Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/_MIIbyQenzH6F7OwMqPXOOY9ctM.roa
File:                     _MIIbyQenzH6F7OwMqPXOOY9ctM.roa (raw, json)
Hash identifier:          eIV7bKM/aiDgvacDkUhEBLMcFg6gGKWdnq3Gtl3ghX0=
Subject key identifier:   FC:C2:08:6F:24:1E:9F:31:FA:17:B3:B0:32:A3:D7:38:E6:3D:72:D3
Certificate issuer:       /CN=09253886a0250a04ec69be00bbf8433c2f014b7c
Certificate serial:       0197A739EB9C608706EE01D9778990366B62
Authority key identifier: 09:25:38:86:A0:25:0A:04:EC:69:BE:00:BB:F8:43:3C:2F:01:4B:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/_MIIbyQenzH6F7OwMqPXOOY9ctM.roa
Signing time:             Wed 25 Jun 2025 13:14:40 +0000
ROA not before:           Wed 25 Jun 2025 13:14:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201021
IP address blocks:        185.84.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 07:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a7:39:eb:9c:60:87:06:ee:01:d9:77:89:90:36:6b:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09253886a0250a04ec69be00bbf8433c2f014b7c
        Validity
            Not Before: Jun 25 13:14:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcc2086f241e9f31fa17b3b032a3d738e63d72d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c9:78:42:7b:0f:55:c4:d8:b7:6c:d2:14:5f:
                    b2:9c:91:82:6f:c3:0b:08:70:2f:9a:65:ea:67:70:
                    ab:0f:13:11:d1:8b:54:ed:52:dc:9e:77:a2:af:38:
                    f1:52:41:96:02:75:0b:75:2f:fd:e4:d8:b9:43:ad:
                    0d:e6:ce:78:d9:69:db:ce:8e:2f:a0:fa:c5:ec:aa:
                    33:33:d1:7b:94:b7:d1:99:7d:6c:42:6a:ce:53:b5:
                    95:b0:d7:1d:46:c7:64:17:49:36:b4:5d:2b:bd:49:
                    12:bc:e4:02:a9:c0:da:62:ec:3f:cd:93:ed:4a:e8:
                    ad:6d:80:fb:8b:5d:e5:9c:15:51:7b:f7:fb:d2:7d:
                    9c:63:d3:5a:73:2d:12:dd:7d:a4:86:dc:c5:5b:65:
                    81:4e:aa:5e:25:4b:93:9d:2d:58:31:d8:30:37:e6:
                    e8:a4:2d:e8:c3:08:d4:66:1d:85:80:c7:62:43:1d:
                    0b:74:d5:65:1a:0f:16:1f:26:aa:82:87:6b:0d:2b:
                    4e:d5:4f:72:db:f1:60:7c:f9:e5:65:9d:3f:fe:a6:
                    6e:43:ff:2d:b5:20:1d:a1:26:c5:6b:7d:50:08:7d:
                    38:b0:05:dd:f4:d7:b8:67:3a:4e:cf:49:9d:1e:9e:
                    8d:a4:72:fa:e8:8f:77:ab:57:22:30:0e:2e:ba:db:
                    d3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:C2:08:6F:24:1E:9F:31:FA:17:B3:B0:32:A3:D7:38:E6:3D:72:D3
            X509v3 Authority Key Identifier:
