Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/z-ibYtZ9d_foEACcigrLZAo9joI.roa
File:                     z-ibYtZ9d_foEACcigrLZAo9joI.roa (raw, json)
Hash identifier:          NVLp3BYwIRbDC/9Lk4X7JJ4siwUV+a+7L+AwEgebNOI=
Subject key identifier:   CF:E8:9B:62:D6:7D:77:F7:E8:10:00:9C:8A:0A:CB:64:0A:3D:8E:82
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019A113F77A26AE497641FF7E3B08446AF5E
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/z-ibYtZ9d_foEACcigrLZAo9joI.roa
Signing time:             Thu 23 Oct 2025 13:26:03 +0000
ROA not before:           Thu 23 Oct 2025 13:26:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59651
IP address blocks:        193.233.88.0/24 maxlen: 24
                          193.233.89.0/24 maxlen: 24
                          193.233.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 13:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:11:3f:77:a2:6a:e4:97:64:1f:f7:e3:b0:84:46:af:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Oct 23 13:26:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfe89b62d67d77f7e810009c8a0acb640a3d8e82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:87:74:80:09:b5:f0:1c:fb:c3:16:74:9c:b9:
                    fb:32:83:6b:86:a3:12:78:19:5c:8c:63:c7:c5:99:
                    64:a7:2b:94:27:ea:c5:20:3c:b6:1a:e8:b8:b6:c6:
                    cd:d2:0b:56:c2:62:36:d1:a2:c1:24:c8:11:9b:6e:
                    a4:cb:d8:df:d3:d1:15:61:3e:e3:66:06:f9:87:f4:
                    c8:75:35:d3:75:cf:d6:a7:72:b7:50:ed:57:ae:be:
                    7e:5e:59:7b:0b:5e:7c:44:8b:88:b6:2b:1b:f5:ca:
                    1b:b6:df:16:bc:3f:1e:dd:84:f7:63:9c:aa:52:d0:
                    cd:f3:8e:70:6b:99:f6:e5:96:b4:32:47:a3:6f:5a:
                    52:ca:c2:44:7d:b5:c9:06:40:2e:57:1f:3c:15:c3:
                    3f:38:da:a6:a0:bb:e9:bd:b3:90:e3:4c:2b:bb:fc:
                    e4:18:bf:88:aa:40:65:fa:ef:f6:be:18:46:88:fe:
                    28:19:16:cf:67:77:6b:af:e6:36:f9:64:42:fe:c4:
                    ee:ec:0c:ab:29:62:09:6c:64:d5:92:ad:a9:14:04:
                    d7:61:d5:64:5a:1b:22:ba:55:89:7b:c5:60:57:7f:
                    5c:5e:1a:d5:81:00:bd:6e:55:4b:2e:5f:28:23:8a:
                    cb:de:ae:08:ad:5e:16:61:22:c6:48:ef:d2:a1:e3:
                    87:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:E8:9B:62:D6:7D:77:F7:E8:10:00:9C:8A:0A:CB:64:0A:3D:8E:82
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/z-ibYtZ9d_foEACcigrLZAo9joI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.88.0-193.233.90.255

    Signature Algorithm: sha256WithRSAEncryption
         37:e5:ed:6e:35:6f:8a:59:ef:46:80:95:d0:e7:8d:28:22:6b:
         03:e0:5b:7d:90:92:bb:7e:9b:0f:13:21:88:19:8f:4a:81:c5:
         9b:31:19:7a:cf:94:b9:80:96:f4:5a:4c:a3:07:cf:7e:79:be:
         9b:ea:c4:18:f4:1e:8d:04:ed:37:f5:80:64:07:42:3d:f3:ad:
         2f:bb:de:23:f1:49:06:25:5e:80:ab:cb:f2:14:0f:6f:75:80:
         74:cd:ef:4e:a0:f6:4a:a7:29:a0:e3:22:4b:01:07:51:3e:96:
         b5:fd:49:94:7f:64:fb:f2:f7:12:be:75:a4:15:e2:91:99:f7:
         d9:56:76:7c:de:ae:30:5d:11:e1:44:69:9c:a3:b2:31:b0:d2:
         4b:f0:86:f8:ee:05:80:1a:ef:1d:eb:a3:27:1f:f5:74:2c:d4:
         8e:53:62:e2:6a:a0:61:07:72:f6:b1:9b:ca:38:46:37:ba:57:
         41:80:bd:96:de:cd:94:85:9b:52:3e:62:1a:4a:cc:aa:61:b6:
         17:8a:1e:f2:2c:f3:45:d6:7e:76:20:fb:d8:47:9d:ca:b4:41:
         bd:c9:65:e9:3e:f2:2d:e3:94:d1:2f:bb:67:fc:06:b2:ce:6c:
         c6:ec:fd:fe:0b:91:ab:b0:98:c9:0c:57:f0:f7:ac:90:1a:a1:
         ed:88:0a:08
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZoRP3eiauSXZB/347CERq9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUxMDIzMTMyNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmU4OWI2MmQ2N2Q3N2Y3ZTgxMDAwOWM4YTBhY2I2NDBhM2Q4ZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqod0gAm18Bz7wxZ0nLn7MoNrhqMS
eBlcjGPHxZlkpyuUJ+rFIDy2Gui4tsbN0gtWwmI20aLBJMgRm26ky9jf09EVYT7j
Zgb5h/TIdTXTdc/Wp3K3UO1Xrr5+Xll7C158RIuItisb9cobtt8WvD8e3YT3Y5yq
UtDN845wa5n25Za0Mkejb1pSysJEfbXJBkAuVx88FcM/ONqmoLvpvbOQ40wru/zk
GL+IqkBl+u/2vhhGiP4oGRbPZ3drr+Y2+WRC/sTu7AyrKWIJbGTVkq2pFATXYdVk
WhsiulWJe8VgV39cXhrVgQC9blVLLl8oI4rL3q4IrV4WYSLGSO/SoeOHtQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM/om2LWfXf36BAAnIoKy2QKPY6CMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvei1pYll0WjlkX2ZvRUFDY2lnckxaQW85am9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPB6VgD
BADB6VowDQYJKoZIhvcNAQELBQADggEBADfl7W41b4pZ70aAldDnjSgiawPgW32Q
krt+mw8TIYgZj0qBxZsxGXrPlLmAlvRaTKMHz355vpvqxBj0Ho0E7Tf1gGQHQj3z
rS+73iPxSQYlXoCry/IUD291gHTN706g9kqnKaDjIksBB1E+lrX9SZR/ZPvy9xK+
daQV4pGZ99lWdnzerjBdEeFEaZyjsjGw0kvwhvjuBYAa7x3roycf9XQs1I5TYuJq
oGEHcvaxm8o4Rje6V0GAvZbezZSFm1I+YhpKzKphtheKHvIs80XWfnYg+9hHncq0
Qb3JZek+8i3jlNEvu2f8BrLObMbs/f4LkauwmMkMV/D3rJAaoe2ICgg=
-----END CERTIFICATE-----