Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7N8E9xDcziyjm3k4Xg6i1XjMb_c.roa
File:                     7N8E9xDcziyjm3k4Xg6i1XjMb_c.roa (raw, json)
Hash identifier:          PgJ31k8h+BA+LiyEmgsqG9i1pYIyRDjbh23Tso2lfKk=
Subject key identifier:   EC:DF:04:F7:10:DC:CE:2C:A3:9B:79:38:5E:0E:A2:D5:78:CC:6F:F7
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019740441B3867854F2219FAE95226AAF120
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7N8E9xDcziyjm3k4Xg6i1XjMb_c.roa
Signing time:             Thu 05 Jun 2025 13:24:54 +0000
ROA not before:           Thu 05 Jun 2025 13:24:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199785
IP address blocks:        193.233.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:44:1b:38:67:85:4f:22:19:fa:e9:52:26:aa:f1:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jun  5 13:24:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecdf04f710dcce2ca39b79385e0ea2d578cc6ff7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6b:19:d2:5f:b8:cd:c8:86:20:99:3b:aa:40:
                    f4:2f:40:ab:e4:e2:0f:e9:a1:cf:7c:16:b0:53:8e:
                    eb:c1:e7:e2:9e:b3:89:69:a3:ca:52:9e:20:e4:95:
                    4e:a4:c2:a0:6c:9b:f4:87:33:72:cf:46:20:21:2d:
                    36:ad:d3:22:aa:26:56:e6:a3:4b:13:16:4e:59:9c:
                    98:94:d0:52:33:94:84:c5:9f:2d:47:c7:bd:ae:c5:
                    74:93:7d:68:80:bc:d2:a1:72:73:ef:00:a9:0c:67:
                    87:93:df:7b:1b:5b:c8:e8:81:06:9c:05:5a:69:7a:
                    7c:b1:57:36:b4:43:72:e1:fc:3b:86:15:c4:d3:49:
                    5c:76:2a:45:9e:ce:dc:c5:ef:30:35:22:e9:08:2a:
                    6c:65:91:61:ad:aa:06:15:31:ce:fc:68:b2:74:87:
                    1e:9e:b7:9b:bf:4d:53:38:e3:f0:1c:e7:69:78:57:
                    fc:76:74:f1:7c:ac:ff:1a:eb:8c:11:bb:8e:b5:f4:
                    aa:98:62:35:e9:47:df:6e:fc:15:6b:f3:93:91:c3:
                    9b:37:92:8c:af:75:3c:c3:32:c2:e3:e4:3a:43:99:
                    ed:e7:41:e7:71:23:97:67:4f:8a:09:e5:70:74:d0:
                    6b:13:6c:64:74:d8:ae:24:22:fb:1b:55:52:33:41:
                    7c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:DF:04:F7:10:DC:CE:2C:A3:9B:79:38:5E:0E:A2:D5:78:CC:6F:F7
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7N8E9xDcziyjm3k4Xg6i1XjMb_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:81:4f:00:7d:3b:44:73:b0:84:76:19:ca:e3:8a:a0:75:6c:
         fe:18:42:3d:55:d9:7d:ee:b1:a0:7b:a9:b5:95:03:d6:61:1b:
         69:4f:2a:34:7f:95:d9:db:5b:b9:d0:f9:ff:af:0c:47:cf:75:
         d2:72:29:05:1a:77:45:9e:56:90:f8:76:73:7f:9f:5f:3f:69:
         66:9a:ad:4b:71:20:de:2a:c4:67:f7:c2:bb:d4:6d:5d:f1:61:
         e2:93:ad:46:17:b1:e8:be:1d:36:5c:0e:95:d5:6b:b6:8e:0f:
         47:32:a0:13:d3:ee:61:e2:ac:36:8a:f0:6d:31:a8:0c:e1:b2:
         19:30:36:ea:6d:ad:df:c9:00:64:9e:db:49:de:7c:c6:50:8c:
         d7:38:f6:67:a0:ee:1e:49:da:0e:16:87:4c:5d:6a:f4:11:5a:
         05:c1:80:7c:c9:3d:d3:5e:ab:b2:fc:f7:6e:13:97:a4:74:f3:
         44:ab:e2:bf:dd:09:ae:fc:69:8a:81:89:41:fc:7d:05:cb:6d:
         8d:54:db:8b:53:1c:f0:e4:75:91:6a:ee:d0:d8:93:b5:9e:aa:
         86:11:b1:39:28:8f:89:24:8b:de:4b:80:59:55:90:98:e3:02:
         13:fc:80:c0:a4:98:11:68:a1:7c:b4:ae:a3:5f:a9:d4:5b:be:
         9a:9d:53:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdARBs4Z4VPIhn66VImqvEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwNjA1MTMyNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2RmMDRmNzEwZGNjZTJjYTM5Yjc5Mzg1ZTBlYTJkNTc4Y2M2ZmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGsZ0l+4zciGIJk7qkD0L0Cr5OIP
6aHPfBawU47rwefinrOJaaPKUp4g5JVOpMKgbJv0hzNyz0YgIS02rdMiqiZW5qNL
ExZOWZyYlNBSM5SExZ8tR8e9rsV0k31ogLzSoXJz7wCpDGeHk997G1vI6IEGnAVa
aXp8sVc2tENy4fw7hhXE00lcdipFns7cxe8wNSLpCCpsZZFhraoGFTHO/GiydIce
nrebv01TOOPwHOdpeFf8dnTxfKz/GuuMEbuOtfSqmGI16UffbvwVa/OTkcObN5KM
r3U8wzLC4+Q6Q5nt50HncSOXZ0+KCeVwdNBrE2xkdNiuJCL7G1VSM0F8LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzfBPcQ3M4so5t5OF4OotV4zG/3MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvN044RTl4RGN6aXlqbTNrNFhnNmkxWGpNYl9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwelWMA0G
CSqGSIb3DQEBCwUAA4IBAQA+gU8AfTtEc7CEdhnK44qgdWz+GEI9Vdl97rGge6m1
lQPWYRtpTyo0f5XZ21u50Pn/rwxHz3XScikFGndFnlaQ+HZzf59fP2lmmq1LcSDe
KsRn98K71G1d8WHik61GF7Hovh02XA6V1Wu2jg9HMqAT0+5h4qw2ivBtMagM4bIZ
MDbqba3fyQBknttJ3nzGUIzXOPZnoO4eSdoOFodMXWr0EVoFwYB8yT3TXquy/Pdu
E5ekdPNEq+K/3Qmu/GmKgYlB/H0Fy22NVNuLUxzw5HWRau7Q2JO1nqqGEbE5KI+J
JIveS4BZVZCY4wIT/IDApJgRaKF8tK6jX6nUW76anVON
-----END CERTIFICATE-----