Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/OFicsOFCYswBejzkoKx72QZzWbU.roa
File:                     OFicsOFCYswBejzkoKx72QZzWbU.roa (raw, json)
Hash identifier:          Cl4o1Pfl2qJognLsR4Es8WbZFhoO1O38WvJYpOsvWtg=
Subject key identifier:   38:58:9C:B0:E1:42:62:CC:01:7A:3C:E4:A0:AC:7B:D9:06:73:59:B5
Certificate issuer:       /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial:       01985C21B417A1A3EEE6E04D75A96CB25A0E
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/OFicsOFCYswBejzkoKx72QZzWbU.roa
Signing time:             Wed 30 Jul 2025 16:19:29 +0000
ROA not before:           Wed 30 Jul 2025 16:19:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200088
IP address blocks:        85.193.93.0/24 maxlen: 24
                          2a03:6f00:8::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5c:21:b4:17:a1:a3:ee:e6:e0:4d:75:a9:6c:b2:5a:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
        Validity
            Not Before: Jul 30 16:19:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38589cb0e14262cc017a3ce4a0ac7bd9067359b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:a3:be:fb:e4:99:d8:d5:6c:f6:4f:a0:d2:68:
                    8b:f4:87:cc:3a:de:16:99:9f:4d:f2:cf:1c:e4:5a:
                    5f:79:37:14:92:c5:23:e6:f8:a0:6c:2d:65:28:ab:
                    82:4e:87:d0:8c:c4:cd:7a:23:47:c6:cc:d4:af:5a:
                    63:b3:dc:e6:a6:cc:58:2d:cd:7c:c1:ee:62:30:95:
                    15:c2:9e:ab:aa:0b:90:7b:50:d8:2b:7b:90:28:34:
                    ab:7a:d7:26:e1:8e:2c:0e:44:ac:be:ff:3e:06:c6:
                    f7:d1:30:fa:6b:88:0c:7c:1f:86:55:6e:cc:7a:20:
                    62:2c:8e:70:84:a9:c5:bc:74:82:88:73:b4:82:7e:
                    1e:af:fc:81:cf:b3:96:63:65:92:d1:67:4c:bc:9c:
                    aa:12:36:71:52:a1:ae:aa:96:55:79:f4:bf:9c:cb:
                    55:97:2c:02:65:9b:00:e4:5d:cd:f7:b0:dd:b2:56:
                    a6:95:bb:95:a3:dd:ad:21:1f:0c:38:1d:87:82:91:
                    2c:26:ae:ae:e3:c8:bc:11:13:77:dd:56:48:ac:fe:
                    f2:45:d3:d3:1c:14:f6:24:1d:c3:5f:2c:34:b9:6b:
                    f3:48:58:bf:73:4d:48:c9:3b:fe:93:17:86:ad:69:
                    e2:9a:67:25:ad:ef:ba:e0:77:82:42:01:b0:dd:15:
                    16:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:58:9C:B0:E1:42:62:CC:01:7A:3C:E4:A0:AC:7B:D9:06:73:59:B5
            X509v3 Authority Key Identifier:
                keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/OFicsOFCYswBejzkoKx72QZzWbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.193.93.0/24
                IPv6:
                  2a03:6f00:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:e6:cd:6e:17:83:b5:3e:e0:6a:48:d5:57:64:cb:20:a4:84:
         e2:64:4e:b0:2f:e4:be:a1:32:75:cd:c5:e5:2c:2b:5f:7d:93:
         70:25:31:5d:cf:6d:c3:52:23:50:e6:ad:d9:e7:ec:87:0c:74:
         6a:72:d0:21:06:de:16:35:8d:69:33:72:6b:cb:d2:7b:07:81:
         00:f7:aa:52:ae:8e:fa:6a:c4:96:5c:78:65:f6:85:c2:72:78:
         ff:7b:cf:84:43:84:aa:93:d4:b7:10:e6:79:89:5b:bb:79:7a:
         99:9a:ee:e6:52:0a:64:7b:20:9e:be:06:e4:7b:3e:2d:74:b0:
         62:6e:8e:31:49:d0:5d:28:23:16:0a:6f:2b:42:ac:07:79:cf:
         92:47:17:d3:e4:30:ec:a7:e8:83:76:e5:16:59:22:06:f9:bf:
         0e:f9:52:c8:b1:15:86:c0:50:46:71:32:a2:d1:15:9c:72:1c:
         d5:e6:12:b5:62:df:56:f5:ad:2b:ea:14:ad:06:dc:c0:65:5d:
         7a:e2:5a:43:e3:25:4f:41:aa:58:7b:02:11:96:4d:51:8e:47:
         f2:ba:9a:11:46:62:6b:51:76:be:2a:81:64:ec:0a:81:26:f3:
         c2:40:62:6a:3b:d7:12:0a:78:29:de:11:f3:4c:25:2a:4f:cf:
         a6:00:d5:fc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZhcIbQXoaPu5uBNdalssloOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjUwNzMwMTYxOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU4OWNiMGUxNDI2MmNjMDE3YTNjZTRhMGFjN2JkOTA2NzM1OWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA86O+++SZ2NVs9k+g0miL9IfMOt4W
mZ9N8s8c5FpfeTcUksUj5vigbC1lKKuCTofQjMTNeiNHxszUr1pjs9zmpsxYLc18
we5iMJUVwp6rqguQe1DYK3uQKDSretcm4Y4sDkSsvv8+Bsb30TD6a4gMfB+GVW7M
eiBiLI5whKnFvHSCiHO0gn4er/yBz7OWY2WS0WdMvJyqEjZxUqGuqpZVefS/nMtV
lywCZZsA5F3N97DdslamlbuVo92tIR8MOB2HgpEsJq6u48i8ERN33VZIrP7yRdPT
HBT2JB3DXyw0uWvzSFi/c01IyTv+kxeGrWnimmclre+64HeCQgGw3RUWQwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDhYnLDhQmLMAXo85KCse9kGc1m1MB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvT0ZpY3NPRkNZc3dCZWp6a29LeDcyUVp6V2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAVcFdMA8E
AgACMAkDBwAqA28AAAgwDQYJKoZIhvcNAQELBQADggEBAAnmzW4Xg7U+4GpI1Vdk
yyCkhOJkTrAv5L6hMnXNxeUsK199k3AlMV3PbcNSI1Dmrdnn7IcMdGpy0CEG3hY1
jWkzcmvL0nsHgQD3qlKujvpqxJZceGX2hcJyeP97z4RDhKqT1LcQ5nmJW7t5epma
7uZSCmR7IJ6+BuR7Pi10sGJujjFJ0F0oIxYKbytCrAd5z5JHF9PkMOyn6IN25RZZ
Igb5vw75UsixFYbAUEZxMqLRFZxyHNXmErVi31b1rSvqFK0G3MBlXXriWkPjJU9B
qlh7AhGWTVGOR/K6mhFGYmtRdr4qgWTsCoEm88JAYmo71xIKeCneEfNMJSpPz6YA
1fw=
-----END CERTIFICATE-----