Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/e32293-673b-4fce-91cf-202d2453945c/1/25rki9raSskY_1lKa4rwJV1Jksw.roa
File:                     25rki9raSskY_1lKa4rwJV1Jksw.roa (raw, json)
Hash identifier:          D5anQB7jArwGFoNuxj26rwHUlWIxs7xjqOd73F4p8HM=
Subject key identifier:   DB:9A:E4:8B:DA:DA:4A:C9:18:FF:59:4A:6B:8A:F0:25:5D:49:92:CC
Certificate issuer:       /CN=70ba446b275f1fb0778242c0d63362a59aacf353
Certificate serial:       019B7759645CA4445D8A91A3B6F2E028F4C8
Authority key identifier: 70:BA:44:6B:27:5F:1F:B0:77:82:42:C0:D6:33:62:A5:9A:AC:F3:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cLpEaydfH7B3gkLA1jNipZqs81M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/e32293-673b-4fce-91cf-202d2453945c/1/25rki9raSskY_1lKa4rwJV1Jksw.roa
Signing time:             Thu 01 Jan 2026 02:18:25 +0000
ROA not before:           Thu 01 Jan 2026 02:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205340
IP address blocks:        46.251.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/e32293-673b-4fce-91cf-202d2453945c/1/cLpEaydfH7B3gkLA1jNipZqs81M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/e32293-673b-4fce-91cf-202d2453945c/1/cLpEaydfH7B3gkLA1jNipZqs81M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cLpEaydfH7B3gkLA1jNipZqs81M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:64:5c:a4:44:5d:8a:91:a3:b6:f2:e0:28:f4:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70ba446b275f1fb0778242c0d63362a59aacf353
        Validity
            Not Before: Jan  1 02:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db9ae48bdada4ac918ff594a6b8af0255d4992cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7a:95:e4:84:5e:49:50:04:aa:6a:98:7c:a4:
                    dd:f1:33:d0:72:64:21:98:84:f0:c7:7b:71:de:a7:
                    ef:bc:d7:f0:34:0e:44:03:a4:76:e9:00:58:a2:b5:
                    a8:de:48:b9:ec:a3:80:49:85:a0:18:19:4a:9e:e0:
                    22:5e:12:38:5c:cc:59:b2:f7:c5:cc:24:b4:41:c1:
                    c9:2b:d9:76:50:15:4b:6a:ef:61:6f:11:8c:ee:ec:
                    83:ba:28:be:11:44:e6:5b:5c:72:08:2e:3e:36:5f:
                    4a:d4:5a:cc:84:26:63:81:96:95:7a:fd:0d:69:1a:
                    32:fd:18:1e:39:dd:93:74:95:74:98:3e:36:c8:de:
                    d3:31:fb:65:a4:92:72:7b:99:66:b9:58:35:3a:db:
                    5d:07:be:c2:a0:9c:5e:e7:82:45:15:60:e3:d9:87:
                    0e:3c:69:23:24:82:71:eb:15:5a:03:92:7a:32:b9:
                    a0:5c:00:b2:8f:a7:b6:f1:7d:85:12:4d:e1:be:cc:
                    3b:67:a8:e6:b5:66:50:e7:3a:bb:bb:7c:f9:a8:c4:
                    3a:e0:11:42:15:ba:5b:d1:ff:40:c3:d8:e1:d9:e1:
                    2b:ee:9a:ba:67:10:89:43:69:60:6a:27:94:91:87:
                    96:3b:5d:18:7c:5c:f8:55:ae:18:88:3d:2e:72:49:
                    42:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9A:E4:8B:DA:DA:4A:C9:18:FF:59:4A:6B:8A:F0:25:5D:49:92:CC
            X509v3 Authority Key Identifier:
