Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8xZx71rsIoIQAqojq55upNOd3CU.roa
File:                     8xZx71rsIoIQAqojq55upNOd3CU.roa (raw, json)
Hash identifier:          UBEixEiNZMB6r9ElOJYSwZo9Oq4mz2niVNumRcEZjTs=
Subject key identifier:   F3:16:71:EF:5A:EC:22:82:10:02:AA:23:AB:9E:6E:A4:D3:9D:DC:25
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019961F7F4789B50CACE2F228D85312ADC5C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8xZx71rsIoIQAqojq55upNOd3CU.roa
Signing time:             Fri 19 Sep 2025 12:34:23 +0000
ROA not before:           Fri 19 Sep 2025 12:34:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200113
IP address blocks:        194.87.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:61:f7:f4:78:9b:50:ca:ce:2f:22:8d:85:31:2a:dc:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 19 12:34:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f31671ef5aec22821002aa23ab9e6ea4d39ddc25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ce:03:29:b0:cc:19:ff:82:51:da:4b:5e:fa:
                    0f:7f:e7:ef:21:af:83:2c:05:da:0a:0d:33:bc:d6:
                    bf:07:ca:67:47:22:09:13:7e:b4:f8:02:93:a4:e3:
                    e5:eb:51:6c:8a:10:f0:15:48:70:f6:e4:45:07:26:
                    e2:8d:d1:64:4d:c5:10:4a:14:13:1f:05:5e:45:b2:
                    aa:be:43:e7:c7:d7:b3:02:b4:b6:b6:1d:52:45:f4:
                    81:1c:a2:e6:4d:cd:04:93:63:63:2b:20:c6:d8:f5:
                    c8:9a:e8:e1:e8:7b:3a:6d:63:e1:bb:c5:28:27:3c:
                    7b:0d:51:99:94:a1:de:a0:65:3a:c3:58:4a:00:29:
                    11:3c:27:f8:30:2e:31:9a:38:36:87:64:c6:17:82:
                    37:f6:62:d8:11:84:34:3a:82:81:02:0d:10:07:9a:
                    79:f0:d1:a8:ec:20:76:11:01:ce:a0:42:af:66:c5:
                    31:47:bf:75:fb:80:1f:85:c0:53:2d:76:b0:67:af:
                    f8:b2:15:2f:03:15:10:8b:a4:05:62:d1:71:46:d9:
                    61:69:a0:db:a0:7a:d5:66:1e:88:36:47:bb:28:e3:
                    e2:b5:cf:72:8b:80:be:95:d8:1d:d9:1a:dd:73:dd:
                    02:b0:12:a1:75:40:1b:73:2b:49:97:ee:a0:d4:54:
                    4c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:16:71:EF:5A:EC:22:82:10:02:AA:23:AB:9E:6E:A4:D3:9D:DC:25
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8xZx71rsIoIQAqojq55upNOd3CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:d8:a5:43:a8:de:b8:cf:33:98:dc:60:ca:41:07:dc:56:39:
         f3:e8:f4:d4:83:be:42:85:db:b1:ad:5a:bf:15:59:2e:34:21:
         17:13:49:b9:8f:15:56:eb:db:71:c9:5c:57:ec:33:37:73:d6:
         47:b3:e1:30:48:17:d8:2b:87:8c:f5:ef:33:22:57:a8:33:8a:
         92:ff:79:ee:a2:f7:1e:c1:b8:6c:51:76:02:4a:b8:7f:51:6e:
         fa:bf:31:51:51:fc:b1:86:1d:1f:82:6c:50:52:d3:c0:c2:06:
         d1:fa:ef:70:40:f3:e1:12:fb:0f:7f:19:44:49:82:63:c0:6a:
         fa:c0:5a:cf:73:65:22:7c:bc:7d:e1:f0:16:2e:59:98:dd:a9:
         21:ae:f1:cc:b0:65:4a:1c:e0:1f:b0:32:d6:0f:45:77:f3:88:
         c0:9a:ae:3d:64:f2:6c:6b:e2:77:58:52:3f:f6:34:8e:3a:c6:
         11:d2:7b:c0:36:e6:69:d7:1f:ae:21:fc:d0:45:a1:68:51:c1:
         b6:7e:bc:e8:44:47:7f:73:d0:26:4d:4e:b6:d1:e1:32:13:0f:
         85:af:69:ec:15:3e:06:ee:85:c4:c9:fb:7f:cf:41:24:53:ad:
         fc:3c:6e:2d:af:a3:c3:da:f4:68:97:31:dc:d1:78:f4:d0:6c:
         6b:23:14:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlh9/R4m1DKzi8ijYUxKtxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwOTE5MTIzNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzE2NzFlZjVhZWMyMjgyMTAwMmFhMjNhYjllNmVhNGQzOWRkYzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxM4DKbDMGf+CUdpLXvoPf+fvIa+D
LAXaCg0zvNa/B8pnRyIJE360+AKTpOPl61FsihDwFUhw9uRFBybijdFkTcUQShQT
HwVeRbKqvkPnx9ezArS2th1SRfSBHKLmTc0Ek2NjKyDG2PXImujh6Hs6bWPhu8Uo
Jzx7DVGZlKHeoGU6w1hKACkRPCf4MC4xmjg2h2TGF4I39mLYEYQ0OoKBAg0QB5p5
8NGo7CB2EQHOoEKvZsUxR791+4AfhcBTLXawZ6/4shUvAxUQi6QFYtFxRtlhaaDb
oHrVZh6INke7KOPitc9yi4C+ldgd2Rrdc90CsBKhdUAbcytJl+6g1FRMZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMWce9a7CKCEAKqI6uebqTTndwlMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOHhaeDcxcnNJb0lRQXFvanE1NXVwTk9kM0NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlf7MA0G
CSqGSIb3DQEBCwUAA4IBAQCB2KVDqN64zzOY3GDKQQfcVjnz6PTUg75ChduxrVq/
FVkuNCEXE0m5jxVW69txyVxX7DM3c9ZHs+EwSBfYK4eM9e8zIleoM4qS/3nuovce
wbhsUXYCSrh/UW76vzFRUfyxhh0fgmxQUtPAwgbR+u9wQPPhEvsPfxlESYJjwGr6
wFrPc2UifLx94fAWLlmY3akhrvHMsGVKHOAfsDLWD0V384jAmq49ZPJsa+J3WFI/
9jSOOsYR0nvANuZp1x+uIfzQRaFoUcG2frzoREd/c9AmTU620eEyEw+Fr2nsFT4G
7oXEyft/z0EkU638PG4tr6PD2vRolzHc0Xj00GxrIxR7
-----END CERTIFICATE-----