Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/yTtKVX1UAMcHekyo2zXGvrkQM1I.roa
File:                     yTtKVX1UAMcHekyo2zXGvrkQM1I.roa (raw, json)
Hash identifier:          mdzZIhlGgkU8tIHOKHpSUYEIhlckxiDvx7lT5oQ6M5Q=
Subject key identifier:   C9:3B:4A:55:7D:54:00:C7:07:7A:4C:A8:DB:35:C6:BE:B9:10:33:52
Certificate issuer:       /CN=f521e174f84f7165961d41b68ea7262e28337d69
Certificate serial:       019940F3AD0988A7AD3ABFFDC3B161A67365
Authority key identifier: F5:21:E1:74:F8:4F:71:65:96:1D:41:B6:8E:A7:26:2E:28:33:7D:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9SHhdPhPcWWWHUG2jqcmLigzfWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/yTtKVX1UAMcHekyo2zXGvrkQM1I.roa
Signing time:             Sat 13 Sep 2025 02:42:15 +0000
ROA not before:           Sat 13 Sep 2025 02:42:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.246.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/9SHhdPhPcWWWHUG2jqcmLigzfWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/9SHhdPhPcWWWHUG2jqcmLigzfWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9SHhdPhPcWWWHUG2jqcmLigzfWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:40:f3:ad:09:88:a7:ad:3a:bf:fd:c3:b1:61:a6:73:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f521e174f84f7165961d41b68ea7262e28337d69
        Validity
            Not Before: Sep 13 02:42:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c93b4a557d5400c7077a4ca8db35c6beb9103352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:81:34:a4:5e:98:5b:76:6d:1a:44:f9:41:ea:
                    22:20:0d:05:ca:26:fc:2f:c5:3d:7b:8a:1a:04:65:
                    c0:7f:1f:59:2a:8a:58:8e:9f:ec:d8:c3:a8:de:f3:
                    e8:26:5b:42:63:a7:7a:33:63:24:5a:16:33:43:12:
                    df:c0:0e:97:56:37:9d:8f:11:3d:95:30:c2:a5:ee:
                    66:8f:82:7c:61:b2:25:46:d5:a8:04:63:24:d4:74:
                    7a:f2:a9:01:bd:bb:ee:d5:b8:d5:58:f0:c7:02:54:
                    ef:1e:1b:97:45:e1:e1:ef:fc:66:c0:3e:bb:07:cf:
                    b7:4c:3c:d5:e5:eb:2f:2c:4c:ea:f9:03:2a:8f:a6:
                    79:8b:1c:c7:08:7c:9c:7f:dd:05:ba:da:00:a1:b5:
                    23:47:66:ea:04:09:c8:42:ac:1b:c6:be:41:99:27:
                    5b:3d:8a:62:bc:01:33:4f:bb:70:50:54:e0:e3:3a:
                    ef:52:e7:38:cc:8f:a6:90:5e:4f:dc:5e:7c:e8:f9:
                    65:fd:c2:71:05:c5:db:77:39:cf:db:29:d0:11:a2:
                    8e:b6:23:fa:cf:d9:b5:84:86:7b:58:1e:01:48:e3:
                    26:d8:e7:81:7f:5f:fa:cd:b4:92:1f:1c:d9:13:d0:
                    42:5b:7d:0d:ac:e8:0c:ad:12:d3:a0:80:81:35:94:
                    68:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:3B:4A:55:7D:54:00:C7:07:7A:4C:A8:DB:35:C6:BE:B9:10:33:52
            X509v3 Authority Key Identifier:
                keyid:F5:21:E1:74:F8:4F:71:65:96:1D:41:B6:8E:A7:26:2E:28:33:7D:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9SHhdPhPcWWWHUG2jqcmLigzfWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/yTtKVX1UAMcHekyo2zXGvrkQM1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/9SHhdPhPcWWWHUG2jqcmLigzfWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:3c:9b:8e:f1:41:6e:5a:1d:74:e5:31:e7:9d:9f:99:df:03:
         d4:7a:11:3b:a1:f2:00:79:4d:59:26:6c:fb:00:6c:08:47:33:
         c4:59:06:aa:00:c2:25:b4:1c:91:a6:bd:32:c3:90:dd:1f:11:
         29:be:30:c3:41:28:3b:f1:ea:ce:db:65:86:a4:b5:3a:5e:05:
         36:2d:56:72:56:b9:9d:53:30:a8:b1:44:8a:6f:c2:47:d7:39:
         2a:3d:66:f7:6a:11:3a:79:88:73:d6:fd:25:95:47:c5:49:a6:
         f2:6f:0d:c8:5e:e7:9c:af:4b:08:d2:c9:cf:22:2f:c3:75:7f:
         82:64:ef:fe:1a:f2:1f:c2:24:a7:e2:62:a8:0b:0f:f6:b4:56:
         c5:0f:fc:0f:8e:7b:f0:b1:b3:64:7b:56:00:1b:19:51:50:bd:
         7d:da:c7:a5:c9:92:ff:f4:20:48:13:2b:6d:90:e2:dd:9e:46:
         7b:dc:20:8f:3d:4e:2f:3d:19:0d:e8:a4:f6:14:b3:68:ad:8f:
         6e:a3:6f:84:84:47:89:3d:5a:e4:16:7e:a0:85:cb:6e:e6:61:
         e9:ef:ba:05:e9:54:46:f4:9e:c0:8f:4a:91:78:1d:d8:1c:bd:
         25:4c:eb:cd:11:9d:d9:f2:7e:71:1a:70:34:3f:b6:ae:50:01:
         f9:b7:d2:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlA860JiKetOr/9w7FhpnNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MjFlMTc0Zjg0ZjcxNjU5NjFkNDFiNjhlYTcyNjJlMjgz
MzdkNjkwHhcNMjUwOTEzMDI0MjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTNiNGE1NTdkNTQwMGM3MDc3YTRjYThkYjM1YzZiZWI5MTAzMzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYE0pF6YW3ZtGkT5QeoiIA0Fyib8
L8U9e4oaBGXAfx9ZKopYjp/s2MOo3vPoJltCY6d6M2MkWhYzQxLfwA6XVjedjxE9
lTDCpe5mj4J8YbIlRtWoBGMk1HR68qkBvbvu1bjVWPDHAlTvHhuXReHh7/xmwD67
B8+3TDzV5esvLEzq+QMqj6Z5ixzHCHycf90FutoAobUjR2bqBAnIQqwbxr5BmSdb
PYpivAEzT7twUFTg4zrvUuc4zI+mkF5P3F586Pll/cJxBcXbdznP2ynQEaKOtiP6
z9m1hIZ7WB4BSOMm2OeBf1/6zbSSHxzZE9BCW30NrOgMrRLToICBNZRo3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMk7SlV9VADHB3pMqNs1xr65EDNSMB8GA1UdIwQY
MBaAFPUh4XT4T3Fllh1Bto6nJi4oM31pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVNIaGRQaFBjV1dXSFVHMmpxY21MaWd6ZldrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9kOWEwMTAtZDVmNy00NjYxLThkMzIt
ZGQwNjExMWYzZjk2LzEveVR0S1ZYMVVBTWNIZWt5bzJ6WEd2cmtRTTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9kOWEwMTAtZDVmNy00NjYxLThkMzItZGQwNjExMWYzZjk2
LzEvOVNIaGRQaFBjV1dXSFVHMmpxY21MaWd6ZldrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufYrMA0G
CSqGSIb3DQEBCwUAA4IBAQA3PJuO8UFuWh105THnnZ+Z3wPUehE7ofIAeU1ZJmz7
AGwIRzPEWQaqAMIltByRpr0yw5DdHxEpvjDDQSg78erO22WGpLU6XgU2LVZyVrmd
UzCosUSKb8JH1zkqPWb3ahE6eYhz1v0llUfFSabybw3IXuecr0sI0snPIi/DdX+C
ZO/+GvIfwiSn4mKoCw/2tFbFD/wPjnvwsbNke1YAGxlRUL192selyZL/9CBIEytt
kOLdnkZ73CCPPU4vPRkN6KT2FLNorY9uo2+EhEeJPVrkFn6ghctu5mHp77oF6VRG
9J7Aj0qReB3YHL0lTOvNEZ3Z8n5xGnA0P7auUAH5t9Lm
-----END CERTIFICATE-----