Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/17b88d-1afc-4407-b018-545dca80bf49/1/p12I-ru8S8FXjKziObzMY5uNEZE.roa
File:                     p12I-ru8S8FXjKziObzMY5uNEZE.roa (raw, json)
Hash identifier:          AoXZbQHCJONRAMAiMe6YpP5PYiXNKcBqe2FpH/bOcvY=
Subject key identifier:   A7:5D:88:FA:BB:BC:4B:C1:57:8C:AC:E2:39:BC:CC:63:9B:8D:11:91
Certificate issuer:       /CN=4410647d952e9121220f414e88a5ddd62bc8237b
Certificate serial:       0197E85A1A6A0D0D120051D3099BA8845365
Authority key identifier: 44:10:64:7D:95:2E:91:21:22:0F:41:4E:88:A5:DD:D6:2B:C8:23:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RBBkfZUukSEiD0FOiKXd1ivII3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/17b88d-1afc-4407-b018-545dca80bf49/1/p12I-ru8S8FXjKziObzMY5uNEZE.roa
Signing time:             Tue 08 Jul 2025 04:45:08 +0000
ROA not before:           Tue 08 Jul 2025 04:45:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208450
IP address blocks:        193.39.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/17b88d-1afc-4407-b018-545dca80bf49/1/RBBkfZUukSEiD0FOiKXd1ivII3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/17b88d-1afc-4407-b018-545dca80bf49/1/RBBkfZUukSEiD0FOiKXd1ivII3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RBBkfZUukSEiD0FOiKXd1ivII3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e8:5a:1a:6a:0d:0d:12:00:51:d3:09:9b:a8:84:53:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4410647d952e9121220f414e88a5ddd62bc8237b
        Validity
            Not Before: Jul  8 04:45:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a75d88fabbbc4bc1578cace239bccc639b8d1191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a1:9a:a5:6f:d9:f1:10:91:ca:c8:2f:d7:ca:
                    ae:3d:ab:57:ee:0b:7d:be:f8:96:ea:66:4a:da:d7:
                    ef:42:65:42:13:59:9d:1f:7b:30:e6:9f:f7:52:52:
                    3b:2f:f9:2d:bf:2e:d4:48:70:24:79:b9:1a:fb:4a:
                    45:8a:2c:80:7f:86:f8:b2:37:c0:33:ea:3c:0f:28:
                    73:aa:f1:e8:6f:70:35:22:67:18:d7:03:2f:e4:ce:
                    da:0d:03:80:38:27:1a:36:9e:5c:a8:ee:7c:14:19:
                    8a:bc:44:16:c2:0d:d3:1e:75:c3:b3:55:f5:4e:ec:
                    7b:db:39:84:f2:62:22:0b:08:88:09:c2:80:11:af:
                    01:b7:9a:ff:2a:6a:68:f9:6f:69:a1:af:55:d4:85:
                    ad:ae:73:f3:c5:4b:75:c2:5d:b0:8d:86:64:71:0f:
                    28:71:70:2e:cf:cc:71:40:05:3b:ed:78:a8:b1:4f:
                    b1:fe:69:6a:a4:fa:93:21:3a:2c:d1:c6:26:1b:94:
                    4f:b8:e6:a5:55:dc:a7:cb:7d:e2:c8:0f:f4:dd:ea:
                    97:f0:aa:38:20:5a:37:72:70:00:7c:6b:13:1b:5d:
                    65:a7:4a:54:1e:82:08:0d:a7:a7:b8:da:8b:bb:b2:
                    8f:b8:fd:7a:2b:8f:54:23:60:3a:f1:42:c4:23:1e:
                    b7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:5D:88:FA:BB:BC:4B:C1:57:8C:AC:E2:39:BC:CC:63:9B:8D:11:91
            X509v3 Authority Key Identifier:
