Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_goIFwVffAGcSfRmCffChk7Oq0k.roa
File:                     _goIFwVffAGcSfRmCffChk7Oq0k.roa (raw, json)
Hash identifier:          6/xUQKCGGxYWcuOU/Y/MsCzkv56mMVz97vvHiB+PBp8=
Subject key identifier:   FE:0A:08:17:05:5F:7C:01:9C:49:F4:66:09:F7:C2:86:4E:CE:AB:49
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019A1C2A91ED8EC564B161D319469755ED9C
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_goIFwVffAGcSfRmCffChk7Oq0k.roa
Signing time:             Sat 25 Oct 2025 16:19:03 +0000
ROA not before:           Sat 25 Oct 2025 16:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        158.173.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:29:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:1c:2a:91:ed:8e:c5:64:b1:61:d3:19:46:97:55:ed:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Oct 25 16:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe0a0817055f7c019c49f46609f7c2864eceab49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:77:66:7d:34:a6:c9:56:68:4f:21:b0:cd:c6:
                    ee:5e:8b:cc:22:e6:cc:2f:21:85:3f:9a:3c:2d:96:
                    f7:60:7f:ad:e7:3e:b3:56:fe:28:27:36:82:d9:8b:
                    ee:0f:3d:0e:6e:0c:62:1d:ca:3f:59:2e:d8:65:0a:
                    39:b0:0f:a4:00:ab:e0:09:17:fb:82:5b:be:82:1c:
                    bb:1b:b2:20:12:ca:f3:bc:63:08:a7:8d:71:aa:2c:
                    02:f4:e0:3c:b6:0e:3f:a0:20:ec:a9:84:11:ed:0a:
                    8c:72:47:78:5c:a8:25:9e:70:d0:3c:dc:5a:a5:a5:
                    12:32:0d:d3:27:9d:92:3e:51:63:dc:4c:b0:52:ec:
                    e7:68:ee:04:e2:36:b6:dd:cc:bc:bc:fd:30:6c:15:
                    69:8d:e1:ae:4c:31:64:63:39:b0:54:d6:56:1d:40:
                    58:a0:d9:d6:c4:1b:b8:90:03:59:34:2b:08:ab:2f:
                    1b:76:77:f8:bb:a9:2a:d7:56:d8:3e:95:7d:31:d6:
                    a9:23:8d:1d:d0:df:85:51:e0:28:b3:98:a4:1a:30:
                    2b:ca:b9:9e:0b:50:dd:7b:fc:5d:13:c1:07:7f:76:
                    51:7d:81:8b:ab:99:3f:fa:c0:3b:17:4e:e5:5e:08:
                    18:42:3e:8e:9f:cf:87:49:fb:8d:93:07:9e:6c:71:
                    f5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:0A:08:17:05:5F:7C:01:9C:49:F4:66:09:F7:C2:86:4E:CE:AB:49
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_goIFwVffAGcSfRmCffChk7Oq0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:4b:d1:ce:d1:77:58:5a:09:5c:47:eb:6b:11:d9:91:4f:10:
         43:93:a2:71:26:14:76:8a:70:c9:1a:bc:37:05:b9:f9:c0:95:
         fc:27:c0:47:6b:73:f9:b8:58:39:06:ec:dd:ff:1a:0a:01:a0:
         23:6d:93:d9:64:5d:8c:f1:b9:d4:81:e7:f3:5c:25:ea:0d:5a:
         e4:4a:64:2a:5e:9a:c4:47:e1:4d:a3:d1:cf:b4:5e:c5:c9:1e:
         26:65:d8:33:0b:f5:e9:31:eb:c9:68:41:23:c3:39:85:3b:af:
         69:f7:15:b8:2a:bf:de:69:22:e8:4a:b1:7d:03:48:ca:b9:43:
         ea:f3:8f:45:c7:56:71:ba:3d:40:56:06:80:ed:bb:93:ee:eb:
         62:80:47:80:5e:79:36:25:f9:7e:44:e8:a3:da:9c:89:2f:72:
         01:0a:95:5c:fc:5a:ad:bc:bf:6c:ac:a9:50:b2:49:95:2a:03:
         23:dd:15:c0:09:ae:94:2c:5a:c7:fe:07:f8:c5:6b:cc:e2:69:
         04:fe:46:42:6c:4f:5e:c0:82:30:30:c5:1c:02:c2:08:6c:a4:
         1c:91:23:ea:2b:e4:9a:a3:e8:cc:14:82:d2:06:1a:44:d0:0e:
         6c:0f:b1:3f:b7:bd:95:0d:d8:ee:cb:cf:80:d8:a8:09:87:6c:
         9b:9a:32:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZocKpHtjsVksWHTGUaXVe2cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUxMDI1MTYxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTBhMDgxNzA1NWY3YzAxOWM0OWY0NjYwOWY3YzI4NjRlY2VhYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyndmfTSmyVZoTyGwzcbuXovMIubM
LyGFP5o8LZb3YH+t5z6zVv4oJzaC2YvuDz0ObgxiHco/WS7YZQo5sA+kAKvgCRf7
glu+ghy7G7IgEsrzvGMIp41xqiwC9OA8tg4/oCDsqYQR7QqMckd4XKglnnDQPNxa
paUSMg3TJ52SPlFj3EywUuznaO4E4ja23cy8vP0wbBVpjeGuTDFkYzmwVNZWHUBY
oNnWxBu4kANZNCsIqy8bdnf4u6kq11bYPpV9MdapI40d0N+FUeAos5ikGjAryrme
C1Dde/xdE8EHf3ZRfYGLq5k/+sA7F07lXggYQj6On8+HSfuNkweebHH1oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP4KCBcFX3wBnEn0Zgn3woZOzqtJMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvX2dvSUZ3VmZmQUdjU2ZSbUNmZkNoazdPcTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq3AMA0G
CSqGSIb3DQEBCwUAA4IBAQBiS9HO0XdYWglcR+trEdmRTxBDk6JxJhR2inDJGrw3
Bbn5wJX8J8BHa3P5uFg5Buzd/xoKAaAjbZPZZF2M8bnUgefzXCXqDVrkSmQqXprE
R+FNo9HPtF7FyR4mZdgzC/XpMevJaEEjwzmFO69p9xW4Kr/eaSLoSrF9A0jKuUPq
849Fx1Zxuj1AVgaA7buT7utigEeAXnk2Jfl+ROij2pyJL3IBCpVc/FqtvL9srKlQ
skmVKgMj3RXACa6ULFrH/gf4xWvM4mkE/kZCbE9ewIIwMMUcAsIIbKQckSPqK+Sa
o+jMFILSBhpE0A5sD7E/t72VDdjuy8+A2KgJh2ybmjLd
-----END CERTIFICATE-----