Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/hBIi_DQsTzzAePmcqEi9LIfGgEo.roa
File:                     hBIi_DQsTzzAePmcqEi9LIfGgEo.roa (raw, json)
Hash identifier:          ixi/61RXmNoCNxlk1fG+litk/y7jlZcj22aPdgR7sWs=
Subject key identifier:   84:12:22:FC:34:2C:4F:3C:C0:78:F9:9C:A8:48:BD:2C:87:C6:80:4A
Certificate issuer:       /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial:       019874D540170CF566209EBCF6CB3EA771C3
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/hBIi_DQsTzzAePmcqEi9LIfGgEo.roa
Signing time:             Mon 04 Aug 2025 11:26:29 +0000
ROA not before:           Mon 04 Aug 2025 11:26:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211803
IP address blocks:        185.238.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:d5:40:17:0c:f5:66:20:9e:bc:f6:cb:3e:a7:71:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
        Validity
            Not Before: Aug  4 11:26:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=841222fc342c4f3cc078f99ca848bd2c87c6804a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f9:57:12:78:c7:e2:2b:3d:43:6a:35:97:1b:
                    e0:73:c1:44:4f:11:03:50:c9:9e:29:8b:60:d3:10:
                    6a:41:cb:f4:82:38:7c:5f:18:f9:6c:cf:8c:a9:e7:
                    2f:69:2a:8c:0c:c7:35:68:25:16:f6:25:3b:2e:5b:
                    5b:ef:8f:3e:7d:e8:64:e4:83:40:35:b7:70:09:83:
                    be:c2:0c:cb:a5:6a:27:0e:1c:32:40:83:bc:86:6b:
                    ad:3a:e6:7e:91:d7:3d:7c:49:f4:81:90:36:22:59:
                    17:55:15:19:8b:80:44:6c:04:a6:28:ad:67:6a:64:
                    25:fe:03:9d:a4:42:f3:07:86:c0:47:63:64:e3:44:
                    ea:f8:5a:46:3b:4b:7d:a0:df:2d:1b:3c:90:85:98:
                    a1:d5:cf:84:bc:47:e3:ee:b0:4d:af:f0:06:dc:8c:
                    f4:b0:37:68:22:73:ad:36:50:59:50:1d:e5:bd:ee:
                    e1:e6:ad:f2:b2:cb:67:d6:59:66:c6:09:80:cf:1b:
                    db:c7:08:4a:36:74:47:e5:79:f5:bd:f1:ce:bd:38:
                    08:87:c0:aa:0a:ef:03:bc:b7:ba:8e:87:57:f5:37:
                    e6:ee:0e:5a:c9:e5:91:eb:e6:f0:86:5c:fa:b8:4f:
                    e9:f8:ac:0c:43:0c:8c:5b:87:54:f6:0a:9a:90:0a:
                    bb:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:12:22:FC:34:2C:4F:3C:C0:78:F9:9C:A8:48:BD:2C:87:C6:80:4A
            X509v3 Authority Key Identifier:
                keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/hBIi_DQsTzzAePmcqEi9LIfGgEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:cd:34:fe:40:c0:d3:5b:28:e0:56:7c:cf:23:3a:31:23:87:
         32:a0:f1:a1:0a:10:73:c0:0d:9e:23:7d:01:59:44:c1:4b:50:
         92:3b:28:d6:23:3a:b7:74:f6:7a:0c:c7:9e:5c:6a:ca:63:72:
         2b:b4:c5:fa:3d:a2:f3:12:31:a7:e1:3a:56:3e:1e:f4:65:8b:
         e1:12:10:41:c4:9e:75:f0:4e:c3:0d:ef:f5:8e:0e:4c:08:80:
         10:58:e6:6f:85:65:9a:b4:a9:39:96:5e:72:2b:97:1d:87:27:
         3c:b5:7a:40:bf:87:14:02:5a:0c:54:11:59:f7:16:45:68:cc:
         61:a6:33:dd:11:0f:84:0e:c7:e2:04:a7:19:c9:75:ef:d5:39:
         e2:01:02:63:eb:2a:62:41:d7:ca:69:3d:fe:c5:c0:fc:22:aa:
         5d:19:d5:21:e9:c2:e4:8e:c5:22:68:d2:20:d0:c4:7f:47:95:
         87:8d:65:81:cc:bf:75:2a:a2:00:2b:55:60:d4:b0:81:2a:35:
         0b:a2:cc:dd:0d:bf:e4:1c:ef:ad:4b:d3:e4:27:14:f9:50:86:
         e0:48:bb:56:fe:b9:99:77:a1:40:c4:3f:e4:da:8f:0f:4a:2c:
         97:d9:fb:f7:85:f0:53:73:d9:9d:9a:66:4e:00:61:99:65:57:
         40:6e:d3:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh01UAXDPVmIJ689ss+p3HDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjUwODA0MTEyNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDEyMjJmYzM0MmM0ZjNjYzA3OGY5OWNhODQ4YmQyYzg3YzY4MDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnflXEnjH4is9Q2o1lxvgc8FETxED
UMmeKYtg0xBqQcv0gjh8Xxj5bM+MqecvaSqMDMc1aCUW9iU7Lltb748+fehk5INA
NbdwCYO+wgzLpWonDhwyQIO8hmutOuZ+kdc9fEn0gZA2IlkXVRUZi4BEbASmKK1n
amQl/gOdpELzB4bAR2Nk40Tq+FpGO0t9oN8tGzyQhZih1c+EvEfj7rBNr/AG3Iz0
sDdoInOtNlBZUB3lve7h5q3ysstn1llmxgmAzxvbxwhKNnRH5Xn1vfHOvTgIh8Cq
Cu8DvLe6jodX9Tfm7g5ayeWR6+bwhlz6uE/p+KwMQwyMW4dU9gqakAq7+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQSIvw0LE88wHj5nKhIvSyHxoBKMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvaEJJaV9EUXNUenpBZVBtY3FFaTlMSWZHZ0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue5wMA0G
CSqGSIb3DQEBCwUAA4IBAQAqzTT+QMDTWyjgVnzPIzoxI4cyoPGhChBzwA2eI30B
WUTBS1CSOyjWIzq3dPZ6DMeeXGrKY3IrtMX6PaLzEjGn4TpWPh70ZYvhEhBBxJ51
8E7DDe/1jg5MCIAQWOZvhWWatKk5ll5yK5cdhyc8tXpAv4cUAloMVBFZ9xZFaMxh
pjPdEQ+EDsfiBKcZyXXv1TniAQJj6ypiQdfKaT3+xcD8IqpdGdUh6cLkjsUiaNIg
0MR/R5WHjWWBzL91KqIAK1Vg1LCBKjULoszdDb/kHO+tS9PkJxT5UIbgSLtW/rmZ
d6FAxD/k2o8PSiyX2fv3hfBTc9mdmmZOAGGZZVdAbtPh
-----END CERTIFICATE-----