Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/zohQitr-U9uY1-PzS6BGuITzYco.roa
File:                     zohQitr-U9uY1-PzS6BGuITzYco.roa (raw, json)
Hash identifier:          EbcpHCxRWSWNdJwx+cnTjKATaYJlKka6Y1LD7+SKHuo=
Subject key identifier:   CE:88:50:8A:DA:FE:53:DB:98:D7:E3:F3:4B:A0:46:B8:84:F3:61:CA
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       019A11390DA186D42FAD361D6D62FAD31099
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/zohQitr-U9uY1-PzS6BGuITzYco.roa
Signing time:             Thu 23 Oct 2025 13:19:03 +0000
ROA not before:           Thu 23 Oct 2025 13:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58057
IP address blocks:        109.205.193.0/24 maxlen: 24
                          2a01:fb01::/32 maxlen: 32
                          2a01:fb02::/34 maxlen: 34
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:11:39:0d:a1:86:d4:2f:ad:36:1d:6d:62:fa:d3:10:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Oct 23 13:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce88508adafe53db98d7e3f34ba046b884f361ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1a:01:af:fa:a3:f8:1b:e3:11:0f:0f:95:d6:
                    fe:5f:23:0b:41:28:eb:a9:f8:bc:16:d2:f5:72:7e:
                    6c:30:ab:47:c8:43:7c:fa:0c:03:23:8d:1b:b2:be:
                    69:fd:0f:0f:ab:eb:4f:b7:ea:88:7b:0a:57:14:3f:
                    28:b0:ba:07:84:40:fe:48:e1:4e:8c:0f:07:a8:7a:
                    20:b1:38:e3:b8:ac:97:26:1b:00:15:7a:ac:0e:e6:
                    5f:19:04:63:35:b8:08:81:19:cc:b0:c8:b3:61:96:
                    3b:a1:38:2b:37:8a:e9:82:ba:bb:61:99:1d:d1:e2:
                    50:57:8a:78:9d:c6:c5:ec:90:5f:5a:78:d7:4d:ac:
                    d8:b5:8f:e8:51:75:7c:be:bf:6e:8a:a0:7d:36:0e:
                    44:74:1b:15:bb:83:cd:17:7b:78:66:80:4c:61:f6:
                    1c:ed:3c:41:32:15:c7:fd:f3:c1:38:f2:f9:3c:37:
                    10:80:e2:83:89:cb:aa:a9:59:32:45:6c:a4:06:c0:
                    ee:74:37:1d:f9:5f:cf:9e:bf:7d:26:13:0c:37:dc:
                    ba:67:a0:39:92:11:6e:a0:5d:e0:f9:1f:2d:0e:a8:
                    ff:c7:5f:fb:49:3f:87:57:2d:b8:c3:2a:74:19:65:
                    84:6d:9d:5d:e2:36:8f:ae:01:a6:b0:58:b2:66:ec:
                    ea:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:88:50:8A:DA:FE:53:DB:98:D7:E3:F3:4B:A0:46:B8:84:F3:61:CA
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/zohQitr-U9uY1-PzS6BGuITzYco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.193.0/24
                IPv6:
                  2a01:fb01::-2a01:fb02:3fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         0d:50:4d:2a:dd:a5:2e:76:c9:29:97:6d:22:d4:92:70:8b:1b:
         aa:52:a8:89:8d:4f:7a:69:40:58:4f:39:13:20:a5:30:33:21:
         fa:15:49:d5:15:08:6c:1d:12:52:8e:4f:19:e4:b9:3b:89:cc:
         67:8c:b3:a8:4f:a5:81:1f:6a:3c:15:4b:40:32:60:32:2e:79:
         b6:5c:d6:88:f6:2f:66:03:e1:81:77:d5:0b:fb:21:fb:9d:2f:
         a6:6b:b3:f4:ca:75:95:c1:e7:d1:59:4c:4a:3b:ee:ba:d0:21:
         4b:69:bd:97:3b:17:4d:e4:3d:a8:0f:58:09:43:04:f9:50:79:
         db:c1:fb:9c:fc:c4:31:1a:e5:e2:c2:62:71:e5:d7:6b:47:91:
         42:4e:03:6f:12:02:e0:ac:d6:ba:37:24:7a:b4:ef:7c:d9:60:
         2e:58:fa:1f:72:1e:58:de:a8:4c:eb:9d:f2:00:00:03:9c:cd:
         cc:3a:64:b0:22:73:25:cf:54:db:c6:a0:be:8f:ee:89:ee:aa:
         19:ad:95:cf:a1:bd:55:06:12:bf:c4:4b:f5:0e:50:b6:30:7f:
         1b:a4:cb:d6:6f:62:17:e3:7c:01:17:c5:8a:40:e9:99:6f:75:
         8d:9a:60:a9:81:80:5b:6b:7f:93:42:a2:51:32:32:8f:ee:51:
         84:d6:82:f3
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZoROQ2hhtQvrTYdbWL60xCZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMDIzMTMxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTg4NTA4YWRhZmU1M2RiOThkN2UzZjM0YmEwNDZiODg0ZjM2MWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhoBr/qj+BvjEQ8Pldb+XyMLQSjr
qfi8FtL1cn5sMKtHyEN8+gwDI40bsr5p/Q8Pq+tPt+qIewpXFD8osLoHhED+SOFO
jA8HqHogsTjjuKyXJhsAFXqsDuZfGQRjNbgIgRnMsMizYZY7oTgrN4rpgrq7YZkd
0eJQV4p4ncbF7JBfWnjXTazYtY/oUXV8vr9uiqB9Ng5EdBsVu4PNF3t4ZoBMYfYc
7TxBMhXH/fPBOPL5PDcQgOKDicuqqVkyRWykBsDudDcd+V/Pnr99JhMMN9y6Z6A5
khFuoF3g+R8tDqj/x1/7ST+HVy24wyp0GWWEbZ1d4jaPrgGmsFiyZuzqUwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFM6IUIra/lPbmNfj80ugRriE82HKMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvem9oUWl0ci1VOXVZMS1QelM2Qkd1SVR6WWNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAMBAIAATAGAwQAbc3BMBcE
AgACMBEwDwMFACoB+wEDBgYqAfsCADANBgkqhkiG9w0BAQsFAAOCAQEADVBNKt2l
LnbJKZdtItSScIsbqlKoiY1PemlAWE85EyClMDMh+hVJ1RUIbB0SUo5PGeS5O4nM
Z4yzqE+lgR9qPBVLQDJgMi55tlzWiPYvZgPhgXfVC/sh+50vpmuz9Mp1lcHn0VlM
SjvuutAhS2m9lzsXTeQ9qA9YCUME+VB528H7nPzEMRrl4sJiceXXa0eRQk4DbxIC
4KzWujckerTvfNlgLlj6H3IeWN6oTOud8gAAA5zNzDpksCJzJc9U28agvo/uie6q
Ga2Vz6G9VQYSv8RL9Q5QtjB/G6TL1m9iF+N8ARfFikDpmW91jZpgqYGAW2t/k0Ki
UTIyj+5RhNaC8w==
-----END CERTIFICATE-----