Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/AOSfY-mj9so59NFJYYJDJ6vMF2I.roa
File:                     AOSfY-mj9so59NFJYYJDJ6vMF2I.roa (raw, json)
Hash identifier:          4etfS9SVzJGK4dlRDfCqxZ0gP8WkGObbwng7AuYZcx8=
Subject key identifier:   00:E4:9F:63:E9:A3:F6:CA:39:F4:D1:49:61:82:43:27:AB:CC:17:62
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       019A2559A58EB77DEF83F384BA8B23D6B9CC
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/AOSfY-mj9so59NFJYYJDJ6vMF2I.roa
Signing time:             Mon 27 Oct 2025 11:07:03 +0000
ROA not before:           Mon 27 Oct 2025 11:07:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41745
IP address blocks:        193.68.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:25:59:a5:8e:b7:7d:ef:83:f3:84:ba:8b:23:d6:b9:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Oct 27 11:07:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00e49f63e9a3f6ca39f4d14961824327abcc1762
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:47:8d:3d:96:36:41:3b:23:f7:77:2c:cd:12:
                    03:97:79:d3:87:35:ba:8a:61:28:c0:b2:dc:e4:e3:
                    10:f1:a9:4e:40:76:57:0b:fc:ce:4e:23:5c:00:a6:
                    b8:8c:ce:04:29:fe:69:0d:96:1b:94:6c:da:cf:29:
                    f6:41:b9:b9:ed:68:c4:66:90:2a:7b:6c:ee:2a:4e:
                    e6:24:3a:d1:a0:c8:64:4e:0c:f9:23:0e:d0:ec:38:
                    2b:5b:f2:2d:b6:a0:94:48:7f:ae:a1:57:f3:20:b4:
                    8f:a4:08:eb:dd:3e:f4:ba:92:30:23:eb:f5:25:ec:
                    e7:dd:2e:3e:14:4a:64:ba:db:9a:cd:0b:0a:3b:1b:
                    d7:7b:3e:b6:1d:cd:7f:be:01:37:8b:af:01:93:d9:
                    1c:71:57:56:a8:17:38:cd:2b:1b:bf:b1:88:87:55:
                    50:3a:c1:13:65:ba:c2:20:34:a0:43:f8:37:59:65:
                    ae:b6:18:2d:0f:ea:c6:6b:ad:ea:aa:68:87:d8:96:
                    61:84:04:90:7c:0c:63:b0:5d:4e:1f:10:0e:39:47:
                    68:96:84:a1:24:50:86:7e:e2:4a:aa:cd:f7:2d:7b:
                    f6:fb:9c:a5:40:b8:75:ac:ea:33:de:40:91:2b:05:
                    f7:01:7f:f1:7d:3f:b3:bc:cc:7d:39:25:d8:4c:43:
                    00:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:E4:9F:63:E9:A3:F6:CA:39:F4:D1:49:61:82:43:27:AB:CC:17:62
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/AOSfY-mj9so59NFJYYJDJ6vMF2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.68.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:7e:db:39:bb:7d:04:6a:eb:56:3b:58:03:ff:44:74:9b:62:
         89:b4:cd:d5:f5:3d:88:78:ea:d3:0a:79:63:56:cf:77:e7:91:
         63:79:a2:9e:01:37:e9:08:f1:e5:57:60:19:10:ee:10:98:ac:
         0e:10:55:ce:d7:a2:04:e8:1d:c2:47:59:74:24:d8:96:ff:d4:
         5b:87:d6:fe:6a:ea:1b:d6:62:a7:e2:a7:52:88:e2:70:b3:d0:
         ff:50:b5:35:dc:bc:42:34:b3:35:e1:c1:d0:ac:27:bf:c9:32:
         a2:d4:0f:f6:a1:99:77:ef:ab:26:db:15:a8:ef:12:7e:29:e0:
         8e:a3:93:9d:1f:7b:74:bb:9e:e6:43:a5:44:18:ce:a6:92:f6:
         99:5d:a0:e7:b2:de:fc:6e:13:5d:55:5d:37:02:44:8e:e2:5b:
         43:03:be:db:11:b1:8b:28:0d:3b:8e:2a:c6:67:20:45:8a:77:
         6a:44:de:cd:c5:76:f3:e3:02:22:fa:5a:c4:bc:78:c1:16:e5:
         7c:ca:14:de:58:19:97:5a:ad:98:a8:32:01:ab:5f:68:f3:f9:
         90:5f:d5:a6:f1:30:90:ad:8b:ca:cd:26:30:92:6a:7f:ef:ad:
         69:10:3a:00:5f:41:05:12:d4:70:ab:70:e8:82:63:0d:c3:9c:
         db:47:00:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZolWaWOt33vg/OEuosj1rnMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjUxMDI3MTEwNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGU0OWY2M2U5YTNmNmNhMzlmNGQxNDk2MTgyNDMyN2FiY2MxNzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEeNPZY2QTsj93cszRIDl3nThzW6
imEowLLc5OMQ8alOQHZXC/zOTiNcAKa4jM4EKf5pDZYblGzazyn2Qbm57WjEZpAq
e2zuKk7mJDrRoMhkTgz5Iw7Q7DgrW/IttqCUSH+uoVfzILSPpAjr3T70upIwI+v1
Jezn3S4+FEpkutuazQsKOxvXez62Hc1/vgE3i68Bk9kccVdWqBc4zSsbv7GIh1VQ
OsETZbrCIDSgQ/g3WWWuthgtD+rGa63qqmiH2JZhhASQfAxjsF1OHxAOOUdoloSh
JFCGfuJKqs33LXv2+5ylQLh1rOoz3kCRKwX3AX/xfT+zvMx9OSXYTEMAXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADkn2Ppo/bKOfTRSWGCQyerzBdiMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvQU9TZlktbWo5c281OU5GSllZSkRKNnZNRjJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwURZMA0G
CSqGSIb3DQEBCwUAA4IBAQAwfts5u30EautWO1gD/0R0m2KJtM3V9T2IeOrTCnlj
Vs9355FjeaKeATfpCPHlV2AZEO4QmKwOEFXO16IE6B3CR1l0JNiW/9Rbh9b+auob
1mKn4qdSiOJws9D/ULU13LxCNLM14cHQrCe/yTKi1A/2oZl376sm2xWo7xJ+KeCO
o5OdH3t0u57mQ6VEGM6mkvaZXaDnst78bhNdVV03AkSO4ltDA77bEbGLKA07jirG
ZyBFindqRN7NxXbz4wIi+lrEvHjBFuV8yhTeWBmXWq2YqDIBq19o8/mQX9Wm8TCQ
rYvKzSYwkmp/761pEDoAX0EFEtRwq3DogmMNw5zbRwAB
-----END CERTIFICATE-----