Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/heyF3PwVg2LH5Z1eVNAFl_XrRNc.roa
File:                     heyF3PwVg2LH5Z1eVNAFl_XrRNc.roa (raw, json)
Hash identifier:          LhW+SMrb4rHuh4Aa16+RyNIfCmIIBHNGVarGhqURIAs=
Subject key identifier:   85:EC:85:DC:FC:15:83:62:C7:E5:9D:5E:54:D0:05:97:F5:EB:44:D7
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       01977CB22036EF93A613F54EA4E52D246A4C
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/heyF3PwVg2LH5Z1eVNAFl_XrRNc.roa
Signing time:             Tue 17 Jun 2025 07:02:17 +0000
ROA not before:           Tue 17 Jun 2025 07:02:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        193.233.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 13:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7c:b2:20:36:ef:93:a6:13:f5:4e:a4:e5:2d:24:6a:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jun 17 07:02:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85ec85dcfc158362c7e59d5e54d00597f5eb44d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:78:0e:79:ef:b9:7c:c8:c5:6f:27:f5:93:ca:
                    79:98:32:f4:1a:35:a2:45:71:ba:c4:f7:d8:67:c9:
                    bd:c9:13:f7:d4:d1:c5:eb:2b:ab:ab:77:34:bb:4f:
                    54:7d:27:ea:07:7a:5a:a0:18:61:05:75:70:fb:3e:
                    e6:f9:50:95:5c:d6:66:5a:58:6e:be:fa:db:9b:f3:
                    a3:a5:f2:42:6b:16:56:1e:2b:66:f3:06:34:23:66:
                    7f:6d:37:51:a3:00:a0:33:48:51:90:8a:c1:6b:03:
                    d6:37:11:d7:ba:33:5b:df:d7:fc:85:ac:30:4f:c1:
                    47:ea:56:1e:fe:bc:97:99:64:23:51:18:8f:b3:0a:
                    a9:cc:51:36:1d:42:9c:4f:4c:c5:e1:1a:e1:23:48:
                    7b:8c:2d:c0:b6:f4:a1:24:9b:92:7e:00:a5:24:f4:
                    ed:7c:1f:00:4f:72:71:02:96:9a:59:db:bc:cb:b4:
                    d4:21:b2:57:73:40:22:1f:e8:e4:6e:a9:98:b1:20:
                    b6:ff:81:ee:5e:71:05:fa:e2:1c:41:1b:c2:c5:ec:
                    d8:f4:7f:d8:fb:c1:89:10:3f:aa:59:8b:61:a7:84:
                    66:77:e9:32:0f:75:fd:55:57:bb:1e:df:0a:3e:35:
                    95:1e:14:fc:52:d5:a6:2a:53:54:cc:a1:6b:f1:86:
                    a3:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:EC:85:DC:FC:15:83:62:C7:E5:9D:5E:54:D0:05:97:F5:EB:44:D7
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/heyF3PwVg2LH5Z1eVNAFl_XrRNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:81:a6:e4:dd:56:57:b3:11:7e:62:41:8b:1f:ea:da:2c:75:
         37:cf:12:11:cf:88:10:bc:8f:0e:5d:eb:f7:6f:6d:cd:65:3b:
         39:75:d1:96:bd:e5:80:b9:e0:ab:d9:72:38:4f:41:85:cc:13:
         6b:1d:ce:83:38:92:b4:18:64:88:41:49:f4:68:85:46:06:96:
         55:d0:ca:16:6d:e3:f3:ed:bc:2f:e3:3f:c3:78:14:8f:ae:5c:
         0c:fd:ff:81:7e:00:18:17:74:1d:c5:1b:38:96:fa:5c:95:6e:
         ec:3c:98:f6:e9:1a:24:33:2c:8b:ea:e6:bc:20:e4:de:76:e8:
         8f:cb:04:31:ae:c6:ae:4a:d2:9f:32:08:7a:0b:5e:74:6b:2f:
         1d:3a:cd:8b:86:81:70:f5:a6:21:c0:29:5a:18:51:2c:4e:ba:
         e6:56:43:4f:bf:bc:03:77:5b:a4:8c:53:b6:78:0a:cf:12:a4:
         df:a7:e2:9d:5c:b5:b2:a2:eb:28:21:6b:a7:20:29:c6:36:49:
         61:3d:2c:04:f0:f1:58:4b:37:45:83:2a:cc:f1:d2:5c:81:ad:
         5a:83:68:51:1f:72:ba:7e:ef:d7:c5:f8:4c:5f:11:54:fe:c9:
         a7:6b:05:d5:49:94:9a:ce:53:63:98:fb:98:db:ae:9d:4f:64:
         c4:81:39:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd8siA275OmE/VOpOUtJGpMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwNjE3MDcwMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWVjODVkY2ZjMTU4MzYyYzdlNTlkNWU1NGQwMDU5N2Y1ZWI0NGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHgOee+5fMjFbyf1k8p5mDL0GjWi
RXG6xPfYZ8m9yRP31NHF6yurq3c0u09UfSfqB3paoBhhBXVw+z7m+VCVXNZmWlhu
vvrbm/OjpfJCaxZWHitm8wY0I2Z/bTdRowCgM0hRkIrBawPWNxHXujNb39f8haww
T8FH6lYe/ryXmWQjURiPswqpzFE2HUKcT0zF4RrhI0h7jC3AtvShJJuSfgClJPTt
fB8AT3JxApaaWdu8y7TUIbJXc0AiH+jkbqmYsSC2/4HuXnEF+uIcQRvCxezY9H/Y
+8GJED+qWYthp4Rmd+kyD3X9VVe7Ht8KPjWVHhT8UtWmKlNUzKFr8Yaj/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXshdz8FYNix+WdXlTQBZf160TXMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvaGV5RjNQd1ZnMkxINVoxZVZOQUZsX1hyUk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwen/MA0G
CSqGSIb3DQEBCwUAA4IBAQBLgabk3VZXsxF+YkGLH+raLHU3zxIRz4gQvI8OXev3
b23NZTs5ddGWveWAueCr2XI4T0GFzBNrHc6DOJK0GGSIQUn0aIVGBpZV0MoWbePz
7bwv4z/DeBSPrlwM/f+BfgAYF3QdxRs4lvpclW7sPJj26RokMyyL6ua8IOTeduiP
ywQxrsauStKfMgh6C150ay8dOs2LhoFw9aYhwClaGFEsTrrmVkNPv7wDd1ukjFO2
eArPEqTfp+KdXLWyousoIWunICnGNklhPSwE8PFYSzdFgyrM8dJcga1ag2hRH3K6
fu/XxfhMXxFU/smnawXVSZSazlNjmPuY266dT2TEgTnE
-----END CERTIFICATE-----