Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/9HC-dVjnSoiBjTI-wFW5Aqlq_oY.roa
File:                     9HC-dVjnSoiBjTI-wFW5Aqlq_oY.roa (raw, json)
Hash identifier:          mG2Ma2dDqG+dXSsvT9OJk25xVpUl5+N3IsrwQpPJXsQ=
Subject key identifier:   F4:70:BE:75:58:E7:4A:88:81:8D:32:3E:C0:55:B9:02:A9:6A:FE:86
Certificate issuer:       /CN=7c86f13a9b721cd1869fbb974ee53d90022eaa2c
Certificate serial:       019765D17EF446AFC8AE65749B25550DD93E
Authority key identifier: 7C:86:F1:3A:9B:72:1C:D1:86:9F:BB:97:4E:E5:3D:90:02:2E:AA:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fIbxOptyHNGGn7uXTuU9kAIuqiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/9HC-dVjnSoiBjTI-wFW5Aqlq_oY.roa
Signing time:             Thu 12 Jun 2025 20:25:17 +0000
ROA not before:           Thu 12 Jun 2025 20:25:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215596
IP address blocks:        193.35.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/fIbxOptyHNGGn7uXTuU9kAIuqiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/fIbxOptyHNGGn7uXTuU9kAIuqiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fIbxOptyHNGGn7uXTuU9kAIuqiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:65:d1:7e:f4:46:af:c8:ae:65:74:9b:25:55:0d:d9:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c86f13a9b721cd1869fbb974ee53d90022eaa2c
        Validity
            Not Before: Jun 12 20:25:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f470be7558e74a88818d323ec055b902a96afe86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:40:bc:93:23:27:74:02:26:73:5b:42:10:29:
                    09:23:35:c1:66:43:49:17:73:05:7d:2f:f3:1b:45:
                    96:d8:e0:8e:9a:9c:dd:9d:90:f8:a0:8b:f3:53:a1:
                    2c:0c:f7:0c:f1:b5:1d:4d:dc:80:de:11:be:ce:22:
                    e5:6b:7c:b6:ca:e7:19:98:d9:2d:ae:a3:d6:1d:5a:
                    dd:85:56:77:9f:00:d5:58:2c:ef:b8:dd:ce:79:74:
                    c8:13:b8:e9:77:ac:d4:80:14:84:e0:22:a9:cd:11:
                    84:51:38:5c:d7:e7:31:1b:59:a7:59:38:ae:09:22:
                    7e:3d:4b:5a:3c:05:fa:cd:df:69:d8:aa:49:8e:20:
                    ef:02:6a:d3:3f:c6:37:8f:01:db:bd:7c:2d:6e:b2:
                    82:fe:3a:4c:8a:f9:61:df:6b:04:e9:df:d1:a8:fb:
                    41:a0:95:fc:63:4f:97:fc:5d:b6:52:20:03:2c:60:
                    34:08:cc:0e:8c:3b:07:65:70:c2:f0:e1:03:82:a2:
                    97:ca:cb:b6:05:7d:df:7d:10:cc:4a:84:88:92:ae:
                    1b:5d:31:b4:78:65:bd:54:ed:e6:0c:f3:ac:09:12:
                    da:8e:ce:e4:0e:ac:ad:b4:2e:97:fd:30:ab:f5:6d:
                    1d:c9:20:8f:31:ff:78:cd:1b:c9:5c:d8:f9:d2:07:
                    d7:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:70:BE:75:58:E7:4A:88:81:8D:32:3E:C0:55:B9:02:A9:6A:FE:86
            X509v3 Authority Key Identifier:
