Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/jMIl0-AsPbFxzuSdnTOvL0GZyZY.roa
File:                     jMIl0-AsPbFxzuSdnTOvL0GZyZY.roa (raw, json)
Hash identifier:          vp7N55mHbj1atM+G1AaTEaDl/C1DAcMrBbixu2jF2UI=
Subject key identifier:   8C:C2:25:D3:E0:2C:3D:B1:71:CE:E4:9D:9D:33:AF:2F:41:99:C9:96
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       01978D9507602755DB04210F9C1CE9D70960
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/jMIl0-AsPbFxzuSdnTOvL0GZyZY.roa
Signing time:             Fri 20 Jun 2025 13:44:03 +0000
ROA not before:           Fri 20 Jun 2025 13:44:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        80.93.192.0/24 maxlen: 24
                          80.93.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8d:95:07:60:27:55:db:04:21:0f:9c:1c:e9:d7:09:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: Jun 20 13:44:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cc225d3e02c3db171cee49d9d33af2f4199c996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2f:92:be:53:7a:b9:11:65:05:5c:62:1a:47:
                    2d:85:f7:cc:15:23:dc:7d:12:c9:d3:c4:ef:5f:d1:
                    81:4b:d3:c7:c9:d2:7c:ed:44:ea:f5:13:b7:0a:bb:
                    dc:e4:b8:b6:17:99:6a:b0:44:71:c6:a0:6b:7c:5d:
                    4f:27:ad:fa:0e:cd:ad:9d:11:9a:4d:47:71:d6:74:
                    89:89:89:ff:8f:73:aa:38:73:bf:7b:d8:65:28:b4:
                    ae:40:9e:01:d0:5c:e1:ad:7e:75:aa:d1:76:37:6e:
                    1b:0e:c0:bd:32:a4:93:dd:9a:79:3e:62:da:b7:57:
                    30:d3:12:63:0c:53:c9:38:78:88:55:4b:6b:db:6f:
                    0b:0b:55:9f:2f:68:08:b6:a3:9f:4c:7c:7c:30:29:
                    dd:ec:55:24:8f:22:69:74:a3:4f:d2:42:e6:6b:db:
                    ad:ae:29:db:9d:bf:ae:7c:f9:ab:24:d3:78:bf:dd:
                    8d:b4:ad:72:76:22:c3:c0:d0:0e:c0:40:92:4d:d6:
                    b4:fe:32:d2:04:9f:48:1f:b4:cb:27:8a:94:16:5f:
                    06:19:da:4f:12:6b:31:9b:b1:e5:90:0d:48:aa:17:
                    f9:22:0e:16:7e:3b:67:ec:a3:ac:e9:91:ac:2e:82:
                    3c:58:c0:19:9a:b2:ce:a9:63:b8:6b:5f:2b:d9:7d:
                    aa:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:C2:25:D3:E0:2C:3D:B1:71:CE:E4:9D:9D:33:AF:2F:41:99:C9:96
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/jMIl0-AsPbFxzuSdnTOvL0GZyZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.192.0/24
                  80.93.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:11:c4:1e:d1:d3:c4:67:95:be:41:8a:3b:4e:3b:42:3f:3d:
         d0:d2:3e:74:ff:1f:39:1f:76:65:b8:d8:0e:a8:22:a7:55:a8:
         cc:c1:65:0e:39:bd:cf:d8:60:d6:79:71:5c:86:18:3e:4e:5f:
         ef:ea:f3:eb:d2:f6:78:0b:20:21:04:e6:b7:e0:d0:90:6c:14:
         3b:cc:85:fb:a5:db:c3:f2:80:ae:eb:d1:f1:a8:4c:fb:8b:13:
         43:c7:25:91:d4:bd:01:ce:29:3b:e7:7a:e4:e1:ed:5c:4c:58:
         69:8d:49:8f:06:a0:37:d8:21:97:88:0e:1c:ad:62:d9:99:f3:
         3b:a6:a0:fb:e0:94:53:93:02:6c:a3:ca:d3:f5:00:36:fd:31:
         51:88:00:4d:6a:d4:e3:e3:e8:95:5b:47:cd:f2:a7:65:48:8b:
         fb:20:1a:7f:ba:cd:4b:ce:e2:b1:41:b8:76:07:ef:dc:85:0f:
         92:df:70:b0:e0:e2:fc:18:67:f1:cc:9b:42:1f:53:db:10:b0:
         05:78:89:8a:31:4c:07:72:a9:6c:5c:68:c1:1a:64:2c:d4:f7:
         0a:56:a8:78:e4:44:12:3f:12:d1:70:48:7a:45:c5:84:e3:5f:
         0c:cb:01:38:d9:23:40:be:f3:6b:5e:4f:35:a7:38:9a:33:81:
         f2:7a:dc:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeNlQdgJ1XbBCEPnBzp1wlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjUwNjIwMTM0NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2MyMjVkM2UwMmMzZGIxNzFjZWU0OWQ5ZDMzYWYyZjQxOTljOTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApi+SvlN6uRFlBVxiGkcthffMFSPc
fRLJ08TvX9GBS9PHydJ87UTq9RO3Crvc5Li2F5lqsERxxqBrfF1PJ636Ds2tnRGa
TUdx1nSJiYn/j3OqOHO/e9hlKLSuQJ4B0FzhrX51qtF2N24bDsC9MqST3Zp5PmLa
t1cw0xJjDFPJOHiIVUtr228LC1WfL2gItqOfTHx8MCnd7FUkjyJpdKNP0kLma9ut
rinbnb+ufPmrJNN4v92NtK1ydiLDwNAOwECSTda0/jLSBJ9IH7TLJ4qUFl8GGdpP
Emsxm7HlkA1Iqhf5Ig4Wfjtn7KOs6ZGsLoI8WMAZmrLOqWO4a18r2X2qqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIzCJdPgLD2xcc7knZ0zry9BmcmWMB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvak1JbDAtQXNQYkZ4enVTZG5UT3ZMMEdaeVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUF3AAwQA
UF3OMA0GCSqGSIb3DQEBCwUAA4IBAQCFEcQe0dPEZ5W+QYo7TjtCPz3Q0j50/x85
H3ZluNgOqCKnVajMwWUOOb3P2GDWeXFchhg+Tl/v6vPr0vZ4CyAhBOa34NCQbBQ7
zIX7pdvD8oCu69HxqEz7ixNDxyWR1L0Bzik753rk4e1cTFhpjUmPBqA32CGXiA4c
rWLZmfM7pqD74JRTkwJso8rT9QA2/TFRiABNatTj4+iVW0fN8qdlSIv7IBp/us1L
zuKxQbh2B+/chQ+S33Cw4OL8GGfxzJtCH1PbELAFeImKMUwHcqlsXGjBGmQs1PcK
Vqh45EQSPxLRcEh6RcWE418MywE42SNAvvNrXk81pziaM4Hyetyl
-----END CERTIFICATE-----