Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/fc90a0-804c-40fa-b27a-c383a9010005/1/3wC-OciCt04ukeFsX_DGsgpf9AE.roa
File:                     3wC-OciCt04ukeFsX_DGsgpf9AE.roa (raw, json)
Hash identifier:          bZfkvdvVf2EYkOsS8DEoS5ka6iYbsgornKhCNCFAAXk=
Subject key identifier:   DF:00:BE:39:C8:82:B7:4E:2E:91:E1:6C:5F:F0:C6:B2:0A:5F:F4:01
Certificate issuer:       /CN=2665c17fa028b31348f630f6b56df422ce062b3b
Certificate serial:       0198D1907DC59A878ED07DC9A671AD9F7127
Authority key identifier: 26:65:C1:7F:A0:28:B3:13:48:F6:30:F6:B5:6D:F4:22:CE:06:2B:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmXBf6AosxNI9jD2tW30Is4GKzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/fc90a0-804c-40fa-b27a-c383a9010005/1/3wC-OciCt04ukeFsX_DGsgpf9AE.roa
Signing time:             Fri 22 Aug 2025 11:36:04 +0000
ROA not before:           Fri 22 Aug 2025 11:36:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202195
IP address blocks:        185.108.8.0/23 maxlen: 23
                          185.108.10.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/fc90a0-804c-40fa-b27a-c383a9010005/1/JmXBf6AosxNI9jD2tW30Is4GKzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/fc90a0-804c-40fa-b27a-c383a9010005/1/JmXBf6AosxNI9jD2tW30Is4GKzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmXBf6AosxNI9jD2tW30Is4GKzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:90:7d:c5:9a:87:8e:d0:7d:c9:a6:71:ad:9f:71:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2665c17fa028b31348f630f6b56df422ce062b3b
        Validity
            Not Before: Aug 22 11:36:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df00be39c882b74e2e91e16c5ff0c6b20a5ff401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:eb:58:f2:16:68:8d:13:a0:d6:91:5d:6d:7b:
                    75:6c:41:20:dd:61:7d:91:8d:da:07:56:46:f7:79:
                    cd:54:83:bb:ff:b3:c9:bb:49:4b:49:69:54:a1:3d:
                    d2:b7:cc:2e:ac:d4:cd:ab:b4:58:c2:fd:56:80:a2:
                    3a:37:ac:29:8f:b5:10:7b:35:30:2d:bd:a1:2d:8b:
                    f7:6b:0a:6f:3b:dd:cc:ee:c4:72:d6:1e:4a:8a:4e:
                    3a:47:fa:96:fb:82:4c:84:a8:11:ac:86:b5:7d:c5:
                    73:e3:3b:96:f7:c6:0f:6e:7d:9b:1a:6f:db:5b:bd:
                    3c:cc:00:9e:8a:75:3c:68:ab:21:8d:8c:40:98:e7:
                    25:95:bc:f4:4d:5d:65:20:7e:6c:1f:85:33:ed:04:
                    4b:47:91:4e:fe:1b:c4:2e:53:eb:e1:ed:08:d1:7a:
                    b4:07:29:af:b0:5c:77:e7:e0:43:68:a3:5c:4f:4d:
                    e2:db:7d:2a:72:69:ac:fe:82:81:3e:b6:6e:a6:d0:
                    f2:eb:ec:43:78:2e:22:f7:8e:0d:8d:ec:35:79:79:
                    0f:0f:e6:be:a9:5c:01:b6:29:ff:57:0e:a7:b8:57:
                    cb:f5:27:7c:6e:7a:e7:84:16:54:6e:3d:23:eb:57:
                    f4:c4:9d:c4:9e:5b:cf:df:e4:3c:f4:2f:36:09:8c:
                    74:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:00:BE:39:C8:82:B7:4E:2E:91:E1:6C:5F:F0:C6:B2:0A:5F:F4:01
            X509v3 Authority Key Identifier:
