Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/oFJn2DbPMhZS_Tmm-DmxNkpMyhE.roa
File:                     oFJn2DbPMhZS_Tmm-DmxNkpMyhE.roa (raw, json)
Hash identifier:          Y5qFxScEcaicbV90jLVdvKg9QlaEEdGk/0uix/Osd6k=
Subject key identifier:   A0:52:67:D8:36:CF:32:16:52:FD:39:A6:F8:39:B1:36:4A:4C:CA:11
Certificate issuer:       /CN=d1ca67610286ab738f86ce935fdf5ed620f02d96
Certificate serial:       0199E7D3C2F42312B8F5B45D893C128D14F6
Authority key identifier: D1:CA:67:61:02:86:AB:73:8F:86:CE:93:5F:DF:5E:D6:20:F0:2D:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0cpnYQKGq3OPhs6TX99e1iDwLZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/oFJn2DbPMhZS_Tmm-DmxNkpMyhE.roa
Signing time:             Wed 15 Oct 2025 12:23:58 +0000
ROA not before:           Wed 15 Oct 2025 12:23:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135392
IP address blocks:        193.104.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/0cpnYQKGq3OPhs6TX99e1iDwLZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/0cpnYQKGq3OPhs6TX99e1iDwLZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0cpnYQKGq3OPhs6TX99e1iDwLZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e7:d3:c2:f4:23:12:b8:f5:b4:5d:89:3c:12:8d:14:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ca67610286ab738f86ce935fdf5ed620f02d96
        Validity
            Not Before: Oct 15 12:23:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a05267d836cf321652fd39a6f839b1364a4cca11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e1:b8:8f:15:d6:9a:3a:47:d6:a1:19:0e:74:
                    a8:a7:81:ce:be:35:a5:b2:1d:e6:26:9e:9e:7d:28:
                    25:59:fb:81:62:57:69:2c:84:29:60:6b:3f:1c:fc:
                    03:f6:82:a4:74:6b:1a:61:6d:0e:93:14:b0:e9:c7:
                    28:f8:68:2f:70:2e:89:06:6a:82:49:76:62:ca:cf:
                    b2:5a:94:c3:e6:e8:e6:d2:f8:9a:a2:45:65:8f:77:
                    a6:72:cf:d1:cf:55:58:0f:a3:23:67:d3:c8:eb:b3:
                    4f:5d:66:12:48:50:bf:a5:cb:84:28:0d:23:5a:1f:
                    49:d9:3f:c2:f4:22:e7:a9:ef:c3:57:56:59:5e:e5:
                    b6:99:38:7f:50:4b:d7:23:7a:9d:9c:e3:87:67:0d:
                    2e:7f:f0:c0:0d:a1:a4:03:25:d0:32:cb:b8:0a:ba:
                    14:40:72:41:33:1c:fc:3e:03:71:b8:14:90:31:6f:
                    50:bd:f4:db:e2:f1:08:02:81:61:e2:44:cd:6c:28:
                    b6:49:34:aa:ea:1d:ef:66:f3:4e:33:dd:53:4f:84:
                    b0:e4:be:f6:5a:65:f0:5e:d4:2a:d3:9d:ff:32:4c:
                    26:a1:f9:8b:62:6e:3a:90:2f:72:c4:0b:c4:f9:28:
                    44:1b:8f:b5:ab:83:54:91:22:ae:2f:85:33:d1:65:
                    79:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:52:67:D8:36:CF:32:16:52:FD:39:A6:F8:39:B1:36:4A:4C:CA:11
            X509v3 Authority Key Identifier:
