Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QQzv4IxQd2u3n3RHYNGj0hJFiFo.roa
File:                     QQzv4IxQd2u3n3RHYNGj0hJFiFo.roa (raw, json)
Hash identifier:          D+veOlVOXBeLZs1ZsvWj8IqSlbWB1oWqLNDk9LZ6hp8=
Subject key identifier:   41:0C:EF:E0:8C:50:77:6B:B7:9F:74:47:60:D1:A3:D2:12:45:88:5A
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0199249E16DEB1C153E5057F337FDF0E9D7A
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QQzv4IxQd2u3n3RHYNGj0hJFiFo.roa
Signing time:             Sun 07 Sep 2025 14:39:24 +0000
ROA not before:           Sun 07 Sep 2025 14:39:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213887
IP address blocks:        193.233.134.0/24 maxlen: 24
                          193.233.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 17:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:24:9e:16:de:b1:c1:53:e5:05:7f:33:7f:df:0e:9d:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Sep  7 14:39:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=410cefe08c50776bb79f744760d1a3d21245885a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f6:41:94:a8:98:e2:cf:43:53:0a:27:46:3c:
                    f0:76:5c:c1:6a:30:d4:02:66:d8:7e:10:6a:d1:63:
                    3d:08:b6:e4:eb:aa:aa:d9:a9:d6:8a:d0:6b:d6:8c:
                    7f:4e:22:4d:b4:5a:42:d9:59:64:90:43:29:89:4b:
                    80:8e:91:fb:7f:3a:81:31:98:a7:78:77:6d:4d:8f:
                    cb:15:41:f7:b6:3c:4f:aa:00:de:7e:f1:72:37:bd:
                    b4:59:f9:55:da:45:41:6f:7a:dd:1b:fc:17:3f:c8:
                    b5:c9:12:53:5a:6f:99:15:11:b0:26:29:ec:74:8a:
                    c4:76:50:f2:28:be:52:97:8d:12:eb:b2:e9:04:00:
                    e7:37:13:01:7e:d3:ad:46:09:1d:05:f1:be:9d:90:
                    75:d6:b6:b6:49:56:fc:34:c4:3e:ef:09:e9:43:d9:
                    a0:10:46:d3:aa:c5:80:43:6e:7a:43:c0:85:53:26:
                    18:27:bf:19:e9:ab:60:20:d8:b2:de:46:af:94:58:
                    c1:2b:78:6d:fe:98:01:6f:22:78:e6:32:9d:4b:3a:
                    5d:6b:a9:41:b9:12:e4:ad:3c:0c:d3:38:14:c0:d7:
                    5b:e7:4a:d3:85:b2:93:44:87:6c:26:ed:f8:6f:12:
                    21:82:d3:ac:52:37:9e:60:17:49:a0:e3:4e:a0:f3:
                    d6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:0C:EF:E0:8C:50:77:6B:B7:9F:74:47:60:D1:A3:D2:12:45:88:5A
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QQzv4IxQd2u3n3RHYNGj0hJFiFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.134.0/24
                  193.233.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:5a:35:2d:c0:bf:1c:ff:d9:cb:b7:95:35:26:e3:61:13:ec:
         a9:1f:ca:0d:47:f5:75:6d:89:7d:64:c2:68:80:b2:56:3a:8c:
         20:9b:7d:39:d7:c0:88:6a:51:b7:9e:87:56:be:cd:f8:cb:94:
         d7:4c:c2:71:6d:d3:27:eb:bc:28:21:ea:df:71:12:5c:40:bd:
         cd:19:3c:3f:4a:48:93:a9:10:46:5f:c4:ee:9d:ef:7e:f1:7a:
         bf:8f:a8:fd:ef:ff:b4:0f:95:25:21:89:b2:08:2d:46:30:89:
         8c:d7:76:49:8e:8c:23:d4:af:c2:cb:45:33:f1:b1:92:e0:69:
         c1:18:9f:f1:14:95:2d:1f:3e:7b:33:dc:df:05:09:42:3c:58:
         98:df:5c:50:d5:5d:da:1a:81:3a:5a:c5:df:0c:d2:bb:4e:c0:
         0c:2d:55:ac:5d:36:51:f8:64:ce:e3:9a:99:5d:16:93:49:34:
         8a:90:17:7c:74:93:dc:2a:90:ad:b7:5d:d7:21:13:ea:7d:d3:
         ff:05:ff:4f:0b:7f:df:3e:9c:64:0c:6a:ca:bb:96:6a:c7:c2:
         d9:29:16:f9:1c:e9:4f:c1:f9:72:c9:b2:04:56:05:62:ab:52:
         fb:05:08:84:81:9b:95:45:b9:3a:97:eb:06:03:8a:6e:e0:94:
         9f:b4:21:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkknhbescFT5QV/M3/fDp16MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwOTA3MTQzOTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTBjZWZlMDhjNTA3NzZiYjc5Zjc0NDc2MGQxYTNkMjEyNDU4ODVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfZBlKiY4s9DUwonRjzwdlzBajDU
AmbYfhBq0WM9CLbk66qq2anWitBr1ox/TiJNtFpC2VlkkEMpiUuAjpH7fzqBMZin
eHdtTY/LFUH3tjxPqgDefvFyN720WflV2kVBb3rdG/wXP8i1yRJTWm+ZFRGwJins
dIrEdlDyKL5Sl40S67LpBADnNxMBftOtRgkdBfG+nZB11ra2SVb8NMQ+7wnpQ9mg
EEbTqsWAQ256Q8CFUyYYJ78Z6atgINiy3kavlFjBK3ht/pgBbyJ45jKdSzpda6lB
uRLkrTwM0zgUwNdb50rThbKTRIdsJu34bxIhgtOsUjeeYBdJoONOoPPW3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEEM7+CMUHdrt590R2DRo9ISRYhaMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvUVF6djRJeFFkMnUzbjNSSFlOR2owaEpGaUZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwemGAwQA
wen+MA0GCSqGSIb3DQEBCwUAA4IBAQBbWjUtwL8c/9nLt5U1JuNhE+ypH8oNR/V1
bYl9ZMJogLJWOowgm30518CIalG3nodWvs34y5TXTMJxbdMn67woIerfcRJcQL3N
GTw/SkiTqRBGX8Tune9+8Xq/j6j97/+0D5UlIYmyCC1GMImM13ZJjowj1K/Cy0Uz
8bGS4GnBGJ/xFJUtHz57M9zfBQlCPFiY31xQ1V3aGoE6WsXfDNK7TsAMLVWsXTZR
+GTO45qZXRaTSTSKkBd8dJPcKpCtt13XIRPqfdP/Bf9PC3/fPpxkDGrKu5Zqx8LZ
KRb5HOlPwflyybIEVgViq1L7BQiEgZuVRbk6l+sGA4pu4JSftCG8
-----END CERTIFICATE-----