Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/xyt3VMfbJUV58fKwH9MNTyoBkJU.roa
File:                     xyt3VMfbJUV58fKwH9MNTyoBkJU.roa (raw, json)
Hash identifier:          lwI1DACE2l6hVliTMM5yznvKSIuwu90nNnBsoYcaTc8=
Subject key identifier:   C7:2B:77:54:C7:DB:25:45:79:F1:F2:B0:1F:D3:0D:4F:2A:01:90:95
Certificate issuer:       /CN=360a9601e02f8128ef646f5595336e0a57917caf
Certificate serial:       019759832B4705A9B8150535142B3FF064B4
Authority key identifier: 36:0A:96:01:E0:2F:81:28:EF:64:6F:55:95:33:6E:0A:57:91:7C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NgqWAeAvgSjvZG9VlTNuCleRfK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/xyt3VMfbJUV58fKwH9MNTyoBkJU.roa
Signing time:             Tue 10 Jun 2025 11:04:17 +0000
ROA not before:           Tue 10 Jun 2025 11:04:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29305
IP address blocks:        194.177.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/NgqWAeAvgSjvZG9VlTNuCleRfK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/NgqWAeAvgSjvZG9VlTNuCleRfK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NgqWAeAvgSjvZG9VlTNuCleRfK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:83:2b:47:05:a9:b8:15:05:35:14:2b:3f:f0:64:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=360a9601e02f8128ef646f5595336e0a57917caf
        Validity
            Not Before: Jun 10 11:04:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c72b7754c7db254579f1f2b01fd30d4f2a019095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:a1:4f:5b:6d:83:27:64:32:b1:07:b7:5d:b0:
                    32:55:4b:ca:11:68:03:27:03:e8:f4:d3:0a:65:09:
                    1e:99:9a:77:1c:07:b1:0f:1a:6e:bd:ad:36:4b:16:
                    63:5e:80:ae:bf:63:a5:fb:83:2b:41:a8:d1:65:80:
                    74:28:72:8b:b0:bb:fc:c4:fc:64:70:e2:a8:e2:c7:
                    8f:32:59:e0:2f:17:f5:43:d2:5a:d3:5d:c4:7f:69:
                    77:21:7e:bf:71:3b:07:7a:ea:61:3d:82:5b:9d:ca:
                    da:f2:ae:83:63:98:6b:a6:c3:b8:2a:9e:3a:e8:d9:
                    fc:5b:ee:9e:8f:2c:a2:5b:30:f4:66:2b:ce:93:56:
                    f4:dc:66:02:7e:d3:ed:aa:bd:5b:62:80:1a:6d:85:
                    f2:1c:c4:f1:37:34:72:5c:6e:9e:ae:c6:f6:b6:ab:
                    f7:53:6d:05:9b:92:4d:c4:f4:d0:e8:08:48:f3:10:
                    9c:97:81:ae:de:c2:13:5e:02:14:e8:0d:f7:52:96:
                    32:f1:e7:d0:16:53:97:bf:4e:cc:8c:2e:cb:52:31:
                    7a:50:6e:f6:da:72:36:f4:b1:b0:a3:aa:d7:17:5a:
                    5c:82:e7:5f:79:fa:cb:71:d7:d9:7c:5a:47:01:49:
                    ab:06:e2:43:30:8a:c8:da:72:ec:a5:2e:19:0a:b2:
                    d7:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:2B:77:54:C7:DB:25:45:79:F1:F2:B0:1F:D3:0D:4F:2A:01:90:95
            X509v3 Authority Key Identifier:
                keyid:36:0A:96:01:E0:2F:81:28:EF:64:6F:55:95:33:6E:0A:57:91:7C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NgqWAeAvgSjvZG9VlTNuCleRfK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/xyt3VMfbJUV58fKwH9MNTyoBkJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c3ca86-3e76-48c4-98ac-c2d00342235c/1/NgqWAeAvgSjvZG9VlTNuCleRfK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.177.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:ed:72:66:dd:59:b1:fa:1c:3e:56:43:64:6b:2f:b8:67:b8:
         75:a0:b1:98:87:61:d7:da:47:b5:9e:5e:43:2f:15:60:c8:a5:
         73:12:73:53:5d:f7:4e:9c:c0:62:ef:af:98:4e:3f:13:30:a9:
         5f:7e:2d:77:d3:39:3f:8c:fe:0e:55:19:5b:8a:13:4b:d7:38:
         7a:28:60:ef:9c:1b:d9:09:12:f8:0b:08:e2:f9:e2:b1:59:c1:
         ad:7d:41:e2:cb:0b:22:b1:12:2b:f5:3b:0d:4a:65:7a:7a:da:
         b2:0c:a8:57:d2:65:65:55:2e:29:8a:e1:80:0f:b6:32:f4:9a:
         39:e2:3f:cc:2d:35:a3:95:d9:a3:7d:3d:42:d7:7c:96:f5:a8:
         fe:69:4a:e3:75:e9:23:56:25:c0:22:fb:f2:d9:9d:d1:fa:96:
         58:2e:6d:c9:44:23:ed:bc:35:57:b4:31:f9:f7:c5:1d:a2:66:
         13:1d:ef:48:44:57:a3:05:97:6a:20:55:88:bd:93:91:d1:0c:
         15:8e:68:ac:67:47:bd:60:40:e2:6a:2e:65:a3:71:65:99:ae:
         ce:1e:8f:03:1d:74:00:aa:eb:3f:d3:aa:c1:e2:30:7b:cd:a0:
         bc:35:19:49:22:3c:fb:87:58:d7:ff:64:fc:bb:d0:d8:f4:a9:
         49:35:40:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdZgytHBam4FQU1FCs/8GS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MGE5NjAxZTAyZjgxMjhlZjY0NmY1NTk1MzM2ZTBhNTc5
MTdjYWYwHhcNMjUwNjEwMTEwNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzJiNzc1NGM3ZGIyNTQ1NzlmMWYyYjAxZmQzMGQ0ZjJhMDE5MDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7aFPW22DJ2QysQe3XbAyVUvKEWgD
JwPo9NMKZQkemZp3HAexDxpuva02SxZjXoCuv2Ol+4MrQajRZYB0KHKLsLv8xPxk
cOKo4sePMlngLxf1Q9Ja013Ef2l3IX6/cTsHeuphPYJbncra8q6DY5hrpsO4Kp46
6Nn8W+6ejyyiWzD0ZivOk1b03GYCftPtqr1bYoAabYXyHMTxNzRyXG6ersb2tqv3
U20Fm5JNxPTQ6AhI8xCcl4Gu3sITXgIU6A33UpYy8efQFlOXv07MjC7LUjF6UG72
2nI29LGwo6rXF1pcgudfefrLcdfZfFpHAUmrBuJDMIrI2nLspS4ZCrLXhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcrd1TH2yVFefHysB/TDU8qAZCVMB8GA1UdIwQY
MBaAFDYKlgHgL4Eo72RvVZUzbgpXkXyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmdxV0FlQXZnU2p2Wkc5VmxUTnVDbGVSZks4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9jM2NhODYtM2U3Ni00OGM0LTk4YWMt
YzJkMDAzNDIyMzVjLzEveHl0M1ZNZmJKVVY1OGZLd0g5TU5UeW9Ca0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9jM2NhODYtM2U3Ni00OGM0LTk4YWMtYzJkMDAzNDIyMzVj
LzEvTmdxV0FlQXZnU2p2Wkc5VmxUTnVDbGVSZks4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwrEEMA0G
CSqGSIb3DQEBCwUAA4IBAQBn7XJm3Vmx+hw+VkNkay+4Z7h1oLGYh2HX2ke1nl5D
LxVgyKVzEnNTXfdOnMBi76+YTj8TMKlffi130zk/jP4OVRlbihNL1zh6KGDvnBvZ
CRL4Cwji+eKxWcGtfUHiywsisRIr9TsNSmV6etqyDKhX0mVlVS4piuGAD7Yy9Jo5
4j/MLTWjldmjfT1C13yW9aj+aUrjdekjViXAIvvy2Z3R+pZYLm3JRCPtvDVXtDH5
98UdomYTHe9IRFejBZdqIFWIvZOR0QwVjmisZ0e9YEDiai5lo3Flma7OHo8DHXQA
qus/06rB4jB7zaC8NRlJIjz7h1jX/2T8u9DY9KlJNUAb
-----END CERTIFICATE-----