                keyid:26:65:C1:7F:A0:28:B3:13:48:F6:30:F6:B5:6D:F4:22:CE:06:2B:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmXBf6AosxNI9jD2tW30Is4GKzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/fc90a0-804c-40fa-b27a-c383a9010005/1/3wC-OciCt04ukeFsX_DGsgpf9AE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/fc90a0-804c-40fa-b27a-c383a9010005/1/JmXBf6AosxNI9jD2tW30Is4GKzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:f4:d8:13:7f:75:2c:19:ca:c7:17:33:98:57:23:13:b9:51:
         9b:44:90:25:69:0d:33:8a:54:db:65:b9:e2:e6:dd:55:7d:1b:
         b9:9e:d9:86:89:9c:43:00:51:10:5c:6c:d8:24:e7:1e:aa:4c:
         70:ec:be:d2:98:d2:a4:11:cc:a4:38:70:3d:ff:86:e1:f5:e7:
         81:20:47:38:1e:0d:3b:20:97:05:c8:78:cb:9b:fb:2a:b6:c7:
         d8:85:76:d9:58:46:e3:db:79:7d:b4:83:a1:a6:7c:63:41:34:
         b7:7c:45:6f:92:9b:95:cc:69:93:7f:b7:8f:bd:cc:30:19:6a:
         63:1b:d5:a0:7c:86:3c:59:de:55:0c:33:cd:02:e2:48:2a:c4:
         b4:f8:c9:c7:da:7c:2e:71:a3:da:92:8b:b6:59:e9:07:07:0b:
         95:48:58:64:ff:ca:22:a8:d6:71:6d:42:0b:10:5e:52:89:ee:
         e6:a4:8e:28:c5:9f:7f:fa:a2:70:fa:6b:22:7b:dc:08:2b:bd:
         6c:43:18:48:6c:05:3f:b7:79:c3:b3:d1:b6:3e:52:28:e3:4b:
         ac:62:36:b0:76:9c:46:86:29:5e:a3:0f:b4:c1:2c:66:9c:d3:
         77:20:6c:61:0c:f4:f3:1f:0b:86:09:a2:e5:aa:0a:9b:48:51:
         59:a2:77:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjRkH3FmoeO0H3JpnGtn3EnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjVjMTdmYTAyOGIzMTM0OGY2MzBmNmI1NmRmNDIyY2Uw
NjJiM2IwHhcNMjUwODIyMTEzNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjAwYmUzOWM4ODJiNzRlMmU5MWUxNmM1ZmYwYzZiMjBhNWZmNDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5OtY8hZojROg1pFdbXt1bEEg3WF9
kY3aB1ZG93nNVIO7/7PJu0lLSWlUoT3St8wurNTNq7RYwv1WgKI6N6wpj7UQezUw
Lb2hLYv3awpvO93M7sRy1h5Kik46R/qW+4JMhKgRrIa1fcVz4zuW98YPbn2bGm/b
W708zACeinU8aKshjYxAmOcllbz0TV1lIH5sH4Uz7QRLR5FO/hvELlPr4e0I0Xq0
BymvsFx35+BDaKNcT03i230qcmms/oKBPrZuptDy6+xDeC4i944Njew1eXkPD+a+
qVwBtin/Vw6nuFfL9Sd8bnrnhBZUbj0j61f0xJ3EnlvP3+Q89C82CYx0gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8AvjnIgrdOLpHhbF/wxrIKX/QBMB8GA1UdIwQY
MBaAFCZlwX+gKLMTSPYw9rVt9CLOBis7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1YQmY2QW9zeE5JOWpEMnRXMzBJczRHS3pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9mYzkwYTAtODA0Yy00MGZhLWIyN2Et
YzM4M2E5MDEwMDA1LzEvM3dDLU9jaUN0MDR1a2VGc1hfREdzZ3BmOUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9mYzkwYTAtODA0Yy00MGZhLWIyN2EtYzM4M2E5MDEwMDA1
LzEvSm1YQmY2QW9zeE5JOWpEMnRXMzBJczRHS3pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWwIMA0G
CSqGSIb3DQEBCwUAA4IBAQB09NgTf3UsGcrHFzOYVyMTuVGbRJAlaQ0zilTbZbni
5t1VfRu5ntmGiZxDAFEQXGzYJOceqkxw7L7SmNKkEcykOHA9/4bh9eeBIEc4Hg07
IJcFyHjLm/sqtsfYhXbZWEbj23l9tIOhpnxjQTS3fEVvkpuVzGmTf7ePvcwwGWpj
G9WgfIY8Wd5VDDPNAuJIKsS0+MnH2nwucaPakou2WekHBwuVSFhk/8oiqNZxbUIL
EF5Sie7mpI4oxZ9/+qJw+msie9wIK71sQxhIbAU/t3nDs9G2PlIo40usYjawdpxG
hileow+0wSxmnNN3IGxhDPTzHwuGCaLlqgqbSFFZondB
-----END CERTIFICATE-----