Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/rzEyU1qiW9hrGbVFk70_EtQUjbw.roa
File:                     rzEyU1qiW9hrGbVFk70_EtQUjbw.roa (raw, json)
Hash identifier:          yLz2oSWmUqX8SEVCuP3O/znSQEWAkt24x3VFdTjFqCg=
Subject key identifier:   AF:31:32:53:5A:A2:5B:D8:6B:19:B5:45:93:BD:3F:12:D4:14:8D:BC
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019A58155050C4FE4B787F63825BBB37C9DE
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/rzEyU1qiW9hrGbVFk70_EtQUjbw.roa
Signing time:             Thu 06 Nov 2025 07:33:03 +0000
ROA not before:           Thu 06 Nov 2025 07:33:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208185
IP address blocks:        195.211.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Nov 2025 12:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:58:15:50:50:c4:fe:4b:78:7f:63:82:5b:bb:37:c9:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov  6 07:33:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af3132535aa25bd86b19b54593bd3f12d4148dbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:72:57:2a:a6:a2:42:63:34:81:62:89:19:09:
                    be:35:31:5e:b3:96:8e:83:90:57:9b:10:50:43:73:
                    29:0f:8f:17:81:e6:af:e0:dc:5d:8c:3a:d3:c0:8c:
                    53:ec:92:37:fa:cc:83:d5:6a:d2:ae:c4:10:f4:cc:
                    8f:d5:dc:ab:8b:8b:56:03:c2:0d:b1:4c:ea:af:52:
                    0e:a0:91:a5:e0:04:45:f2:2b:77:76:d1:2c:78:1a:
                    0c:43:25:45:67:ef:28:cb:ec:ff:f6:de:58:01:5a:
                    60:22:cf:b1:ae:b0:e5:1d:74:83:6b:b1:a3:ad:9d:
                    85:91:17:d9:93:34:73:ef:6a:b4:a1:33:98:e0:ac:
                    09:42:dc:07:24:25:e2:32:64:5b:3b:2d:2c:f4:8d:
                    8b:89:e0:07:06:c2:d8:76:bd:cd:56:7c:af:b1:ea:
                    e1:c7:be:dd:97:8d:73:ee:b8:7b:3c:5d:92:d1:e4:
                    bc:6a:f2:d4:1c:7b:be:9d:f1:34:e3:f9:88:09:6c:
                    5e:6d:88:fc:02:1e:38:c6:cd:c1:4c:39:f6:96:6e:
                    a2:d1:4a:ae:36:9c:37:82:32:eb:c4:98:75:df:ce:
                    b8:b0:3e:3e:4a:fe:3d:d9:6b:07:53:47:ec:c0:d8:
                    15:b9:c2:5e:22:0b:4b:c9:15:25:d2:e3:9a:af:20:
                    ab:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:31:32:53:5A:A2:5B:D8:6B:19:B5:45:93:BD:3F:12:D4:14:8D:BC
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/rzEyU1qiW9hrGbVFk70_EtQUjbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:28:7a:91:c1:ad:12:cc:96:26:36:5a:04:98:61:28:39:9f:
         5c:a4:df:9a:51:4f:8e:67:ca:d0:76:1a:6d:c7:d8:a4:8b:bf:
         38:db:e8:9b:42:df:95:f9:38:92:4e:78:b7:b6:52:36:8e:9b:
         69:28:26:2a:50:38:c1:69:c3:31:4f:34:c4:9e:94:56:ba:cb:
         8e:c1:e8:74:35:3c:58:45:91:9d:e2:c5:87:e8:4d:66:e3:98:
         e6:39:09:1f:c2:ea:44:88:d8:d9:dd:43:e2:ff:81:a4:80:4c:
         38:2d:f8:07:0f:18:29:ed:df:f0:31:fe:eb:bd:63:2c:18:63:
         ed:e9:de:f8:d2:52:35:2e:cf:9c:28:6a:35:ac:af:d5:4f:05:
         a7:12:48:e4:6b:74:9a:f3:d9:73:e5:51:99:33:2a:c5:08:d4:
         59:e5:f6:f9:aa:af:49:df:68:b5:d3:df:7a:98:58:dc:a2:d3:
         8a:a9:04:44:22:8b:f5:13:59:6d:68:f9:53:2d:ad:e8:48:32:
         6d:be:18:32:a8:ec:51:7d:f7:11:b4:12:12:db:ae:94:6a:9d:
         95:85:0b:96:41:88:8c:b7:c0:d1:1d:5b:bd:08:56:03:c9:0e:
         6c:a4:41:73:38:ba:e3:99:e3:29:75:94:1d:cd:dc:3f:45:c8:
         70:e4:61:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpYFVBQxP5LeH9jglu7N8neMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUxMTA2MDczMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjMxMzI1MzVhYTI1YmQ4NmIxOWI1NDU5M2JkM2YxMmQ0MTQ4ZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHJXKqaiQmM0gWKJGQm+NTFes5aO
g5BXmxBQQ3MpD48Xgeav4NxdjDrTwIxT7JI3+syD1WrSrsQQ9MyP1dyri4tWA8IN
sUzqr1IOoJGl4ARF8it3dtEseBoMQyVFZ+8oy+z/9t5YAVpgIs+xrrDlHXSDa7Gj
rZ2FkRfZkzRz72q0oTOY4KwJQtwHJCXiMmRbOy0s9I2LieAHBsLYdr3NVnyvserh
x77dl41z7rh7PF2S0eS8avLUHHu+nfE04/mICWxebYj8Ah44xs3BTDn2lm6i0Uqu
Npw3gjLrxJh13864sD4+Sv492WsHU0fswNgVucJeIgtLyRUl0uOaryCrkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8xMlNaolvYaxm1RZO9PxLUFI28MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvcnpFeVUxcWlXOWhyR2JWRms3MF9FdFFVamJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9O8MA0G
CSqGSIb3DQEBCwUAA4IBAQCPKHqRwa0SzJYmNloEmGEoOZ9cpN+aUU+OZ8rQdhpt
x9iki7842+ibQt+V+TiSTni3tlI2jptpKCYqUDjBacMxTzTEnpRWusuOweh0NTxY
RZGd4sWH6E1m45jmOQkfwupEiNjZ3UPi/4GkgEw4LfgHDxgp7d/wMf7rvWMsGGPt
6d740lI1Ls+cKGo1rK/VTwWnEkjka3Sa89lz5VGZMyrFCNRZ5fb5qq9J32i10996
mFjcotOKqQREIov1E1ltaPlTLa3oSDJtvhgyqOxRffcRtBIS266Uap2VhQuWQYiM
t8DRHVu9CFYDyQ5spEFzOLrjmeMpdZQdzdw/Rchw5GHc
-----END CERTIFICATE-----