Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/hb3cKkQXDjP6BWtz2dLX8w7zLa4.roa
File:                     hb3cKkQXDjP6BWtz2dLX8w7zLa4.roa (raw, json)
Hash identifier:          mhEN74GecuT4yd4vEAhPBvxn+wDVBTxCIkQ7dnD2WsE=
Subject key identifier:   85:BD:DC:2A:44:17:0E:33:FA:05:6B:73:D9:D2:D7:F3:0E:F3:2D:AE
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0199ADF3D040F83677FC80BAD6539E12C518
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/hb3cKkQXDjP6BWtz2dLX8w7zLa4.roa
Signing time:             Sat 04 Oct 2025 06:41:00 +0000
ROA not before:           Sat 04 Oct 2025 06:41:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205038
IP address blocks:        80.96.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ad:f3:d0:40:f8:36:77:fc:80:ba:d6:53:9e:12:c5:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Oct  4 06:41:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85bddc2a44170e33fa056b73d9d2d7f30ef32dae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f0:7e:e8:54:59:df:85:1e:ce:89:24:2a:56:
                    57:ae:6b:72:41:82:fb:4a:5b:6c:7f:e0:c0:5d:10:
                    fe:d3:bc:e6:4f:50:b1:0c:7f:47:5e:b7:f0:db:15:
                    1a:09:aa:4a:de:65:fc:98:56:2e:0a:71:73:99:20:
                    43:0f:03:29:f2:bd:e4:54:14:7b:77:f9:b5:c2:e9:
                    1a:e3:57:9a:2b:1c:42:a5:d8:90:68:29:69:95:0d:
                    f7:bf:61:59:02:a3:fa:8c:0c:a7:f1:3e:d2:26:f0:
                    ce:ba:37:c4:ad:36:0a:18:72:59:08:3d:5e:b5:6c:
                    25:46:64:44:bf:47:97:e9:ea:20:8e:0b:6c:1f:ac:
                    71:e0:66:ab:df:a7:24:ca:b2:24:c4:4f:03:42:d6:
                    0e:27:eb:0f:1a:f2:aa:30:19:17:15:8b:4e:04:4e:
                    df:5f:e5:7a:b0:55:a5:dd:d1:7c:fc:82:58:d9:5b:
                    06:03:4f:95:89:1f:87:48:da:22:39:7a:41:70:7c:
                    21:4f:81:ac:fb:e0:7a:06:93:6d:e1:bb:95:f6:33:
                    1a:d5:be:76:bb:14:7a:3d:78:c1:b1:44:4b:b4:1e:
                    29:f7:8b:18:36:16:74:2d:95:e5:f3:2d:2d:71:1e:
                    61:e4:97:40:16:43:0e:db:90:21:8f:bd:06:24:67:
                    dc:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:BD:DC:2A:44:17:0E:33:FA:05:6B:73:D9:D2:D7:F3:0E:F3:2D:AE
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/hb3cKkQXDjP6BWtz2dLX8w7zLa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:9b:ab:3f:27:9e:33:0f:45:de:8a:82:0e:61:a6:c8:30:0f:
         59:fb:2a:26:14:d4:0a:39:fd:f8:a6:d8:35:98:80:e8:14:fd:
         d1:f2:2c:3e:47:5a:d4:42:cc:b0:b2:07:79:cc:ef:85:6b:27:
         d5:ca:10:f3:19:b9:22:0a:a8:18:4f:29:51:09:a5:c6:2a:f0:
         60:07:a2:d7:a4:ea:9a:ea:92:87:81:46:3c:42:ff:c0:88:17:
         51:fd:17:e8:df:a0:80:33:3c:33:ca:e0:e6:3a:ca:b3:2c:d6:
         4c:f5:f9:39:69:07:48:3c:00:d8:f6:d2:fd:06:ea:79:f2:ee:
         ca:ed:b1:2e:c5:50:2f:75:11:35:83:bd:ee:7b:ba:6a:0e:5b:
         ad:a5:ae:29:15:98:23:d9:9d:97:4f:fd:14:a3:ee:b3:a1:56:
         15:d1:f9:de:31:fa:bd:32:65:a5:d4:95:d5:92:d1:ae:2d:35:
         59:ff:31:f1:88:7b:35:3c:45:d4:28:b2:bc:a3:d3:a3:b0:54:
         fc:17:c1:0a:67:7e:2f:a9:7e:e4:11:14:26:97:1a:58:88:0a:
         6a:5d:1b:06:d0:eb:1c:a1:9c:0e:e3:4b:09:b5:99:fc:e3:eb:
         d1:07:7d:d2:2d:d2:57:39:26:87:cc:04:55:d7:12:12:b3:33:
         87:d2:ba:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmt89BA+DZ3/IC61lOeEsUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUxMDA0MDY0MTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWJkZGMyYTQ0MTcwZTMzZmEwNTZiNzNkOWQyZDdmMzBlZjMyZGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfB+6FRZ34UezokkKlZXrmtyQYL7
Sltsf+DAXRD+07zmT1CxDH9HXrfw2xUaCapK3mX8mFYuCnFzmSBDDwMp8r3kVBR7
d/m1wuka41eaKxxCpdiQaClplQ33v2FZAqP6jAyn8T7SJvDOujfErTYKGHJZCD1e
tWwlRmREv0eX6eogjgtsH6xx4Gar36ckyrIkxE8DQtYOJ+sPGvKqMBkXFYtOBE7f
X+V6sFWl3dF8/IJY2VsGA0+ViR+HSNoiOXpBcHwhT4Gs++B6BpNt4buV9jMa1b52
uxR6PXjBsURLtB4p94sYNhZ0LZXl8y0tcR5h5JdAFkMO25Ahj70GJGfcTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIW93CpEFw4z+gVrc9nS1/MO8y2uMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvaGIzY0trUVhEalA2Qld0ejJkTFg4dzd6TGE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUGBTMA0G
CSqGSIb3DQEBCwUAA4IBAQAjm6s/J54zD0XeioIOYabIMA9Z+yomFNQKOf34ptg1
mIDoFP3R8iw+R1rUQsywsgd5zO+FayfVyhDzGbkiCqgYTylRCaXGKvBgB6LXpOqa
6pKHgUY8Qv/AiBdR/Rfo36CAMzwzyuDmOsqzLNZM9fk5aQdIPADY9tL9Bup58u7K
7bEuxVAvdRE1g73ue7pqDlutpa4pFZgj2Z2XT/0Uo+6zoVYV0fneMfq9MmWl1JXV
ktGuLTVZ/zHxiHs1PEXUKLK8o9OjsFT8F8EKZ34vqX7kERQmlxpYiApqXRsG0Osc
oZwO40sJtZn84+vRB33SLdJXOSaHzARV1xISszOH0roT
-----END CERTIFICATE-----