Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/1-Nwco5vWw63pYOoiXeEziJ8cPec.roa
File:                     1-Nwco5vWw63pYOoiXeEziJ8cPec.roa (raw, json)
Hash identifier:          A8og17z+q1WxTvxdTmf8v2Hsh2pkC1lSNWSe2XBfRe4=
Subject key identifier:   F8:DC:1C:A3:9B:D6:C3:AD:E9:60:EA:22:5D:E1:33:88:9F:1C:3D:E7
Certificate issuer:       /CN=5afd8667cce95be0ae96058c4550d7088035312f
Certificate serial:       01984B2EA57A60728010BEE44A10DE239FFB
Authority key identifier: 5A:FD:86:67:CC:E9:5B:E0:AE:96:05:8C:45:50:D7:08:80:35:31:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/1-Nwco5vWw63pYOoiXeEziJ8cPec.roa
Signing time:             Sun 27 Jul 2025 09:20:04 +0000
ROA not before:           Sun 27 Jul 2025 09:20:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.3.46.0/24 maxlen: 24
                          195.246.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 21:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4b:2e:a5:7a:60:72:80:10:be:e4:4a:10:de:23:9f:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5afd8667cce95be0ae96058c4550d7088035312f
        Validity
            Not Before: Jul 27 09:20:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8dc1ca39bd6c3ade960ea225de133889f1c3de7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:24:25:57:df:e4:2f:56:88:17:be:0a:2c:f3:
                    d0:f2:38:f0:3a:71:f6:49:b0:30:36:77:b1:f1:ae:
                    4c:38:76:a7:c6:b0:9c:b5:98:40:ea:61:cd:e9:2e:
                    8a:0d:dc:7c:19:04:76:8a:1a:01:dd:22:ad:d7:36:
                    e4:90:45:34:ab:3e:6a:c7:36:2c:1e:8e:5f:f3:12:
                    7f:93:f8:4e:24:6f:23:02:14:06:0e:31:f9:d4:e4:
                    d6:b6:e3:9c:a2:e7:63:63:7d:a1:be:cb:13:fa:7f:
                    f6:b8:09:e3:7c:29:ce:5d:10:f1:1a:0c:25:e9:62:
                    0c:41:f8:d6:5e:fe:0e:f8:95:f2:c9:e5:d1:ce:43:
                    76:b6:5e:a3:b5:78:d9:2a:20:f2:55:8e:36:76:50:
                    98:b8:4b:e2:e9:2d:dd:a2:33:35:ab:4a:45:b8:c9:
                    c2:a0:77:64:35:71:b0:50:c7:d1:83:ab:5d:40:df:
                    d2:16:65:cb:ac:6c:aa:cc:a2:8f:a5:b6:b7:f4:40:
                    e1:a9:5c:08:fa:18:c1:b0:da:05:3e:52:14:55:72:
                    00:f8:2f:64:5a:07:52:7b:0a:8f:08:10:5c:ec:af:
                    51:b8:3d:8a:f9:a4:84:5f:45:32:62:16:28:34:9d:
                    31:0f:86:27:1e:db:63:50:7a:8e:de:77:dd:f3:8a:
                    02:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:DC:1C:A3:9B:D6:C3:AD:E9:60:EA:22:5D:E1:33:88:9F:1C:3D:E7
            X509v3 Authority Key Identifier:
                keyid:5A:FD:86:67:CC:E9:5B:E0:AE:96:05:8C:45:50:D7:08:80:35:31:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/1-Nwco5vWw63pYOoiXeEziJ8cPec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.46.0/24
