Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/f2uKIXD1jA4Z0v4z1RdATwz-xfg.roa
File:                     f2uKIXD1jA4Z0v4z1RdATwz-xfg.roa (raw, json)
Hash identifier:          6x0kOLgd5nuPVwZ+RuAYmofGsQm+qa7W1kBXJD3t3zw=
Subject key identifier:   7F:6B:8A:21:70:F5:8C:0E:19:D2:FE:33:D5:17:40:4F:0C:FE:C5:F8
Certificate issuer:       /CN=8c9dccf9e2f37eb107496a7aaf13894ec476e375
Certificate serial:       019A24F40500A5B3E52C89FDB64D5BD3431B
Authority key identifier: 8C:9D:CC:F9:E2:F3:7E:B1:07:49:6A:7A:AF:13:89:4E:C4:76:E3:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jJ3M-eLzfrEHSWp6rxOJTsR243U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/f2uKIXD1jA4Z0v4z1RdATwz-xfg.roa
Signing time:             Mon 27 Oct 2025 09:16:03 +0000
ROA not before:           Mon 27 Oct 2025 09:16:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21150
IP address blocks:        188.64.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/jJ3M-eLzfrEHSWp6rxOJTsR243U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/jJ3M-eLzfrEHSWp6rxOJTsR243U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jJ3M-eLzfrEHSWp6rxOJTsR243U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 15:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:24:f4:05:00:a5:b3:e5:2c:89:fd:b6:4d:5b:d3:43:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c9dccf9e2f37eb107496a7aaf13894ec476e375
        Validity
            Not Before: Oct 27 09:16:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f6b8a2170f58c0e19d2fe33d517404f0cfec5f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:82:87:46:98:d6:41:37:7c:92:56:6f:0c:5f:
                    bc:b1:0e:67:32:aa:b3:d1:e2:db:8e:79:4c:b5:45:
                    a6:2d:25:88:6b:c3:f9:68:a1:f7:d7:a7:d2:40:45:
                    de:0d:ad:33:5e:60:fc:e7:57:4b:33:1d:1e:5f:b8:
                    5c:09:99:ea:84:b1:7e:14:4c:01:94:cc:0d:b8:f4:
                    12:b2:b1:14:bb:a0:64:e4:4d:15:d0:2f:a9:f6:9b:
                    40:c8:82:b8:c2:11:a4:4f:86:a9:e0:7b:75:76:6a:
                    b2:ec:f7:ac:bd:33:06:0a:ed:7d:83:a7:dc:9b:8b:
                    90:11:0f:f8:df:3a:2c:df:68:db:44:cf:48:dd:7e:
                    70:15:81:43:24:bb:96:eb:97:cc:46:bc:03:c2:b2:
                    02:0b:d9:96:77:6d:2e:d1:c9:f3:ca:20:eb:d4:94:
                    ed:37:0c:ea:8b:f6:bb:84:36:5c:28:67:14:aa:e6:
                    86:61:ac:ea:d5:cd:41:77:2d:f6:2a:b8:c8:ae:f2:
                    f2:21:65:95:9c:2b:b9:1c:51:d7:ea:c0:79:cd:af:
                    a4:33:98:37:65:a6:c7:5b:29:ae:55:90:a1:3d:21:
                    b5:4b:9b:04:78:c0:c9:ef:1f:b8:ea:7d:13:ff:cc:
                    87:6d:00:ad:d6:cb:d5:cf:ee:77:1e:24:98:dd:34:
                    66:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:6B:8A:21:70:F5:8C:0E:19:D2:FE:33:D5:17:40:4F:0C:FE:C5:F8
            X509v3 Authority Key Identifier:
