Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/yfGFaoydK8GX9iZlnYz29tjx0mQ.roa
File:                     yfGFaoydK8GX9iZlnYz29tjx0mQ.roa (raw, json)
Hash identifier:          jxsx5pHRIq4+3llBu+CdYcYp8fft9epR+tIujzWmFnA=
Subject key identifier:   C9:F1:85:6A:8C:9D:2B:C1:97:F6:26:65:9D:8C:F6:F6:D8:F1:D2:64
Certificate issuer:       /CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
Certificate serial:       019A216C646C0E7C97C9D66CB8AE91D0718A
Authority key identifier: 55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/yfGFaoydK8GX9iZlnYz29tjx0mQ.roa
Signing time:             Sun 26 Oct 2025 16:49:03 +0000
ROA not before:           Sun 26 Oct 2025 16:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213711
IP address blocks:        168.222.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:21:6c:64:6c:0e:7c:97:c9:d6:6c:b8:ae:91:d0:71:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
        Validity
            Not Before: Oct 26 16:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9f1856a8c9d2bc197f626659d8cf6f6d8f1d264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:b7:56:9b:78:2b:e0:26:12:1d:ba:c2:e3:37:
                    88:1a:16:7b:49:e4:e7:bf:04:b5:9a:e0:1e:a6:3f:
                    18:b8:f1:25:ed:5a:56:5a:70:a9:aa:ed:a4:7f:0e:
                    db:99:26:9c:0f:9f:37:b6:37:c1:a8:6d:4a:ad:ef:
                    d3:f6:48:99:16:a8:cc:05:7e:44:17:5d:d5:56:3d:
                    67:ce:2e:4c:7c:4a:61:28:29:a5:18:df:24:f4:cb:
                    d8:e7:7b:3d:df:f9:e9:ea:d9:9e:c4:36:ab:58:e5:
                    ae:29:a6:92:39:0e:7f:a1:11:d3:14:40:17:17:53:
                    0c:07:a5:ef:d5:b8:8b:a5:5d:7d:4f:c3:52:8a:23:
                    34:30:ae:e6:2d:34:c1:2d:b2:0c:a3:51:83:d1:5f:
                    06:24:d9:2f:ea:59:7c:18:30:c3:6a:12:ec:56:30:
                    df:8b:f2:87:ec:bf:e6:3e:52:87:2d:c9:ae:0e:f3:
                    7d:3f:6a:20:8d:40:05:7f:14:12:b0:5c:07:68:07:
                    66:19:e6:13:f0:d2:ab:6f:51:30:42:23:5a:7d:33:
                    fd:52:c8:3a:69:e8:86:80:95:61:11:32:23:56:3f:
                    86:0e:d1:05:77:dd:d1:88:a2:7d:9d:90:97:9d:4d:
                    4f:0d:f6:7d:2f:3a:c4:07:0f:52:8b:f7:c2:4d:b9:
                    b3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F1:85:6A:8C:9D:2B:C1:97:F6:26:65:9D:8C:F6:F6:D8:F1:D2:64
            X509v3 Authority Key Identifier:
                keyid:55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/yfGFaoydK8GX9iZlnYz29tjx0mQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         f1:ec:d7:34:1a:10:e0:c4:83:07:fa:a8:97:d7:5e:e6:67:01:
         2a:e7:79:87:80:2e:3f:30:e1:33:a6:06:73:48:70:40:ad:54:
         c0:1b:07:05:59:f7:ab:36:d7:50:bc:b6:3d:d8:16:6a:3e:00:
         d3:e0:ba:25:f0:c9:0c:26:41:3d:60:86:2f:6a:e3:1f:f1:d4:
         5a:ec:09:af:d2:79:a4:6f:31:a6:ad:82:db:2b:a7:4b:0b:61:
         21:b7:8c:c0:e1:50:36:0b:b4:8c:61:13:48:c2:82:f2:96:aa:
         8d:6b:9b:00:4c:8a:b1:f5:e1:4d:d9:fa:48:a4:20:31:42:4e:
         54:3c:31:fa:71:48:83:dd:ba:1c:52:15:70:1d:c8:92:95:6d:
         7f:a1:eb:99:b9:a0:a3:c6:3b:ef:19:5e:76:4f:66:65:95:50:
         52:92:b3:43:bf:67:a1:a6:b4:57:17:ea:b3:17:dd:8c:76:71:
         64:c9:b3:0b:ba:d4:8e:48:6d:e7:38:35:c0:bd:62:39:18:99:
         f8:5b:c7:0a:a9:a9:8c:de:f7:cc:3a:d1:15:ac:08:fa:88:75:
         2c:00:6e:12:d4:2b:b6:ec:bd:d7:e0:ee:c2:90:bc:55:cc:ae:
         c0:c6:eb:04:3e:59:cf:be:e8:28:53:3c:75:f0:56:31:89:40:
         58:da:7f:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZohbGRsDnyXydZsuK6R0HGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YzliMjAyNWUwZTY5NTgwOGY2YjYxZWUyNzZhZWQ0ZmI1
NjgwY2QwHhcNMjUxMDI2MTY0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWYxODU2YThjOWQyYmMxOTdmNjI2NjU5ZDhjZjZmNmQ4ZjFkMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67dWm3gr4CYSHbrC4zeIGhZ7SeTn
vwS1muAepj8YuPEl7VpWWnCpqu2kfw7bmSacD583tjfBqG1Kre/T9kiZFqjMBX5E
F13VVj1nzi5MfEphKCmlGN8k9MvY53s93/np6tmexDarWOWuKaaSOQ5/oRHTFEAX
F1MMB6Xv1biLpV19T8NSiiM0MK7mLTTBLbIMo1GD0V8GJNkv6ll8GDDDahLsVjDf
i/KH7L/mPlKHLcmuDvN9P2ogjUAFfxQSsFwHaAdmGeYT8NKrb1EwQiNafTP9Usg6
aeiGgJVhETIjVj+GDtEFd93RiKJ9nZCXnU1PDfZ9LzrEBw9Si/fCTbmzEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnxhWqMnSvBl/YmZZ2M9vbY8dJkMB8GA1UdIwQY
MBaAFFXJsgJeDmlYCPa2HuJ2rtT7VoDNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUt
NzFiZTBkNTE5MTlkLzEveWZHRmFveWRLOEdYOWlabG5ZejI5dGp4MG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUtNzFiZTBkNTE5MTlk
LzEvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqN7+MA0G
CSqGSIb3DQEBCwUAA4IBAQDx7Nc0GhDgxIMH+qiX117mZwEq53mHgC4/MOEzpgZz
SHBArVTAGwcFWferNtdQvLY92BZqPgDT4Lol8MkMJkE9YIYvauMf8dRa7Amv0nmk
bzGmrYLbK6dLC2Eht4zA4VA2C7SMYRNIwoLylqqNa5sATIqx9eFN2fpIpCAxQk5U
PDH6cUiD3bocUhVwHciSlW1/oeuZuaCjxjvvGV52T2ZllVBSkrNDv2ehprRXF+qz
F92MdnFkybMLutSOSG3nODXAvWI5GJn4W8cKqamM3vfMOtEVrAj6iHUsAG4S1Cu2
7L3X4O7CkLxVzK7AxusEPlnPvugoUzx18FYxiUBY2n/5
-----END CERTIFICATE-----