Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/h9mPBIiEAVg09Wvp-nPwwNfG1HI.roa
File:                     h9mPBIiEAVg09Wvp-nPwwNfG1HI.roa (raw, json)
Hash identifier:          FlDtjDfotSf1SuYyQZURv1Yp5xPx0MQ3seyoxZ3Kltw=
Subject key identifier:   87:D9:8F:04:88:84:01:58:34:F5:6B:E9:FA:73:F0:C0:D7:C6:D4:72
Certificate issuer:       /CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
Certificate serial:       01989DF949759BC399997EEEA3B47EF1AD51
Authority key identifier: 3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/h9mPBIiEAVg09Wvp-nPwwNfG1HI.roa
Signing time:             Tue 12 Aug 2025 11:10:16 +0000
ROA not before:           Tue 12 Aug 2025 11:10:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.224.0.0/24 maxlen: 24
                          2a01:f3c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 23:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9d:f9:49:75:9b:c3:99:99:7e:ee:a3:b4:7e:f1:ad:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
        Validity
            Not Before: Aug 12 11:10:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87d98f048884015834f56be9fa73f0c0d7c6d472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9a:82:9d:ca:92:98:ca:06:d8:fc:dc:30:0f:
                    8c:37:d0:9c:28:c5:7d:26:54:8b:66:f8:cd:e6:34:
                    07:62:30:94:c0:84:d0:8b:4d:82:6a:74:13:4c:52:
                    ff:83:1f:90:a9:53:45:82:3e:cd:15:f5:5d:4f:34:
                    88:3d:8a:2c:67:c0:44:c9:c9:13:82:0e:94:af:95:
                    97:b3:e5:ca:9b:ed:eb:e4:ed:a8:9b:9e:e9:32:0d:
                    7f:de:ea:9e:8d:a9:7d:bf:71:e1:b9:c8:41:17:e6:
                    97:1e:01:58:92:7b:18:66:e9:b8:27:e9:1e:cf:89:
                    83:43:29:58:e6:ae:46:4e:de:71:5f:ba:81:38:68:
                    9d:fd:35:13:45:8b:a0:d7:de:89:c0:74:b9:04:e1:
                    51:c1:d4:cc:21:18:ea:d4:1f:85:3c:d9:cd:1f:2c:
                    01:d7:25:f2:5d:9f:b3:36:b2:55:ac:0b:5b:5a:2a:
                    e7:7a:b7:bd:1a:19:56:e4:14:5a:82:df:75:69:5d:
                    df:2f:e4:5b:23:e9:5c:fe:3a:37:1e:16:29:cf:b4:
                    58:24:56:a1:92:26:b7:ed:f8:8a:2a:ac:c0:7b:ef:
                    17:6d:ca:9d:5e:aa:23:9b:35:0c:48:9d:5b:26:07:
                    47:03:72:ae:ed:64:6b:0b:b3:1f:b5:55:b0:68:c4:
                    e8:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D9:8F:04:88:84:01:58:34:F5:6B:E9:FA:73:F0:C0:D7:C6:D4:72
            X509v3 Authority Key Identifier:
                keyid:3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/h9mPBIiEAVg09Wvp-nPwwNfG1HI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.0.0/24
                IPv6:
                  2a01:f3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:58:cd:3a:9f:bf:e5:93:1e:87:8e:88:e3:87:8f:43:ca:cd:
         3d:a6:a7:23:6d:39:04:87:d8:49:f1:eb:f9:8f:53:e3:c7:17:
         77:8c:e0:67:ec:b0:c1:47:cf:3b:34:66:85:06:0b:d6:e1:c8:
         e8:cc:b4:bf:72:0f:fb:f7:ab:e5:73:68:72:fd:48:13:59:e7:
         5c:6c:ac:1f:de:ce:05:ce:e2:7f:17:1e:e8:c5:f7:91:e7:14:
         78:04:1d:d6:4a:da:b1:34:fc:c5:52:4e:ac:2d:8e:33:36:06:
         33:3a:7b:9e:71:c2:84:53:8d:5c:04:7b:9f:6a:e6:9f:fc:79:
         f0:c2:ab:35:b1:d6:b2:cb:d0:b5:20:80:2c:15:24:97:cc:40:
         fc:50:97:7a:16:9a:ba:a3:45:f7:21:77:3a:45:d5:6f:11:6b:
         2d:ba:08:8f:9c:b4:10:26:2d:ef:a1:a5:26:ae:72:f0:ac:2b:
         12:a5:3d:3e:64:27:43:37:d8:f4:7f:04:1d:ea:18:6d:50:3d:
         e1:39:ae:ce:ef:3d:a6:f7:d8:e1:ce:ac:3c:47:11:8e:7d:7e:
         ef:85:51:1d:95:d7:54:b8:45:22:2a:5c:8d:96:04:27:49:31:
         d9:b1:0a:01:f0:03:77:52:34:0d:00:32:35:37:00:4c:b4:cf:
         56:e0:7f:fb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZid+Ul1m8OZmX7uo7R+8a1RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2Y1NTRiODAyODFkZWEyYTMwMDMxOGFhYWQ2ZDJkOTdm
MWNlNDQwHhcNMjUwODEyMTExMDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Q5OGYwNDg4ODQwMTU4MzRmNTZiZTlmYTczZjBjMGQ3YzZkNDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZqCncqSmMoG2PzcMA+MN9CcKMV9
JlSLZvjN5jQHYjCUwITQi02CanQTTFL/gx+QqVNFgj7NFfVdTzSIPYosZ8BEyckT
gg6Ur5WXs+XKm+3r5O2om57pMg1/3uqejal9v3HhuchBF+aXHgFYknsYZum4J+ke
z4mDQylY5q5GTt5xX7qBOGid/TUTRYug196JwHS5BOFRwdTMIRjq1B+FPNnNHywB
1yXyXZ+zNrJVrAtbWirnere9GhlW5BRagt91aV3fL+RbI+lc/jo3HhYpz7RYJFah
kia37fiKKqzAe+8XbcqdXqojmzUMSJ1bJgdHA3Ku7WRrC7MftVWwaMToKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIfZjwSIhAFYNPVr6fpz8MDXxtRyMB8GA1UdIwQY
MBaAFD8/VUuAKB3qKjADGKqtbS2X8c5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQt
ZjUzM2I4ZGY4MGE5LzEvaDltUEJJaUVBVmcwOVd2cC1uUHd3TmZHMUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQtZjUzM2I4ZGY4MGE5
LzEvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAueAAMA0E
AgACMAcDBQMqAfPAMA0GCSqGSIb3DQEBCwUAA4IBAQCDWM06n7/lkx6Hjojjh49D
ys09pqcjbTkEh9hJ8ev5j1Pjxxd3jOBn7LDBR887NGaFBgvW4cjozLS/cg/796vl
c2hy/UgTWedcbKwf3s4FzuJ/Fx7oxfeR5xR4BB3WStqxNPzFUk6sLY4zNgYzOnue
ccKEU41cBHufauaf/Hnwwqs1sdayy9C1IIAsFSSXzED8UJd6Fpq6o0X3IXc6RdVv
EWstugiPnLQQJi3voaUmrnLwrCsSpT0+ZCdDN9j0fwQd6hhtUD3hOa7O7z2m99jh
zqw8RxGOfX7vhVEdlddUuEUiKlyNlgQnSTHZsQoB8AN3UjQNADI1NwBMtM9W4H/7
-----END CERTIFICATE-----