Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/16e812-27c6-405d-a4c5-a7f7b9809007/1/ocSKLBAvwLdO6Bz9BzgpYro5A9k.roa
File:                     ocSKLBAvwLdO6Bz9BzgpYro5A9k.roa (raw, json)
Hash identifier:          Gf/KD5MQfVoD7yuJC1PN6VI3qKYUcNl5HcQ7qcq9TAM=
Subject key identifier:   A1:C4:8A:2C:10:2F:C0:B7:4E:E8:1C:FD:07:38:29:62:BA:39:03:D9
Certificate issuer:       /CN=1997625c395fb867f5d808d53597a11ce7f3c4cb
Certificate serial:       0198609B05ABA660CF46105B23145DB80DC2
Authority key identifier: 19:97:62:5C:39:5F:B8:67:F5:D8:08:D5:35:97:A1:1C:E7:F3:C4:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GZdiXDlfuGf12AjVNZehHOfzxMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/16e812-27c6-405d-a4c5-a7f7b9809007/1/ocSKLBAvwLdO6Bz9BzgpYro5A9k.roa
Signing time:             Thu 31 Jul 2025 13:10:28 +0000
ROA not before:           Thu 31 Jul 2025 13:10:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61394
IP address blocks:        185.9.152.0/22 maxlen: 22
                          2a03:2fc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/16e812-27c6-405d-a4c5-a7f7b9809007/1/GZdiXDlfuGf12AjVNZehHOfzxMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/16e812-27c6-405d-a4c5-a7f7b9809007/1/GZdiXDlfuGf12AjVNZehHOfzxMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GZdiXDlfuGf12AjVNZehHOfzxMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 13:03:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:60:9b:05:ab:a6:60:cf:46:10:5b:23:14:5d:b8:0d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1997625c395fb867f5d808d53597a11ce7f3c4cb
        Validity
            Not Before: Jul 31 13:10:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1c48a2c102fc0b74ee81cfd07382962ba3903d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fe:02:3f:f6:81:90:29:68:9e:6f:b0:69:71:
                    a7:6f:59:d2:7f:4e:d1:ab:d5:1b:d8:dc:4c:1a:d6:
                    8a:74:77:aa:8f:d7:f8:e4:08:89:4d:0a:54:42:50:
                    24:7a:c6:1f:47:74:a4:aa:09:6c:c9:c5:bd:d3:9a:
                    a3:b5:e5:bf:a1:b4:b7:7a:79:ea:00:eb:27:66:40:
                    28:01:d1:c2:2d:09:bc:07:59:e4:49:68:9e:28:51:
                    f7:2d:ff:18:8a:55:11:52:80:93:f0:e5:c6:aa:83:
                    97:c1:50:94:ce:37:aa:46:ab:65:10:2e:12:b7:9d:
                    19:ec:66:7d:6b:82:da:60:3f:e4:19:7b:ac:eb:c6:
                    86:b6:9e:77:1a:10:19:4e:25:36:51:39:5a:4a:8b:
                    33:b4:18:21:5b:82:1b:00:06:a8:36:f7:fb:e9:e9:
                    26:3c:01:f4:da:32:70:a1:81:ca:c0:eb:10:cb:8f:
                    04:91:04:46:a4:32:46:93:e7:8b:48:71:45:6e:36:
                    70:f3:eb:9a:f1:6e:a5:d7:ac:cb:0d:0d:3c:16:02:
                    c5:b4:12:bc:df:cd:4a:04:67:68:1d:d3:13:09:bc:
                    c5:41:09:b4:16:80:a6:04:c9:1f:6f:ce:96:86:6b:
                    f7:06:f8:a6:3a:79:c4:de:34:76:ac:d0:06:be:7b:
                    53:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C4:8A:2C:10:2F:C0:B7:4E:E8:1C:FD:07:38:29:62:BA:39:03:D9
            X509v3 Authority Key Identifier:
                keyid:19:97:62:5C:39:5F:B8:67:F5:D8:08:D5:35:97:A1:1C:E7:F3:C4:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GZdiXDlfuGf12AjVNZehHOfzxMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/16e812-27c6-405d-a4c5-a7f7b9809007/1/ocSKLBAvwLdO6Bz9BzgpYro5A9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/16e812-27c6-405d-a4c5-a7f7b9809007/1/GZdiXDlfuGf12AjVNZehHOfzxMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.152.0/22
                IPv6:
                  2a03:2fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:9b:48:4a:dc:0c:cc:a5:1a:3e:ea:cd:7a:ae:37:44:3c:90:
         d7:fc:87:bd:a0:07:48:c0:1c:af:07:82:3f:13:7a:59:be:d7:
         85:73:57:dc:67:7b:60:da:98:e5:0c:69:b0:c7:8c:d6:ea:d5:
         ff:57:d1:51:b6:35:30:86:c4:cc:1a:c7:4e:d4:f8:da:cc:56:
         5e:74:3b:3d:86:97:e6:c0:74:3f:76:cd:29:c0:8c:8d:16:07:
         d7:99:95:e6:ed:d1:fc:ed:ff:33:57:74:02:92:41:d4:d0:80:
         a0:be:b9:8d:9d:b4:0c:e8:60:af:56:98:2b:a9:1c:c5:15:21:
         6c:14:e1:b2:bc:3f:3b:71:9e:4c:e9:71:3d:ae:9f:31:67:81:
         c1:a3:02:77:75:1d:b0:7c:ca:b3:d3:b4:95:77:c8:b0:05:ac:
         d5:57:f8:fb:e6:e5:53:51:e1:8d:b8:eb:34:eb:26:8a:93:47:
         94:6d:d5:28:9f:3e:c6:28:f2:d5:e7:3a:10:12:04:cf:d9:26:
         2f:60:16:4f:ee:fa:51:ff:14:17:cd:3d:f9:cf:4e:7a:50:67:
         dc:9e:3a:37:c8:4d:24:7a:4b:08:6a:a6:1b:de:5d:f9:2b:3d:
         03:31:31:1d:ab:fb:d8:56:b7:61:7b:f9:3d:55:4f:22:0a:22:
         31:52:35:c8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZhgmwWrpmDPRhBbIxRduA3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5OTc2MjVjMzk1ZmI4NjdmNWQ4MDhkNTM1OTdhMTFjZTdm
M2M0Y2IwHhcNMjUwNzMxMTMxMDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWM0OGEyYzEwMmZjMGI3NGVlODFjZmQwNzM4Mjk2MmJhMzkwM2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf4CP/aBkClonm+waXGnb1nSf07R
q9Ub2NxMGtaKdHeqj9f45AiJTQpUQlAkesYfR3SkqglsycW905qjteW/obS3ennq
AOsnZkAoAdHCLQm8B1nkSWieKFH3Lf8YilURUoCT8OXGqoOXwVCUzjeqRqtlEC4S
t50Z7GZ9a4LaYD/kGXus68aGtp53GhAZTiU2UTlaSosztBghW4IbAAaoNvf76ekm
PAH02jJwoYHKwOsQy48EkQRGpDJGk+eLSHFFbjZw8+ua8W6l16zLDQ08FgLFtBK8
381KBGdoHdMTCbzFQQm0FoCmBMkfb86Whmv3BvimOnnE3jR2rNAGvntTowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKHEiiwQL8C3Tugc/Qc4KWK6OQPZMB8GA1UdIwQY
MBaAFBmXYlw5X7hn9dgI1TWXoRzn88TLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1pkaVhEbGZ1R2YxMkFqVk5aZWhIT2Z6eE1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8xNmU4MTItMjdjNi00MDVkLWE0YzUt
YTdmN2I5ODA5MDA3LzEvb2NTS0xCQXZ3TGRPNkJ6OUJ6Z3BZcm81QTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8xNmU4MTItMjdjNi00MDVkLWE0YzUtYTdmN2I5ODA5MDA3
LzEvR1pkaVhEbGZ1R2YxMkFqVk5aZWhIT2Z6eE1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQmYMA0E
AgACMAcDBQAqAy/AMA0GCSqGSIb3DQEBCwUAA4IBAQCjm0hK3AzMpRo+6s16rjdE
PJDX/Ie9oAdIwByvB4I/E3pZvteFc1fcZ3tg2pjlDGmwx4zW6tX/V9FRtjUwhsTM
GsdO1PjazFZedDs9hpfmwHQ/ds0pwIyNFgfXmZXm7dH87f8zV3QCkkHU0ICgvrmN
nbQM6GCvVpgrqRzFFSFsFOGyvD87cZ5M6XE9rp8xZ4HBowJ3dR2wfMqz07SVd8iw
BazVV/j75uVTUeGNuOs06yaKk0eUbdUonz7GKPLV5zoQEgTP2SYvYBZP7vpR/xQX
zT35z056UGfcnjo3yE0keksIaqYb3l35Kz0DMTEdq/vYVrdhe/k9VU8iCiIxUjXI
-----END CERTIFICATE-----