Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/oBKt6fMr87e-rFOhXitc_DWZtdg.roa
File:                     oBKt6fMr87e-rFOhXitc_DWZtdg.roa (raw, json)
Hash identifier:          qJjvrPZfU1anKZ4X1zOc4+1vwatadPrAJ6kaez7yYks=
Subject key identifier:   A0:12:AD:E9:F3:2B:F3:B7:BE:AC:53:A1:5E:2B:5C:FC:35:99:B5:D8
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       019A2915742B64033C80C361624C7C4B1B9F
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/oBKt6fMr87e-rFOhXitc_DWZtdg.roa
Signing time:             Tue 28 Oct 2025 04:31:03 +0000
ROA not before:           Tue 28 Oct 2025 04:31:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        212.87.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:29:15:74:2b:64:03:3c:80:c3:61:62:4c:7c:4b:1b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Oct 28 04:31:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a012ade9f32bf3b7beac53a15e2b5cfc3599b5d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b5:d3:7b:b8:58:c9:c4:5c:ee:0f:bf:d0:fb:
                    b2:c2:38:84:64:a3:63:42:42:7b:16:3b:bf:e6:0f:
                    22:f4:b1:b4:13:95:76:1d:f5:82:26:e6:2a:da:7f:
                    c1:11:8a:ff:4d:eb:22:76:81:08:e4:6a:9f:2a:83:
                    f7:4c:36:f8:88:e5:5f:5f:4f:b2:5c:fa:41:cb:60:
                    f1:66:b0:9a:92:5f:a5:f5:56:04:8d:55:4e:ba:d5:
                    07:7f:cf:b8:8a:81:21:79:6c:47:78:0e:de:1f:4f:
                    17:3d:e1:df:f8:ff:26:7d:b1:1b:83:df:05:af:10:
                    49:f6:62:2b:2e:2c:c6:7f:0a:65:d3:4a:09:01:37:
                    16:32:48:c1:b1:98:53:9d:a8:93:a8:25:b4:7b:85:
                    12:0a:35:4d:e9:62:da:5e:7d:7f:2e:d2:07:15:7e:
                    ff:b9:12:03:2b:ae:81:44:b2:e0:19:b9:ee:bf:16:
                    63:c9:21:c2:63:85:7f:0e:11:21:2b:67:9b:86:e9:
                    de:a6:21:86:fb:b4:a3:9f:8b:01:6e:4d:94:b0:b1:
                    89:49:f6:6c:96:7c:e2:64:30:f0:b3:e1:24:33:d1:
                    0e:12:dd:cb:66:91:31:c2:5a:cf:d4:ba:0e:ab:bc:
                    5c:24:38:e3:97:7e:ff:42:ab:ff:55:7d:a5:f6:33:
                    05:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:12:AD:E9:F3:2B:F3:B7:BE:AC:53:A1:5E:2B:5C:FC:35:99:B5:D8
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/oBKt6fMr87e-rFOhXitc_DWZtdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:a5:a8:56:ab:96:31:74:33:be:75:47:d8:4e:11:05:1d:29:
         35:4d:2c:b1:0d:62:f2:01:04:86:8b:12:d6:4c:ec:3b:ca:47:
         f3:e2:f3:5b:58:d0:d1:33:8e:75:20:f0:c4:03:1d:e1:88:0a:
         3b:17:da:ac:06:b2:ce:f8:70:53:28:1d:31:06:04:60:5a:48:
         6d:aa:ef:01:54:e6:aa:f8:da:dd:20:89:8e:7c:29:e9:53:1f:
         31:32:45:10:b3:84:49:a5:5e:64:56:5a:a5:a0:db:b4:3d:4c:
         c3:7b:36:a8:e8:05:10:2b:36:7b:99:96:2f:d3:36:63:de:45:
         cc:6f:29:97:97:30:9f:d9:3b:d9:41:bc:fd:f8:63:76:94:82:
         80:cc:44:c8:c7:f0:d0:6a:ef:6b:59:1b:0d:a2:6b:56:22:b4:
         65:84:17:20:35:8a:9e:e8:3b:a4:01:6b:9b:ed:99:c5:5b:30:
         68:d3:c4:be:c4:e9:f6:1f:38:96:d4:e7:9a:f8:23:9e:6c:ce:
         9f:9a:7e:ab:8c:8a:52:88:f1:92:14:e4:02:ea:f8:ef:4b:51:
         cc:05:6e:e0:bc:12:9f:9d:a5:fb:4e:aa:f6:db:44:a6:1a:c6:
         57:4a:5b:11:db:29:e5:4c:f2:b7:e1:ab:c5:d7:b1:36:68:48:
         c5:77:9f:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZopFXQrZAM8gMNhYkx8SxufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUxMDI4MDQzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDEyYWRlOWYzMmJmM2I3YmVhYzUzYTE1ZTJiNWNmYzM1OTliNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4bXTe7hYycRc7g+/0PuywjiEZKNj
QkJ7Fju/5g8i9LG0E5V2HfWCJuYq2n/BEYr/TesidoEI5GqfKoP3TDb4iOVfX0+y
XPpBy2DxZrCakl+l9VYEjVVOutUHf8+4ioEheWxHeA7eH08XPeHf+P8mfbEbg98F
rxBJ9mIrLizGfwpl00oJATcWMkjBsZhTnaiTqCW0e4USCjVN6WLaXn1/LtIHFX7/
uRIDK66BRLLgGbnuvxZjySHCY4V/DhEhK2ebhunepiGG+7Sjn4sBbk2UsLGJSfZs
lnziZDDws+EkM9EOEt3LZpExwlrP1LoOq7xcJDjjl37/Qqv/VX2l9jMFoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKASrenzK/O3vqxToV4rXPw1mbXYMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvb0JLdDZmTXI4N2UtckZPaFhpdGNfRFdadGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FfJMA0G
CSqGSIb3DQEBCwUAA4IBAQCWpahWq5YxdDO+dUfYThEFHSk1TSyxDWLyAQSGixLW
TOw7ykfz4vNbWNDRM451IPDEAx3hiAo7F9qsBrLO+HBTKB0xBgRgWkhtqu8BVOaq
+NrdIImOfCnpUx8xMkUQs4RJpV5kVlqloNu0PUzDezao6AUQKzZ7mZYv0zZj3kXM
bymXlzCf2TvZQbz9+GN2lIKAzETIx/DQau9rWRsNomtWIrRlhBcgNYqe6DukAWub
7ZnFWzBo08S+xOn2HziW1Oea+COebM6fmn6rjIpSiPGSFOQC6vjvS1HMBW7gvBKf
naX7Tqr220SmGsZXSlsR2ynlTPK34avF17E2aEjFd59R
-----END CERTIFICATE-----