                  195.246.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:18:74:4e:ef:bc:8a:5b:75:ae:44:8e:76:25:f9:e2:05:d5:
         f7:10:d5:2b:38:be:04:81:5d:b0:96:16:1e:93:cf:07:46:71:
         00:5b:7b:8d:d0:54:ad:be:1a:6c:89:be:2d:43:21:01:ea:46:
         53:a9:db:6a:05:d1:26:53:2a:d3:2f:9b:3f:2f:b6:90:24:b7:
         5b:c2:e7:d6:f8:f8:bb:97:49:67:b2:f6:b8:26:99:1c:e7:03:
         a5:2b:46:da:a3:86:17:0c:bb:47:5f:7a:7d:de:d2:50:54:0b:
         c7:b0:a0:23:b0:cc:8a:08:16:8d:c3:c4:99:5b:5f:c5:e7:ba:
         29:93:f1:5f:b9:66:39:fc:df:fd:c7:85:5d:d5:d3:75:82:e8:
         72:2c:41:b4:e0:fa:a7:cd:26:60:7e:db:c4:a5:43:f5:21:f5:
         51:e0:02:15:e2:11:50:f6:44:cd:1a:c0:03:d8:10:8f:5c:1e:
         4f:ea:24:43:d0:63:c4:a0:a5:b4:fb:4d:90:de:76:f0:c1:88:
         d8:4a:44:62:1a:27:87:cd:ff:53:03:5f:99:90:f3:f9:5d:65:
         d8:cf:fa:53:ad:e1:e8:d4:76:08:c6:43:1a:38:c1:82:76:96:
         17:40:57:e4:bf:f3:45:12:88:a2:94:fc:4d:ee:45:67:82:fa:
         fb:b0:f3:b2
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZhLLqV6YHKAEL7kShDeI5/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZmQ4NjY3Y2NlOTViZTBhZTk2MDU4YzQ1NTBkNzA4ODAz
NTMxMmYwHhcNMjUwNzI3MDkyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGRjMWNhMzliZDZjM2FkZTk2MGVhMjI1ZGUxMzM4ODlmMWMzZGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SQlV9/kL1aIF74KLPPQ8jjwOnH2
SbAwNnex8a5MOHanxrCctZhA6mHN6S6KDdx8GQR2ihoB3SKt1zbkkEU0qz5qxzYs
Ho5f8xJ/k/hOJG8jAhQGDjH51OTWtuOcoudjY32hvssT+n/2uAnjfCnOXRDxGgwl
6WIMQfjWXv4O+JXyyeXRzkN2tl6jtXjZKiDyVY42dlCYuEvi6S3dojM1q0pFuMnC
oHdkNXGwUMfRg6tdQN/SFmXLrGyqzKKPpba39EDhqVwI+hjBsNoFPlIUVXIA+C9k
WgdSewqPCBBc7K9RuD2K+aSEX0UyYhYoNJ0xD4YnHttjUHqO3nfd84oCtwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPjcHKOb1sOt6WDqIl3hM4ifHD3nMB8GA1UdIwQY
MBaAFFr9hmfM6VvgrpYFjEVQ1wiANTEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3YyR1o4enBXLUN1bGdXTVJWRFhDSUExTVM4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hYWNiMGEtY2Y2NC00ZTc1LWE5ZGYt
MjQ5YWM3NzNjMjgyLzEvMS1Od2NvNXZXdzYzcFlPb2lYZUV6aUo4Y1BlYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2IvYWFjYjBhLWNmNjQtNGU3NS1hOWRmLTI0OWFjNzczYzI4
Mi8xL1d2MkdaOHpwVy1DdWxnV01SVkRYQ0lBMU1TOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAMEDLgME
AMP2YjANBgkqhkiG9w0BAQsFAAOCAQEAKhh0Tu+8ilt1rkSOdiX54gXV9xDVKzi+
BIFdsJYWHpPPB0ZxAFt7jdBUrb4abIm+LUMhAepGU6nbagXRJlMq0y+bPy+2kCS3
W8Ln1vj4u5dJZ7L2uCaZHOcDpStG2qOGFwy7R196fd7SUFQLx7CgI7DMiggWjcPE
mVtfxee6KZPxX7lmOfzf/ceFXdXTdYLocixBtOD6p80mYH7bxKVD9SH1UeACFeIR
UPZEzRrAA9gQj1weT+okQ9BjxKCltPtNkN528MGI2EpEYhonh83/UwNfmZDz+V1l
2M/6U63h6NR2CMZDGjjBgnaWF0BX5L/zRRKIopT8Te5FZ4L6+7Dzsg==
-----END CERTIFICATE-----