Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/OxLywK9-WD8ykiaZCQkg8aVcCjY.roa
File:                     OxLywK9-WD8ykiaZCQkg8aVcCjY.roa (raw, json)
Hash identifier:          iXcObwE6BigOurV7fYooDfgc8zyVyQ+nTBGFkUMqd08=
Subject key identifier:   3B:12:F2:C0:AF:7E:58:3F:32:92:26:99:09:09:20:F1:A5:5C:0A:36
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       0197F4467BE5578F0EEE1F585B6330273793
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/OxLywK9-WD8ykiaZCQkg8aVcCjY.roa
Signing time:             Thu 10 Jul 2025 12:19:09 +0000
ROA not before:           Thu 10 Jul 2025 12:19:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     272825
IP address blocks:        95.164.164.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:46:7b:e5:57:8f:0e:ee:1f:58:5b:63:30:27:37:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jul 10 12:19:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b12f2c0af7e583f32922699090920f1a55c0a36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:72:96:10:ec:26:78:bf:fc:91:c1:c0:06:a1:
                    b0:da:ac:75:2b:32:d8:80:81:a2:d2:9e:f8:7b:41:
                    40:bc:cd:b4:13:4f:56:da:10:1d:4d:03:24:bf:91:
                    57:e3:17:61:79:d8:c7:da:5b:20:c0:c8:d4:b9:7b:
                    71:3e:74:67:98:1d:4c:8f:ac:f0:71:0a:99:39:23:
                    fa:72:58:f4:2e:ae:f7:a4:b0:99:01:88:1f:25:0e:
                    48:2f:15:aa:c8:df:31:79:59:71:3c:24:3d:b0:b1:
                    a0:80:41:38:9b:52:35:e0:48:e1:f0:bd:ea:ed:d3:
                    04:e8:00:83:e1:fb:cb:1a:e3:e7:3a:46:d7:47:05:
                    c0:ed:38:65:fb:d3:df:a2:d4:ff:0f:d4:8c:cd:cd:
                    6b:e4:5f:d7:a6:4c:43:c1:e6:0b:05:45:6d:0e:d3:
                    38:7c:fc:13:f1:e6:3c:05:2d:9d:bb:bd:78:f7:d2:
                    e5:4c:ce:cb:79:30:81:36:e3:83:f3:1b:34:52:85:
                    3b:6b:9f:77:9c:4b:89:46:47:28:fe:f6:b1:39:54:
                    31:de:cc:30:f9:43:fa:50:9d:4f:a9:b7:75:38:7c:
                    fd:01:a7:21:70:61:15:d2:c1:d5:f6:44:90:1b:8f:
                    c6:d6:3e:95:35:80:e4:27:35:eb:f3:fe:ea:0f:2e:
                    49:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:12:F2:C0:AF:7E:58:3F:32:92:26:99:09:09:20:F1:A5:5C:0A:36
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/OxLywK9-WD8ykiaZCQkg8aVcCjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:fe:bc:db:9b:f7:79:81:4d:91:74:b1:31:d2:25:3a:46:27:
         81:5b:9f:b7:4c:01:3d:62:a3:1a:2b:80:66:81:55:7d:54:40:
         7d:62:50:c7:7d:4d:fd:71:dd:bc:e7:7b:5f:d4:c0:2d:a2:76:
         c7:05:8c:bc:5d:a9:03:62:95:a7:b2:17:f1:b4:3e:6d:37:1f:
         1d:15:df:52:a4:ca:85:33:6f:62:c5:95:59:21:ca:7c:52:4a:
         e0:d7:1a:2e:db:bb:a1:9a:9b:6f:3e:f0:76:86:8a:96:09:59:
         23:75:47:3e:d0:10:b7:5e:3e:7b:6b:08:bb:9d:98:df:dc:42:
         75:91:e8:9d:c5:fb:56:a3:65:52:c9:48:5e:68:c9:b3:f6:b8:
         02:4c:1b:99:f1:63:e3:d8:c1:58:77:b5:bf:d2:b5:39:07:16:
         b4:90:68:c3:fa:e1:0c:f2:5b:b7:95:a8:4c:94:f0:5f:bf:f6:
         3d:c0:96:9e:18:4d:b7:eb:77:7a:89:5b:e8:5d:98:ee:7e:81:
         c3:29:bc:bc:8b:83:8d:c1:3b:a9:42:3f:84:be:b3:bc:2f:5a:
         8d:ca:d6:7d:65:6a:d4:f5:e4:8f:ab:09:4b:81:77:b2:43:1c:
         ba:71:64:7b:78:70:e6:31:05:8d:77:b9:2e:b7:54:06:0f:e0:
         33:10:2a:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf0RnvlV48O7h9YW2MwJzeTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwNzEwMTIxOTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjEyZjJjMGFmN2U1ODNmMzI5MjI2OTkwOTA5MjBmMWE1NWMwYTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinKWEOwmeL/8kcHABqGw2qx1KzLY
gIGi0p74e0FAvM20E09W2hAdTQMkv5FX4xdhedjH2lsgwMjUuXtxPnRnmB1Mj6zw
cQqZOSP6clj0Lq73pLCZAYgfJQ5ILxWqyN8xeVlxPCQ9sLGggEE4m1I14Ejh8L3q
7dME6ACD4fvLGuPnOkbXRwXA7Thl+9PfotT/D9SMzc1r5F/XpkxDweYLBUVtDtM4
fPwT8eY8BS2du71499LlTM7LeTCBNuOD8xs0UoU7a593nEuJRkco/vaxOVQx3sww
+UP6UJ1Pqbd1OHz9AachcGEV0sHV9kSQG4/G1j6VNYDkJzXr8/7qDy5JbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsS8sCvflg/MpImmQkJIPGlXAo2MB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvT3hMeXdLOS1XRDh5a2lhWkNRa2c4YVZjQ2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX6SkMA0G
CSqGSIb3DQEBCwUAA4IBAQAj/rzbm/d5gU2RdLEx0iU6RieBW5+3TAE9YqMaK4Bm
gVV9VEB9YlDHfU39cd2853tf1MAtonbHBYy8XakDYpWnshfxtD5tNx8dFd9SpMqF
M29ixZVZIcp8Ukrg1xou27uhmptvPvB2hoqWCVkjdUc+0BC3Xj57awi7nZjf3EJ1
keidxftWo2VSyUheaMmz9rgCTBuZ8WPj2MFYd7W/0rU5Bxa0kGjD+uEM8lu3lahM
lPBfv/Y9wJaeGE2363d6iVvoXZjufoHDKby8i4ONwTupQj+EvrO8L1qNytZ9ZWrU
9eSPqwlLgXeyQxy6cWR7eHDmMQWNd7kut1QGD+AzECp3
-----END CERTIFICATE-----