                keyid:09:25:38:86:A0:25:0A:04:EC:69:BE:00:BB:F8:43:3C:2F:01:4B:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CSU4hqAlCgTsab4Au_hDPC8BS3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/_MIIbyQenzH6F7OwMqPXOOY9ctM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/36f83e-6be6-42c5-8380-114ad41cf331/1/CSU4hqAlCgTsab4Au_hDPC8BS3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:86:60:c5:cb:5a:4e:86:69:33:20:86:a7:22:1c:df:16:ce:
         a1:20:99:0a:b6:49:cf:c4:75:d5:12:29:d3:8a:c7:15:6e:14:
         a5:32:61:72:be:f7:e2:32:4c:b2:32:05:5d:4d:f3:8e:02:0b:
         5a:e2:32:4e:c6:25:3c:1d:c9:36:7e:7b:b9:a8:bf:f1:c8:93:
         56:83:76:84:e4:e3:17:e3:8c:59:21:b1:c4:84:d8:dd:0c:d6:
         a1:bd:84:1f:35:12:9f:83:17:81:55:a0:1c:6b:a3:19:1c:ae:
         e5:50:39:cb:b1:24:e4:90:8f:f1:71:d8:80:d3:2f:57:76:f7:
         66:a9:36:26:05:8e:b4:66:56:93:28:d1:f9:a1:47:bc:fa:05:
         fc:d3:97:38:f2:8b:d7:de:78:6a:37:4e:75:48:4f:a7:61:b1:
         5c:1e:d6:08:21:f5:95:58:c3:f4:a6:c2:eb:4f:4e:53:58:11:
         23:12:70:74:f7:ba:6e:a2:80:f5:fe:ea:3a:a1:79:33:f6:53:
         7c:61:fa:4a:08:5f:97:d1:70:91:1a:b3:02:da:7e:16:b5:9b:
         e6:ef:8e:50:e1:01:96:bc:91:af:6c:52:9a:de:07:82:e0:6d:
         49:ee:dd:79:25:b0:f1:d3:6a:36:05:6c:8f:03:d0:72:b7:b4:
         13:ee:62:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZenOeucYIcG7gHZd4mQNmtiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MjUzODg2YTAyNTBhMDRlYzY5YmUwMGJiZjg0MzNjMmYw
MTRiN2MwHhcNMjUwNjI1MTMxNDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2MyMDg2ZjI0MWU5ZjMxZmExN2IzYjAzMmEzZDczOGU2M2Q3MmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMl4QnsPVcTYt2zSFF+ynJGCb8ML
CHAvmmXqZ3CrDxMR0YtU7VLcnneirzjxUkGWAnULdS/95Ni5Q60N5s542Wnbzo4v
oPrF7KozM9F7lLfRmX1sQmrOU7WVsNcdRsdkF0k2tF0rvUkSvOQCqcDaYuw/zZPt
SuitbYD7i13lnBVRe/f70n2cY9Nacy0S3X2khtzFW2WBTqpeJUuTnS1YMdgwN+bo
pC3owwjUZh2FgMdiQx0LdNVlGg8WHyaqgodrDStO1U9y2/FgfPnlZZ0//qZuQ/8t
tSAdoSbFa31QCH04sAXd9Ne4ZzpOz0mdHp6NpHL66I93q1ciMA4uutvTGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzCCG8kHp8x+hezsDKj1zjmPXLTMB8GA1UdIwQY
MBaAFAklOIagJQoE7Gm+ALv4QzwvAUt8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1NVNGhxQWxDZ1RzYWI0QXVfaERQQzhCUzN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8zNmY4M2UtNmJlNi00MmM1LTgzODAt
MTE0YWQ0MWNmMzMxLzEvX01JSWJ5UWVuekg2RjdPd01xUFhPT1k5Y3RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8zNmY4M2UtNmJlNi00MmM1LTgzODAtMTE0YWQ0MWNmMzMx
LzEvQ1NVNGhxQWxDZ1RzYWI0QXVfaERQQzhCUzN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVS3MA0G
CSqGSIb3DQEBCwUAA4IBAQA0hmDFy1pOhmkzIIanIhzfFs6hIJkKtknPxHXVEinT
iscVbhSlMmFyvvfiMkyyMgVdTfOOAgta4jJOxiU8Hck2fnu5qL/xyJNWg3aE5OMX
44xZIbHEhNjdDNahvYQfNRKfgxeBVaAca6MZHK7lUDnLsSTkkI/xcdiA0y9Xdvdm
qTYmBY60ZlaTKNH5oUe8+gX805c48ovX3nhqN051SE+nYbFcHtYIIfWVWMP0psLr
T05TWBEjEnB097puooD1/uo6oXkz9lN8YfpKCF+X0XCRGrMC2n4WtZvm745Q4QGW
vJGvbFKa3geC4G1J7t15JbDx02o2BWyPA9Byt7QT7mJ3
-----END CERTIFICATE-----