                keyid:70:BA:44:6B:27:5F:1F:B0:77:82:42:C0:D6:33:62:A5:9A:AC:F3:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cLpEaydfH7B3gkLA1jNipZqs81M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/e32293-673b-4fce-91cf-202d2453945c/1/25rki9raSskY_1lKa4rwJV1Jksw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/e32293-673b-4fce-91cf-202d2453945c/1/cLpEaydfH7B3gkLA1jNipZqs81M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.251.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:ba:92:a5:bc:e3:fa:28:92:f7:9e:ed:dd:45:33:9c:48:d0:
         ef:5e:0f:c8:04:8f:00:46:63:74:ab:60:89:66:63:d2:1b:ca:
         ac:33:81:c3:85:f6:aa:f0:79:30:37:13:6d:da:41:c9:07:cd:
         11:05:85:b4:47:02:db:48:aa:dd:20:f8:56:e0:57:08:a6:4e:
         23:13:77:33:ce:b8:90:18:db:b9:7a:45:74:c6:aa:01:7b:58:
         73:6e:05:00:88:0c:8b:5a:37:13:20:32:91:42:39:48:18:e2:
         be:d7:0c:5c:7f:b2:a7:22:56:04:f5:e1:74:61:13:62:81:35:
         2b:47:b4:13:a9:cf:f4:13:fe:57:e0:fc:10:f3:f3:9b:ec:cf:
         63:d5:17:64:e1:ae:8a:99:dd:45:97:71:bc:24:b2:39:5a:ce:
         b8:e3:9a:ae:b6:14:32:fa:20:00:b6:d9:d0:19:b7:95:29:64:
         67:5a:e7:bb:7c:c9:cc:9a:03:f9:85:67:44:c6:9e:8a:cd:50:
         f4:88:78:5b:bc:11:d7:d9:d6:af:26:1b:3c:0b:64:52:ea:a6:
         98:e0:2f:ba:5d:c1:22:48:15:c4:a4:12:55:9a:37:15:e4:c8:
         1d:e9:70:b3:23:c9:35:d2:4d:bd:b9:a1:d5:e5:74:80:ff:99:
         ab:01:2e:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WWRcpERdipGjtvLgKPTIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmE0NDZiMjc1ZjFmYjA3NzgyNDJjMGQ2MzM2MmE1OWFh
Y2YzNTMwHhcNMjYwMTAxMDIxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjlhZTQ4YmRhZGE0YWM5MThmZjU5NGE2YjhhZjAyNTVkNDk5MmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3qV5IReSVAEqmqYfKTd8TPQcmQh
mITwx3tx3qfvvNfwNA5EA6R26QBYorWo3ki57KOASYWgGBlKnuAiXhI4XMxZsvfF
zCS0QcHJK9l2UBVLau9hbxGM7uyDuii+EUTmW1xyCC4+Nl9K1FrMhCZjgZaVev0N
aRoy/RgeOd2TdJV0mD42yN7TMftlpJJye5lmuVg1OttdB77CoJxe54JFFWDj2YcO
PGkjJIJx6xVaA5J6MrmgXACyj6e28X2FEk3hvsw7Z6jmtWZQ5zq7u3z5qMQ64BFC
Fbpb0f9Aw9jh2eEr7pq6ZxCJQ2lgaieUkYeWO10YfFz4Va4YiD0ucklC2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNua5Iva2krJGP9ZSmuK8CVdSZLMMB8GA1UdIwQY
MBaAFHC6RGsnXx+wd4JCwNYzYqWarPNTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0xwRWF5ZGZIN0IzZ2tMQTFqTmlwWnFzODFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9lMzIyOTMtNjczYi00ZmNlLTkxY2Yt
MjAyZDI0NTM5NDVjLzEvMjVya2k5cmFTc2tZXzFsS2E0cndKVjFKa3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9lMzIyOTMtNjczYi00ZmNlLTkxY2YtMjAyZDI0NTM5NDVj
LzEvY0xwRWF5ZGZIN0IzZ2tMQTFqTmlwWnFzODFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvv6MA0G
CSqGSIb3DQEBCwUAA4IBAQBvupKlvOP6KJL3nu3dRTOcSNDvXg/IBI8ARmN0q2CJ
ZmPSG8qsM4HDhfaq8HkwNxNt2kHJB80RBYW0RwLbSKrdIPhW4FcIpk4jE3czzriQ
GNu5ekV0xqoBe1hzbgUAiAyLWjcTIDKRQjlIGOK+1wxcf7KnIlYE9eF0YRNigTUr
R7QTqc/0E/5X4PwQ8/Ob7M9j1Rdk4a6Kmd1Fl3G8JLI5Ws6445quthQy+iAAttnQ
GbeVKWRnWue7fMnMmgP5hWdExp6KzVD0iHhbvBHX2davJhs8C2RS6qaY4C+6XcEi
SBXEpBJVmjcV5Mgd6XCzI8k10k29uaHV5XSA/5mrAS6d
-----END CERTIFICATE-----