Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/nE08znyGEROzN-ZPpvH871B_YXc.roa
File:                     nE08znyGEROzN-ZPpvH871B_YXc.roa (raw, json)
Hash identifier:          rvo0J7csjKxABmc7ZJ4UjX/IGGVkIizjnr+3tXbkjRg=
Subject key identifier:   9C:4D:3C:CE:7C:86:11:13:B3:37:E6:4F:A6:F1:FC:EF:50:7F:61:77
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       01979E71BC7B674EDA59EDDB852032A54859
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/nE08znyGEROzN-ZPpvH871B_YXc.roa
Signing time:             Mon 23 Jun 2025 20:19:03 +0000
ROA not before:           Mon 23 Jun 2025 20:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209263
IP address blocks:        194.15.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9e:71:bc:7b:67:4e:da:59:ed:db:85:20:32:a5:48:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jun 23 20:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c4d3cce7c861113b337e64fa6f1fcef507f6177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:07:c8:9d:c0:61:64:9a:8a:9e:92:1e:70:ae:
                    1f:67:51:72:54:84:07:2e:b5:e1:ac:7c:3f:91:d8:
                    d8:49:00:ce:e2:b4:e3:42:85:c0:e2:d6:0a:bc:92:
                    8a:d3:ff:19:91:ae:b0:39:3d:18:08:24:72:b5:fa:
                    01:b6:56:e6:62:75:77:e0:b2:e1:30:ba:0f:ee:4f:
                    e4:52:f2:6e:8e:ee:b3:a2:68:74:30:25:e7:6d:56:
                    b1:f3:3e:89:11:09:07:b1:6b:66:ff:7b:12:1d:a3:
                    5c:8f:9d:ac:aa:1f:24:62:51:f3:12:03:55:34:0d:
                    e0:0f:c6:5c:e4:38:64:e6:df:2a:2a:23:c2:c9:57:
                    ec:41:18:72:bf:77:8a:3e:fc:61:ef:02:9c:66:47:
                    32:13:4a:bc:4a:dc:41:07:9c:0f:d8:1f:f3:02:f1:
                    1a:a2:50:60:aa:2a:da:bb:31:94:ed:8e:d6:cf:52:
                    f5:82:78:b1:c7:3d:38:5b:ed:9d:ac:89:e8:bd:0e:
                    29:5f:88:f0:8e:c3:ed:d9:69:93:27:19:d6:c4:d3:
                    75:2e:c2:24:af:b5:93:ee:2b:cc:a9:ab:00:35:7d:
                    2a:a1:54:75:a8:5e:a7:b7:71:23:f8:b4:d8:7d:36:
                    8b:22:9f:03:2e:23:47:d9:1c:d5:33:4c:ff:4a:78:
                    cc:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:4D:3C:CE:7C:86:11:13:B3:37:E6:4F:A6:F1:FC:EF:50:7F:61:77
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/nE08znyGEROzN-ZPpvH871B_YXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:85:e1:6b:30:06:86:54:3a:ec:5e:bb:ad:38:c3:39:df:bd:
         20:e0:30:47:a0:39:35:a9:06:a8:7b:78:39:16:06:6d:5a:dd:
         52:44:42:b9:63:7f:e3:c2:f7:57:24:fc:af:cc:fe:2e:54:a1:
         f9:55:41:e8:a0:82:f0:c8:9d:cf:ae:96:b6:69:89:7b:a3:2f:
         b4:94:88:51:28:0b:1b:0b:5d:42:1d:12:bc:14:a9:06:c8:d9:
         cf:e7:15:56:80:f5:03:bd:7e:13:04:a5:91:f4:ed:c4:08:ca:
         2c:ec:69:27:e8:3a:f9:d7:fc:cb:e5:6c:ac:8b:1a:c4:a8:3f:
         78:69:83:e5:60:eb:97:09:02:0c:07:60:00:1d:77:d4:d0:ce:
         93:55:11:79:5b:f3:96:3f:51:4b:4f:d2:ff:d4:6c:ba:89:16:
         6c:d3:e0:68:c7:62:b3:81:44:26:12:7c:a3:37:32:16:8a:4f:
         07:da:36:0b:8e:4a:ac:c4:4c:3f:8f:3a:5c:be:9a:30:4d:d4:
         82:92:e8:93:57:e8:40:99:74:70:d0:b3:ad:5c:85:52:32:19:
         de:23:3e:ad:56:6f:86:8f:0d:4b:51:17:0c:07:71:bb:86:91:
         9c:0c:da:1d:55:25:30:85:0b:72:d2:36:03:65:f7:a7:e7:d0:
         69:34:3b:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeecbx7Z07aWe3bhSAypUhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNjIzMjAxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzRkM2NjZTdjODYxMTEzYjMzN2U2NGZhNmYxZmNlZjUwN2Y2MTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4gfIncBhZJqKnpIecK4fZ1FyVIQH
LrXhrHw/kdjYSQDO4rTjQoXA4tYKvJKK0/8Zka6wOT0YCCRytfoBtlbmYnV34LLh
MLoP7k/kUvJuju6zomh0MCXnbVax8z6JEQkHsWtm/3sSHaNcj52sqh8kYlHzEgNV
NA3gD8Zc5Dhk5t8qKiPCyVfsQRhyv3eKPvxh7wKcZkcyE0q8StxBB5wP2B/zAvEa
olBgqirauzGU7Y7Wz1L1gnixxz04W+2drInovQ4pX4jwjsPt2WmTJxnWxNN1LsIk
r7WT7ivMqasANX0qoVR1qF6nt3Ej+LTYfTaLIp8DLiNH2RzVM0z/SnjMHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxNPM58hhETszfmT6bx/O9Qf2F3MB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvbkUwOHpueUdFUk96Ti1aUHB2SDg3MUJfWVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg9iMA0G
CSqGSIb3DQEBCwUAA4IBAQCRheFrMAaGVDrsXrutOMM5370g4DBHoDk1qQaoe3g5
FgZtWt1SREK5Y3/jwvdXJPyvzP4uVKH5VUHooILwyJ3Prpa2aYl7oy+0lIhRKAsb
C11CHRK8FKkGyNnP5xVWgPUDvX4TBKWR9O3ECMos7Gkn6Dr51/zL5WysixrEqD94
aYPlYOuXCQIMB2AAHXfU0M6TVRF5W/OWP1FLT9L/1Gy6iRZs0+Box2KzgUQmEnyj
NzIWik8H2jYLjkqsxEw/jzpcvpowTdSCkuiTV+hAmXRw0LOtXIVSMhneIz6tVm+G
jw1LURcMB3G7hpGcDNodVSUwhQty0jYDZfen59BpNDt0
-----END CERTIFICATE-----