Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/1168fa-fbf6-4e07-9ec7-919eefba48b5/1/t4Me7o46EPXuuYLWaaf0tlmnDwo.roa
File:                     t4Me7o46EPXuuYLWaaf0tlmnDwo.roa (raw, json)
Hash identifier:          opkJ9tQSl8kaOwV5x6n9qLElK+q3Eq2xK8X4ODbWPhY=
Subject key identifier:   B7:83:1E:EE:8E:3A:10:F5:EE:B9:82:D6:69:A7:F4:B6:59:A7:0F:0A
Certificate issuer:       /CN=cf40185f552cd975276c03464f50c7a5d351564c
Certificate serial:       019A0C901F88A5DBE16C82C1358E7D8DA730
Authority key identifier: CF:40:18:5F:55:2C:D9:75:27:6C:03:46:4F:50:C7:A5:D3:51:56:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z0AYX1Us2XUnbANGT1DHpdNRVkw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/1168fa-fbf6-4e07-9ec7-919eefba48b5/1/t4Me7o46EPXuuYLWaaf0tlmnDwo.roa
Signing time:             Wed 22 Oct 2025 15:36:03 +0000
ROA not before:           Wed 22 Oct 2025 15:36:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.222.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/1168fa-fbf6-4e07-9ec7-919eefba48b5/1/z0AYX1Us2XUnbANGT1DHpdNRVkw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/1168fa-fbf6-4e07-9ec7-919eefba48b5/1/z0AYX1Us2XUnbANGT1DHpdNRVkw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z0AYX1Us2XUnbANGT1DHpdNRVkw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0c:90:1f:88:a5:db:e1:6c:82:c1:35:8e:7d:8d:a7:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf40185f552cd975276c03464f50c7a5d351564c
        Validity
            Not Before: Oct 22 15:36:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7831eee8e3a10f5eeb982d669a7f4b659a70f0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9a:82:81:86:4c:f0:50:13:2a:9e:b5:bc:16:
                    79:12:f3:65:e8:7a:bf:ed:67:d5:73:f1:1f:a8:75:
                    96:e9:03:11:ec:06:b2:79:79:50:6d:82:25:08:f9:
                    d1:d3:92:c8:aa:64:20:07:1e:66:40:4d:0a:3a:ea:
                    8f:86:ed:79:09:c2:0f:dc:59:40:17:63:7f:eb:46:
                    3c:48:70:e9:63:df:44:25:23:8a:44:b6:bf:87:c4:
                    7b:8e:62:f2:33:39:d1:85:10:8b:a4:40:60:ee:03:
                    f7:c8:d5:29:d6:e9:b9:da:78:b7:40:fe:ae:f8:df:
                    f6:88:0b:ef:f2:0d:3a:d8:54:42:68:cb:6a:70:42:
                    2b:d8:c0:9e:de:f4:45:09:e2:1c:0f:8e:8e:07:67:
                    bd:7f:0c:45:e0:a4:27:0d:48:f7:20:8f:00:cc:7f:
                    2d:ec:17:64:39:26:5c:6c:43:c1:86:5b:ce:c1:78:
                    76:c4:ba:e2:82:6e:e9:92:2b:aa:b5:22:bc:5d:17:
                    a9:4e:e9:e4:a2:3f:00:ec:af:02:02:45:c3:b4:bf:
                    36:55:ca:27:54:b1:2c:50:a0:0b:cc:94:59:9f:f9:
                    cd:1a:8c:f2:77:1c:c7:7a:30:25:99:05:90:dd:79:
                    37:86:e2:06:3d:05:e0:8c:31:ca:fb:3a:28:ce:f5:
                    fb:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:83:1E:EE:8E:3A:10:F5:EE:B9:82:D6:69:A7:F4:B6:59:A7:0F:0A
            X509v3 Authority Key Identifier:
