Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/P1Oafitv1-CeGpiS3295bk_jc2k.roa
File:                     P1Oafitv1-CeGpiS3295bk_jc2k.roa (raw, json)
Hash identifier:          zdC8sgbH1GuCJi8ZjmFdq/tJ5mm7D49KA4AN5K55yRY=
Subject key identifier:   3F:53:9A:7E:2B:6F:D7:E0:9E:1A:98:92:DF:6F:79:6E:4F:E3:73:69
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0199C04122689860BC748C1ADD34960172AD
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/P1Oafitv1-CeGpiS3295bk_jc2k.roa
Signing time:             Tue 07 Oct 2025 19:58:38 +0000
ROA not before:           Tue 07 Oct 2025 19:58:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212980
IP address blocks:        82.163.56.0/22 maxlen: 22
                          92.114.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c0:41:22:68:98:60:bc:74:8c:1a:dd:34:96:01:72:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Oct  7 19:58:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f539a7e2b6fd7e09e1a9892df6f796e4fe37369
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:47:6c:c3:e7:43:0f:7d:3b:a8:5f:58:a0:c8:
                    13:02:c0:d4:84:cc:3b:6b:8e:b0:76:9e:3c:91:d9:
                    9f:61:12:fe:37:aa:5e:7e:22:12:d0:15:c9:14:47:
                    84:26:54:00:42:d7:b9:df:a5:6f:08:01:23:90:8e:
                    4e:b2:04:78:60:58:af:39:cc:0d:48:cf:fb:bd:84:
                    eb:2d:42:6a:be:1f:b0:77:4c:d0:7b:0f:c3:2d:a6:
                    56:0f:02:1d:95:db:99:87:4e:b9:ad:aa:e3:34:73:
                    a5:4e:2f:f5:84:a9:5f:cb:5a:88:ce:a5:da:bc:29:
                    12:3f:6c:f9:de:bf:a0:9b:ed:a7:b2:82:7b:85:bd:
                    01:cd:b6:1b:aa:08:24:8f:2f:41:3d:c9:bd:02:93:
                    9a:4f:6d:84:2d:15:e5:ed:19:01:23:e9:3c:ba:df:
                    e5:fa:5d:1c:91:57:94:18:36:b8:a7:f5:00:a5:26:
                    84:79:f4:ed:76:05:8a:d0:69:a1:c2:0f:ce:cb:71:
                    f0:cc:98:9c:ce:05:35:29:d6:b7:9d:d2:ab:05:62:
                    81:2e:86:86:16:4d:db:e2:7a:b5:40:d3:6b:b5:9d:
                    2c:65:e7:97:03:30:ff:e6:4b:cb:59:ed:bc:07:e6:
                    0e:90:c8:6d:69:fd:5e:0c:45:af:f4:39:84:a2:16:
                    5a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:53:9A:7E:2B:6F:D7:E0:9E:1A:98:92:DF:6F:79:6E:4F:E3:73:69
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/P1Oafitv1-CeGpiS3295bk_jc2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.56.0/22
                  92.114.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:7f:03:6a:3d:a1:2b:25:19:c0:a6:37:37:04:48:9e:38:78:
         d4:98:5f:40:d7:71:6a:f9:40:29:ba:93:dc:1f:8a:b7:79:ea:
         ba:64:9d:82:dd:3e:73:d1:be:fd:6e:89:5e:94:64:31:12:d1:
         e3:0a:c6:f3:c3:55:78:d9:c7:ca:14:ff:28:34:b1:53:ea:4b:
         ec:cb:b6:c7:c3:18:16:2e:c7:fc:ee:fb:bd:1f:06:65:37:f7:
         02:4a:89:8e:3a:04:45:36:2b:e5:c8:32:5d:32:43:b3:e0:ea:
         39:16:7b:1c:0d:79:6b:d2:b3:79:06:23:92:b9:b9:2f:b8:ce:
         9b:82:ff:ed:fc:95:94:36:fd:46:b3:66:58:18:3b:db:aa:5d:
         12:39:38:10:ae:27:0d:8e:90:59:e3:b3:e3:83:55:ee:7f:fe:
         9a:fe:6e:de:39:65:02:24:6f:af:e8:ee:6b:1b:26:53:35:e5:
         be:0c:a3:a2:46:17:83:48:6e:f9:a1:d0:ba:a1:92:e1:0c:b4:
         7b:ee:66:a3:52:72:90:5c:3e:a4:e3:16:a0:82:10:f6:f0:d4:
         45:45:76:ae:60:29:bc:3c:f8:ed:5f:10:8a:f7:60:48:b7:1b:
         8a:cc:80:f4:c8:47:5f:d3:36:1d:fc:23:37:5b:da:7c:74:51:
         2d:a4:cb:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnAQSJomGC8dIwa3TSWAXKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUxMDA3MTk1ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjUzOWE3ZTJiNmZkN2UwOWUxYTk4OTJkZjZmNzk2ZTRmZTM3MzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkdsw+dDD307qF9YoMgTAsDUhMw7
a46wdp48kdmfYRL+N6pefiIS0BXJFEeEJlQAQte536VvCAEjkI5OsgR4YFivOcwN
SM/7vYTrLUJqvh+wd0zQew/DLaZWDwIdlduZh065rarjNHOlTi/1hKlfy1qIzqXa
vCkSP2z53r+gm+2nsoJ7hb0BzbYbqggkjy9BPcm9ApOaT22ELRXl7RkBI+k8ut/l
+l0ckVeUGDa4p/UApSaEefTtdgWK0Gmhwg/Oy3HwzJiczgU1Kda3ndKrBWKBLoaG
Fk3b4nq1QNNrtZ0sZeeXAzD/5kvLWe28B+YOkMhtaf1eDEWv9DmEohZafwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD9Tmn4rb9fgnhqYkt9veW5P43NpMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvUDFPYWZpdHYxLUNlR3BpUzMyOTVia19qYzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUqM4AwQC
XHIoMA0GCSqGSIb3DQEBCwUAA4IBAQBifwNqPaErJRnApjc3BEieOHjUmF9A13Fq
+UApupPcH4q3eeq6ZJ2C3T5z0b79bolelGQxEtHjCsbzw1V42cfKFP8oNLFT6kvs
y7bHwxgWLsf87vu9HwZlN/cCSomOOgRFNivlyDJdMkOz4Oo5FnscDXlr0rN5BiOS
ubkvuM6bgv/t/JWUNv1Gs2ZYGDvbql0SOTgQricNjpBZ47Pjg1Xuf/6a/m7eOWUC
JG+v6O5rGyZTNeW+DKOiRheDSG75odC6oZLhDLR77majUnKQXD6k4xagghD28NRF
RXauYCm8PPjtXxCK92BItxuKzID0yEdf0zYd/CM3W9p8dFEtpMs5
-----END CERTIFICATE-----