                keyid:D1:CA:67:61:02:86:AB:73:8F:86:CE:93:5F:DF:5E:D6:20:F0:2D:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0cpnYQKGq3OPhs6TX99e1iDwLZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/oFJn2DbPMhZS_Tmm-DmxNkpMyhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/0cpnYQKGq3OPhs6TX99e1iDwLZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:b0:2d:19:44:1c:54:e2:05:67:7b:ca:3d:b2:cf:8b:a8:6b:
         07:18:34:d7:72:53:11:f4:72:7d:d7:5f:bf:95:25:80:77:7e:
         c0:06:13:ad:15:4e:c5:44:9c:ff:a0:50:85:9a:92:c1:7a:c0:
         9e:94:58:63:ff:97:46:6f:c8:05:97:d7:58:65:67:e3:be:07:
         ac:1b:cb:02:ee:86:9a:d9:77:83:b9:d0:9e:38:52:4d:e8:15:
         83:4b:ae:b0:f7:4b:1c:e2:c8:48:58:88:72:f8:11:49:91:4b:
         64:e0:1c:f6:6f:a5:25:c4:98:a7:62:c2:b5:b8:ec:a9:78:c7:
         8d:c8:05:31:e3:cd:d6:c6:bc:b1:7e:ad:17:ae:4d:6c:9f:b7:
         ad:3a:3f:de:3d:11:92:48:23:40:40:6b:cb:7b:7e:d5:cd:53:
         28:a9:13:05:1a:94:9d:8e:aa:7d:ad:53:d9:2f:98:57:b1:fb:
         82:4e:3d:df:7a:19:55:a9:30:59:83:3c:c7:5e:81:38:0e:80:
         9d:17:11:94:6d:1b:32:ad:98:93:37:dd:02:66:a1:33:db:63:
         ce:2e:4b:3e:bd:d7:7e:6e:e4:8e:ed:24:8d:dc:ee:ae:d8:0c:
         b3:0a:0f:7b:82:3b:f7:e6:80:af:24:0f:76:50:b9:15:cb:a4:
         86:c4:15:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnn08L0IxK49bRdiTwSjRT2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxY2E2NzYxMDI4NmFiNzM4Zjg2Y2U5MzVmZGY1ZWQ2MjBm
MDJkOTYwHhcNMjUxMDE1MTIyMzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDUyNjdkODM2Y2YzMjE2NTJmZDM5YTZmODM5YjEzNjRhNGNjYTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+G4jxXWmjpH1qEZDnSop4HOvjWl
sh3mJp6efSglWfuBYldpLIQpYGs/HPwD9oKkdGsaYW0OkxSw6cco+GgvcC6JBmqC
SXZiys+yWpTD5ujm0viaokVlj3emcs/Rz1VYD6MjZ9PI67NPXWYSSFC/pcuEKA0j
Wh9J2T/C9CLnqe/DV1ZZXuW2mTh/UEvXI3qdnOOHZw0uf/DADaGkAyXQMsu4CroU
QHJBMxz8PgNxuBSQMW9QvfTb4vEIAoFh4kTNbCi2STSq6h3vZvNOM91TT4Sw5L72
WmXwXtQq053/MkwmofmLYm46kC9yxAvE+ShEG4+1q4NUkSKuL4Uz0WV5/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBSZ9g2zzIWUv05pvg5sTZKTMoRMB8GA1UdIwQY
MBaAFNHKZ2EChqtzj4bOk1/fXtYg8C2WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNwbllRS0dxM09QaHM2VFg5OWUxaUR3TFpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YTFhNjItZTQ4MS00YTE0LWFkNmUt
MzViZmY5NmRhNGM1LzEvb0ZKbjJEYlBNaFpTX1RtbS1EbXhOa3BNeWhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YTFhNjItZTQ4MS00YTE0LWFkNmUtMzViZmY5NmRhNGM1
LzEvMGNwbllRS0dxM09QaHM2VFg5OWUxaUR3TFpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWghMA0G
CSqGSIb3DQEBCwUAA4IBAQBMsC0ZRBxU4gVne8o9ss+LqGsHGDTXclMR9HJ911+/
lSWAd37ABhOtFU7FRJz/oFCFmpLBesCelFhj/5dGb8gFl9dYZWfjvgesG8sC7oaa
2XeDudCeOFJN6BWDS66w90sc4shIWIhy+BFJkUtk4Bz2b6UlxJinYsK1uOypeMeN
yAUx483Wxryxfq0Xrk1sn7etOj/ePRGSSCNAQGvLe37VzVMoqRMFGpSdjqp9rVPZ
L5hXsfuCTj3fehlVqTBZgzzHXoE4DoCdFxGUbRsyrZiTN90CZqEz22POLks+vdd+
buSO7SSN3O6u2AyzCg97gjv35oCvJA92ULkVy6SGxBWb
-----END CERTIFICATE-----