Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/793e00-0c53-49c4-a51b-eda316a2afb8/1/oS-zf8LykP6dfOwgBh2b6irIbAA.roa
File:                     oS-zf8LykP6dfOwgBh2b6irIbAA.roa (raw, json)
Hash identifier:          es5RiKPg30TZ9v6YIMiSfrSdGJ7vWC4nZhRx1zHM27Q=
Subject key identifier:   A1:2F:B3:7F:C2:F2:90:FE:9D:7C:EC:20:06:1D:9B:EA:2A:C8:6C:00
Certificate issuer:       /CN=af2b68f0c83add9a3a3b86ab24fb910a960262c6
Certificate serial:       0197C5588642CA794A9BD0156F6EC9CCC692
Authority key identifier: AF:2B:68:F0:C8:3A:DD:9A:3A:3B:86:AB:24:FB:91:0A:96:02:62:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ryto8Mg63Zo6O4arJPuRCpYCYsY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/793e00-0c53-49c4-a51b-eda316a2afb8/1/oS-zf8LykP6dfOwgBh2b6irIbAA.roa
Signing time:             Tue 01 Jul 2025 09:36:42 +0000
ROA not before:           Tue 01 Jul 2025 09:36:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14297
IP address blocks:        185.147.172.0/23 maxlen: 24
                          185.147.174.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/793e00-0c53-49c4-a51b-eda316a2afb8/1/ryto8Mg63Zo6O4arJPuRCpYCYsY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/793e00-0c53-49c4-a51b-eda316a2afb8/1/ryto8Mg63Zo6O4arJPuRCpYCYsY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ryto8Mg63Zo6O4arJPuRCpYCYsY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c5:58:86:42:ca:79:4a:9b:d0:15:6f:6e:c9:cc:c6:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2b68f0c83add9a3a3b86ab24fb910a960262c6
        Validity
            Not Before: Jul  1 09:36:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a12fb37fc2f290fe9d7cec20061d9bea2ac86c00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:50:8e:a9:c1:0e:c3:cd:34:89:85:9a:22:43:
                    e7:06:e4:29:c2:12:89:a1:12:f3:c4:44:1a:41:9d:
                    e1:af:a7:0d:9b:44:17:a4:af:32:fd:b4:65:6c:a1:
                    d0:84:04:41:7d:4d:09:15:a7:ac:12:e4:8f:87:cc:
                    92:72:fa:9c:c1:f0:32:26:7c:8f:f6:7c:c0:f1:2a:
                    cd:05:70:49:ca:f9:91:19:48:9b:cc:cf:a1:eb:91:
                    18:77:cf:29:e7:6c:29:80:ff:31:ae:ae:54:fa:9b:
                    a7:aa:67:18:60:e7:6b:53:67:ca:9e:82:dc:93:55:
                    12:75:3e:f9:c8:b2:4f:65:ee:ea:f7:d0:e2:7d:dc:
                    3b:41:9b:08:b3:a7:a5:f7:5e:4f:e4:d0:51:5a:b6:
                    f9:6c:cc:b4:e8:a4:b1:8b:b9:0d:61:c9:f7:ef:d1:
                    77:30:cb:f1:22:8c:c4:45:b0:ed:97:fd:bb:03:7b:
                    3c:56:31:ad:7c:1f:e5:07:c7:d5:cf:2f:84:b1:97:
                    f0:07:1f:54:9e:96:17:78:d7:ec:bf:4c:d4:b0:e6:
                    55:28:2f:59:9f:51:fa:32:cf:b3:e2:72:e3:58:16:
                    73:c4:a8:96:6d:05:7f:1b:e8:8f:da:88:a0:c4:e4:
                    30:84:ca:1d:09:20:2d:8f:e4:47:33:ed:fc:15:55:
                    5f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:2F:B3:7F:C2:F2:90:FE:9D:7C:EC:20:06:1D:9B:EA:2A:C8:6C:00
            X509v3 Authority Key Identifier:
