Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/Mtd4Da3by6MR0jbcbO89ZqbHwwc.roa
File:                     Mtd4Da3by6MR0jbcbO89ZqbHwwc.roa (raw, json)
Hash identifier:          qQjeGqI+gA1pVRqlFtpLmxtJsL8q91td/UWxeWGBR0k=
Subject key identifier:   32:D7:78:0D:AD:DB:CB:A3:11:D2:36:DC:6C:EF:3D:66:A6:C7:C3:07
Certificate issuer:       /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial:       019A1692AF0673D178A3E443C8D8857157FB
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/Mtd4Da3by6MR0jbcbO89ZqbHwwc.roa
Signing time:             Fri 24 Oct 2025 14:15:03 +0000
ROA not before:           Fri 24 Oct 2025 14:15:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3561
IP address blocks:        62.216.64.0/21 maxlen: 21
                          178.157.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:16:92:af:06:73:d1:78:a3:e4:43:c8:d8:85:71:57:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
        Validity
            Not Before: Oct 24 14:15:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32d7780daddbcba311d236dc6cef3d66a6c7c307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:cd:17:6e:dd:14:b1:f2:54:03:bc:89:f1:66:
                    fd:8f:39:75:e0:b8:5a:c6:64:9f:0b:3c:69:db:d2:
                    09:26:f5:1a:69:bf:2d:1a:1d:1c:8b:3a:a0:1b:a0:
                    86:c0:e3:d5:d0:f6:65:a3:dd:4d:af:ad:e1:01:75:
                    b3:c4:8a:07:31:88:73:5b:ee:38:e5:1d:fd:63:44:
                    91:46:2f:17:de:2c:c3:1f:e3:80:f0:a4:9f:2c:48:
                    16:e4:71:bd:be:c7:6e:1f:b2:75:e7:34:b0:57:10:
                    03:5e:85:44:6d:52:64:f4:84:c6:f2:2a:f3:d8:cd:
                    d3:92:4b:ce:0d:a3:10:ae:1d:e0:e3:c1:90:98:79:
                    65:20:8d:0f:83:72:a9:b3:a0:5d:74:a0:bd:a5:a3:
                    33:f0:0f:91:fc:dd:c3:b9:08:1a:9e:6a:6b:80:65:
                    35:16:c0:f0:60:e9:9b:18:f5:a6:af:25:c4:80:41:
                    b2:01:d7:1c:c3:a6:5d:b6:35:dc:21:c9:bd:9c:53:
                    71:25:d7:48:52:61:18:0b:7f:c8:bd:41:97:29:3d:
                    fa:65:ae:d5:08:42:cd:c4:b5:08:05:80:f1:ac:64:
                    e3:1b:a8:7d:9b:bb:8b:31:0b:13:71:18:92:48:c2:
                    9e:4c:4a:a2:77:c0:ad:fb:ae:8b:78:d2:1e:64:ed:
                    d3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:D7:78:0D:AD:DB:CB:A3:11:D2:36:DC:6C:EF:3D:66:A6:C7:C3:07
            X509v3 Authority Key Identifier:
                keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/Mtd4Da3by6MR0jbcbO89ZqbHwwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.216.64.0/21
                  178.157.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:f4:3d:07:99:94:31:7f:ba:5b:a1:7e:cf:78:ee:97:35:11:
         b8:90:d7:dd:8a:a1:40:dd:16:b0:20:31:71:99:8a:96:fc:13:
         1f:dd:cc:a9:8e:4a:65:c1:a8:d4:47:47:03:cf:1b:b0:1b:ce:
         73:5a:32:69:f7:8c:08:8f:84:c7:60:05:69:79:ce:82:d2:28:
         d7:a7:cf:18:43:d6:19:ce:e7:25:32:12:93:3f:91:4f:98:40:
         f3:bf:d4:b9:fb:37:fc:07:70:97:94:93:f9:2a:d0:05:af:94:
         35:61:cb:69:8a:74:85:c7:64:15:f6:77:c7:26:d2:73:8b:36:
         d3:53:6a:77:84:67:86:34:81:20:09:11:f6:4c:bf:f6:db:b0:
         43:7c:5a:a1:10:f6:9f:1b:06:13:35:40:07:63:63:e6:7c:2d:
         05:40:7d:3d:a0:73:30:45:b0:32:e3:bd:6a:d2:c9:dc:ce:86:
         15:90:4b:7f:2a:49:67:0e:d8:ec:c6:68:4d:5f:a2:d0:15:90:
         43:b0:0c:b1:77:af:6b:b2:e3:86:d9:3f:f6:dc:5b:62:b7:64:
         0f:bc:a9:f9:b9:d3:47:04:0c:46:43:42:41:ba:89:1c:67:b9:
         c3:8e:43:25:f7:38:09:f9:41:61:61:10:cf:fa:6d:95:36:9e:
         7d:8a:4a:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoWkq8Gc9F4o+RDyNiFcVf7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjMzZDc1NTA4YjRlODVjY2NmNDQzNDlhN2NiNzAzMTk4
ZDFkMjYwHhcNMjUxMDI0MTQxNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmQ3NzgwZGFkZGJjYmEzMTFkMjM2ZGM2Y2VmM2Q2NmE2YzdjMzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks0Xbt0UsfJUA7yJ8Wb9jzl14Lha
xmSfCzxp29IJJvUaab8tGh0cizqgG6CGwOPV0PZlo91Nr63hAXWzxIoHMYhzW+44
5R39Y0SRRi8X3izDH+OA8KSfLEgW5HG9vsduH7J15zSwVxADXoVEbVJk9ITG8irz
2M3TkkvODaMQrh3g48GQmHllII0Pg3Kps6BddKC9paMz8A+R/N3DuQganmprgGU1
FsDwYOmbGPWmryXEgEGyAdccw6ZdtjXcIcm9nFNxJddIUmEYC3/IvUGXKT36Za7V
CELNxLUIBYDxrGTjG6h9m7uLMQsTcRiSSMKeTEqid8Ct+66LeNIeZO3TkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDLXeA2t28ujEdI23GzvPWamx8MHMB8GA1UdIwQY
MBaAFGsjPXVQi06FzM9ENJp8twMZjR0mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEt
ZmE5Y2I1MWNkMGYxLzEvTXRkNERhM2J5Nk1SMGpiY2JPODlacWJId3djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEtZmE5Y2I1MWNkMGYx
LzEvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDPthAAwQC
sp1AMA0GCSqGSIb3DQEBCwUAA4IBAQBJ9D0HmZQxf7pboX7PeO6XNRG4kNfdiqFA
3RawIDFxmYqW/BMf3cypjkplwajUR0cDzxuwG85zWjJp94wIj4THYAVpec6C0ijX
p88YQ9YZzuclMhKTP5FPmEDzv9S5+zf8B3CXlJP5KtAFr5Q1YctpinSFx2QV9nfH
JtJzizbTU2p3hGeGNIEgCRH2TL/227BDfFqhEPafGwYTNUAHY2PmfC0FQH09oHMw
RbAy471q0snczoYVkEt/KklnDtjsxmhNX6LQFZBDsAyxd69rsuOG2T/23Ftit2QP
vKn5udNHBAxGQ0JBuokcZ7nDjkMl9zgJ+UFhYRDP+m2VNp59ikpZ
-----END CERTIFICATE-----