Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/a3b11e-5909-49fe-bb75-790bc91a59e6/1/_Z612WlN8ZfOi7lH-p4HrmdXgXQ.roa
File:                     _Z612WlN8ZfOi7lH-p4HrmdXgXQ.roa (raw, json)
Hash identifier:          QscoaDsHFH3nysubWrv1ADSV365kESJ9Bam6CnFtw2M=
Subject key identifier:   FD:9E:B5:D9:69:4D:F1:97:CE:8B:B9:47:FA:9E:07:AE:67:57:81:74
Certificate issuer:       /CN=a0d3ed5795348a04e7ecd172d7642fa962097287
Certificate serial:       01969F777D8141E03D287BF0EC999392A812
Authority key identifier: A0:D3:ED:57:95:34:8A:04:E7:EC:D1:72:D7:64:2F:A9:62:09:72:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oNPtV5U0igTn7NFy12QvqWIJcoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/a3b11e-5909-49fe-bb75-790bc91a59e6/1/_Z612WlN8ZfOi7lH-p4HrmdXgXQ.roa
Signing time:             Mon 05 May 2025 08:02:10 +0000
ROA not before:           Mon 05 May 2025 08:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214593
IP address blocks:        194.164.108.0/22 maxlen: 22
                          194.164.108.0/24 maxlen: 24
                          194.164.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/a3b11e-5909-49fe-bb75-790bc91a59e6/1/oNPtV5U0igTn7NFy12QvqWIJcoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/a3b11e-5909-49fe-bb75-790bc91a59e6/1/oNPtV5U0igTn7NFy12QvqWIJcoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oNPtV5U0igTn7NFy12QvqWIJcoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9f:77:7d:81:41:e0:3d:28:7b:f0:ec:99:93:92:a8:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0d3ed5795348a04e7ecd172d7642fa962097287
        Validity
            Not Before: May  5 08:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd9eb5d9694df197ce8bb947fa9e07ae67578174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:81:a5:83:ce:46:ae:bc:a6:1f:55:8c:5d:17:
                    fe:fc:0a:7f:d6:ef:0d:a1:43:01:39:ab:dc:18:fb:
                    40:0d:6b:30:7b:ea:97:e3:77:97:60:b4:f5:fb:e4:
                    a7:7a:0a:96:8d:4b:d5:53:19:de:e7:a9:5e:11:d7:
                    6d:fe:8e:23:6c:62:d1:60:50:e8:bb:6e:54:be:d9:
                    9c:60:58:83:db:cc:f0:ca:31:b4:4b:d4:59:bb:f5:
                    29:3a:17:6c:da:93:d9:e8:0e:05:42:9d:d7:ba:cf:
                    6e:91:42:32:28:c8:d0:59:dd:06:60:97:d7:42:04:
                    43:27:da:92:87:ef:e4:11:56:33:41:92:dc:92:af:
                    5a:71:2e:16:09:85:d2:9d:7e:ad:07:ba:28:a5:10:
                    33:b9:2e:f0:4b:94:86:b3:3f:32:a6:ce:46:88:28:
                    c7:c0:ed:50:83:59:07:fa:66:96:9f:d0:bb:6d:c4:
                    9f:a0:34:c6:0c:28:5c:60:f5:ea:fb:44:6f:dc:ed:
                    49:d3:94:e0:bb:f3:e0:ed:7f:eb:98:80:eb:ec:af:
                    c8:ce:15:a9:25:64:d5:bc:2c:f0:85:e6:dd:53:f3:
                    d3:3c:d6:bd:d8:97:51:71:83:b3:bb:04:58:c8:b2:
                    bc:86:ec:bf:2f:4c:c3:4a:76:25:aa:a7:d2:54:49:
                    46:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:9E:B5:D9:69:4D:F1:97:CE:8B:B9:47:FA:9E:07:AE:67:57:81:74
            X509v3 Authority Key Identifier:
