Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/aKO4BpTrtRUx8GhxEFQBwNQPc1w.roa
File:                     aKO4BpTrtRUx8GhxEFQBwNQPc1w.roa (raw, json)
Hash identifier:          uu6qKqW/g/+cB5AgVNcV7hyQgNb+54o7Kqk1jh5TR0Y=
Subject key identifier:   68:A3:B8:06:94:EB:B5:15:31:F0:68:71:10:54:01:C0:D4:0F:73:5C
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       019A4A8CF51C7455C249223AA7F5A97FE0C1
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/aKO4BpTrtRUx8GhxEFQBwNQPc1w.roa
Signing time:             Mon 03 Nov 2025 16:29:03 +0000
ROA not before:           Mon 03 Nov 2025 16:29:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        152.89.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4a:8c:f5:1c:74:55:c2:49:22:3a:a7:f5:a9:7f:e0:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: Nov  3 16:29:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68a3b80694ebb51531f06871105401c0d40f735c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b5:5d:e9:f9:ef:98:44:e5:ea:57:40:ee:c6:
                    13:f4:83:d4:71:47:36:f9:71:2f:f2:1b:f8:c8:fd:
                    5b:77:d9:25:78:6a:c0:0f:ca:eb:7d:b3:ec:e9:65:
                    0e:08:2e:c5:77:c4:d1:a2:c2:6e:5d:ca:d7:bc:8e:
                    76:24:4b:2c:35:18:a1:95:c0:0e:d0:77:2c:88:74:
                    70:03:28:cf:94:35:03:d6:62:eb:09:9c:69:14:24:
                    f3:42:60:cb:6c:95:7e:c2:63:60:71:61:32:3e:f5:
                    3c:7e:b6:19:e4:c4:05:7b:2d:b4:fa:c4:8d:a1:40:
                    5c:52:41:de:88:e5:2c:5e:ba:74:51:20:21:2b:36:
                    4a:44:c9:60:53:fe:97:0f:1e:95:a5:1a:25:49:1c:
                    67:9c:07:f1:16:ab:2d:4e:a3:cb:c4:c7:01:23:e1:
                    af:1a:e8:ea:82:3c:bf:67:df:5c:c7:10:a6:cb:e5:
                    09:cb:f6:ae:49:6b:66:a6:8c:57:1b:e7:12:30:81:
                    12:c8:c0:07:1d:04:bf:b8:c5:4c:5d:8c:c4:bb:13:
                    18:f9:1f:c0:85:04:4e:93:b3:c5:3e:4c:16:6e:59:
                    00:22:02:e7:20:35:df:40:48:6f:be:b1:6a:e3:b7:
                    a8:bd:fc:31:53:42:3c:1b:ac:df:ba:b5:a4:90:69:
                    45:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A3:B8:06:94:EB:B5:15:31:F0:68:71:10:54:01:C0:D4:0F:73:5C
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/aKO4BpTrtRUx8GhxEFQBwNQPc1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:18:71:01:ec:bf:9e:13:a8:88:73:61:15:91:3c:8c:b2:d7:
         63:11:cc:18:c9:46:18:3a:35:c5:ab:2a:d9:fb:cb:70:64:69:
         0e:9a:86:7b:e7:a5:95:35:92:f6:6a:e4:50:d4:39:fc:cb:87:
         11:50:c5:22:13:5f:f6:a2:46:b6:e9:23:19:60:44:ba:10:60:
         97:cd:7e:37:83:4b:ad:4f:a9:ac:53:db:1e:84:87:4b:46:8f:
         97:58:fb:00:85:ee:d8:6e:ff:7e:7d:47:ef:e5:03:ef:c0:ed:
         76:22:d9:91:36:30:d7:e4:49:f1:7e:fe:96:52:18:84:29:be:
         fe:9c:68:56:d8:6e:ad:88:97:09:cc:4a:65:68:6b:49:c4:2c:
         f8:23:4c:90:51:ce:97:1a:5e:8d:00:7a:f7:bc:98:6e:74:89:
         96:98:0c:9d:6f:c7:e6:2e:2e:1b:56:93:e5:27:8d:6b:3c:95:
         ad:5d:0a:9e:c3:7b:3b:f9:56:81:45:f5:e6:5f:49:d6:75:b1:
         67:83:14:6f:2e:64:a2:4f:79:25:3f:c8:5a:88:39:83:49:41:
         88:83:4b:40:e2:9f:65:b8:32:66:0e:b7:62:84:e9:03:f1:d9:
         47:5f:70:dc:9c:73:36:94:de:cf:da:6c:4e:ff:42:f6:f2:4e:
         13:ea:f2:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpKjPUcdFXCSSI6p/Wpf+DBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjUxMTAzMTYyOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGEzYjgwNjk0ZWJiNTE1MzFmMDY4NzExMDU0MDFjMGQ0MGY3MzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LVd6fnvmETl6ldA7sYT9IPUcUc2
+XEv8hv4yP1bd9kleGrAD8rrfbPs6WUOCC7Fd8TRosJuXcrXvI52JEssNRihlcAO
0HcsiHRwAyjPlDUD1mLrCZxpFCTzQmDLbJV+wmNgcWEyPvU8frYZ5MQFey20+sSN
oUBcUkHeiOUsXrp0USAhKzZKRMlgU/6XDx6VpRolSRxnnAfxFqstTqPLxMcBI+Gv
Gujqgjy/Z99cxxCmy+UJy/auSWtmpoxXG+cSMIESyMAHHQS/uMVMXYzEuxMY+R/A
hQROk7PFPkwWblkAIgLnIDXfQEhvvrFq47eovfwxU0I8G6zfurWkkGlF7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGijuAaU67UVMfBocRBUAcDUD3NcMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvYUtPNEJwVHJ0UlV4OEdoeEVGUUJ3TlFQYzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFlXMA0G
CSqGSIb3DQEBCwUAA4IBAQAPGHEB7L+eE6iIc2EVkTyMstdjEcwYyUYYOjXFqyrZ
+8twZGkOmoZ756WVNZL2auRQ1Dn8y4cRUMUiE1/2oka26SMZYES6EGCXzX43g0ut
T6msU9sehIdLRo+XWPsAhe7Ybv9+fUfv5QPvwO12ItmRNjDX5Enxfv6WUhiEKb7+
nGhW2G6tiJcJzEplaGtJxCz4I0yQUc6XGl6NAHr3vJhudImWmAydb8fmLi4bVpPl
J41rPJWtXQqew3s7+VaBRfXmX0nWdbFngxRvLmSiT3klP8haiDmDSUGIg0tA4p9l
uDJmDrdihOkD8dlHX3DcnHM2lN7P2mxO/0L28k4T6vJY
-----END CERTIFICATE-----