Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/lFHDzTXqiwUlXqs5qOXSJRmYXfE.roa
File:                     lFHDzTXqiwUlXqs5qOXSJRmYXfE.roa (raw, json)
Hash identifier:          Kj0KUbB2+KfwbsuGFaPjdzmb30sagRusRai8T0ZrnFQ=
Subject key identifier:   94:51:C3:CD:35:EA:8B:05:25:5E:AB:39:A8:E5:D2:25:19:98:5D:F1
Certificate issuer:       /CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
Certificate serial:       0198E29BC198A82B2DD673E0E9B724F47372
Authority key identifier: 3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/lFHDzTXqiwUlXqs5qOXSJRmYXfE.roa
Signing time:             Mon 25 Aug 2025 19:01:55 +0000
ROA not before:           Mon 25 Aug 2025 19:01:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        185.224.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e2:9b:c1:98:a8:2b:2d:d6:73:e0:e9:b7:24:f4:73:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
        Validity
            Not Before: Aug 25 19:01:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9451c3cd35ea8b05255eab39a8e5d22519985df1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bf:2f:ad:14:a3:96:9a:e4:a2:98:9d:71:8e:
                    f3:06:21:08:70:36:fa:b4:00:11:b5:b7:4d:5f:4c:
                    36:71:a7:83:80:0e:d1:44:53:ae:5b:f1:3f:1a:11:
                    ef:3d:19:93:d9:e3:2e:cb:9f:48:3c:26:07:29:1b:
                    8a:71:09:c0:80:0f:65:fe:6e:0c:8f:e1:4f:5c:9b:
                    cc:93:8e:52:7b:4b:b2:b9:3f:ca:9a:eb:ac:dc:dd:
                    1c:02:b3:b1:00:81:ce:aa:59:79:2e:c3:14:5a:d6:
                    50:74:20:c6:7f:65:3a:f2:26:01:cb:64:80:b4:d1:
                    79:5f:5d:d8:14:a1:45:94:9e:21:51:b3:41:a9:4c:
                    5c:4f:f8:69:c3:f9:6e:b6:2e:41:f8:50:52:a4:94:
                    9f:af:f7:dd:d0:85:1c:90:fa:c4:f3:29:e6:b7:08:
                    ed:45:55:93:4d:9b:e9:37:1e:fe:8a:96:23:51:5e:
                    0b:ca:33:7b:97:9d:9d:82:fa:28:3e:c9:1b:f5:23:
                    bd:a4:80:1f:3b:19:79:ec:77:69:16:0b:96:3e:46:
                    f0:03:d1:af:da:d3:91:fb:44:79:8f:af:fb:6d:06:
                    5b:20:c1:8a:a8:2c:64:60:dd:77:c2:66:ef:e5:2b:
                    1f:f3:9c:55:cf:a3:05:08:c6:6f:bc:9f:a6:9e:0f:
                    0f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:51:C3:CD:35:EA:8B:05:25:5E:AB:39:A8:E5:D2:25:19:98:5D:F1
            X509v3 Authority Key Identifier:
                keyid:3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/lFHDzTXqiwUlXqs5qOXSJRmYXfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:65:13:63:e6:7c:ad:4b:a0:04:e4:41:1f:3c:f8:47:71:da:
         8a:29:9c:f9:f3:2c:41:3f:04:cc:e7:11:7f:3b:bd:5a:55:8c:
         3f:f2:6c:3d:54:ee:27:0b:8b:4e:1f:9c:e3:1c:34:b8:b0:4f:
         7b:e4:be:f7:47:b6:8d:95:36:7b:c5:66:9c:3f:a2:a0:2e:ea:
         03:5b:a7:3d:64:9c:79:10:89:99:b0:d9:86:38:16:dd:58:a7:
         22:71:51:26:cb:80:62:2d:e1:c6:dd:88:12:f7:f9:40:c3:6c:
         95:94:33:db:03:39:27:5e:39:75:62:02:21:4c:e7:32:12:d4:
         38:e6:43:29:d8:2f:60:3e:c3:24:bf:16:75:4e:8b:97:5b:8a:
         10:c9:3a:d3:8e:23:f5:6d:d0:3d:5a:84:eb:15:48:2c:18:d3:
         18:b9:d7:96:2a:91:d2:d0:c1:dc:ca:66:ad:53:38:5f:e4:06:
         29:11:3a:24:97:19:98:2b:04:46:df:df:03:dd:2a:68:98:db:
         98:ca:55:9c:cf:47:93:0e:c3:1c:7c:b9:29:97:a0:2e:06:f2:
         d8:12:58:d4:00:7c:60:32:f1:b1:14:58:d1:29:fc:b7:4c:60:
         65:03:11:1c:18:15:9e:8c:52:f0:b8:57:9c:9d:d5:36:85:e4:
         27:31:77:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjim8GYqCst1nPg6bck9HNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2Y1NTRiODAyODFkZWEyYTMwMDMxOGFhYWQ2ZDJkOTdm
MWNlNDQwHhcNMjUwODI1MTkwMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDUxYzNjZDM1ZWE4YjA1MjU1ZWFiMzlhOGU1ZDIyNTE5OTg1ZGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsb8vrRSjlprkopidcY7zBiEIcDb6
tAARtbdNX0w2caeDgA7RRFOuW/E/GhHvPRmT2eMuy59IPCYHKRuKcQnAgA9l/m4M
j+FPXJvMk45Se0uyuT/Kmuus3N0cArOxAIHOqll5LsMUWtZQdCDGf2U68iYBy2SA
tNF5X13YFKFFlJ4hUbNBqUxcT/hpw/luti5B+FBSpJSfr/fd0IUckPrE8ynmtwjt
RVWTTZvpNx7+ipYjUV4LyjN7l52dgvooPskb9SO9pIAfOxl57HdpFguWPkbwA9Gv
2tOR+0R5j6/7bQZbIMGKqCxkYN13wmbv5Ssf85xVz6MFCMZvvJ+mng8PLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRRw8016osFJV6rOajl0iUZmF3xMB8GA1UdIwQY
MBaAFD8/VUuAKB3qKjADGKqtbS2X8c5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQt
ZjUzM2I4ZGY4MGE5LzEvbEZIRHpUWHFpd1VsWHFzNXFPWFNKUm1ZWGZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQtZjUzM2I4ZGY4MGE5
LzEvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueAAMA0G
CSqGSIb3DQEBCwUAA4IBAQCQZRNj5nytS6AE5EEfPPhHcdqKKZz58yxBPwTM5xF/
O71aVYw/8mw9VO4nC4tOH5zjHDS4sE975L73R7aNlTZ7xWacP6KgLuoDW6c9ZJx5
EImZsNmGOBbdWKcicVEmy4BiLeHG3YgS9/lAw2yVlDPbAzknXjl1YgIhTOcyEtQ4
5kMp2C9gPsMkvxZ1TouXW4oQyTrTjiP1bdA9WoTrFUgsGNMYudeWKpHS0MHcymat
Uzhf5AYpEToklxmYKwRG398D3SpomNuYylWcz0eTDsMcfLkpl6AuBvLYEljUAHxg
MvGxFFjRKfy3TGBlAxEcGBWejFLwuFecndU2heQnMXdJ
-----END CERTIFICATE-----