Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/s_-2nynIS9kq31RhmBcqxFv10go.roa
File:                     s_-2nynIS9kq31RhmBcqxFv10go.roa (raw, json)
Hash identifier:          pc4T/Mr+1d2sfPGAlzGYwdZxUJKqzePVGUeBnvJs5OU=
Subject key identifier:   B3:FF:B6:9F:29:C8:4B:D9:2A:DF:54:61:98:17:2A:C4:5B:F5:D2:0A
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019A392F281AAB4DC9A5C59263B5E9EC0FF5
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/s_-2nynIS9kq31RhmBcqxFv10go.roa
Signing time:             Fri 31 Oct 2025 07:33:03 +0000
ROA not before:           Fri 31 Oct 2025 07:33:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        81.18.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:39:2f:28:1a:ab:4d:c9:a5:c5:92:63:b5:e9:ec:0f:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 31 07:33:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3ffb69f29c84bd92adf546198172ac45bf5d20a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1d:4c:f0:97:c5:ae:7f:bc:3b:cd:d0:46:d6:
                    ce:89:6d:4a:bb:99:cd:da:0f:87:60:37:94:04:ea:
                    c5:76:a2:84:bd:ef:7a:da:77:4d:a5:49:13:ca:59:
                    15:8a:ac:05:b9:0a:21:7a:40:2f:56:8a:4a:36:20:
                    9d:d5:98:ba:3d:32:9b:fd:6c:1d:90:4c:83:cb:40:
                    ca:7b:5b:f9:df:05:c4:21:a4:6b:18:1e:0b:8c:84:
                    09:b7:69:20:07:a2:0f:02:0f:18:a5:e7:b6:fa:a1:
                    dd:89:f9:cc:ae:14:6c:1f:9f:0f:42:e5:a8:9d:f1:
                    10:a2:ca:64:fa:02:0d:b8:49:98:73:62:07:de:b4:
                    22:49:e2:a6:84:fa:56:8f:3e:32:40:1a:ff:91:d0:
                    d3:70:33:ea:7c:f5:cd:b0:0b:d1:3f:f4:af:49:7b:
                    a3:67:63:20:0a:94:1b:11:96:28:ea:a5:8c:0b:2d:
                    11:ff:7e:ff:37:74:61:5a:b1:17:3d:8b:f0:8b:0e:
                    49:f6:d7:49:92:30:0e:81:08:34:90:42:c4:14:24:
                    8b:d7:6a:df:90:52:52:23:d6:33:29:a0:e9:91:f9:
                    2f:6b:1d:6b:27:05:bc:03:0a:b1:61:bf:57:61:7f:
                    c3:8d:09:4b:c8:59:bc:46:b5:95:cf:18:08:fa:12:
                    d4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:FF:B6:9F:29:C8:4B:D9:2A:DF:54:61:98:17:2A:C4:5B:F5:D2:0A
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/s_-2nynIS9kq31RhmBcqxFv10go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.18.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:64:a7:e0:33:86:f3:eb:01:b1:3d:1f:10:92:a6:6e:44:6d:
         a3:b5:7b:4d:0c:80:90:21:10:f0:f5:03:a6:e7:29:a1:13:1e:
         64:2b:fc:f1:57:a4:ee:53:50:b7:b5:a5:39:56:04:eb:a5:f7:
         c4:99:45:7a:32:9b:c7:2b:e0:3f:9d:fb:3b:b5:25:a3:5c:99:
         2c:ec:6e:98:f4:8f:d8:72:1e:e2:3e:b6:16:3c:46:e2:08:68:
         44:0a:a4:5e:b5:38:43:d6:78:80:0c:45:37:bf:41:76:cb:a0:
         8e:f8:7a:ab:72:19:2f:5a:dc:5c:31:e4:c2:1e:9f:e8:56:80:
         ac:61:0c:02:b2:0d:f7:ac:08:8f:7d:79:45:ca:86:39:e3:f5:
         f9:4f:dd:a9:82:7c:a5:2a:95:31:80:3c:f8:e5:da:51:63:4c:
         85:d4:a5:ff:c5:ee:f5:6d:ec:67:7e:48:27:e0:02:9e:de:43:
         98:4a:63:a7:9d:a7:5d:f0:64:3a:a3:6c:1b:bc:34:51:87:55:
         ba:f0:55:30:30:2e:06:74:c4:64:2c:98:e1:ad:7e:49:2a:6a:
         46:dd:b8:24:67:ea:2e:ef:2a:ea:f6:45:7c:46:8f:04:db:54:
         77:1e:14:91:27:84:94:d7:82:3e:c0:96:53:ea:38:d1:31:51:
         0a:49:79:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo5Lygaq03JpcWSY7Xp7A/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDMxMDczMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2ZmYjY5ZjI5Yzg0YmQ5MmFkZjU0NjE5ODE3MmFjNDViZjVkMjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxR1M8JfFrn+8O83QRtbOiW1Ku5nN
2g+HYDeUBOrFdqKEve962ndNpUkTylkViqwFuQohekAvVopKNiCd1Zi6PTKb/Wwd
kEyDy0DKe1v53wXEIaRrGB4LjIQJt2kgB6IPAg8Ypee2+qHdifnMrhRsH58PQuWo
nfEQospk+gINuEmYc2IH3rQiSeKmhPpWjz4yQBr/kdDTcDPqfPXNsAvRP/SvSXuj
Z2MgCpQbEZYo6qWMCy0R/37/N3RhWrEXPYvwiw5J9tdJkjAOgQg0kELEFCSL12rf
kFJSI9YzKaDpkfkvax1rJwW8AwqxYb9XYX/DjQlLyFm8RrWVzxgI+hLU1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLP/tp8pyEvZKt9UYZgXKsRb9dIKMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvc18tMm55bklTOWtxMzFSaG1CY3F4RnYxMGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURI3MA0G
CSqGSIb3DQEBCwUAA4IBAQCNZKfgM4bz6wGxPR8QkqZuRG2jtXtNDICQIRDw9QOm
5ymhEx5kK/zxV6TuU1C3taU5VgTrpffEmUV6MpvHK+A/nfs7tSWjXJks7G6Y9I/Y
ch7iPrYWPEbiCGhECqRetThD1niADEU3v0F2y6CO+HqrchkvWtxcMeTCHp/oVoCs
YQwCsg33rAiPfXlFyoY54/X5T92pgnylKpUxgDz45dpRY0yF1KX/xe71bexnfkgn
4AKe3kOYSmOnnadd8GQ6o2wbvDRRh1W68FUwMC4GdMRkLJjhrX5JKmpG3bgkZ+ou
7yrq9kV8Ro8E21R3HhSRJ4SU14I+wJZT6jjRMVEKSXkb
-----END CERTIFICATE-----