Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/e0xh5ocsKTByZdeSEQes7a6ipuo.roa
File:                     e0xh5ocsKTByZdeSEQes7a6ipuo.roa (raw, json)
Hash identifier:          1iteesdsyj+M6NSzJD33babylxoyj4jdW258CTOEX08=
Subject key identifier:   7B:4C:61:E6:87:2C:29:30:72:65:D7:92:11:07:AC:ED:AE:A2:A6:EA
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019A2A60DFD197DC2AC26A243AF03406AD99
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/e0xh5ocsKTByZdeSEQes7a6ipuo.roa
Signing time:             Tue 28 Oct 2025 10:33:03 +0000
ROA not before:           Tue 28 Oct 2025 10:33:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        193.233.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 13:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2a:60:df:d1:97:dc:2a:c2:6a:24:3a:f0:34:06:ad:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Oct 28 10:33:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b4c61e6872c29307265d7921107acedaea2a6ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:17:ce:8e:6b:17:62:40:4f:9f:af:77:ef:f3:
                    08:5e:c9:6d:11:c5:77:14:85:fc:9a:bc:b8:a3:ee:
                    07:1b:c6:32:f6:17:97:76:76:b5:5a:a9:2c:52:98:
                    b2:24:0b:76:c7:98:4f:0d:81:7d:f8:cf:6f:da:5b:
                    d5:d0:3d:4a:37:7c:93:1b:22:92:0a:ed:e9:8b:13:
                    1e:fe:2c:37:28:9f:a9:3c:96:ff:23:a9:14:44:ef:
                    b9:bb:86:da:20:b0:e2:69:38:f9:69:3c:5e:09:a4:
                    95:4b:db:18:22:a9:90:2e:a2:9a:05:e2:92:4e:cc:
                    de:c4:22:a7:30:94:fc:33:7a:7a:0e:f9:05:cb:a1:
                    11:2a:ab:c4:50:a5:3e:bf:3b:b5:0a:76:7e:18:1a:
                    68:08:ee:90:7d:38:fe:92:ee:18:4b:da:12:a0:8e:
                    48:7d:5f:3c:6d:01:1e:91:2d:f6:7d:dd:79:95:44:
                    e4:3d:33:9d:a9:d9:a4:7c:31:9c:da:ab:9d:a5:74:
                    48:b2:9c:db:e9:ab:43:c8:30:35:39:1c:d0:a9:ae:
                    b8:93:20:7b:43:5c:c2:e6:d7:bb:9b:15:e5:ea:1e:
                    e3:a4:0c:15:67:f6:bf:7f:be:9d:bb:c5:f2:56:5d:
                    fe:07:62:45:31:3a:64:25:3d:f8:5f:cd:eb:c2:89:
                    9f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:4C:61:E6:87:2C:29:30:72:65:D7:92:11:07:AC:ED:AE:A2:A6:EA
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/e0xh5ocsKTByZdeSEQes7a6ipuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:01:d4:0f:c2:f2:af:1e:6e:bc:ea:ea:40:79:6b:22:84:ef:
         5f:d1:ec:3e:d2:ce:a3:bc:04:05:10:e5:2b:06:f5:c8:2d:ca:
         07:9a:e7:8b:c8:8e:8f:9a:8c:d9:5a:77:ab:ed:4e:16:13:65:
         5e:99:7e:db:f8:32:d9:51:88:ef:88:34:d1:9b:ee:94:51:a9:
         3b:b3:84:1b:58:f0:25:1a:ff:65:97:4b:76:ac:52:99:b9:6e:
         a1:25:4b:a3:44:b5:64:9d:8d:ea:92:a5:64:fa:67:e5:aa:7a:
         87:72:43:43:1b:ca:7b:02:96:35:97:af:6c:87:99:4a:08:3b:
         08:d9:88:be:2e:54:2a:32:f4:15:8d:ef:58:cd:f8:e0:3c:f5:
         7b:ed:47:8c:14:72:fc:f0:27:7a:74:41:df:6b:46:07:d4:ce:
         85:55:b6:f3:2d:4a:44:c5:d3:d8:fb:79:81:32:e8:ce:14:5b:
         99:08:e3:8d:72:7b:25:35:60:96:67:8f:85:e3:29:14:12:4a:
         cd:76:1e:2a:79:8b:29:af:69:52:11:36:9c:93:fa:72:1e:e2:
         55:52:4f:b6:6a:37:5a:89:d4:e6:8c:d5:4e:3c:0e:c2:0b:a5:
         8c:69:81:bf:34:03:9c:f7:7b:6e:67:dd:a8:d0:31:ec:39:8e:
         c5:8f:03:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoqYN/Rl9wqwmokOvA0Bq2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUxMDI4MTAzMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjRjNjFlNjg3MmMyOTMwNzI2NWQ3OTIxMTA3YWNlZGFlYTJhNmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhfOjmsXYkBPn6937/MIXsltEcV3
FIX8mry4o+4HG8Yy9heXdna1WqksUpiyJAt2x5hPDYF9+M9v2lvV0D1KN3yTGyKS
Cu3pixMe/iw3KJ+pPJb/I6kURO+5u4baILDiaTj5aTxeCaSVS9sYIqmQLqKaBeKS
TszexCKnMJT8M3p6DvkFy6ERKqvEUKU+vzu1CnZ+GBpoCO6QfTj+ku4YS9oSoI5I
fV88bQEekS32fd15lUTkPTOdqdmkfDGc2qudpXRIspzb6atDyDA1ORzQqa64kyB7
Q1zC5te7mxXl6h7jpAwVZ/a/f76du8XyVl3+B2JFMTpkJT34X83rwomfWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtMYeaHLCkwcmXXkhEHrO2uoqbqMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvZTB4aDVvY3NLVEJ5WmRlU0VRZXM3YTZpcHVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwekXMA0G
CSqGSIb3DQEBCwUAA4IBAQBKAdQPwvKvHm686upAeWsihO9f0ew+0s6jvAQFEOUr
BvXILcoHmueLyI6PmozZWner7U4WE2VemX7b+DLZUYjviDTRm+6UUak7s4QbWPAl
Gv9ll0t2rFKZuW6hJUujRLVknY3qkqVk+mflqnqHckNDG8p7ApY1l69sh5lKCDsI
2Yi+LlQqMvQVje9YzfjgPPV77UeMFHL88Cd6dEHfa0YH1M6FVbbzLUpExdPY+3mB
MujOFFuZCOONcnslNWCWZ4+F4ykUEkrNdh4qeYspr2lSETack/pyHuJVUk+2ajda
idTmjNVOPA7CC6WMaYG/NAOc93tuZ92o0DHsOY7FjwND
-----END CERTIFICATE-----