                keyid:A0:D3:ED:57:95:34:8A:04:E7:EC:D1:72:D7:64:2F:A9:62:09:72:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oNPtV5U0igTn7NFy12QvqWIJcoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a3b11e-5909-49fe-bb75-790bc91a59e6/1/_Z612WlN8ZfOi7lH-p4HrmdXgXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a3b11e-5909-49fe-bb75-790bc91a59e6/1/oNPtV5U0igTn7NFy12QvqWIJcoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.164.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:b3:79:ef:c1:01:15:8c:57:ef:12:66:66:00:40:3c:7c:45:
         c1:d3:6b:78:ef:94:43:2d:e3:d9:fc:32:5b:42:e3:2b:e8:73:
         30:dd:5b:ef:e1:e5:b7:46:49:ed:00:25:05:d4:5f:8f:dd:bb:
         1f:a4:e5:2d:c0:27:9a:20:6f:a8:32:e4:1e:a7:9a:72:c7:49:
         d8:9a:cf:c0:5f:e6:d7:ee:de:50:47:ff:6a:ab:44:2b:dd:cb:
         54:5a:58:15:19:80:8a:6c:90:a5:0d:43:fc:2e:8d:85:b2:74:
         25:ed:3c:08:8c:e7:ae:de:0c:55:ad:91:c2:78:49:f3:3a:78:
         b9:d1:6b:aa:92:2b:ce:46:9e:87:0c:ad:03:8b:18:29:1c:7f:
         5b:a9:28:1e:42:63:69:91:bd:87:4d:61:00:0a:61:fb:ab:cf:
         00:24:db:3a:87:fd:a1:3b:db:b1:d5:18:d4:fd:6a:c0:e4:f9:
         b2:2a:d4:a2:9b:f5:a0:45:bb:6c:00:6a:b8:c3:07:36:43:89:
         d3:51:5c:53:18:c5:5a:d9:98:fd:8a:b5:a7:fa:45:6a:67:16:
         c2:ad:b5:d5:4a:ea:f2:f8:45:9a:84:63:55:6b:f1:d5:70:d8:
         ef:1e:b8:63:09:90:50:54:e5:3d:31:8d:6a:48:d5:63:b6:11:
         b6:e8:b3:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZafd32BQeA9KHvw7JmTkqgSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZDNlZDU3OTUzNDhhMDRlN2VjZDE3MmQ3NjQyZmE5NjIw
OTcyODcwHhcNMjUwNTA1MDgwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDllYjVkOTY5NGRmMTk3Y2U4YmI5NDdmYTllMDdhZTY3NTc4MTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4Glg85GrrymH1WMXRf+/Ap/1u8N
oUMBOavcGPtADWswe+qX43eXYLT1++SnegqWjUvVUxne56leEddt/o4jbGLRYFDo
u25UvtmcYFiD28zwyjG0S9RZu/UpOhds2pPZ6A4FQp3Xus9ukUIyKMjQWd0GYJfX
QgRDJ9qSh+/kEVYzQZLckq9acS4WCYXSnX6tB7oopRAzuS7wS5SGsz8yps5GiCjH
wO1Qg1kH+maWn9C7bcSfoDTGDChcYPXq+0Rv3O1J05Tgu/Pg7X/rmIDr7K/IzhWp
JWTVvCzwhebdU/PTPNa92JdRcYOzuwRYyLK8huy/L0zDSnYlqqfSVElGxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2etdlpTfGXzou5R/qeB65nV4F0MB8GA1UdIwQY
MBaAFKDT7VeVNIoE5+zRctdkL6liCXKHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb05QdFY1VTBpZ1RuN05GeTEyUXZxV0lKY29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9hM2IxMWUtNTkwOS00OWZlLWJiNzUt
NzkwYmM5MWE1OWU2LzEvX1o2MTJXbE44WmZPaTdsSC1wNEhybWRYZ1hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9hM2IxMWUtNTkwOS00OWZlLWJiNzUtNzkwYmM5MWE1OWU2
LzEvb05QdFY1VTBpZ1RuN05GeTEyUXZxV0lKY29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwqRsMA0G
CSqGSIb3DQEBCwUAA4IBAQBBs3nvwQEVjFfvEmZmAEA8fEXB02t475RDLePZ/DJb
QuMr6HMw3Vvv4eW3RkntACUF1F+P3bsfpOUtwCeaIG+oMuQep5pyx0nYms/AX+bX
7t5QR/9qq0Qr3ctUWlgVGYCKbJClDUP8Lo2FsnQl7TwIjOeu3gxVrZHCeEnzOni5
0WuqkivORp6HDK0DixgpHH9bqSgeQmNpkb2HTWEACmH7q88AJNs6h/2hO9ux1RjU
/WrA5PmyKtSim/WgRbtsAGq4wwc2Q4nTUVxTGMVa2Zj9irWn+kVqZxbCrbXVSury
+EWahGNVa/HVcNjvHrhjCZBQVOU9MY1qSNVjthG26LMI
-----END CERTIFICATE-----