Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/afmYjXaHaumU16oz7llCIME7ui8.roa
File:                     afmYjXaHaumU16oz7llCIME7ui8.roa (raw, json)
Hash identifier:          sYzsE2kkChbdNUvy3LP4xPuHj7O638koFKmDtasIvnY=
Subject key identifier:   69:F9:98:8D:76:87:6A:E9:94:D7:AA:33:EE:59:42:20:C1:3B:BA:2F
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       019A497A4CD659AC0F39F7690DD63DAB07BD
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/afmYjXaHaumU16oz7llCIME7ui8.roa
Signing time:             Mon 03 Nov 2025 11:29:03 +0000
ROA not before:           Mon 03 Nov 2025 11:29:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        93.89.223.0/24 maxlen: 24
                          141.105.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:49:7a:4c:d6:59:ac:0f:39:f7:69:0d:d6:3d:ab:07:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Nov  3 11:29:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69f9988d76876ae994d7aa33ee594220c13bba2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a6:a3:3a:c0:14:2c:71:1e:de:ae:21:d9:51:
                    ec:76:6f:b4:3f:09:98:e9:ae:cf:84:b9:c6:1a:27:
                    cc:bf:7b:3d:16:fd:18:f5:78:9b:e6:ad:23:a3:95:
                    5f:68:ff:55:e8:4f:1c:70:ff:cb:ec:3a:71:0f:d7:
                    75:f2:36:43:b8:21:71:9b:eb:f7:43:61:fa:c6:5a:
                    bf:1a:e1:3d:11:6e:f9:fa:91:77:72:73:03:54:29:
                    c2:5f:ac:85:ff:65:10:c0:32:e7:6e:ca:98:73:82:
                    00:9c:72:05:97:18:c8:79:78:b0:98:a0:66:e3:80:
                    a3:cc:92:3a:e0:a5:d0:89:ac:25:9a:ed:71:b4:6a:
                    91:8a:ff:fb:82:9c:bb:67:e9:4b:68:d8:df:f0:74:
                    ab:7e:97:23:35:ca:ce:cf:55:82:1b:10:07:91:40:
                    64:ad:6c:b5:2b:75:46:c4:6c:08:3b:08:4e:51:f1:
                    93:c5:21:64:f7:5f:70:a2:21:1c:35:5f:e1:c7:af:
                    65:1d:17:9e:50:29:25:e3:02:c5:fb:21:7e:1a:38:
                    4a:51:0e:5b:2c:68:04:3d:32:c9:3e:e6:ea:19:d2:
                    48:42:ae:71:4f:aa:1d:81:c2:9d:f0:a8:23:4d:a1:
                    dc:f6:99:b9:33:a6:54:46:12:91:11:95:ed:6e:db:
                    99:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:F9:98:8D:76:87:6A:E9:94:D7:AA:33:EE:59:42:20:C1:3B:BA:2F
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/afmYjXaHaumU16oz7llCIME7ui8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.89.223.0/24
                  141.105.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:b2:2c:30:2c:fd:6f:5d:ce:6e:ba:ee:d4:67:f8:a8:0c:97:
         36:17:90:e5:24:8a:8d:7e:17:95:4c:90:53:36:27:29:8e:81:
         a9:a4:b8:f4:e6:3c:c4:35:f4:16:cc:f0:db:70:5c:02:22:dd:
         18:2d:73:69:fd:81:7c:b7:70:c6:08:86:40:e5:7b:4e:88:8d:
         04:f0:05:4f:64:9a:5e:9f:20:00:4c:bd:00:89:32:af:48:b2:
         40:60:0b:5d:0a:d0:dc:ae:63:1b:af:84:cc:41:88:47:73:af:
         51:d2:3e:94:34:ac:45:63:3a:44:2a:08:fa:73:8c:19:4a:42:
         6a:f4:e9:02:22:7b:8f:89:ff:60:a6:17:ee:37:7b:c8:4f:9f:
         8d:84:5d:7c:78:79:b4:25:b7:f9:25:f1:a7:41:ca:5f:72:ad:
         70:94:79:e3:ff:42:c1:7d:eb:40:79:b4:3f:31:10:7b:7a:73:
         d0:db:cd:92:7e:91:d0:5a:21:d1:e6:19:ea:05:88:78:7c:cc:
         e3:b6:d6:8f:23:04:b2:05:68:1d:72:20:bb:58:b7:28:c1:7b:
         5d:77:77:57:56:53:e7:f3:cf:33:10:fb:c6:c3:87:50:4a:20:
         a5:b7:16:d7:1d:a8:b4:65:41:ed:37:98:61:55:c8:2e:d8:dc:
         4f:10:6f:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpJekzWWawPOfdpDdY9qwe9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjUxMTAzMTEyOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWY5OTg4ZDc2ODc2YWU5OTRkN2FhMzNlZTU5NDIyMGMxM2JiYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6ajOsAULHEe3q4h2VHsdm+0PwmY
6a7PhLnGGifMv3s9Fv0Y9Xib5q0jo5VfaP9V6E8ccP/L7DpxD9d18jZDuCFxm+v3
Q2H6xlq/GuE9EW75+pF3cnMDVCnCX6yF/2UQwDLnbsqYc4IAnHIFlxjIeXiwmKBm
44CjzJI64KXQiawlmu1xtGqRiv/7gpy7Z+lLaNjf8HSrfpcjNcrOz1WCGxAHkUBk
rWy1K3VGxGwIOwhOUfGTxSFk919woiEcNV/hx69lHReeUCkl4wLF+yF+GjhKUQ5b
LGgEPTLJPubqGdJIQq5xT6odgcKd8KgjTaHc9pm5M6ZURhKREZXtbtuZxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGn5mI12h2rplNeqM+5ZQiDBO7ovMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvYWZtWWpYYUhhdW1VMTZvejdsbENJTUU3dWk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXVnfAwQA
jWmPMA0GCSqGSIb3DQEBCwUAA4IBAQACsiwwLP1vXc5uuu7UZ/ioDJc2F5DlJIqN
fheVTJBTNicpjoGppLj05jzENfQWzPDbcFwCIt0YLXNp/YF8t3DGCIZA5XtOiI0E
8AVPZJpenyAATL0AiTKvSLJAYAtdCtDcrmMbr4TMQYhHc69R0j6UNKxFYzpEKgj6
c4wZSkJq9OkCInuPif9gphfuN3vIT5+NhF18eHm0Jbf5JfGnQcpfcq1wlHnj/0LB
fetAebQ/MRB7enPQ282SfpHQWiHR5hnqBYh4fMzjttaPIwSyBWgdciC7WLcowXtd
d3dXVlPn888zEPvGw4dQSiCltxbXHai0ZUHtN5hhVcgu2NxPEG8k
-----END CERTIFICATE-----