:83:c2:b6:d3:52:
                    cc:f6:ca:63:ab:38:5a:21:61:d6:c9:80:0f:21:0d:
                    0e:a7:00:06:12:17:34:ad:21:6f:fe:81:69:fc:3d:
                    2d:15:a3:e5:e3:08:7f:6d:75:44:17:7e:f0:07:f6:
                    3f:fb:3d:74:d6:36:ff:3e:f7:00:06:a2:1f:5f:a5:
                    97:79:70:a7:9f:b7:f2:51:14:7e:fc:ba:99:9c:72:
                    a0:27:57:72:13:1b:5f:fc:d8:3b:f2:81:1c:ed:69:
                    62:89:be:7c:58:95:97:97:0c:0b:7a:24:4c:24:1b:
                    c2:9b:da:22:7c:78:76:3f:ba:e0:47:f7:9c:4a:77:
                    d6:91:21:a3:9b:79:33:2e:45:f8:35:15:f3:05:45:
                    07:41:52:ca:5a:5c:db:b3:c8:d0:47:bb:70:a7:ad:
                    23:01:83:a9:4a:d9:1d:a0:58:10:a3:a5:64:79:be:
                    16:61:60:18:2f:e3:1e:de:11:ef:63:f3:49:af:a5:
                    d6:7d:a6:6a:f1:9b:53:86:50:6f:21:4f:d1:73:8b:
                    8a:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:54:F7:0B:51:12:77:71:02:74:2B:E7:8A:0D:68:D7:21:61:8F:6A
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/DFT3C1ESd3ECdCvnig1o1yFhj2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.97.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:27:8f:ae:76:3f:d8:e6:80:b6:e0:92:ba:7a:fa:2a:60:87:
         e6:a8:66:2f:98:94:41:e3:14:4c:e1:04:66:74:2a:34:dc:6c:
         17:c9:e8:4b:6a:05:c1:f6:15:b7:a1:36:46:72:73:67:16:0c:
         b8:b1:3a:de:d9:1b:31:2c:f8:f4:f5:20:03:ea:ea:ac:69:bb:
         17:96:95:67:0f:33:fe:a2:4d:6a:d6:ed:5e:8c:69:63:88:8f:
         a5:99:1c:5b:4b:37:61:1a:8a:29:04:dd:86:c6:cf:96:b1:90:
         f3:29:23:bb:e3:36:ce:d5:31:76:cf:1b:27:d4:ba:9c:37:69:
         fb:95:cf:2d:86:9a:5b:ac:63:f3:14:a5:5e:24:05:f7:dd:13:
         97:91:ec:95:25:06:3b:5a:c3:ba:55:7b:b4:78:4d:a5:04:11:
         35:4d:8a:8c:cf:3f:5c:0c:38:22:51:05:62:c8:2d:5a:54:53:
         cb:96:8f:0b:78:61:9f:0f:5e:20:80:f6:2f:81:95:e4:e0:7a:
         50:2a:e8:6d:45:a8:a5:aa:de:cb:c5:1a:6c:bc:87:a1:3b:55:
         cb:81:69:c1:15:07:9b:68:93:12:fa:49:40:36:60:67:3d:0d:
         7f:34:60:b4:08:05:49:ab:bf:c5:66:89:12:a9:c8:99:53:05:
         30:26:c5:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkUhyhL7qE66CA9j3FPuFbqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjUwOTA0MTE0MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzU0ZjcwYjUxMTI3NzcxMDI3NDJiZTc4YTBkNjhkNzIxNjE4ZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZxVQYGZvGuQ8EUWgmAoGeJF5ujB
Ph0wb7NS4n0TvzQTgjeoqWOaw4k4LS3DHt4W1Bv75nq7g8K201LM9spjqzhaIWHW
yYAPIQ0OpwAGEhc0rSFv/oFp/D0tFaPl4wh/bXVEF37wB/Y/+z101jb/PvcABqIf
X6WXeXCnn7fyURR+/LqZnHKgJ1dyExtf/Ng78oEc7Wliib58WJWXlwwLeiRMJBvC
m9oifHh2P7rgR/ecSnfWkSGjm3kzLkX4NRXzBUUHQVLKWlzbs8jQR7twp60jAYOp
StkdoFgQo6Vkeb4WYWAYL+Me3hHvY/NJr6XWfaZq8ZtThlBvIU/Rc4uKaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxU9wtREndxAnQr54oNaNchYY9qMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvREZUM0MxRVNkM0VDZEN2bmlnMW8xeUZoajJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwmGsMA0G
CSqGSIb3DQEBCwUAA4IBAQCrJ4+udj/Y5oC24JK6evoqYIfmqGYvmJRB4xRM4QRm
dCo03GwXyehLagXB9hW3oTZGcnNnFgy4sTre2RsxLPj09SAD6uqsabsXlpVnDzP+
ok1q1u1ejGljiI+lmRxbSzdhGoopBN2Gxs+WsZDzKSO74zbO1TF2zxsn1LqcN2n7
lc8thppbrGPzFKVeJAX33ROXkeyVJQY7WsO6VXu0eE2lBBE1TYqMzz9cDDgiUQVi
yC1aVFPLlo8LeGGfD14ggPYvgZXk4HpQKuhtRailqt7LxRpsvIehO1XLgWnBFQeb
aJMS+klANmBnPQ1/NGC0CAVJq7/FZokSqciZUwUwJsV8
-----END CERTIFICATE-----