                keyid:CF:40:18:5F:55:2C:D9:75:27:6C:03:46:4F:50:C7:A5:D3:51:56:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z0AYX1Us2XUnbANGT1DHpdNRVkw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/1168fa-fbf6-4e07-9ec7-919eefba48b5/1/t4Me7o46EPXuuYLWaaf0tlmnDwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/1168fa-fbf6-4e07-9ec7-919eefba48b5/1/z0AYX1Us2XUnbANGT1DHpdNRVkw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:cf:27:7d:07:2e:ed:9b:45:3b:7a:b8:88:09:6f:94:79:26:
         8b:8a:8d:d1:ea:16:b7:5d:b4:c0:e8:f0:67:34:50:c1:6e:78:
         ef:9a:14:e6:67:8a:5e:ef:15:3b:06:85:66:8b:3a:26:5b:df:
         52:24:3e:b5:52:5b:57:43:95:ff:d1:57:99:28:19:27:f1:26:
         9d:f7:d2:a7:1f:1a:d9:9b:5a:3c:8b:fe:4e:49:44:6a:61:30:
         23:4a:c0:bc:1f:c2:d7:a3:14:9d:de:31:a6:5c:48:1e:37:d8:
         ab:a3:49:8d:df:43:7e:87:8c:46:c4:80:22:64:cc:f8:99:5a:
         00:45:fb:02:11:7f:a7:29:cf:3b:cd:ec:66:1e:d7:32:28:a6:
         ea:d3:55:36:52:51:e3:ea:ac:c2:fa:00:16:0d:cc:e2:b4:36:
         69:9d:08:62:8b:1d:c4:91:4c:70:49:bf:b0:c0:98:39:4f:d5:
         40:34:6d:11:ce:ba:d8:a3:d1:fa:3a:e9:18:66:0a:df:3f:d9:
         db:2d:90:69:75:ff:34:13:f1:92:4c:01:e4:8c:6f:b6:30:d9:
         a9:bc:4c:81:06:95:56:d0:22:10:ce:7c:26:5a:c5:40:65:9a:
         3a:0c:93:3a:b6:62:ed:bd:7f:5f:ca:e9:fb:d4:f4:3a:f2:5c:
         22:5c:dc:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoMkB+IpdvhbILBNY59jacwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNDAxODVmNTUyY2Q5NzUyNzZjMDM0NjRmNTBjN2E1ZDM1
MTU2NGMwHhcNMjUxMDIyMTUzNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzgzMWVlZThlM2ExMGY1ZWViOTgyZDY2OWE3ZjRiNjU5YTcwZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJqCgYZM8FATKp61vBZ5EvNl6Hq/
7WfVc/EfqHWW6QMR7AayeXlQbYIlCPnR05LIqmQgBx5mQE0KOuqPhu15CcIP3FlA
F2N/60Y8SHDpY99EJSOKRLa/h8R7jmLyMznRhRCLpEBg7gP3yNUp1um52ni3QP6u
+N/2iAvv8g062FRCaMtqcEIr2MCe3vRFCeIcD46OB2e9fwxF4KQnDUj3II8AzH8t
7BdkOSZcbEPBhlvOwXh2xLrigm7pkiuqtSK8XRepTunkoj8A7K8CAkXDtL82Vcon
VLEsUKALzJRZn/nNGozydxzHejAlmQWQ3Xk3huIGPQXgjDHK+zoozvX7nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLeDHu6OOhD17rmC1mmn9LZZpw8KMB8GA1UdIwQY
MBaAFM9AGF9VLNl1J2wDRk9Qx6XTUVZMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejBBWVgxVXMyWFVuYkFOR1QxREhwZE5SVmt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8xMTY4ZmEtZmJmNi00ZTA3LTllYzct
OTE5ZWVmYmE0OGI1LzEvdDRNZTdvNDZFUFh1dVlMV2FhZjB0bG1uRHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8xMTY4ZmEtZmJmNi00ZTA3LTllYzctOTE5ZWVmYmE0OGI1
LzEvejBBWVgxVXMyWFVuYkFOR1QxREhwZE5SVmt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd49MA0G
CSqGSIb3DQEBCwUAA4IBAQB7zyd9By7tm0U7eriICW+UeSaLio3R6ha3XbTA6PBn
NFDBbnjvmhTmZ4pe7xU7BoVmizomW99SJD61UltXQ5X/0VeZKBkn8Sad99KnHxrZ
m1o8i/5OSURqYTAjSsC8H8LXoxSd3jGmXEgeN9iro0mN30N+h4xGxIAiZMz4mVoA
RfsCEX+nKc87zexmHtcyKKbq01U2UlHj6qzC+gAWDczitDZpnQhiix3EkUxwSb+w
wJg5T9VANG0RzrrYo9H6OukYZgrfP9nbLZBpdf80E/GSTAHkjG+2MNmpvEyBBpVW
0CIQznwmWsVAZZo6DJM6tmLtvX9fyun71PQ68lwiXNzb
-----END CERTIFICATE-----