Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/442a9b-9ed7-493d-83f3-3ca488deee89/1/RY9h-rx1ZstpJjozDETgohyO7Lk.roa
File:                     RY9h-rx1ZstpJjozDETgohyO7Lk.roa (raw, json)
Hash identifier:          0CX3AZGe8LLC0uBgiztbMwk7WnvOC9Yq5FJHH6gri8w=
Subject key identifier:   45:8F:61:FA:BC:75:66:CB:69:26:3A:33:0C:44:E0:A2:1C:8E:EC:B9
Certificate issuer:       /CN=810af00225106b2096e9b21d9ac2f2040688dea2
Certificate serial:       019A26573E346294A8214610667414D5C4CD
Authority key identifier: 81:0A:F0:02:25:10:6B:20:96:E9:B2:1D:9A:C2:F2:04:06:88:DE:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQrwAiUQayCW6bIdmsLyBAaI3qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/442a9b-9ed7-493d-83f3-3ca488deee89/1/RY9h-rx1ZstpJjozDETgohyO7Lk.roa
Signing time:             Mon 27 Oct 2025 15:44:03 +0000
ROA not before:           Mon 27 Oct 2025 15:44:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213612
IP address blocks:        80.79.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/442a9b-9ed7-493d-83f3-3ca488deee89/1/gQrwAiUQayCW6bIdmsLyBAaI3qI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/442a9b-9ed7-493d-83f3-3ca488deee89/1/gQrwAiUQayCW6bIdmsLyBAaI3qI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQrwAiUQayCW6bIdmsLyBAaI3qI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 12:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:26:57:3e:34:62:94:a8:21:46:10:66:74:14:d5:c4:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=810af00225106b2096e9b21d9ac2f2040688dea2
        Validity
            Not Before: Oct 27 15:44:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=458f61fabc7566cb69263a330c44e0a21c8eecb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ca:64:22:ae:c4:de:aa:e1:4f:4e:cc:3b:86:
                    f0:70:eb:52:48:1e:03:72:45:e3:48:35:2e:e6:88:
                    f6:3d:8e:01:6d:95:99:ef:d8:0d:ec:0d:82:b8:5e:
                    7b:26:a3:9b:59:57:8c:d2:eb:f7:4f:6b:ea:57:83:
                    65:74:dd:98:1f:b2:d3:34:9e:f7:ad:93:7f:b4:c5:
                    57:ed:be:b7:d6:b1:f8:6e:f4:56:fa:23:3d:0d:a3:
                    0f:f0:23:c0:18:30:1b:63:64:db:f6:ed:13:4c:be:
                    d1:33:a0:c3:37:d3:18:c4:f7:54:7e:2d:5f:6c:b8:
                    9c:75:4a:a5:5f:d0:b8:4a:47:e8:7a:18:c2:96:cc:
                    61:36:8a:da:c8:c4:fb:40:e9:91:7d:14:43:21:fb:
                    91:51:3b:59:f0:36:73:93:9d:a0:f4:3e:f5:a7:bb:
                    ad:96:af:25:4c:ae:a9:5c:4e:84:5f:6b:79:50:1c:
                    65:7b:1e:73:92:45:09:0a:d9:a4:50:f9:9b:01:73:
                    1c:33:62:5e:75:a6:f6:ed:f4:18:12:47:79:76:01:
                    00:53:b3:5c:ee:08:d0:4a:b7:65:26:90:1a:88:cf:
                    13:48:39:82:66:05:d5:0f:68:84:65:2d:9a:75:f3:
                    27:a1:df:5d:32:41:49:4b:43:37:c3:8b:c4:57:c0:
                    eb:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:8F:61:FA:BC:75:66:CB:69:26:3A:33:0C:44:E0:A2:1C:8E:EC:B9
            X509v3 Authority Key Identifier:
