Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rIJryY03xLLpeIEbP-r2IFG0rmE.roa
File:                     rIJryY03xLLpeIEbP-r2IFG0rmE.roa (raw, json)
Hash identifier:          C+xTxnjVZrGuLNaZEbglfbbYNdsrjPks/zYcA8WdZzM=
Subject key identifier:   AC:82:6B:C9:8D:37:C4:B2:E9:78:81:1B:3F:EA:F6:20:51:B4:AE:61
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019A399C1ADAA89333B6B63E5A1B9DF2B5C6
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rIJryY03xLLpeIEbP-r2IFG0rmE.roa
Signing time:             Fri 31 Oct 2025 09:32:03 +0000
ROA not before:           Fri 31 Oct 2025 09:32:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58330
IP address blocks:        194.213.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:39:9c:1a:da:a8:93:33:b6:b6:3e:5a:1b:9d:f2:b5:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Oct 31 09:32:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac826bc98d37c4b2e978811b3feaf62051b4ae61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d7:1b:f6:36:d3:79:47:f8:2f:f7:42:a6:a6:
                    8e:b6:56:59:c7:96:85:d7:9a:6b:a8:d7:12:50:6d:
                    d4:8e:4e:c7:c2:da:3f:b8:7b:29:86:44:46:6c:77:
                    fd:96:84:75:02:79:53:c4:fa:45:41:bc:64:86:ec:
                    8a:86:63:3b:f1:5e:f7:c2:e2:76:27:d5:d1:f9:7b:
                    00:d3:27:53:56:32:2c:41:a6:1a:b3:ed:00:86:9d:
                    8a:f2:9d:7e:c0:ac:db:53:a9:f1:4d:83:aa:05:0c:
                    a4:4c:29:39:19:cb:74:60:e1:d4:6c:7b:12:f5:fb:
                    e0:e7:58:62:c7:e4:05:fd:a9:85:4b:e5:23:6e:c5:
                    34:e2:1a:b4:a1:43:35:7a:cf:22:90:0d:f3:4f:16:
                    98:f9:9e:75:bb:36:a5:d7:9e:22:0f:80:27:e7:7a:
                    9e:4e:7f:3f:f1:14:e4:1d:06:af:5b:67:d4:07:18:
                    2f:a4:d1:bb:59:e6:22:2c:27:40:13:01:c1:cd:d4:
                    32:6d:c1:81:90:02:57:87:0c:86:46:32:63:d6:e2:
                    f7:10:44:06:e8:63:0a:7d:f0:f4:1b:5d:5e:f4:ba:
                    8d:75:ef:23:9a:a2:de:79:0b:9a:2d:d4:80:a6:89:
                    fb:15:2e:94:83:4b:f2:96:f9:cc:c0:d9:c4:e5:d0:
                    96:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:82:6B:C9:8D:37:C4:B2:E9:78:81:1B:3F:EA:F6:20:51:B4:AE:61
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rIJryY03xLLpeIEbP-r2IFG0rmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:37:f7:a6:9e:bc:05:dd:ac:c0:20:77:93:3e:07:56:e5:15:
         76:5a:d6:bd:e5:cc:c2:69:99:12:76:f7:14:60:95:b2:24:4f:
         db:81:bc:62:84:66:1b:f2:ed:f4:ea:a8:b1:c3:eb:c6:d3:26:
         2b:6e:89:1e:c5:d7:e0:a7:90:b8:58:bf:8e:ee:e2:21:71:89:
         f3:6e:8c:63:f5:cd:46:82:2d:d7:01:c4:c2:39:d7:c5:59:ac:
         90:45:05:db:1d:37:7e:93:56:df:a6:f6:fc:37:31:7d:e3:66:
         44:77:29:b6:ea:31:1e:14:70:59:a1:8c:87:33:b9:32:15:56:
         fb:f0:c1:cf:c3:07:e7:f2:85:21:92:1f:1c:2d:d2:f6:b1:3d:
         d3:90:7b:39:7b:8e:11:c0:60:88:d1:7e:e7:af:3a:af:33:1a:
         29:70:0d:8e:a7:21:38:db:95:ea:3d:c0:c2:39:8b:b1:3d:17:
         ff:2c:ef:b4:13:7d:cb:62:ce:a1:2e:88:e5:2f:db:c8:fc:b9:
         8f:62:bf:d2:90:f8:d2:b3:d7:9a:e4:52:a3:96:3a:1d:3f:eb:
         d5:43:fc:29:fc:93:ba:66:52:9a:79:db:1b:fa:10:d2:c0:db:
         10:f1:fc:8e:a6:3d:97:77:dd:c5:e6:3f:3a:64:f1:ac:fa:2a:
         33:5f:ff:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo5nBraqJMztrY+Whud8rXGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUxMDMxMDkzMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzgyNmJjOThkMzdjNGIyZTk3ODgxMWIzZmVhZjYyMDUxYjRhZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudcb9jbTeUf4L/dCpqaOtlZZx5aF
15prqNcSUG3Ujk7Hwto/uHsphkRGbHf9loR1AnlTxPpFQbxkhuyKhmM78V73wuJ2
J9XR+XsA0ydTVjIsQaYas+0Ahp2K8p1+wKzbU6nxTYOqBQykTCk5Gct0YOHUbHsS
9fvg51hix+QF/amFS+UjbsU04hq0oUM1es8ikA3zTxaY+Z51uzal154iD4An53qe
Tn8/8RTkHQavW2fUBxgvpNG7WeYiLCdAEwHBzdQybcGBkAJXhwyGRjJj1uL3EEQG
6GMKffD0G11e9LqNde8jmqLeeQuaLdSApon7FS6Ug0vylvnMwNnE5dCWuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyCa8mNN8Sy6XiBGz/q9iBRtK5hMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvcklKcnlZMDN4TExwZUlFYlAtcjJJRkcwcm1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtUQMA0G
CSqGSIb3DQEBCwUAA4IBAQAuN/emnrwF3azAIHeTPgdW5RV2Wta95czCaZkSdvcU
YJWyJE/bgbxihGYb8u306qixw+vG0yYrbokexdfgp5C4WL+O7uIhcYnzboxj9c1G
gi3XAcTCOdfFWayQRQXbHTd+k1bfpvb8NzF942ZEdym26jEeFHBZoYyHM7kyFVb7
8MHPwwfn8oUhkh8cLdL2sT3TkHs5e44RwGCI0X7nrzqvMxopcA2OpyE425XqPcDC
OYuxPRf/LO+0E33LYs6hLojlL9vI/LmPYr/SkPjSs9ea5FKjljodP+vVQ/wp/JO6
ZlKaedsb+hDSwNsQ8fyOpj2Xd93F5j86ZPGs+iozX/90
-----END CERTIFICATE-----