Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/08QIfK7FUbr-Gg5I7bm9XxP54sg.roa
File:                     08QIfK7FUbr-Gg5I7bm9XxP54sg.roa (raw, json)
Hash identifier:          /yWy9ZYWFD0Oz4e08CPFXjZgu4ckc2YU3qcT5qeTWaU=
Subject key identifier:   D3:C4:08:7C:AE:C5:51:BA:FE:1A:0E:48:ED:B9:BD:5F:13:F9:E2:C8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01981736882D6A73D127F2AA7025B3AA9A8A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/08QIfK7FUbr-Gg5I7bm9XxP54sg.roa
Signing time:             Thu 17 Jul 2025 07:08:26 +0000
ROA not before:           Thu 17 Jul 2025 07:08:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397081
IP address blocks:        94.156.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:36:88:2d:6a:73:d1:27:f2:aa:70:25:b3:aa:9a:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 17 07:08:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3c4087caec551bafe1a0e48edb9bd5f13f9e2c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:26:a1:eb:4a:a5:02:0a:88:6a:f8:dd:4f:e2:
                    c6:51:46:95:3f:ea:15:28:66:1f:bb:d2:fc:e0:0c:
                    78:a2:69:1e:8e:68:47:57:23:dc:c7:ca:65:a1:0d:
                    ad:e1:c7:50:dd:1d:fa:ec:ee:a9:1a:41:73:63:b3:
                    94:33:07:30:55:65:71:d2:e8:52:27:95:5e:28:d1:
                    84:4d:53:dc:d7:20:35:1a:df:02:40:06:87:c5:3f:
                    ab:63:34:e3:25:33:17:4a:9b:33:a3:a8:a6:24:74:
                    aa:ae:b3:9b:32:5d:5f:90:f0:82:b5:18:2b:1b:a6:
                    ff:22:dd:92:33:7a:9e:b1:71:36:51:b7:e9:de:01:
                    6b:f5:95:a5:68:f8:34:57:4c:c5:e3:be:70:db:a6:
                    66:0b:28:cd:72:0a:34:70:e3:a3:44:a5:36:86:e7:
                    fe:71:be:5e:bb:d8:80:03:a6:ea:40:d9:c4:58:f7:
                    ab:1c:3f:07:8b:1e:3d:9a:9b:f0:4f:62:e6:d8:35:
                    74:dc:70:cf:91:e0:0f:59:6e:6b:63:97:18:9d:b2:
                    be:b5:1a:10:25:bb:16:6b:4b:fd:21:fc:ac:95:14:
                    94:61:75:5d:f3:81:d3:16:5e:73:b7:77:b8:ff:f4:
                    07:6c:b6:c7:32:7e:db:c3:9c:93:4a:68:9d:ac:92:
                    3f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:C4:08:7C:AE:C5:51:BA:FE:1A:0E:48:ED:B9:BD:5F:13:F9:E2:C8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/08QIfK7FUbr-Gg5I7bm9XxP54sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:1f:63:f1:fa:ea:e8:cf:24:c3:5c:5c:d4:41:82:b5:39:42:
         96:3c:06:9a:20:4b:f5:66:dc:7b:ad:53:06:12:e5:2d:8c:a0:
         70:fd:88:d5:4e:e7:07:e2:76:d2:5c:9c:09:55:3d:f6:55:2a:
         a6:8b:6e:ef:8f:95:28:ee:9b:b8:c3:79:73:47:fd:b1:6a:9b:
         d5:46:7f:bc:9c:f5:a7:fe:4a:cd:f6:9e:c5:3b:f7:e7:c4:f7:
         26:79:2e:62:a2:17:74:10:78:e3:ea:f2:cd:53:90:ea:5e:59:
         dc:e3:0b:e6:9d:23:b8:b9:bb:04:c1:51:dd:17:98:ad:86:bc:
         a9:62:c9:73:1c:7e:98:42:ca:5b:5a:05:54:e7:3e:26:d2:14:
         c5:9d:d9:79:50:e7:98:1c:ab:3c:2c:e6:7a:9b:55:4d:f2:59:
         ad:11:a1:b6:9c:ff:fd:8f:9e:e4:8d:7b:fa:60:1f:7e:85:02:
         a7:58:e0:23:6a:37:d6:e0:b8:f2:38:29:0c:59:1e:3c:fa:fb:
         dd:88:9b:72:12:b0:ec:e9:fb:87:3f:63:50:3d:1b:74:87:73:
         49:1a:cd:97:17:70:52:77:5a:64:f4:07:5b:84:02:81:1e:eb:
         5d:78:c4:fb:06:a9:88:e7:14:f0:59:f7:c7:f2:de:bc:12:33:
         ee:18:41:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgXNogtanPRJ/KqcCWzqpqKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNzE3MDcwODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2M0MDg3Y2FlYzU1MWJhZmUxYTBlNDhlZGI5YmQ1ZjEzZjllMmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSah60qlAgqIavjdT+LGUUaVP+oV
KGYfu9L84Ax4omkejmhHVyPcx8ploQ2t4cdQ3R367O6pGkFzY7OUMwcwVWVx0uhS
J5VeKNGETVPc1yA1Gt8CQAaHxT+rYzTjJTMXSpszo6imJHSqrrObMl1fkPCCtRgr
G6b/It2SM3qesXE2Ubfp3gFr9ZWlaPg0V0zF475w26ZmCyjNcgo0cOOjRKU2huf+
cb5eu9iAA6bqQNnEWPerHD8Hix49mpvwT2Lm2DV03HDPkeAPWW5rY5cYnbK+tRoQ
JbsWa0v9IfyslRSUYXVd84HTFl5zt3e4//QHbLbHMn7bw5yTSmidrJI/ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPECHyuxVG6/hoOSO25vV8T+eLIMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMDhRSWZLN0ZVYnItR2c1STdibTlYeFA1NHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpyvMA0G
CSqGSIb3DQEBCwUAA4IBAQCBH2Px+urozyTDXFzUQYK1OUKWPAaaIEv1Ztx7rVMG
EuUtjKBw/YjVTucH4nbSXJwJVT32VSqmi27vj5Uo7pu4w3lzR/2xapvVRn+8nPWn
/krN9p7FO/fnxPcmeS5iohd0EHjj6vLNU5DqXlnc4wvmnSO4ubsEwVHdF5ithryp
YslzHH6YQspbWgVU5z4m0hTFndl5UOeYHKs8LOZ6m1VN8lmtEaG2nP/9j57kjXv6
YB9+hQKnWOAjajfW4LjyOCkMWR48+vvdiJtyErDs6fuHP2NQPRt0h3NJGs2XF3BS
d1pk9AdbhAKBHutdeMT7BqmI5xTwWffH8t68EjPuGEG0
-----END CERTIFICATE-----