Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/3fa711-06b0-41e3-9c72-3cb9e102afe0/1/kJ6ZzA1fcsMngPwnFcWmPQ2TpJY.roa
File:                     kJ6ZzA1fcsMngPwnFcWmPQ2TpJY.roa (raw, json)
Hash identifier:          spn1/mEz9B8AiCWdxXSLx/VFzig4ReQEdpbCrXX5I3w=
Subject key identifier:   90:9E:99:CC:0D:5F:72:C3:27:80:FC:27:15:C5:A6:3D:0D:93:A4:96
Certificate issuer:       /CN=1171641f157cb57b532626359e71582742c2dccb
Certificate serial:       0198504942501D3AD134FC4DFC4F8DACE22B
Authority key identifier: 11:71:64:1F:15:7C:B5:7B:53:26:26:35:9E:71:58:27:42:C2:DC:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EXFkHxV8tXtTJiY1nnFYJ0LC3Ms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/3fa711-06b0-41e3-9c72-3cb9e102afe0/1/kJ6ZzA1fcsMngPwnFcWmPQ2TpJY.roa
Signing time:             Mon 28 Jul 2025 09:07:15 +0000
ROA not before:           Mon 28 Jul 2025 09:07:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47381
IP address blocks:        193.28.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/3fa711-06b0-41e3-9c72-3cb9e102afe0/1/EXFkHxV8tXtTJiY1nnFYJ0LC3Ms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/3fa711-06b0-41e3-9c72-3cb9e102afe0/1/EXFkHxV8tXtTJiY1nnFYJ0LC3Ms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EXFkHxV8tXtTJiY1nnFYJ0LC3Ms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:49:42:50:1d:3a:d1:34:fc:4d:fc:4f:8d:ac:e2:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1171641f157cb57b532626359e71582742c2dccb
        Validity
            Not Before: Jul 28 09:07:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=909e99cc0d5f72c32780fc2715c5a63d0d93a496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8c:1f:0f:3a:80:e4:5d:48:26:b6:5a:ae:78:
                    93:68:a1:3d:d9:7f:86:49:68:9e:9b:e1:2f:f7:23:
                    69:07:a3:21:3c:c8:58:f3:93:fe:16:8c:0a:c5:4d:
                    62:da:ca:38:6f:ab:db:70:92:af:80:7f:dc:fe:86:
                    04:c4:ca:1e:20:50:88:f9:e2:a7:84:05:1b:06:46:
                    2a:de:70:61:1d:7a:00:3d:32:8f:23:71:48:f2:37:
                    a8:d5:61:38:e1:19:2d:25:24:49:6b:c6:a6:4d:c9:
                    7e:e2:05:d6:3b:42:af:47:d2:f1:fb:82:37:2e:87:
                    64:9e:63:ea:56:0d:42:87:15:ef:f0:07:6a:08:f9:
                    2a:a1:73:d5:71:10:55:79:a1:1e:7f:7f:58:ad:4c:
                    6e:94:e9:80:fa:58:9b:86:f7:fc:f2:14:98:6d:81:
                    76:63:f3:31:d3:f5:04:0c:d2:a3:58:a5:86:e8:07:
                    32:2a:e9:3a:0a:b6:f5:c0:59:04:fa:db:2d:47:8c:
                    f4:94:75:39:e8:9a:d4:12:6f:bf:59:92:e9:a1:08:
                    55:8a:b5:d9:bd:e3:b8:97:cb:94:c9:84:83:a2:1a:
                    89:2f:2f:1a:7c:f6:e7:13:4f:b5:32:f4:e3:c9:55:
                    24:f7:c6:7e:41:8c:72:4c:a2:e4:62:8d:96:9f:5b:
                    bd:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:9E:99:CC:0D:5F:72:C3:27:80:FC:27:15:C5:A6:3D:0D:93:A4:96
            X509v3 Authority Key Identifier:
