Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/1ZOqwcEasiN91mmeTtM3X2KSg98.roa
File:                     1ZOqwcEasiN91mmeTtM3X2KSg98.roa (raw, json)
Hash identifier:          xm9H1TSk8MSrCNoUM5Ts0xxMj18kv3SUVRlY9XIQrgw=
Subject key identifier:   D5:93:AA:C1:C1:1A:B2:23:7D:D6:69:9E:4E:D3:37:5F:62:92:83:DF
Certificate issuer:       /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial:       019A533DB074D001DEEC66D8152CF10CB1A4
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/1ZOqwcEasiN91mmeTtM3X2KSg98.roa
Signing time:             Wed 05 Nov 2025 08:59:03 +0000
ROA not before:           Wed 05 Nov 2025 08:59:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209535
IP address blocks:        212.163.20.0/22 maxlen: 24
                          212.163.36.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 17:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:53:3d:b0:74:d0:01:de:ec:66:d8:15:2c:f1:0c:b1:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
        Validity
            Not Before: Nov  5 08:59:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d593aac1c11ab2237dd6699e4ed3375f629283df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:19:c6:84:9f:e1:68:6e:0f:40:8c:c2:d5:0b:
                    9f:6a:f9:ac:bc:3d:b5:46:e7:b1:e6:2b:73:92:9c:
                    81:8f:64:8c:92:ef:6b:bd:2b:56:f9:35:e6:c3:c1:
                    9d:3b:c1:bf:2e:78:29:6d:b1:d6:69:d0:53:ca:71:
                    87:83:3d:3f:99:3f:32:91:41:bd:4c:75:3c:4a:f5:
                    f8:dc:63:2a:31:4c:03:8a:51:ba:98:9c:3d:1d:c7:
                    3d:bd:64:3e:e4:ec:e9:27:11:70:e9:54:40:0c:b3:
                    20:66:5c:94:cd:b3:3c:91:8f:80:33:48:88:28:45:
                    59:e8:66:55:27:63:c1:e0:8a:49:d1:46:a9:32:32:
                    d0:99:f3:2e:87:f9:a2:57:b3:b3:c4:fe:e8:9c:2e:
                    38:96:ff:67:7e:95:b1:3d:e3:0d:83:0f:69:12:4a:
                    7c:04:8a:ce:7d:40:71:0e:cd:70:b4:1e:cb:dc:56:
                    51:46:28:e8:09:91:83:3a:cb:27:ee:b4:b8:40:85:
                    42:ff:9f:73:11:02:bf:87:f9:3e:3e:76:d5:3c:9c:
                    fd:e9:90:1b:c1:ac:ba:bc:83:34:f5:e9:31:11:a7:
                    47:f4:7c:71:c8:73:c6:03:c8:9e:eb:26:67:90:3f:
                    31:c3:2e:1d:8e:39:44:ee:23:78:0f:bc:18:50:55:
                    12:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:93:AA:C1:C1:1A:B2:23:7D:D6:69:9E:4E:D3:37:5F:62:92:83:DF
            X509v3 Authority Key Identifier:
                keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/1ZOqwcEasiN91mmeTtM3X2KSg98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.163.20.0/22
                  212.163.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:97:4a:c1:63:3b:20:51:e2:80:75:3e:15:ff:1c:12:96:e0:
         41:01:d5:48:c3:cb:3c:0a:5a:43:0b:ce:da:54:83:47:0b:01:
         94:83:57:ae:ac:21:73:22:bf:13:f0:2d:8a:f6:5e:e2:a5:4f:
         56:b9:25:57:f2:15:6d:7c:9a:0c:db:96:93:66:72:f4:ea:4a:
         dc:58:90:b8:e6:79:cc:c1:c7:03:7a:d5:5f:de:d6:be:07:e2:
         4a:d8:d6:93:35:87:86:3b:2c:76:77:e7:90:64:ed:b8:22:f7:
         71:72:fb:1f:83:e9:b1:e9:0c:ad:86:c1:53:02:dc:fa:2d:a6:
         29:c9:f5:8e:2b:b4:cd:4b:17:7d:0d:35:52:89:99:28:22:60:
         84:78:62:9d:0b:ab:a7:89:fa:42:08:b5:e5:5b:31:84:d3:19:
         e2:97:9d:7c:d2:69:8e:95:06:60:2f:9d:0d:2d:f0:de:81:b3:
         1e:36:dc:08:28:43:79:8a:de:74:de:f5:0c:3a:76:f3:30:46:
         fe:d7:98:ca:68:e2:0b:94:72:92:6c:76:23:55:6d:0e:e4:53:
         86:71:2f:23:79:5b:cd:fa:b9:df:96:11:64:f9:2b:64:c8:e7:
         ca:09:b7:bc:85:cd:ec:19:8c:c8:72:df:eb:46:3a:4d:90:61:
         82:8a:32:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpTPbB00AHe7GbYFSzxDLGkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjUxMTA1MDg1OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTkzYWFjMWMxMWFiMjIzN2RkNjY5OWU0ZWQzMzc1ZjYyOTI4M2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhnGhJ/haG4PQIzC1QufavmsvD21
Ruex5itzkpyBj2SMku9rvStW+TXmw8GdO8G/LngpbbHWadBTynGHgz0/mT8ykUG9
THU8SvX43GMqMUwDilG6mJw9Hcc9vWQ+5OzpJxFw6VRADLMgZlyUzbM8kY+AM0iI
KEVZ6GZVJ2PB4IpJ0UapMjLQmfMuh/miV7OzxP7onC44lv9nfpWxPeMNgw9pEkp8
BIrOfUBxDs1wtB7L3FZRRijoCZGDOssn7rS4QIVC/59zEQK/h/k+PnbVPJz96ZAb
way6vIM09ekxEadH9HxxyHPGA8ie6yZnkD8xwy4djjlE7iN4D7wYUFUSjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNWTqsHBGrIjfdZpnk7TN19ikoPfMB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvMVpPcXdjRWFzaU45MW1tZVR0TTNYMktTZzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQC1KMUAwQC
1KMkMA0GCSqGSIb3DQEBCwUAA4IBAQB+l0rBYzsgUeKAdT4V/xwSluBBAdVIw8s8
ClpDC87aVINHCwGUg1eurCFzIr8T8C2K9l7ipU9WuSVX8hVtfJoM25aTZnL06krc
WJC45nnMwccDetVf3ta+B+JK2NaTNYeGOyx2d+eQZO24Ivdxcvsfg+mx6QythsFT
Atz6LaYpyfWOK7TNSxd9DTVSiZkoImCEeGKdC6unifpCCLXlWzGE0xnil5180mmO
lQZgL50NLfDegbMeNtwIKEN5it503vUMOnbzMEb+15jKaOILlHKSbHYjVW0O5FOG
cS8jeVvN+rnflhFk+StkyOfKCbe8hc3sGYzIct/rRjpNkGGCijIT
-----END CERTIFICATE-----