Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/2I1GOWHl_sNg202ZkVSHIZVcDhI.roa
File:                     2I1GOWHl_sNg202ZkVSHIZVcDhI.roa (raw, json)
Hash identifier:          hTizmDrUVZJ/qWZQ7WDFRMG/AOudB/C+8jSAoVtPrlA=
Subject key identifier:   D8:8D:46:39:61:E5:FE:C3:60:DB:4D:99:91:54:87:21:95:5C:0E:12
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       0199B93FF544B7641CF2AF1C9E958093423B
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/2I1GOWHl_sNg202ZkVSHIZVcDhI.roa
Signing time:             Mon 06 Oct 2025 11:20:00 +0000
ROA not before:           Mon 06 Oct 2025 11:20:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5430
IP address blocks:        194.97.172.0/22 maxlen: 22
                          195.4.176.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b9:3f:f5:44:b7:64:1c:f2:af:1c:9e:95:80:93:42:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Oct  6 11:20:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d88d463961e5fec360db4d9991548721955c0e12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:72:11:83:62:ae:96:71:84:e4:4f:8a:68:e5:
                    8e:32:b7:9e:28:6f:c5:cf:10:f4:a4:cb:72:d0:b5:
                    de:9e:5e:aa:65:ae:b4:4f:85:31:83:57:62:42:0e:
                    86:89:a2:06:05:56:37:45:e6:69:bd:39:11:6d:45:
                    53:22:07:24:64:14:aa:d1:c2:31:b0:32:40:eb:bd:
                    99:c2:63:f8:03:00:a5:c0:0a:3c:d6:77:5c:8e:b3:
                    a1:da:b7:40:81:8d:f5:ec:38:24:d1:f4:fe:a1:38:
                    a3:7c:ea:9c:4a:3e:9f:56:43:c2:9e:40:fe:39:c2:
                    8b:41:92:b2:00:26:b3:4e:a6:f0:2b:d9:d9:69:ca:
                    fc:b6:4d:16:01:95:de:b1:f3:8b:34:18:98:c9:a4:
                    f9:f6:0d:dc:39:53:20:5d:9d:f2:09:59:a3:52:f7:
                    8b:45:cd:a1:af:85:6c:c8:d3:5d:dd:4a:79:1f:4b:
                    3b:4a:17:fc:9a:bb:64:d3:b8:71:ca:24:53:f8:84:
                    28:4c:e4:c0:41:9d:d2:58:0a:2b:22:24:03:66:a6:
                    fb:11:6f:51:78:09:87:e4:42:d0:b6:63:34:45:fb:
                    9e:59:40:8a:47:b1:b1:7e:1b:56:12:30:d2:c9:76:
                    af:a5:6c:dc:cb:8d:45:57:7d:da:4e:10:5a:54:6d:
                    91:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:8D:46:39:61:E5:FE:C3:60:DB:4D:99:91:54:87:21:95:5C:0E:12
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/2I1GOWHl_sNg202ZkVSHIZVcDhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.97.172.0/22
                  195.4.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         19:bd:53:1a:cb:13:b1:98:13:24:36:d6:85:b5:52:ac:25:eb:
         c8:ec:eb:24:a0:66:d9:19:d6:af:a6:6a:c4:c2:0b:20:04:5b:
         7a:ea:32:f9:fd:9a:a2:10:bf:66:f0:5e:69:10:94:9d:d7:29:
         85:c3:a2:e7:2a:33:26:40:35:dc:fa:55:d7:1d:c9:1f:ed:ab:
         65:30:41:0e:f7:84:b9:19:c1:29:0e:e5:1a:2b:6c:26:a2:b6:
         47:93:7a:83:07:03:9c:9b:85:9e:ce:3d:91:d2:13:d8:0a:0c:
         31:29:1c:20:6a:b7:ef:17:b6:90:21:bd:46:ad:f8:53:ef:19:
         db:6c:f7:14:da:79:ed:e6:9a:fd:cd:f5:ec:c6:34:ba:0f:1e:
         84:31:40:89:ca:61:b1:05:b4:92:0c:57:6f:79:36:40:57:92:
         7b:c1:27:ab:8f:a9:7f:d4:7b:db:06:b9:c1:db:86:e9:b7:36:
         5d:14:23:18:fc:67:bd:a5:f5:b7:6f:8f:c2:86:5a:7e:45:c2:
         69:37:8c:d7:be:d0:f7:e2:73:9e:53:23:3b:3d:95:d1:a7:60:
         10:33:b2:17:ae:2b:46:9d:d9:e6:cd:45:75:52:58:5a:1a:e0:
         45:13:67:da:48:77:8a:e3:f8:82:60:e6:b5:cf:b2:67:ef:92:
         04:05:9c:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm5P/VEt2Qc8q8cnpWAk0I7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjUxMDA2MTEyMDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODhkNDYzOTYxZTVmZWMzNjBkYjRkOTk5MTU0ODcyMTk1NWMwZTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3IRg2KulnGE5E+KaOWOMreeKG/F
zxD0pMty0LXenl6qZa60T4Uxg1diQg6GiaIGBVY3ReZpvTkRbUVTIgckZBSq0cIx
sDJA672ZwmP4AwClwAo81ndcjrOh2rdAgY317Dgk0fT+oTijfOqcSj6fVkPCnkD+
OcKLQZKyACazTqbwK9nZacr8tk0WAZXesfOLNBiYyaT59g3cOVMgXZ3yCVmjUveL
Rc2hr4VsyNNd3Up5H0s7Shf8mrtk07hxyiRT+IQoTOTAQZ3SWAorIiQDZqb7EW9R
eAmH5ELQtmM0RfueWUCKR7GxfhtWEjDSyXavpWzcy41FV33aThBaVG2RewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNiNRjlh5f7DYNtNmZFUhyGVXA4SMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvMkkxR09XSGxfc05nMjAyWmtWU0hJWlZjRGhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwmGsAwQD
wwSwMA0GCSqGSIb3DQEBCwUAA4IBAQAZvVMayxOxmBMkNtaFtVKsJevI7OskoGbZ
GdavpmrEwgsgBFt66jL5/ZqiEL9m8F5pEJSd1ymFw6LnKjMmQDXc+lXXHckf7atl
MEEO94S5GcEpDuUaK2wmorZHk3qDBwOcm4Wezj2R0hPYCgwxKRwgarfvF7aQIb1G
rfhT7xnbbPcU2nnt5pr9zfXsxjS6Dx6EMUCJymGxBbSSDFdveTZAV5J7wSerj6l/
1HvbBrnB24bptzZdFCMY/Ge9pfW3b4/Chlp+RcJpN4zXvtD34nOeUyM7PZXRp2AQ
M7IXritGndnmzUV1UlhaGuBFE2faSHeK4/iCYOa1z7Jn75IEBZxP
-----END CERTIFICATE-----