                keyid:11:71:64:1F:15:7C:B5:7B:53:26:26:35:9E:71:58:27:42:C2:DC:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EXFkHxV8tXtTJiY1nnFYJ0LC3Ms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/3fa711-06b0-41e3-9c72-3cb9e102afe0/1/kJ6ZzA1fcsMngPwnFcWmPQ2TpJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/3fa711-06b0-41e3-9c72-3cb9e102afe0/1/EXFkHxV8tXtTJiY1nnFYJ0LC3Ms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:4a:88:fd:0b:e7:03:13:86:6b:63:a7:6a:2c:e3:ab:0d:ee:
         b7:b1:5d:34:b0:5e:81:18:a8:23:ea:ce:a4:94:c4:5d:ff:bf:
         63:46:2e:11:c9:db:ae:a2:93:51:b2:83:80:0b:9d:2f:13:0d:
         33:1c:fc:6f:07:45:06:55:92:0c:cc:ef:4e:e6:88:71:ed:4d:
         3d:f8:1e:25:e3:64:bb:9a:b9:a7:16:f4:41:9c:67:3b:5f:a3:
         1d:1e:c8:fa:bd:91:d6:9d:da:54:52:7b:f2:91:21:3d:48:0e:
         83:2b:0f:1c:72:2b:87:5d:d4:96:76:fd:9f:e4:4a:96:83:6a:
         61:38:f5:03:ac:77:4f:f7:0b:00:7e:93:b7:ad:55:d5:bd:07:
         f0:49:4e:7f:b8:d1:81:96:a7:36:69:60:00:a9:f0:0c:d1:b1:
         d7:c5:01:de:05:09:bb:b2:20:3c:24:0d:53:2e:63:bb:89:f1:
         04:fa:6d:77:b2:64:58:47:1a:50:95:cc:00:41:34:1e:46:4b:
         bf:49:58:b3:fa:fc:87:93:0e:40:a1:20:a5:da:fe:19:f1:06:
         60:88:6a:f2:7c:34:5c:b6:36:6a:25:f2:92:01:2c:7c:9a:87:
         07:21:9a:11:a3:4f:c7:a1:eb:e2:b5:c4:34:c7:45:81:23:a2:
         5a:ae:7c:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhQSUJQHTrRNPxN/E+NrOIrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNzE2NDFmMTU3Y2I1N2I1MzI2MjYzNTllNzE1ODI3NDJj
MmRjY2IwHhcNMjUwNzI4MDkwNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDllOTljYzBkNWY3MmMzMjc4MGZjMjcxNWM1YTYzZDBkOTNhNDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYwfDzqA5F1IJrZarniTaKE92X+G
SWiem+Ev9yNpB6MhPMhY85P+FowKxU1i2so4b6vbcJKvgH/c/oYExMoeIFCI+eKn
hAUbBkYq3nBhHXoAPTKPI3FI8jeo1WE44RktJSRJa8amTcl+4gXWO0KvR9Lx+4I3
LodknmPqVg1ChxXv8AdqCPkqoXPVcRBVeaEef39YrUxulOmA+libhvf88hSYbYF2
Y/Mx0/UEDNKjWKWG6AcyKuk6Crb1wFkE+tstR4z0lHU56JrUEm+/WZLpoQhVirXZ
veO4l8uUyYSDohqJLy8afPbnE0+1MvTjyVUk98Z+QYxyTKLkYo2Wn1u9QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCemcwNX3LDJ4D8JxXFpj0Nk6SWMB8GA1UdIwQY
MBaAFBFxZB8VfLV7UyYmNZ5xWCdCwtzLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVhGa0h4Vjh0WHRUSmlZMW5uRllKMExDM01zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8zZmE3MTEtMDZiMC00MWUzLTljNzIt
M2NiOWUxMDJhZmUwLzEva0o2WnpBMWZjc01uZ1B3bkZjV21QUTJUcEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8zZmE3MTEtMDZiMC00MWUzLTljNzItM2NiOWUxMDJhZmUw
LzEvRVhGa0h4Vjh0WHRUSmlZMW5uRllKMExDM01zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRxWMA0G
CSqGSIb3DQEBCwUAA4IBAQCuSoj9C+cDE4ZrY6dqLOOrDe63sV00sF6BGKgj6s6k
lMRd/79jRi4RyduuopNRsoOAC50vEw0zHPxvB0UGVZIMzO9O5ohx7U09+B4l42S7
mrmnFvRBnGc7X6MdHsj6vZHWndpUUnvykSE9SA6DKw8cciuHXdSWdv2f5EqWg2ph
OPUDrHdP9wsAfpO3rVXVvQfwSU5/uNGBlqc2aWAAqfAM0bHXxQHeBQm7siA8JA1T
LmO7ifEE+m13smRYRxpQlcwAQTQeRku/SViz+vyHkw5AoSCl2v4Z8QZgiGryfDRc
tjZqJfKSASx8mocHIZoRo0/HoevitcQ0x0WBI6Jarny/
-----END CERTIFICATE-----