Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/776kUbJ3VVqToymBKMbF89mr9Q8.roa
File:                     776kUbJ3VVqToymBKMbF89mr9Q8.roa (raw, json)
Hash identifier:          wgOghDPuam7I/NZwZ9vII29E7Ezx8RPRacNA4LLaF2M=
Subject key identifier:   EF:BE:A4:51:B2:77:55:5A:93:A3:29:81:28:C6:C5:F3:D9:AB:F5:0F
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019A3931E73073F87B7AECC2D881A35826C6
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/776kUbJ3VVqToymBKMbF89mr9Q8.roa
Signing time:             Fri 31 Oct 2025 07:36:03 +0000
ROA not before:           Fri 31 Oct 2025 07:36:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215026
IP address blocks:        188.255.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 13:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:39:31:e7:30:73:f8:7b:7a:ec:c2:d8:81:a3:58:26:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 31 07:36:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efbea451b277555a93a3298128c6c5f3d9abf50f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:9b:ef:71:e4:22:b2:6a:f9:9c:15:a6:48:25:
                    69:dc:5a:15:65:fb:60:74:0c:ba:a3:6b:50:75:78:
                    ce:a6:66:fa:36:c0:07:41:0f:d4:24:bf:80:ac:e8:
                    53:ac:73:4b:47:06:5f:fa:5d:43:2e:b6:e8:21:f1:
                    03:4d:a4:76:4f:ff:2f:4f:ae:36:63:53:f5:a3:a4:
                    f8:37:2f:2a:24:b8:6b:ec:d8:13:21:6a:67:04:77:
                    b1:97:e2:d3:ec:0d:25:f6:6d:68:18:be:5a:70:e2:
                    a6:07:ea:25:97:24:ef:99:e7:4d:ed:dd:e9:a4:44:
                    30:e2:7e:90:2f:20:1a:dd:0f:38:1b:e9:8b:80:e0:
                    8b:33:00:af:3c:da:51:48:a1:69:30:f8:6b:54:86:
                    cc:15:5e:89:c4:85:11:6d:25:b7:ae:d3:d4:11:2d:
                    7f:ff:23:f4:3c:40:46:22:99:b6:f0:3e:ae:53:31:
                    43:8d:b7:ec:77:b7:c3:40:09:4b:9b:16:6a:dd:5c:
                    27:10:04:11:30:22:d9:81:fe:53:32:5b:0b:c9:43:
                    c1:7b:16:07:8e:26:a2:af:6c:9f:41:aa:31:3c:55:
                    1d:a6:2e:88:4e:db:df:a7:4a:8f:7a:13:62:be:04:
                    56:f1:76:d3:fe:62:3c:17:0e:2d:43:c3:21:4d:bb:
                    9d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:BE:A4:51:B2:77:55:5A:93:A3:29:81:28:C6:C5:F3:D9:AB:F5:0F
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/776kUbJ3VVqToymBKMbF89mr9Q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:75:c3:00:04:eb:64:36:d1:a1:7c:02:79:3e:ac:ab:97:51:
         19:56:14:43:33:b1:09:67:a7:23:b8:40:21:c2:c3:26:94:99:
         fb:e3:4a:2d:68:c6:3b:8a:44:fe:61:c8:ec:a5:23:72:8a:67:
         4f:4d:e1:d8:0c:f2:b1:49:76:89:59:98:90:e2:e2:00:69:1d:
         9f:aa:e6:22:b2:61:ff:76:0a:33:2d:54:1d:c4:1a:95:90:b7:
         7f:3f:12:16:2c:a9:03:41:e7:0c:a2:35:fb:25:9f:d0:ce:4f:
         04:90:ba:46:fc:64:61:c2:a1:21:02:e8:b5:ea:13:af:1f:c0:
         6a:4d:2d:ec:c0:0f:bc:2a:93:3a:b0:ab:eb:6f:c5:4b:81:ab:
         1e:97:49:d6:ea:39:75:a0:4f:99:f1:68:58:0d:86:bf:03:9d:
         73:c8:8b:9a:bc:64:98:35:85:18:0d:99:6c:84:65:ef:62:db:
         a8:5e:82:db:2c:f1:83:3b:fa:22:f0:41:e9:38:7b:f5:4c:42:
         fe:da:0d:da:90:ef:67:be:d5:c4:23:45:fd:e4:1b:af:84:8a:
         39:47:95:35:12:ef:45:ef:0e:86:cf:a8:7e:2a:3f:95:b2:a6:
         83:42:57:90:38:2c:c5:32:ae:ca:29:c3:9d:22:10:16:90:f0:
         12:53:f1:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo5Mecwc/h7euzC2IGjWCbGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDMxMDczNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmJlYTQ1MWIyNzc1NTVhOTNhMzI5ODEyOGM2YzVmM2Q5YWJmNTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJvvceQismr5nBWmSCVp3FoVZftg
dAy6o2tQdXjOpmb6NsAHQQ/UJL+ArOhTrHNLRwZf+l1DLrboIfEDTaR2T/8vT642
Y1P1o6T4Ny8qJLhr7NgTIWpnBHexl+LT7A0l9m1oGL5acOKmB+ollyTvmedN7d3p
pEQw4n6QLyAa3Q84G+mLgOCLMwCvPNpRSKFpMPhrVIbMFV6JxIURbSW3rtPUES1/
/yP0PEBGIpm28D6uUzFDjbfsd7fDQAlLmxZq3VwnEAQRMCLZgf5TMlsLyUPBexYH
jiair2yfQaoxPFUdpi6ITtvfp0qPehNivgRW8XbT/mI8Fw4tQ8MhTbudYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO++pFGyd1Vak6MpgSjGxfPZq/UPMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvNzc2a1ViSjNWVnFUb3ltQktNYkY4OW1yOVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP+qMA0G
CSqGSIb3DQEBCwUAA4IBAQBgdcMABOtkNtGhfAJ5Pqyrl1EZVhRDM7EJZ6cjuEAh
wsMmlJn740otaMY7ikT+YcjspSNyimdPTeHYDPKxSXaJWZiQ4uIAaR2fquYismH/
dgozLVQdxBqVkLd/PxIWLKkDQecMojX7JZ/Qzk8EkLpG/GRhwqEhAui16hOvH8Bq
TS3swA+8KpM6sKvrb8VLgasel0nW6jl1oE+Z8WhYDYa/A51zyIuavGSYNYUYDZls
hGXvYtuoXoLbLPGDO/oi8EHpOHv1TEL+2g3akO9nvtXEI0X95BuvhIo5R5U1Eu9F
7w6Gz6h+Kj+VsqaDQleQOCzFMq7KKcOdIhAWkPASU/EB
-----END CERTIFICATE-----