Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/aa4f4e-2e01-46ec-81d1-e623d53f8bb1/1/9rnL1t5Ldor0JB3KN3KrYlnILFc.roa
File:                     9rnL1t5Ldor0JB3KN3KrYlnILFc.roa (raw, json)
Hash identifier:          00esWyqmIW6yBsmGpeX9QfYrAUi9bLeAI/5cffpcKB8=
Subject key identifier:   F6:B9:CB:D6:DE:4B:76:8A:F4:24:1D:CA:37:72:AB:62:59:C8:2C:57
Certificate issuer:       /CN=10e05dabbcf14d53015ab8ff1e4bd7297acb0e77
Certificate serial:       0199785115D5B123DCFB84656D0FBE19FA3F
Authority key identifier: 10:E0:5D:AB:BC:F1:4D:53:01:5A:B8:FF:1E:4B:D7:29:7A:CB:0E:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EOBdq7zxTVMBWrj_HkvXKXrLDnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/aa4f4e-2e01-46ec-81d1-e623d53f8bb1/1/9rnL1t5Ldor0JB3KN3KrYlnILFc.roa
Signing time:             Tue 23 Sep 2025 20:43:23 +0000
ROA not before:           Tue 23 Sep 2025 20:43:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        62.164.198.0/24 maxlen: 24
                          87.199.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/aa4f4e-2e01-46ec-81d1-e623d53f8bb1/1/EOBdq7zxTVMBWrj_HkvXKXrLDnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/aa4f4e-2e01-46ec-81d1-e623d53f8bb1/1/EOBdq7zxTVMBWrj_HkvXKXrLDnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EOBdq7zxTVMBWrj_HkvXKXrLDnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Oct 2025 23:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:78:51:15:d5:b1:23:dc:fb:84:65:6d:0f:be:19:fa:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10e05dabbcf14d53015ab8ff1e4bd7297acb0e77
        Validity
            Not Before: Sep 23 20:43:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6b9cbd6de4b768af4241dca3772ab6259c82c57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:2d:0f:1d:81:67:5a:15:72:68:a2:c1:58:a7:
                    65:2d:c5:29:6b:b3:bf:32:35:46:03:93:05:27:fa:
                    cb:b6:9b:45:79:eb:7e:9f:28:92:a1:ff:8a:d7:88:
                    4a:2e:8f:58:5c:ef:35:2d:90:af:80:38:08:e4:08:
                    12:2b:bc:90:d0:ab:9e:36:38:f3:9b:7b:a4:be:f5:
                    2a:99:1e:59:7d:24:c1:cb:19:88:fd:8d:1b:8b:8e:
                    02:42:76:f1:37:0e:22:4d:68:a1:a9:b2:22:b6:49:
                    f0:fb:aa:ca:ec:ea:bd:8d:9d:63:87:25:a2:48:bc:
                    ed:3e:bf:8b:11:9f:6b:7c:5d:4e:c5:93:2b:30:6d:
                    0c:35:5e:69:20:05:81:df:f0:de:37:19:17:da:57:
                    1b:54:0f:ed:4b:a7:99:b9:23:5b:bf:a1:74:dd:b2:
                    0e:b3:c4:d6:d8:a0:07:2a:48:57:7f:f8:12:8e:e8:
                    d5:a8:3c:19:d1:44:02:97:51:c2:32:46:3b:a4:74:
                    e0:55:11:bb:53:2f:e0:c7:d2:a4:cd:ba:ca:1d:2c:
                    63:19:6d:f6:d8:ea:0f:d1:74:e4:ca:0a:e3:31:c8:
                    5a:a4:9a:44:c8:30:e0:7d:47:eb:75:95:f5:d1:4d:
                    fd:e3:19:91:06:2d:d7:a0:4c:2f:6c:15:06:d9:d1:
                    6f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:B9:CB:D6:DE:4B:76:8A:F4:24:1D:CA:37:72:AB:62:59:C8:2C:57
            X509v3 Authority Key Identifier:
