Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/byDDhASGQ8ZNWEMxAN2qzqsQhzA.roa
File:                     byDDhASGQ8ZNWEMxAN2qzqsQhzA.roa (raw, json)
Hash identifier:          oY86WgR5OgHALqaDL4ExR0ctaN4OuPWtBsYkGAcLyGw=
Subject key identifier:   6F:20:C3:84:04:86:43:C6:4D:58:43:31:00:DD:AA:CE:AB:10:87:30
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01987524EAC0DC0D22E2F35D2DFD507DA551
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/byDDhASGQ8ZNWEMxAN2qzqsQhzA.roa
Signing time:             Mon 04 Aug 2025 12:53:30 +0000
ROA not before:           Mon 04 Aug 2025 12:53:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214943
IP address blocks:        94.156.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 12:22:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:24:ea:c0:dc:0d:22:e2:f3:5d:2d:fd:50:7d:a5:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug  4 12:53:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f20c384048643c64d58433100ddaaceab108730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:52:cf:b9:00:59:98:61:56:86:29:eb:dd:9f:
                    cc:57:4e:18:3f:c9:1f:ac:17:01:e5:4a:1c:c1:56:
                    e1:3b:10:15:e9:ba:40:52:ca:52:84:e4:dd:9b:2e:
                    db:72:cd:15:55:73:b6:e8:e1:c8:93:e0:d5:78:da:
                    9f:78:fb:47:c7:61:d4:f2:10:e9:69:ef:94:f3:28:
                    44:87:69:a1:a3:e1:f0:3b:8c:cb:ca:65:bc:95:10:
                    ad:6b:73:f7:08:93:3a:e3:37:c0:78:07:e9:b2:91:
                    1b:99:4a:5d:0a:ae:44:f6:83:39:c9:29:ed:07:8e:
                    75:a6:ef:bb:95:49:a9:d6:24:cc:aa:b8:fb:f4:60:
                    8b:a4:f3:a5:aa:31:62:25:27:a2:0e:10:81:58:27:
                    62:e8:ce:9b:c2:34:19:3b:1f:51:59:88:c3:39:99:
                    a0:af:54:6c:f4:c0:57:89:07:1d:64:9a:26:6b:7f:
                    c9:be:da:b1:78:c6:4a:ee:22:3c:8d:2c:21:ef:3f:
                    03:70:85:d3:2a:ab:67:0e:e8:92:3a:0c:6b:59:8f:
                    22:00:45:36:42:13:a1:4c:ff:b2:3b:ab:dc:49:7e:
                    26:22:d9:57:98:06:db:e6:7d:5f:ce:ff:40:2f:d3:
                    32:c3:8b:83:2e:3f:75:86:d0:33:b8:6f:de:9c:1f:
                    2e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:20:C3:84:04:86:43:C6:4D:58:43:31:00:DD:AA:CE:AB:10:87:30
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/byDDhASGQ8ZNWEMxAN2qzqsQhzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:46:06:01:31:eb:3f:65:6f:b7:ed:3a:a9:cc:f0:49:1c:47:
         f0:e2:ff:36:99:c3:1f:4f:88:9a:02:b8:7c:6f:e3:25:f2:0a:
         93:46:2e:bc:23:da:7e:d3:0d:43:14:33:08:76:44:99:97:c9:
         e1:02:5a:ca:20:f3:d2:d1:c3:8a:40:cd:57:c4:f9:7e:e2:3c:
         09:b4:c4:eb:03:f4:e5:8e:97:b7:59:43:29:a1:20:8e:51:c9:
         98:c1:4e:37:de:33:9d:81:b5:4d:8b:7e:22:64:a7:39:29:0f:
         99:37:36:fe:1d:20:4a:9f:56:b3:9f:b2:bd:8e:e3:f2:84:64:
         e2:3e:d9:a0:f0:60:11:09:63:df:f3:00:de:56:91:ea:41:9b:
         ba:eb:29:e3:aa:b8:5c:3e:15:ef:e6:4c:8b:64:9a:a3:58:b5:
         a7:dc:95:5e:e1:f6:f7:b9:06:7f:31:4b:ca:bd:22:59:3b:fa:
         ec:b1:bd:ed:22:06:9e:b1:02:95:aa:02:6a:f8:ea:6d:be:27:
         b8:b8:7b:62:68:96:0d:a8:71:2e:29:1b:4e:41:e8:6a:3f:3a:
         7a:fc:0d:92:a3:bd:dc:f0:7f:a4:e9:4f:c1:68:b3:2c:cf:87:
         f4:7e:87:33:24:94:6d:2c:9e:36:67:af:42:60:39:d8:a5:e5:
         9e:35:40:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh1JOrA3A0i4vNdLf1QfaVRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwODA0MTI1MzMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjIwYzM4NDA0ODY0M2M2NGQ1ODQzMzEwMGRkYWFjZWFiMTA4NzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FLPuQBZmGFWhinr3Z/MV04YP8kf
rBcB5UocwVbhOxAV6bpAUspShOTdmy7bcs0VVXO26OHIk+DVeNqfePtHx2HU8hDp
ae+U8yhEh2mho+HwO4zLymW8lRCta3P3CJM64zfAeAfpspEbmUpdCq5E9oM5ySnt
B451pu+7lUmp1iTMqrj79GCLpPOlqjFiJSeiDhCBWCdi6M6bwjQZOx9RWYjDOZmg
r1Rs9MBXiQcdZJoma3/JvtqxeMZK7iI8jSwh7z8DcIXTKqtnDuiSOgxrWY8iAEU2
QhOhTP+yO6vcSX4mItlXmAbb5n1fzv9AL9Myw4uDLj91htAzuG/enB8uVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8gw4QEhkPGTVhDMQDdqs6rEIcwMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYnlERGhBU0dROFpOV0VNeEFOMnF6cXNRaHpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpyxMA0G
CSqGSIb3DQEBCwUAA4IBAQCIRgYBMes/ZW+37TqpzPBJHEfw4v82mcMfT4iaArh8
b+Ml8gqTRi68I9p+0w1DFDMIdkSZl8nhAlrKIPPS0cOKQM1XxPl+4jwJtMTrA/Tl
jpe3WUMpoSCOUcmYwU433jOdgbVNi34iZKc5KQ+ZNzb+HSBKn1azn7K9juPyhGTi
Ptmg8GARCWPf8wDeVpHqQZu66ynjqrhcPhXv5kyLZJqjWLWn3JVe4fb3uQZ/MUvK
vSJZO/rssb3tIgaesQKVqgJq+Optvie4uHtiaJYNqHEuKRtOQehqPzp6/A2So73c
8H+k6U/BaLMsz4f0foczJJRtLJ42Z69CYDnYpeWeNUCw
-----END CERTIFICATE-----