Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/v4id3sTc4LvCe1tvM2FCdGAi-oc.roa
File:                     v4id3sTc4LvCe1tvM2FCdGAi-oc.roa (raw, json)
Hash identifier:          EkhhhWbi/AAOgI2LjhwbBBU2SuIo0nB2d4UasV7shp4=
Subject key identifier:   BF:88:9D:DE:C4:DC:E0:BB:C2:7B:5B:6F:33:61:42:74:60:22:FA:87
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198D5D77A1196073D293EA8650A0BBB6EAC
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/v4id3sTc4LvCe1tvM2FCdGAi-oc.roa
Signing time:             Sat 23 Aug 2025 07:32:05 +0000
ROA not before:           Sat 23 Aug 2025 07:32:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44436
IP address blocks:        94.183.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d5:d7:7a:11:96:07:3d:29:3e:a8:65:0a:0b:bb:6e:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug 23 07:32:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf889ddec4dce0bbc27b5b6f336142746022fa87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8b:a6:54:6d:f1:fa:1b:94:01:4b:bf:20:07:
                    90:28:e5:99:b6:98:e7:d9:87:bc:0f:60:20:a4:b7:
                    85:87:41:56:00:61:5c:b6:57:ff:27:eb:66:b0:1a:
                    3a:88:dc:a4:68:83:9a:f1:55:6d:92:f2:2c:5b:df:
                    ec:8d:fc:e7:a1:8a:e8:c7:8f:c4:92:0c:82:45:ef:
                    02:c4:55:34:19:cf:5e:2a:cd:1e:81:14:2a:4c:c7:
                    49:b8:27:4e:4c:31:d4:1e:9b:ca:5d:0f:a2:f2:65:
                    7b:5f:75:b6:67:d3:c7:5a:e7:e8:57:59:5c:d9:e4:
                    63:73:e2:2e:53:62:07:f6:6a:dd:d1:3d:db:5e:a8:
                    40:fe:7d:23:f1:b6:a5:42:9d:c5:d9:6e:6d:b9:c9:
                    e9:49:ba:41:e6:f0:9c:f3:48:2d:e2:bc:29:c5:a8:
                    f1:d0:1d:89:e4:73:9f:b4:8e:b7:b7:91:d0:a4:53:
                    cd:17:18:5a:01:19:6b:09:1d:bd:4b:3b:32:07:d2:
                    f3:fa:15:e6:c9:30:19:20:48:32:54:61:db:b3:5d:
                    88:53:56:52:05:d9:f4:1b:50:2b:0c:58:dc:e8:95:
                    71:af:61:a5:92:17:fe:62:09:39:fa:44:cf:6f:7e:
                    e5:44:af:ff:56:d0:02:1c:a5:13:66:d6:3b:be:30:
                    2f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:88:9D:DE:C4:DC:E0:BB:C2:7B:5B:6F:33:61:42:74:60:22:FA:87
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/v4id3sTc4LvCe1tvM2FCdGAi-oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:70:63:aa:86:42:c9:6f:be:b4:73:97:0a:b9:37:d3:51:74:
         ea:b6:da:4d:54:32:01:d1:ae:c2:13:9d:f8:83:aa:76:d5:ad:
         53:c9:0e:7e:be:a5:c9:af:a9:27:95:b4:16:9f:af:09:bc:41:
         6c:3b:1d:42:57:9c:0c:63:9a:40:be:5e:57:cf:f9:c0:09:17:
         25:ea:79:c0:fe:77:e7:c5:ee:37:bf:1d:68:99:01:3e:41:7a:
         51:b4:31:cf:a4:b6:1c:7c:4f:49:17:d8:71:28:8a:a2:b5:d6:
         53:94:ad:59:c0:1d:07:d5:1b:59:2d:c0:49:78:0e:08:78:06:
         67:8f:b8:d6:8b:a9:86:40:ad:1d:74:47:d7:f4:09:e8:ea:61:
         bb:5f:16:88:ba:d5:b6:00:fe:d6:bb:02:e7:0e:04:11:b8:47:
         50:e5:cb:b1:8b:83:13:29:1e:fe:44:8e:26:15:8f:66:dd:cc:
         5f:d7:48:0b:ca:2e:8a:f3:42:01:c9:de:b1:95:fe:83:56:c2:
         d6:ff:e2:19:70:e6:be:46:30:ef:9b:bd:36:1c:46:f8:96:2c:
         35:c2:18:27:11:95:a7:59:c8:f3:3d:e7:51:cc:08:96:28:84:
         53:c0:e0:4b:53:87:85:fe:70:1d:52:fc:4a:f4:b9:23:f3:f4:
         1a:0f:9b:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjV13oRlgc9KT6oZQoLu26sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODIzMDczMjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjg4OWRkZWM0ZGNlMGJiYzI3YjViNmYzMzYxNDI3NDYwMjJmYTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIumVG3x+huUAUu/IAeQKOWZtpjn
2Ye8D2AgpLeFh0FWAGFctlf/J+tmsBo6iNykaIOa8VVtkvIsW9/sjfznoYrox4/E
kgyCRe8CxFU0Gc9eKs0egRQqTMdJuCdOTDHUHpvKXQ+i8mV7X3W2Z9PHWufoV1lc
2eRjc+IuU2IH9mrd0T3bXqhA/n0j8balQp3F2W5tucnpSbpB5vCc80gt4rwpxajx
0B2J5HOftI63t5HQpFPNFxhaARlrCR29SzsyB9Lz+hXmyTAZIEgyVGHbs12IU1ZS
Bdn0G1ArDFjc6JVxr2Glkhf+Ygk5+kTPb37lRK//VtACHKUTZtY7vjAvXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+Ind7E3OC7wntbbzNhQnRgIvqHMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdjRpZDNzVGM0THZDZTF0dk0yRkNkR0FpLW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrejMA0G
CSqGSIb3DQEBCwUAA4IBAQAccGOqhkLJb760c5cKuTfTUXTqttpNVDIB0a7CE534
g6p21a1TyQ5+vqXJr6knlbQWn68JvEFsOx1CV5wMY5pAvl5Xz/nACRcl6nnA/nfn
xe43vx1omQE+QXpRtDHPpLYcfE9JF9hxKIqitdZTlK1ZwB0H1RtZLcBJeA4IeAZn
j7jWi6mGQK0ddEfX9Ano6mG7XxaIutW2AP7WuwLnDgQRuEdQ5cuxi4MTKR7+RI4m
FY9m3cxf10gLyi6K80IByd6xlf6DVsLW/+IZcOa+RjDvm702HEb4liw1whgnEZWn
WcjzPedRzAiWKIRTwOBLU4eF/nAdUvxK9Lkj8/QaD5uy
-----END CERTIFICATE-----