                keyid:8C:9D:CC:F9:E2:F3:7E:B1:07:49:6A:7A:AF:13:89:4E:C4:76:E3:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jJ3M-eLzfrEHSWp6rxOJTsR243U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/f2uKIXD1jA4Z0v4z1RdATwz-xfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/jJ3M-eLzfrEHSWp6rxOJTsR243U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:85:03:37:88:70:2f:07:1c:3e:cb:d0:77:2c:3b:ff:59:b4:
         9b:d2:f5:01:3b:e8:25:e9:de:c3:c4:5c:c2:d6:77:d9:d9:d8:
         53:6f:f0:f2:93:f5:4d:5d:b3:8e:15:3d:9b:da:33:75:33:e8:
         d9:35:77:fb:c9:d6:93:87:44:d1:da:e8:0c:82:af:de:f6:ad:
         b6:b7:c5:e1:0e:a3:12:3d:4e:84:d5:3a:a2:b8:0c:1d:95:4a:
         aa:cb:24:ba:8b:bc:c4:b7:4d:0c:b2:2e:be:8f:40:5a:88:66:
         38:c7:0a:ba:fb:97:94:73:41:2a:69:03:5f:48:ec:3c:ef:a7:
         f4:35:e5:85:05:3d:4f:dd:cb:e1:96:5d:bf:5d:28:bc:23:08:
         64:b2:c0:3e:1d:f1:5c:59:9c:80:2c:48:fb:da:2a:be:5f:b0:
         b3:6b:c1:20:09:3c:7c:1f:95:bb:fb:30:c5:8e:79:6a:e6:33:
         3c:44:8e:53:90:88:d2:82:80:53:ca:2b:c0:77:b0:d4:dc:67:
         37:12:04:4a:1f:64:cc:92:86:c4:76:0b:6e:81:54:f2:9e:18:
         36:73:dd:89:5f:4b:67:e5:15:ed:ca:ed:2b:0c:06:84:ce:d6:
         e4:d5:e9:ed:88:c9:64:5e:18:8e:15:4e:30:97:bd:ff:2e:53:
         51:bb:29:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZok9AUApbPlLIn9tk1b00MbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjOWRjY2Y5ZTJmMzdlYjEwNzQ5NmE3YWFmMTM4OTRlYzQ3
NmUzNzUwHhcNMjUxMDI3MDkxNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjZiOGEyMTcwZjU4YzBlMTlkMmZlMzNkNTE3NDA0ZjBjZmVjNWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYKHRpjWQTd8klZvDF+8sQ5nMqqz
0eLbjnlMtUWmLSWIa8P5aKH316fSQEXeDa0zXmD851dLMx0eX7hcCZnqhLF+FEwB
lMwNuPQSsrEUu6Bk5E0V0C+p9ptAyIK4whGkT4ap4Ht1dmqy7PesvTMGCu19g6fc
m4uQEQ/43zos32jbRM9I3X5wFYFDJLuW65fMRrwDwrICC9mWd20u0cnzyiDr1JTt
Nwzqi/a7hDZcKGcUquaGYazq1c1Bdy32KrjIrvLyIWWVnCu5HFHX6sB5za+kM5g3
ZabHWymuVZChPSG1S5sEeMDJ7x+46n0T/8yHbQCt1svVz+53HiSY3TRmZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH9riiFw9YwOGdL+M9UXQE8M/sX4MB8GA1UdIwQY
MBaAFIydzPni836xB0lqeq8TiU7EduN1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakozTS1lTHpmckVIU1dwNnJ4T0pUc1IyNDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9iZDU1ZWUtYzdhNi00MWI4LWJiMzEt
NmE4YzNiNjc2YjU3LzEvZjJ1S0lYRDFqQTRaMHY0ejFSZEFUd3oteGZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9iZDU1ZWUtYzdhNi00MWI4LWJiMzEtNmE4YzNiNjc2YjU3
LzEvakozTS1lTHpmckVIU1dwNnJ4T0pUc1IyNDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEAQMA0G
CSqGSIb3DQEBCwUAA4IBAQB0hQM3iHAvBxw+y9B3LDv/WbSb0vUBO+gl6d7DxFzC
1nfZ2dhTb/Dyk/VNXbOOFT2b2jN1M+jZNXf7ydaTh0TR2ugMgq/e9q22t8XhDqMS
PU6E1TqiuAwdlUqqyyS6i7zEt00Msi6+j0BaiGY4xwq6+5eUc0EqaQNfSOw876f0
NeWFBT1P3cvhll2/XSi8IwhkssA+HfFcWZyALEj72iq+X7Cza8EgCTx8H5W7+zDF
jnlq5jM8RI5TkIjSgoBTyivAd7DU3Gc3EgRKH2TMkobEdgtugVTynhg2c92JX0tn
5RXtyu0rDAaEztbk1entiMlkXhiOFU4wl73/LlNRuyk3
-----END CERTIFICATE-----