Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/OI1U9tyTexI3zFMxN2_p-wXJb6Q.roa
File:                     OI1U9tyTexI3zFMxN2_p-wXJb6Q.roa (raw, json)
Hash identifier:          jEa8AhX1E/rcgU1N48+cRpXUd91VJFk6ahzuPB4XKow=
Subject key identifier:   38:8D:54:F6:DC:93:7B:12:37:CC:53:31:37:6F:E9:FB:05:C9:6F:A4
Certificate issuer:       /CN=74e3c336972094b1a8c13d41816857d197a3aae9
Certificate serial:       0198A8C9A65E244F8AFEFBA7F3C3D8820BBC
Authority key identifier: 74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/OI1U9tyTexI3zFMxN2_p-wXJb6Q.roa
Signing time:             Thu 14 Aug 2025 13:34:04 +0000
ROA not before:           Thu 14 Aug 2025 13:34:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59711
IP address blocks:        176.97.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 04:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:c9:a6:5e:24:4f:8a:fe:fb:a7:f3:c3:d8:82:0b:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e3c336972094b1a8c13d41816857d197a3aae9
        Validity
            Not Before: Aug 14 13:34:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=388d54f6dc937b1237cc5331376fe9fb05c96fa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b4:b5:2e:6d:74:88:15:cc:0a:e2:df:4d:bf:
                    20:71:cb:1d:64:36:b6:d7:4f:ae:f4:1c:2d:ef:12:
                    ea:22:21:93:18:0e:0c:d4:77:01:6c:bc:8d:92:de:
                    fc:4d:52:97:6e:f8:dc:47:36:82:57:6f:b4:9b:f7:
                    17:6b:d0:95:a8:c7:fb:b0:93:c3:47:15:80:a2:92:
                    1d:4a:0c:34:c8:cb:5f:53:17:8d:63:c9:50:d2:f8:
                    36:aa:0e:bb:21:cf:6e:0c:72:e1:3c:75:0f:1c:fe:
                    5a:36:45:bd:df:cb:52:8d:e7:e3:e2:8a:92:b3:1f:
                    50:85:f3:a4:32:63:ad:9e:3b:1c:59:01:ef:7a:5d:
                    bd:a3:6a:21:d8:c8:80:8b:43:7d:74:d1:2d:3c:4f:
                    bd:51:b3:ba:d5:dc:1b:f2:d2:46:c8:8a:ce:49:8a:
                    ff:26:3a:03:99:94:c6:89:5c:cd:65:a1:2b:30:bf:
                    dd:28:9e:22:23:dd:b1:2b:e6:fc:c0:13:94:cc:ca:
                    b6:cc:72:32:ef:08:46:c6:ba:e5:1d:29:02:9a:aa:
                    0c:64:5e:47:aa:a1:67:24:9e:af:0c:62:22:2b:9a:
                    d5:99:e4:b6:53:66:23:99:62:d9:d8:e6:c9:e9:95:
                    67:10:39:c0:86:75:67:03:83:fb:95:a3:dc:ef:60:
                    9a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:8D:54:F6:DC:93:7B:12:37:CC:53:31:37:6F:E9:FB:05:C9:6F:A4
            X509v3 Authority Key Identifier:
                keyid:74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/OI1U9tyTexI3zFMxN2_p-wXJb6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:c1:21:cf:14:99:65:40:59:41:90:d4:65:ea:f6:7d:53:8e:
         a1:bf:40:17:01:a6:c7:57:fd:68:85:6e:a5:b1:0c:52:bd:b9:
         ca:73:71:fe:ea:5e:94:18:2a:53:98:bd:db:5e:ac:d3:42:7b:
         88:5c:3e:bf:78:41:9b:5f:58:f9:cd:0e:55:a7:92:c0:8c:05:
         93:12:79:76:31:9d:4d:6a:3d:ad:ce:91:9d:44:98:1e:46:64:
         9c:06:62:5a:b3:48:40:22:c1:14:83:eb:5e:b4:0e:2d:39:c4:
         bd:bc:57:25:e7:46:96:f8:54:47:b7:09:56:eb:d3:ab:b0:97:
         cf:e2:53:b0:5c:8e:f0:e8:92:1b:d6:38:45:85:50:ec:43:74:
         eb:06:f0:82:bd:7d:5e:62:dc:f0:e5:6c:27:e8:ef:81:e8:b0:
         60:59:80:71:c7:fb:06:f3:79:c8:5e:c4:72:bf:0b:4c:db:36:
         a0:7b:9e:a4:6d:ec:a1:1b:44:35:01:42:58:28:2f:08:56:94:
         f5:9b:a2:34:79:60:4c:de:56:ff:9e:8a:41:85:d6:fd:c9:a2:
         6a:1a:17:be:43:4a:52:a6:75:b7:ce:45:f6:56:50:a8:e1:91:
         06:89:3a:ec:3c:4b:29:7e:72:ef:0f:15:55:1e:61:be:e1:58:
         0e:b1:65:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZioyaZeJE+K/vun88PYggu8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTNjMzM2OTcyMDk0YjFhOGMxM2Q0MTgxNjg1N2QxOTdh
M2FhZTkwHhcNMjUwODE0MTMzNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODhkNTRmNmRjOTM3YjEyMzdjYzUzMzEzNzZmZTlmYjA1Yzk2ZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbS1Lm10iBXMCuLfTb8gccsdZDa2
10+u9Bwt7xLqIiGTGA4M1HcBbLyNkt78TVKXbvjcRzaCV2+0m/cXa9CVqMf7sJPD
RxWAopIdSgw0yMtfUxeNY8lQ0vg2qg67Ic9uDHLhPHUPHP5aNkW938tSjefj4oqS
sx9QhfOkMmOtnjscWQHvel29o2oh2MiAi0N9dNEtPE+9UbO61dwb8tJGyIrOSYr/
JjoDmZTGiVzNZaErML/dKJ4iI92xK+b8wBOUzMq2zHIy7whGxrrlHSkCmqoMZF5H
qqFnJJ6vDGIiK5rVmeS2U2YjmWLZ2ObJ6ZVnEDnAhnVnA4P7laPc72Ca4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDiNVPbck3sSN8xTMTdv6fsFyW+kMB8GA1UdIwQY
MBaAFHTjwzaXIJSxqME9QYFoV9GXo6rpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAt
YTZjNDllYjI4Mjg3LzEvT0kxVTl0eVRleEkzekZNeE4yX3Atd1hKYjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAtYTZjNDllYjI4Mjg3
LzEvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGEAMA0G
CSqGSIb3DQEBCwUAA4IBAQAewSHPFJllQFlBkNRl6vZ9U46hv0AXAabHV/1ohW6l
sQxSvbnKc3H+6l6UGCpTmL3bXqzTQnuIXD6/eEGbX1j5zQ5Vp5LAjAWTEnl2MZ1N
aj2tzpGdRJgeRmScBmJas0hAIsEUg+tetA4tOcS9vFcl50aW+FRHtwlW69OrsJfP
4lOwXI7w6JIb1jhFhVDsQ3TrBvCCvX1eYtzw5Wwn6O+B6LBgWYBxx/sG83nIXsRy
vwtM2zage56kbeyhG0Q1AUJYKC8IVpT1m6I0eWBM3lb/nopBhdb9yaJqGhe+Q0pS
pnW3zkX2VlCo4ZEGiTrsPEspfnLvDxVVHmG+4VgOsWVR
-----END CERTIFICATE-----