                keyid:10:E0:5D:AB:BC:F1:4D:53:01:5A:B8:FF:1E:4B:D7:29:7A:CB:0E:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EOBdq7zxTVMBWrj_HkvXKXrLDnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/aa4f4e-2e01-46ec-81d1-e623d53f8bb1/1/9rnL1t5Ldor0JB3KN3KrYlnILFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/aa4f4e-2e01-46ec-81d1-e623d53f8bb1/1/EOBdq7zxTVMBWrj_HkvXKXrLDnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.198.0/24
                  87.199.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:5b:0f:18:b6:1e:87:93:18:9d:7c:ef:7d:69:68:d6:e9:1c:
         d4:d0:43:d9:98:2b:0f:f4:7b:a1:5f:90:57:8b:14:a2:d5:e8:
         de:6e:0b:b9:3a:9b:b0:86:11:73:72:b0:a2:b3:ff:35:8c:18:
         ee:95:5c:04:ab:38:e2:a8:0f:d9:b3:7a:44:2d:d3:44:ad:65:
         2a:3f:1b:db:59:08:db:45:72:25:07:05:ee:83:2a:3f:9b:59:
         28:98:65:b7:db:cc:44:73:32:30:89:8c:db:41:43:21:03:94:
         c6:15:12:5d:64:a5:db:f1:fe:42:a6:d5:43:69:dc:60:21:f3:
         f6:36:1c:8d:09:63:89:03:48:a4:2d:eb:a3:26:9f:e8:ea:26:
         b4:89:99:df:73:5d:42:e4:77:bd:67:95:d3:9a:20:71:07:58:
         d4:ca:67:8a:92:3a:85:5a:43:07:9e:37:72:a0:12:13:54:80:
         1c:12:12:ad:3c:44:62:f4:92:6b:fc:49:18:73:06:a5:d3:ca:
         04:30:11:21:ce:32:d8:3d:41:0f:ac:52:9c:82:9e:01:00:7b:
         83:76:46:76:a9:b4:ff:69:d6:0a:bc:97:f9:6d:22:34:44:77:
         f7:fe:ce:83:8b:ef:49:ea:4e:3f:2e:eb:91:65:88:b8:dd:33:
         e2:56:e3:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl4URXVsSPc+4RlbQ++Gfo/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZTA1ZGFiYmNmMTRkNTMwMTVhYjhmZjFlNGJkNzI5N2Fj
YjBlNzcwHhcNMjUwOTIzMjA0MzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmI5Y2JkNmRlNGI3NjhhZjQyNDFkY2EzNzcyYWI2MjU5YzgyYzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7i0PHYFnWhVyaKLBWKdlLcUpa7O/
MjVGA5MFJ/rLtptFeet+nyiSof+K14hKLo9YXO81LZCvgDgI5AgSK7yQ0KueNjjz
m3ukvvUqmR5ZfSTByxmI/Y0bi44CQnbxNw4iTWihqbIitknw+6rK7Oq9jZ1jhyWi
SLztPr+LEZ9rfF1OxZMrMG0MNV5pIAWB3/DeNxkX2lcbVA/tS6eZuSNbv6F03bIO
s8TW2KAHKkhXf/gSjujVqDwZ0UQCl1HCMkY7pHTgVRG7Uy/gx9KkzbrKHSxjGW32
2OoP0XTkygrjMchapJpEyDDgfUfrdZX10U394xmRBi3XoEwvbBUG2dFvQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPa5y9beS3aK9CQdyjdyq2JZyCxXMB8GA1UdIwQY
MBaAFBDgXau88U1TAVq4/x5L1yl6yw53MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRU9CZHE3enhUVk1CV3JqX0hrdlhLWHJMRG5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9hYTRmNGUtMmUwMS00NmVjLTgxZDEt
ZTYyM2Q1M2Y4YmIxLzEvOXJuTDF0NUxkb3IwSkIzS04zS3JZbG5JTEZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9hYTRmNGUtMmUwMS00NmVjLTgxZDEtZTYyM2Q1M2Y4YmIx
LzEvRU9CZHE3enhUVk1CV3JqX0hrdlhLWHJMRG5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPqTGAwQA
V8d/MA0GCSqGSIb3DQEBCwUAA4IBAQAKWw8Yth6HkxidfO99aWjW6RzU0EPZmCsP
9HuhX5BXixSi1ejebgu5OpuwhhFzcrCis/81jBjulVwEqzjiqA/Zs3pELdNErWUq
PxvbWQjbRXIlBwXugyo/m1komGW328xEczIwiYzbQUMhA5TGFRJdZKXb8f5CptVD
adxgIfP2NhyNCWOJA0ikLeujJp/o6ia0iZnfc11C5He9Z5XTmiBxB1jUymeKkjqF
WkMHnjdyoBITVIAcEhKtPERi9JJr/EkYcwal08oEMBEhzjLYPUEPrFKcgp4BAHuD
dkZ2qbT/adYKvJf5bSI0RHf3/s6Di+9J6k4/LuuRZYi43TPiVuMz
-----END CERTIFICATE-----