                keyid:AF:2B:68:F0:C8:3A:DD:9A:3A:3B:86:AB:24:FB:91:0A:96:02:62:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ryto8Mg63Zo6O4arJPuRCpYCYsY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/793e00-0c53-49c4-a51b-eda316a2afb8/1/oS-zf8LykP6dfOwgBh2b6irIbAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/793e00-0c53-49c4-a51b-eda316a2afb8/1/ryto8Mg63Zo6O4arJPuRCpYCYsY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:3d:4a:fa:10:5d:91:94:85:db:cb:31:8e:b2:11:95:d8:63:
         d9:43:ad:9d:a6:24:b5:b3:59:ea:fc:87:f0:4a:73:76:3a:3c:
         7e:c3:7a:dd:97:cb:2f:88:23:84:1a:77:80:1f:aa:02:82:44:
         82:0c:9d:0b:7e:43:81:78:d2:c3:15:46:23:8d:bb:49:f4:16:
         8a:44:77:ba:65:aa:ee:ff:d4:7b:03:ac:b0:90:41:5b:c3:91:
         4b:fd:72:ef:c6:b0:7d:bf:d0:32:62:48:a5:83:34:60:41:96:
         2c:42:c5:f7:cf:97:de:ec:4d:67:75:8c:09:fd:17:d7:97:ed:
         1f:de:13:16:98:9d:f6:55:d6:c9:f3:ab:1f:2f:bc:06:53:47:
         73:73:fb:d4:86:43:1c:4d:59:ce:ab:9b:24:0c:91:33:d5:a5:
         00:11:19:bd:cd:90:85:0a:86:dd:5c:33:fa:00:f6:a8:be:13:
         c8:a8:21:3b:96:aa:5f:2a:96:49:e8:00:73:09:aa:f0:d2:51:
         f5:25:8e:1e:8b:88:dd:e5:a8:23:32:30:79:bf:cb:70:87:43:
         df:1d:bd:d5:45:d9:9e:63:5a:c8:d3:bf:10:72:36:33:5b:15:
         74:cf:c4:7f:c7:72:9e:18:94:03:9b:3b:62:89:c3:0f:0e:12:
         2f:d5:65:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfFWIZCynlKm9AVb27JzMaSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmI2OGYwYzgzYWRkOWEzYTNiODZhYjI0ZmI5MTBhOTYw
MjYyYzYwHhcNMjUwNzAxMDkzNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTJmYjM3ZmMyZjI5MGZlOWQ3Y2VjMjAwNjFkOWJlYTJhYzg2YzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FCOqcEOw800iYWaIkPnBuQpwhKJ
oRLzxEQaQZ3hr6cNm0QXpK8y/bRlbKHQhARBfU0JFaesEuSPh8yScvqcwfAyJnyP
9nzA8SrNBXBJyvmRGUibzM+h65EYd88p52wpgP8xrq5U+punqmcYYOdrU2fKnoLc
k1USdT75yLJPZe7q99Difdw7QZsIs6el915P5NBRWrb5bMy06KSxi7kNYcn379F3
MMvxIozERbDtl/27A3s8VjGtfB/lB8fVzy+EsZfwBx9UnpYXeNfsv0zUsOZVKC9Z
n1H6Ms+z4nLjWBZzxKiWbQV/G+iP2oigxOQwhModCSAtj+RHM+38FVVfywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEvs3/C8pD+nXzsIAYdm+oqyGwAMB8GA1UdIwQY
MBaAFK8raPDIOt2aOjuGqyT7kQqWAmLGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnl0bzhNZzYzWm82TzRhckpQdVJDcFlDWXNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy83OTNlMDAtMGM1My00OWM0LWE1MWIt
ZWRhMzE2YTJhZmI4LzEvb1MtemY4THlrUDZkZk93Z0JoMmI2aXJJYkFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy83OTNlMDAtMGM1My00OWM0LWE1MWItZWRhMzE2YTJhZmI4
LzEvcnl0bzhNZzYzWm82TzRhckpQdVJDcFlDWXNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZOsMA0G
CSqGSIb3DQEBCwUAA4IBAQCJPUr6EF2RlIXbyzGOshGV2GPZQ62dpiS1s1nq/Ifw
SnN2Ojx+w3rdl8sviCOEGneAH6oCgkSCDJ0LfkOBeNLDFUYjjbtJ9BaKRHe6Zaru
/9R7A6ywkEFbw5FL/XLvxrB9v9AyYkilgzRgQZYsQsX3z5fe7E1ndYwJ/RfXl+0f
3hMWmJ32VdbJ86sfL7wGU0dzc/vUhkMcTVnOq5skDJEz1aUAERm9zZCFCobdXDP6
APaovhPIqCE7lqpfKpZJ6ABzCarw0lH1JY4ei4jd5agjMjB5v8twh0PfHb3VRdme
Y1rI078QcjYzWxV0z8R/x3KeGJQDmztiicMPDhIv1WXY
-----END CERTIFICATE-----