                keyid:7C:86:F1:3A:9B:72:1C:D1:86:9F:BB:97:4E:E5:3D:90:02:2E:AA:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fIbxOptyHNGGn7uXTuU9kAIuqiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/9HC-dVjnSoiBjTI-wFW5Aqlq_oY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/fIbxOptyHNGGn7uXTuU9kAIuqiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:fe:d2:26:51:05:06:67:9b:26:f5:f0:4f:f0:f0:ae:58:4d:
         af:2b:76:f0:81:fb:e0:4d:03:25:88:0c:ea:bc:21:5a:95:0b:
         f0:d1:61:6b:5d:b8:d9:48:65:a2:f1:2e:2c:70:09:4b:35:9a:
         50:88:18:e9:3c:76:7e:75:72:c0:85:23:7f:1d:a1:be:62:97:
         ac:5a:73:12:31:78:46:90:ff:5e:7c:c5:ab:59:d9:55:c7:11:
         c1:ca:b7:c2:43:04:d5:69:60:0c:2a:b7:42:01:04:47:1f:97:
         7e:62:72:08:26:d1:27:cd:60:5f:ae:b7:13:f2:94:96:31:e4:
         cd:39:ba:9f:bf:22:4a:e1:04:d0:35:90:38:b6:4d:77:5f:04:
         b3:5f:34:2b:27:64:f8:6a:fd:ab:ff:cb:a6:33:b2:76:b0:06:
         04:b4:2c:e1:d0:70:96:fa:ea:53:e0:84:80:43:21:dd:47:96:
         8c:87:33:1a:0f:e6:2d:b8:d5:9e:8b:5f:11:bd:eb:dc:b7:2d:
         35:1b:29:0a:44:ac:bf:6c:4a:4a:7b:eb:b8:d8:83:9a:a7:c9:
         c4:98:5a:77:ba:98:61:e1:97:00:47:f8:f8:89:d9:26:80:20:
         1a:9a:d6:29:c9:43:c0:77:48:60:ba:50:a6:77:5c:03:ce:e0:
         fe:d5:bf:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdl0X70Rq/IrmV0myVVDdk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjODZmMTNhOWI3MjFjZDE4NjlmYmI5NzRlZTUzZDkwMDIy
ZWFhMmMwHhcNMjUwNjEyMjAyNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDcwYmU3NTU4ZTc0YTg4ODE4ZDMyM2VjMDU1YjkwMmE5NmFmZTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUC8kyMndAImc1tCECkJIzXBZkNJ
F3MFfS/zG0WW2OCOmpzdnZD4oIvzU6EsDPcM8bUdTdyA3hG+ziLla3y2yucZmNkt
rqPWHVrdhVZ3nwDVWCzvuN3OeXTIE7jpd6zUgBSE4CKpzRGEUThc1+cxG1mnWTiu
CSJ+PUtaPAX6zd9p2KpJjiDvAmrTP8Y3jwHbvXwtbrKC/jpMivlh32sE6d/RqPtB
oJX8Y0+X/F22UiADLGA0CMwOjDsHZXDC8OEDgqKXysu2BX3ffRDMSoSIkq4bXTG0
eGW9VO3mDPOsCRLajs7kDqyttC6X/TCr9W0dySCPMf94zRvJXNj50gfXhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRwvnVY50qIgY0yPsBVuQKpav6GMB8GA1UdIwQY
MBaAFHyG8TqbchzRhp+7l07lPZACLqosMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZklieE9wdHlITkdHbjd1WFR1VTlrQUl1cWl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82MDc3MjEtMDBmZi00NTgxLTgwZTUt
NmZhODQ0MDJkNmEwLzEvOUhDLWRWam5Tb2lCalRJLXdGVzVBcWxxX29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82MDc3MjEtMDBmZi00NTgxLTgwZTUtNmZhODQ0MDJkNmEw
LzEvZklieE9wdHlITkdHbjd1WFR1VTlrQUl1cWl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSPRMA0G
CSqGSIb3DQEBCwUAA4IBAQBS/tImUQUGZ5sm9fBP8PCuWE2vK3bwgfvgTQMliAzq
vCFalQvw0WFrXbjZSGWi8S4scAlLNZpQiBjpPHZ+dXLAhSN/HaG+YpesWnMSMXhG
kP9efMWrWdlVxxHByrfCQwTVaWAMKrdCAQRHH5d+YnIIJtEnzWBfrrcT8pSWMeTN
ObqfvyJK4QTQNZA4tk13XwSzXzQrJ2T4av2r/8umM7J2sAYEtCzh0HCW+upT4ISA
QyHdR5aMhzMaD+YtuNWei18Rvevcty01GykKRKy/bEpKe+u42IOap8nEmFp3uphh
4ZcAR/j4idkmgCAamtYpyUPAd0hgulCmd1wDzuD+1b/L
-----END CERTIFICATE-----