Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/KATLQR576QKJ2H55eDjgFkPGSy4.roa
File:                     KATLQR576QKJ2H55eDjgFkPGSy4.roa (raw, json)
Hash identifier:          TJS3dcvnIANs+2B0g61dHZDCH25ipnkjR0I2/txxc+k=
Subject key identifier:   28:04:CB:41:1E:7B:E9:02:89:D8:7E:79:78:38:E0:16:43:C6:4B:2E
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       019A44E66D3955EFC9F1FD59D015FFEEA9A4
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/KATLQR576QKJ2H55eDjgFkPGSy4.roa
Signing time:             Sun 02 Nov 2025 14:09:03 +0000
ROA not before:           Sun 02 Nov 2025 14:09:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59678
IP address blocks:        109.205.193.0/24 maxlen: 24
                          2a01:fb01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:44:e6:6d:39:55:ef:c9:f1:fd:59:d0:15:ff:ee:a9:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Nov  2 14:09:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2804cb411e7be90289d87e797838e01643c64b2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0a:e7:f4:bc:42:89:40:5c:ed:5b:ee:f6:47:
                    6d:1f:10:26:64:7a:b1:17:70:1a:a0:c7:16:f3:23:
                    25:ff:20:7b:1f:ab:04:af:8e:24:58:9f:c7:63:0e:
                    40:4b:d0:56:52:5f:d5:d0:68:1d:46:9e:fc:9d:97:
                    52:1c:46:15:20:c0:8d:98:ba:aa:e7:d3:19:b4:de:
                    7a:e1:b4:ba:9c:f6:73:67:3d:7c:e5:41:6c:6e:27:
                    bc:7d:87:73:03:bf:07:2e:8e:e2:4e:b6:4d:8c:b0:
                    d1:7b:39:ea:5a:4b:7b:87:a9:bf:df:f0:6d:b3:e9:
                    00:b3:e4:b9:9c:85:af:7c:6e:b5:d8:8c:2d:7e:af:
                    e6:21:9a:f1:4b:c8:a4:39:9d:1e:77:e7:11:a8:78:
                    e1:ef:1e:96:41:bd:8a:c5:ba:5c:c5:bc:98:ce:de:
                    3c:73:d6:a1:fd:dd:08:c3:86:27:49:b7:4e:08:ad:
                    4d:0e:4c:e2:48:39:4e:2b:f8:77:db:30:3b:c6:f3:
                    78:5a:db:18:a0:18:5d:bb:1b:03:b2:ba:2a:e5:0a:
                    ff:dc:79:ca:15:af:8b:9a:8a:37:e6:14:37:79:4f:
                    ee:a5:89:1d:85:74:ec:a9:67:9d:cf:13:92:66:ca:
                    22:08:6d:5b:82:4b:f4:32:64:b8:ab:7b:66:9a:6a:
                    b2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:04:CB:41:1E:7B:E9:02:89:D8:7E:79:78:38:E0:16:43:C6:4B:2E
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/KATLQR576QKJ2H55eDjgFkPGSy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.193.0/24
                IPv6:
                  2a01:fb01::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:ef:6d:2e:2d:a4:2a:9c:bd:fe:16:b3:9c:0d:11:fa:73:d2:
         1e:7c:b4:ea:ae:da:86:45:13:36:3a:ff:41:6e:23:65:80:3c:
         88:60:3c:d2:72:2b:a9:a7:0f:f3:6d:4d:9b:ed:41:e7:e3:7c:
         02:8e:6f:fd:43:03:58:06:0a:3e:37:e9:a2:50:03:a8:3e:92:
         06:d4:e6:99:85:08:6f:4d:0a:e0:b2:38:bb:79:f1:19:0a:70:
         8e:e6:e0:72:7e:a5:5a:4b:85:95:13:e8:0b:c7:47:78:39:01:
         36:56:cf:b2:80:89:eb:cc:da:42:f9:19:00:33:57:ff:1a:18:
         f3:4f:48:82:7e:38:97:42:ff:c2:3d:c9:47:da:51:60:c7:81:
         f7:cd:a1:e1:52:8b:93:37:59:3b:9c:13:e7:f5:9f:85:2b:3f:
         d7:9d:91:ca:b3:47:6d:62:bf:0a:ac:23:75:0b:61:1c:c1:bf:
         c8:a3:e7:1f:54:63:72:a2:dd:02:6f:0b:fe:1c:ce:0b:c2:6a:
         f3:f7:eb:f8:00:9f:75:88:27:8c:de:b8:19:e0:98:b2:8d:bc:
         53:a5:01:29:6d:40:7a:aa:0b:3e:3b:b6:2f:80:48:f3:d1:fb:
         50:07:e3:45:86:6a:51:80:44:ac:a6:85:fd:91:39:c1:53:cf:
         6b:59:d9:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZpE5m05Ve/J8f1Z0BX/7qmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMTAyMTQwOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODA0Y2I0MTFlN2JlOTAyODlkODdlNzk3ODM4ZTAxNjQzYzY0YjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQrn9LxCiUBc7Vvu9kdtHxAmZHqx
F3AaoMcW8yMl/yB7H6sEr44kWJ/HYw5AS9BWUl/V0GgdRp78nZdSHEYVIMCNmLqq
59MZtN564bS6nPZzZz185UFsbie8fYdzA78HLo7iTrZNjLDReznqWkt7h6m/3/Bt
s+kAs+S5nIWvfG612Iwtfq/mIZrxS8ikOZ0ed+cRqHjh7x6WQb2KxbpcxbyYzt48
c9ah/d0Iw4YnSbdOCK1NDkziSDlOK/h32zA7xvN4WtsYoBhduxsDsroq5Qr/3HnK
Fa+Lmoo35hQ3eU/upYkdhXTsqWedzxOSZsoiCG1bgkv0MmS4q3tmmmqyYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCgEy0Eee+kCidh+eXg44BZDxksuMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvS0FUTFFSNTc2UUtKMkg1NWVEamdGa1BHU3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAbc3BMA0E
AgACMAcDBQAqAfsBMA0GCSqGSIb3DQEBCwUAA4IBAQAM720uLaQqnL3+FrOcDRH6
c9IefLTqrtqGRRM2Ov9BbiNlgDyIYDzSciuppw/zbU2b7UHn43wCjm/9QwNYBgo+
N+miUAOoPpIG1OaZhQhvTQrgsji7efEZCnCO5uByfqVaS4WVE+gLx0d4OQE2Vs+y
gInrzNpC+RkAM1f/GhjzT0iCfjiXQv/CPclH2lFgx4H3zaHhUouTN1k7nBPn9Z+F
Kz/XnZHKs0dtYr8KrCN1C2Ecwb/Io+cfVGNyot0Cbwv+HM4Lwmrz9+v4AJ91iCeM
3rgZ4JiyjbxTpQEpbUB6qgs+O7YvgEjz0ftQB+NFhmpRgESspoX9kTnBU89rWdmm
-----END CERTIFICATE-----