                keyid:44:10:64:7D:95:2E:91:21:22:0F:41:4E:88:A5:DD:D6:2B:C8:23:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RBBkfZUukSEiD0FOiKXd1ivII3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/17b88d-1afc-4407-b018-545dca80bf49/1/p12I-ru8S8FXjKziObzMY5uNEZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/17b88d-1afc-4407-b018-545dca80bf49/1/RBBkfZUukSEiD0FOiKXd1ivII3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:b3:5e:e3:84:d7:96:3b:6c:8f:42:14:28:65:f0:e2:f6:a4:
         44:00:61:30:74:8c:3d:85:76:bd:ad:a8:4b:c5:ee:f1:73:ca:
         e2:70:da:be:ac:90:73:46:4c:21:26:96:36:c6:69:dd:5e:c5:
         48:55:66:2b:db:46:14:23:80:13:8f:14:5a:4e:19:a7:16:da:
         7e:b0:81:95:92:f4:5d:12:06:63:f8:54:ca:da:e6:ae:fa:60:
         a6:92:5f:1e:99:fd:c9:f0:20:65:9e:80:84:cb:01:ec:9c:60:
         bd:c2:bc:e7:62:f1:ed:39:ac:59:a7:08:13:f6:a7:c8:86:a6:
         40:77:96:31:cc:0f:4f:94:c2:7c:f6:b9:89:0a:f1:74:6a:bd:
         6b:d1:97:bf:a4:6d:82:19:13:7b:bf:b0:ea:97:c6:0b:92:20:
         40:0e:ad:52:65:8c:9d:c7:39:78:38:d6:13:2d:9a:0a:da:27:
         5c:eb:20:b1:66:4c:fb:f6:1a:ab:40:0d:63:98:a8:fc:38:92:
         b8:65:2b:40:95:12:d5:0f:cb:ca:3f:0a:52:e3:d4:5e:5a:78:
         87:62:34:7e:55:07:86:f7:9c:69:f3:08:f6:0e:97:31:9e:e2:
         ed:e9:5f:7b:b4:d3:8b:c5:4a:fb:45:b9:16:e6:7a:17:74:ba:
         7a:30:cc:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfoWhpqDQ0SAFHTCZuohFNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MTA2NDdkOTUyZTkxMjEyMjBmNDE0ZTg4YTVkZGQ2MmJj
ODIzN2IwHhcNMjUwNzA4MDQ0NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzVkODhmYWJiYmM0YmMxNTc4Y2FjZTIzOWJjY2M2MzliOGQxMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaGapW/Z8RCRysgv18quPatX7gt9
vviW6mZK2tfvQmVCE1mdH3sw5p/3UlI7L/ktvy7USHAkebka+0pFiiyAf4b4sjfA
M+o8DyhzqvHob3A1ImcY1wMv5M7aDQOAOCcaNp5cqO58FBmKvEQWwg3THnXDs1X1
Tux72zmE8mIiCwiICcKAEa8Bt5r/Kmpo+W9poa9V1IWtrnPzxUt1wl2wjYZkcQ8o
cXAuz8xxQAU77XiosU+x/mlqpPqTITos0cYmG5RPuOalVdyny33iyA/03eqX8Ko4
IFo3cnAAfGsTG11lp0pUHoIIDaenuNqLu7KPuP16K49UI2A68ULEIx63jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKddiPq7vEvBV4ys4jm8zGObjRGRMB8GA1UdIwQY
MBaAFEQQZH2VLpEhIg9BToil3dYryCN7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkJCa2ZaVXVrU0VpRDBGT2lLWGQxaXZJSTNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8xN2I4OGQtMWFmYy00NDA3LWIwMTgt
NTQ1ZGNhODBiZjQ5LzEvcDEySS1ydThTOEZYakt6aU9iek1ZNXVORVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8xN2I4OGQtMWFmYy00NDA3LWIwMTgtNTQ1ZGNhODBiZjQ5
LzEvUkJCa2ZaVXVrU0VpRDBGT2lLWGQxaXZJSTNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSdEMA0G
CSqGSIb3DQEBCwUAA4IBAQAns17jhNeWO2yPQhQoZfDi9qREAGEwdIw9hXa9rahL
xe7xc8ricNq+rJBzRkwhJpY2xmndXsVIVWYr20YUI4ATjxRaThmnFtp+sIGVkvRd
EgZj+FTK2uau+mCmkl8emf3J8CBlnoCEywHsnGC9wrznYvHtOaxZpwgT9qfIhqZA
d5YxzA9PlMJ89rmJCvF0ar1r0Ze/pG2CGRN7v7Dql8YLkiBADq1SZYydxzl4ONYT
LZoK2idc6yCxZkz79hqrQA1jmKj8OJK4ZStAlRLVD8vKPwpS49ReWniHYjR+VQeG
95xp8wj2DpcxnuLt6V97tNOLxUr7RbkW5noXdLp6MMxK
-----END CERTIFICATE-----