Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/25BdWjGUW6WR5COHXQvnkkS0aks.roa
File:                     25BdWjGUW6WR5COHXQvnkkS0aks.roa (raw, json)
Hash identifier:          ZfiYDdmibYubcN2MWvXpUHaKk347sYKh86vsT6I2wUo=
Subject key identifier:   DB:90:5D:5A:31:94:5B:A5:91:E4:23:87:5D:0B:E7:92:44:B4:6A:4B
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019A43748DEF055058539D696CAE004CEE92
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/25BdWjGUW6WR5COHXQvnkkS0aks.roa
Signing time:             Sun 02 Nov 2025 07:25:03 +0000
ROA not before:           Sun 02 Nov 2025 07:25:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210502
IP address blocks:        193.233.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:43:74:8d:ef:05:50:58:53:9d:69:6c:ae:00:4c:ee:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Nov  2 07:25:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db905d5a31945ba591e423875d0be79244b46a4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0e:36:78:8d:3d:65:24:18:85:e8:c9:c2:86:
                    e3:a2:95:e1:34:ab:57:d8:0f:8b:16:fd:86:98:44:
                    b4:d6:97:74:ae:84:67:a8:06:77:03:88:9d:16:ca:
                    12:6e:23:19:0c:7c:9b:5c:ac:59:c4:34:19:ac:36:
                    2c:26:60:e1:84:1c:84:61:46:76:59:13:ae:d6:08:
                    58:e3:72:b0:15:18:64:8b:e3:86:b9:95:52:c5:07:
                    e8:20:2d:8a:8f:7c:be:43:92:23:ae:d9:3c:b3:21:
                    86:08:91:f4:a5:0d:a8:8e:68:67:65:1b:89:80:45:
                    ca:ac:61:e6:98:20:96:90:72:c4:ce:8e:e3:2b:b3:
                    78:d0:69:4a:05:33:fe:2e:14:2e:16:b2:ec:cb:07:
                    3e:c5:6b:67:d7:ac:29:98:30:7b:8a:98:68:6c:61:
                    9e:e3:95:9c:8e:a7:a5:08:d6:29:4d:45:61:41:5c:
                    69:f0:07:20:9a:72:07:62:99:0d:48:7f:77:c9:16:
                    9c:45:cb:f5:29:2c:c9:02:53:d0:28:a9:59:cf:c9:
                    16:fa:9b:28:61:21:42:8e:99:9a:72:86:a2:7d:d3:
                    0e:17:95:c1:f8:3b:76:e6:61:74:aa:2f:31:a0:34:
                    0b:95:bc:6c:29:0a:e5:53:99:60:eb:80:79:ca:c7:
                    f7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:90:5D:5A:31:94:5B:A5:91:E4:23:87:5D:0B:E7:92:44:B4:6A:4B
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/25BdWjGUW6WR5COHXQvnkkS0aks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:5c:49:f5:35:77:df:05:7f:62:38:ca:52:d5:15:80:ed:22:
         61:50:44:19:15:7b:78:a9:e5:d1:ff:b6:86:68:c7:1d:98:bb:
         a8:38:f6:0b:6e:73:75:e4:2e:9f:08:16:81:01:70:dd:81:4e:
         86:89:37:60:6b:b6:a7:43:06:d5:b6:f7:1a:4b:8f:34:57:e8:
         e2:3a:89:be:ef:4c:64:cb:c7:70:ff:38:7a:97:36:ea:65:89:
         5b:5d:0e:24:42:2b:11:fe:12:dd:2d:0a:b6:57:20:d6:02:bb:
         44:40:e4:cf:69:85:df:75:40:4e:f1:f3:8d:aa:8f:f7:38:db:
         a3:e0:7b:3f:a8:e0:b4:46:ec:45:8b:87:d1:a8:1f:27:3c:7f:
         83:bb:c7:c7:c3:da:06:33:53:62:f8:9d:bd:1f:cf:f7:17:06:
         bc:d1:43:5c:6e:4d:28:da:5f:66:90:cb:8a:e8:2d:42:2d:f9:
         f6:84:ef:50:c3:35:fa:07:19:7c:4a:a1:6f:19:3c:19:f6:c4:
         f9:f5:e2:73:3c:28:1c:3d:c5:af:3b:41:ce:dc:8b:74:9f:e4:
         b3:fd:02:94:5b:a1:da:ec:65:29:09:b0:6f:66:f4:82:b3:52:
         a7:03:7f:1a:c7:df:89:fc:e1:f6:76:fe:2f:77:4e:0a:08:80:
         36:e8:8e:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpDdI3vBVBYU51pbK4ATO6SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUxMTAyMDcyNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjkwNWQ1YTMxOTQ1YmE1OTFlNDIzODc1ZDBiZTc5MjQ0YjQ2YTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyg42eI09ZSQYhejJwobjopXhNKtX
2A+LFv2GmES01pd0roRnqAZ3A4idFsoSbiMZDHybXKxZxDQZrDYsJmDhhByEYUZ2
WROu1ghY43KwFRhki+OGuZVSxQfoIC2Kj3y+Q5Ijrtk8syGGCJH0pQ2ojmhnZRuJ
gEXKrGHmmCCWkHLEzo7jK7N40GlKBTP+LhQuFrLsywc+xWtn16wpmDB7iphobGGe
45WcjqelCNYpTUVhQVxp8AcgmnIHYpkNSH93yRacRcv1KSzJAlPQKKlZz8kW+pso
YSFCjpmacoaifdMOF5XB+Dt25mF0qi8xoDQLlbxsKQrlU5lg64B5ysf39wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNuQXVoxlFulkeQjh10L55JEtGpLMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvMjVCZFdqR1VXNldSNUNPSFhRdm5ra1MwYWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwenkMA0G
CSqGSIb3DQEBCwUAA4IBAQBFXEn1NXffBX9iOMpS1RWA7SJhUEQZFXt4qeXR/7aG
aMcdmLuoOPYLbnN15C6fCBaBAXDdgU6GiTdga7anQwbVtvcaS480V+jiOom+70xk
y8dw/zh6lzbqZYlbXQ4kQisR/hLdLQq2VyDWArtEQOTPaYXfdUBO8fONqo/3ONuj
4Hs/qOC0RuxFi4fRqB8nPH+Du8fHw9oGM1Ni+J29H8/3Fwa80UNcbk0o2l9mkMuK
6C1CLfn2hO9QwzX6Bxl8SqFvGTwZ9sT59eJzPCgcPcWvO0HO3It0n+Sz/QKUW6Ha
7GUpCbBvZvSCs1KnA38ax9+J/OH2dv4vd04KCIA26I4A
-----END CERTIFICATE-----