                keyid:81:0A:F0:02:25:10:6B:20:96:E9:B2:1D:9A:C2:F2:04:06:88:DE:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQrwAiUQayCW6bIdmsLyBAaI3qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/442a9b-9ed7-493d-83f3-3ca488deee89/1/RY9h-rx1ZstpJjozDETgohyO7Lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/442a9b-9ed7-493d-83f3-3ca488deee89/1/gQrwAiUQayCW6bIdmsLyBAaI3qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.79.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:ad:fa:62:d4:8f:ba:ce:2a:0a:1b:f5:b1:97:96:be:41:55:
         8a:9e:4d:c4:56:ab:5d:41:66:a2:de:0e:26:58:79:17:28:af:
         b3:aa:d6:3d:88:68:e0:92:f8:7d:b4:c9:c3:24:61:4a:3c:8c:
         4d:0f:f2:b5:28:dc:e7:49:57:37:22:a0:e6:bb:b8:b7:90:95:
         15:7f:41:84:a7:74:b0:06:4e:77:03:72:a6:63:38:aa:09:72:
         57:48:0a:e3:7b:30:b7:d7:55:95:19:92:d4:ad:58:73:34:83:
         31:ac:46:75:5d:9d:62:0f:a7:24:90:61:2f:5d:2f:2c:04:af:
         03:16:e7:40:27:0d:b7:4a:b4:b1:34:c2:f5:60:9e:64:d5:06:
         57:90:72:e9:d8:26:e7:ed:94:86:6d:af:fc:f9:61:ae:e1:9f:
         36:b5:f1:02:c8:e1:9f:f5:cf:7d:e3:d7:eb:63:70:cc:ae:f3:
         d6:a9:f8:d4:10:64:41:e7:91:d1:a0:0c:76:dc:40:12:5b:30:
         4e:1d:a1:e5:ac:b2:ee:18:3f:3d:ab:2e:fa:2e:4a:70:ba:76:
         38:6d:bc:e3:08:38:d8:35:be:14:c0:f6:82:29:d3:42:42:0f:
         5c:8e:7c:df:d7:eb:e5:05:7a:be:b6:49:ee:73:24:df:83:77:
         cf:3c:9f:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZomVz40YpSoIUYQZnQU1cTNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMGFmMDAyMjUxMDZiMjA5NmU5YjIxZDlhYzJmMjA0MDY4
OGRlYTIwHhcNMjUxMDI3MTU0NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NThmNjFmYWJjNzU2NmNiNjkyNjNhMzMwYzQ0ZTBhMjFjOGVlY2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncpkIq7E3qrhT07MO4bwcOtSSB4D
ckXjSDUu5oj2PY4BbZWZ79gN7A2CuF57JqObWVeM0uv3T2vqV4NldN2YH7LTNJ73
rZN/tMVX7b631rH4bvRW+iM9DaMP8CPAGDAbY2Tb9u0TTL7RM6DDN9MYxPdUfi1f
bLicdUqlX9C4SkfoehjClsxhNorayMT7QOmRfRRDIfuRUTtZ8DZzk52g9D71p7ut
lq8lTK6pXE6EX2t5UBxlex5zkkUJCtmkUPmbAXMcM2Jedab27fQYEkd5dgEAU7Nc
7gjQSrdlJpAaiM8TSDmCZgXVD2iEZS2adfMnod9dMkFJS0M3w4vEV8DrxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWPYfq8dWbLaSY6MwxE4KIcjuy5MB8GA1UdIwQY
MBaAFIEK8AIlEGsglumyHZrC8gQGiN6iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1Fyd0FpVVFheUNXNmJJZG1zTHlCQWFJM3FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80NDJhOWItOWVkNy00OTNkLTgzZjMt
M2NhNDg4ZGVlZTg5LzEvUlk5aC1yeDFac3RwSmpvekRFVGdvaHlPN0xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80NDJhOWItOWVkNy00OTNkLTgzZjMtM2NhNDg4ZGVlZTg5
LzEvZ1Fyd0FpVVFheUNXNmJJZG1zTHlCQWFJM3FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE8NMA0G
CSqGSIb3DQEBCwUAA4IBAQAIrfpi1I+6zioKG/Wxl5a+QVWKnk3EVqtdQWai3g4m
WHkXKK+zqtY9iGjgkvh9tMnDJGFKPIxND/K1KNznSVc3IqDmu7i3kJUVf0GEp3Sw
Bk53A3KmYziqCXJXSArjezC311WVGZLUrVhzNIMxrEZ1XZ1iD6ckkGEvXS8sBK8D
FudAJw23SrSxNML1YJ5k1QZXkHLp2Cbn7ZSGba/8+WGu4Z82tfECyOGf9c9949fr
Y3DMrvPWqfjUEGRB55HRoAx23EASWzBOHaHlrLLuGD89qy76LkpwunY4bbzjCDjY
Nb4UwPaCKdNCQg9cjnzf1+vlBXq+tknucyTfg3fPPJ8m
-----END CERTIFICATE-----