Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/YJ38H1JUnUf4GaAI-4_L--wUJZI.roa
File:                     YJ38H1JUnUf4GaAI-4_L--wUJZI.roa (raw, json)
Hash identifier:          GvPm+IdYGRMKJSr2LCsRHgR1/00CHHLsiEJ+iJ60p6s=
Subject key identifier:   60:9D:FC:1F:52:54:9D:47:F8:19:A0:08:FB:8F:CB:FB:EC:14:25:92
Certificate issuer:       /CN=845de8732b1017138f87032b70fa3b7b8776ef71
Certificate serial:       01976953A23D9FE8D0064FBF22665CB50E7F
Authority key identifier: 84:5D:E8:73:2B:10:17:13:8F:87:03:2B:70:FA:3B:7B:87:76:EF:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hF3ocysQFxOPhwMrcPo7e4d273E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/YJ38H1JUnUf4GaAI-4_L--wUJZI.roa
Signing time:             Fri 13 Jun 2025 12:46:18 +0000
ROA not before:           Fri 13 Jun 2025 12:46:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205737
IP address blocks:        195.200.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/hF3ocysQFxOPhwMrcPo7e4d273E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/hF3ocysQFxOPhwMrcPo7e4d273E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hF3ocysQFxOPhwMrcPo7e4d273E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 21:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:69:53:a2:3d:9f:e8:d0:06:4f:bf:22:66:5c:b5:0e:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=845de8732b1017138f87032b70fa3b7b8776ef71
        Validity
            Not Before: Jun 13 12:46:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=609dfc1f52549d47f819a008fb8fcbfbec142592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b7:7c:09:17:60:2b:98:91:44:79:7d:23:9d:
                    ec:e1:47:66:ec:96:d2:91:5b:16:39:8e:96:29:82:
                    ca:70:d7:d0:4b:5c:c9:0b:3e:65:54:b1:40:30:ab:
                    e2:8d:03:81:e9:22:1e:90:f8:26:86:d4:76:d6:4c:
                    88:67:18:ea:ac:dd:da:d0:e1:45:21:77:3e:27:ce:
                    c2:60:92:a1:da:ad:c1:62:24:2a:0c:60:90:b1:b4:
                    69:96:3b:93:cf:67:64:63:a6:ea:3e:2f:f9:40:45:
                    7e:27:e6:63:05:71:31:9c:d8:ef:33:fc:aa:de:94:
                    d0:fe:09:53:29:47:38:09:f5:88:42:78:d5:3b:d7:
                    f4:df:0b:e8:c3:8a:6e:8f:de:ea:ae:ab:c9:3e:d7:
                    47:8b:55:c6:89:e7:cf:41:c7:85:4f:b6:9e:64:e2:
                    4c:54:94:30:bf:c6:72:c2:68:b5:c4:f0:cb:ec:0b:
                    a6:79:20:83:99:08:e1:9d:08:1d:2f:00:03:3f:82:
                    21:5d:94:e7:41:0e:11:ac:fc:0a:2d:ac:6a:f0:a8:
                    07:7a:2f:07:74:6a:6a:bb:c5:c1:8e:ae:41:2a:47:
                    41:fc:c2:5e:58:3b:e5:38:3c:29:ba:fc:9e:b2:a6:
                    7f:90:3f:ce:25:a0:de:8d:ef:39:54:4d:05:28:13:
                    c3:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9D:FC:1F:52:54:9D:47:F8:19:A0:08:FB:8F:CB:FB:EC:14:25:92
            X509v3 Authority Key Identifier:
                keyid:84:5D:E8:73:2B:10:17:13:8F:87:03:2B:70:FA:3B:7B:87:76:EF:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hF3ocysQFxOPhwMrcPo7e4d273E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/YJ38H1JUnUf4GaAI-4_L--wUJZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/hF3ocysQFxOPhwMrcPo7e4d273E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:80:d7:3e:d8:69:17:17:bb:44:86:f7:67:30:72:56:20:ef:
         24:4f:40:81:2a:e1:fc:4d:fc:09:28:4a:63:e1:89:66:91:d3:
         88:45:15:ee:89:d5:61:31:13:9f:f5:cd:b7:97:75:55:9e:ce:
         af:9a:12:d2:d1:84:fd:20:51:ca:ec:53:1e:ff:c3:d5:22:de:
         b9:a0:24:27:ee:c9:6e:06:1a:d2:99:1d:db:b7:21:da:27:11:
         08:8e:ac:c5:ff:65:0a:67:41:9b:f9:ad:d0:26:9f:b5:bd:79:
         b1:08:de:b3:ee:6a:81:25:b0:1e:f4:60:95:c2:be:92:c0:74:
         63:77:9e:66:4d:44:47:66:fb:ed:d0:da:73:fe:61:c5:23:ea:
         24:c5:ee:e6:c9:f5:e7:65:62:9d:de:99:db:a7:53:52:05:42:
         d2:71:dd:a1:58:79:77:82:6e:b4:05:52:a0:f7:3f:52:c4:50:
         ac:8c:96:44:c4:b8:be:38:f9:16:ee:a2:0e:d6:a5:52:3d:b7:
         2b:55:d4:03:cb:44:df:cf:af:70:65:49:ee:ca:f1:fd:2b:11:
         75:97:ed:fd:04:57:c2:44:2a:86:bd:10:ad:65:35:58:4d:a8:
         57:e0:e3:d9:da:6d:7a:df:0d:3c:3c:3c:dd:80:7f:0e:4e:a4:
         42:51:aa:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdpU6I9n+jQBk+/ImZctQ5/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWRlODczMmIxMDE3MTM4Zjg3MDMyYjcwZmEzYjdiODc3
NmVmNzEwHhcNMjUwNjEzMTI0NjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDlkZmMxZjUyNTQ5ZDQ3ZjgxOWEwMDhmYjhmY2JmYmVjMTQyNTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLd8CRdgK5iRRHl9I53s4Udm7JbS
kVsWOY6WKYLKcNfQS1zJCz5lVLFAMKvijQOB6SIekPgmhtR21kyIZxjqrN3a0OFF
IXc+J87CYJKh2q3BYiQqDGCQsbRpljuTz2dkY6bqPi/5QEV+J+ZjBXExnNjvM/yq
3pTQ/glTKUc4CfWIQnjVO9f03wvow4puj97qrqvJPtdHi1XGiefPQceFT7aeZOJM
VJQwv8Zywmi1xPDL7AumeSCDmQjhnQgdLwADP4IhXZTnQQ4RrPwKLaxq8KgHei8H
dGpqu8XBjq5BKkdB/MJeWDvlODwpuvyesqZ/kD/OJaDeje85VE0FKBPDcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCd/B9SVJ1H+BmgCPuPy/vsFCWSMB8GA1UdIwQY
MBaAFIRd6HMrEBcTj4cDK3D6O3uHdu9xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEYzb2N5c1FGeE9QaHdNcmNQbzdlNGQyNzNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85YWZiMzMtZTBhYS00OTNiLWE0NmQt
YTg4NWZiNDBkOTBkLzEvWUozOEgxSlVuVWY0R2FBSS00X0wtLXdVSlpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85YWZiMzMtZTBhYS00OTNiLWE0NmQtYTg4NWZiNDBkOTBk
LzEvaEYzb2N5c1FGeE9QaHdNcmNQbzdlNGQyNzNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8heMA0G
CSqGSIb3DQEBCwUAA4IBAQApgNc+2GkXF7tEhvdnMHJWIO8kT0CBKuH8TfwJKEpj
4YlmkdOIRRXuidVhMROf9c23l3VVns6vmhLS0YT9IFHK7FMe/8PVIt65oCQn7slu
BhrSmR3btyHaJxEIjqzF/2UKZ0Gb+a3QJp+1vXmxCN6z7mqBJbAe9GCVwr6SwHRj
d55mTURHZvvt0Npz/mHFI+okxe7myfXnZWKd3pnbp1NSBULScd2hWHl3gm60BVKg
9z9SxFCsjJZExLi+OPkW7qIO1qVSPbcrVdQDy0Tfz69wZUnuyvH9KxF1l+39BFfC
RCqGvRCtZTVYTahX4OPZ2m163w08PDzdgH8OTqRCUaoE
-----END CERTIFICATE-----