Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/1-p17K9mCY1yiPSOmK9X8eFCbIhc.roa
File:                     1-p17K9mCY1yiPSOmK9X8eFCbIhc.roa (raw, json)
Hash identifier:          W22mCavlh9F0taX6HuqsIH4NEjYPA6k+pcNQ5RKG1dQ=
Subject key identifier:   FA:9D:7B:2B:D9:82:63:5C:A2:3D:23:A6:2B:D5:FC:78:50:9B:22:17
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019A0749B8E5839BECBBDFD804BACB938E4E
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/1-p17K9mCY1yiPSOmK9X8eFCbIhc.roa
Signing time:             Tue 21 Oct 2025 15:01:03 +0000
ROA not before:           Tue 21 Oct 2025 15:01:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        79.175.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:07:49:b8:e5:83:9b:ec:bb:df:d8:04:ba:cb:93:8e:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 21 15:01:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa9d7b2bd982635ca23d23a62bd5fc78509b2217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8f:d0:2b:ca:e0:55:c5:28:b7:b4:48:73:f9:
                    b9:c6:54:f5:ba:c0:4c:23:b6:ca:a4:3d:98:e2:1e:
                    c3:0e:9b:c9:22:ae:69:fb:87:1f:fc:5f:8f:31:06:
                    b3:79:35:f8:c5:dc:31:92:97:c3:f0:6e:33:f9:14:
                    9c:86:45:86:f7:64:c7:34:e0:88:9f:51:69:90:31:
                    96:33:08:38:1a:4d:d7:58:91:cb:79:18:cd:ec:77:
                    c8:ca:37:fe:42:b9:d7:cb:e7:b8:46:60:4c:d9:70:
                    79:7b:93:f0:0a:14:bf:b0:73:33:42:98:81:51:8d:
                    b8:63:40:04:0a:70:0e:84:9e:2e:a3:ce:9d:04:88:
                    12:5d:20:c3:35:81:3c:cd:1e:1d:12:f4:a0:b3:81:
                    bd:de:cc:9a:81:8c:1f:3e:2c:84:d9:0c:ef:bf:da:
                    1c:1e:76:9d:82:6b:4e:17:6e:60:6b:ab:74:38:79:
                    21:9b:40:9e:f7:5d:8b:c2:af:4d:d7:45:8a:6b:88:
                    50:08:80:c4:a9:fc:44:2f:8c:0f:08:d7:16:92:d2:
                    4d:af:32:93:f1:8f:62:55:9e:24:ad:40:48:da:1a:
                    c1:ab:70:a3:ec:99:d0:91:a1:45:4e:32:a0:07:84:
                    3e:d5:b7:7e:1c:e3:1b:7d:e7:9c:68:b4:43:5b:ab:
                    2c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:9D:7B:2B:D9:82:63:5C:A2:3D:23:A6:2B:D5:FC:78:50:9B:22:17
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/1-p17K9mCY1yiPSOmK9X8eFCbIhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:e6:51:9d:f9:c7:83:69:47:5f:cc:0c:c3:a2:20:7e:20:c6:
         44:7f:36:ef:e7:3d:0b:28:8e:ee:14:d0:7f:8b:72:2d:e6:52:
         e5:51:85:c2:af:8c:ac:4d:75:94:05:85:b7:f5:ae:e4:5b:79:
         d8:e7:e8:f4:fa:53:e4:2b:ea:a7:7a:01:3b:91:4d:a5:eb:c1:
         46:81:19:8c:95:29:b2:00:10:e0:24:6d:7d:e1:a8:63:e5:14:
         6f:9b:c1:e6:17:54:17:fd:9c:ed:9b:e9:57:96:56:0e:5f:c2:
         98:3c:e9:7e:63:bd:4e:05:1f:4f:42:2b:63:f9:b4:ed:83:af:
         9a:77:38:49:72:e7:a6:7b:ab:4b:12:36:72:bd:28:17:1f:27:
         bb:a1:bb:ea:32:ae:fd:07:32:a7:ba:c2:cd:e5:e6:13:78:0e:
         49:75:87:b7:38:a4:02:3e:ad:ed:37:54:5d:0d:98:3f:64:9f:
         cf:da:52:1a:a2:0c:53:be:62:48:9e:3a:c8:22:09:ab:30:61:
         65:5c:b0:37:f2:b6:08:75:94:4c:68:e8:63:ac:e7:ed:e0:cf:
         5d:89:aa:a4:77:44:30:58:30:53:32:cc:40:f2:d1:fd:1d:14:
         8a:02:0d:a7:dc:a4:94:de:c9:24:06:c3:9d:61:bd:35:40:46:
         e4:3d:5a:0e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZoHSbjlg5vsu9/YBLrLk45OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDIxMTUwMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTlkN2IyYmQ5ODI2MzVjYTIzZDIzYTYyYmQ1ZmM3ODUwOWIyMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAno/QK8rgVcUot7RIc/m5xlT1usBM
I7bKpD2Y4h7DDpvJIq5p+4cf/F+PMQazeTX4xdwxkpfD8G4z+RSchkWG92THNOCI
n1FpkDGWMwg4Gk3XWJHLeRjN7HfIyjf+QrnXy+e4RmBM2XB5e5PwChS/sHMzQpiB
UY24Y0AECnAOhJ4uo86dBIgSXSDDNYE8zR4dEvSgs4G93syagYwfPiyE2Qzvv9oc
HnadgmtOF25ga6t0OHkhm0Ce912Lwq9N10WKa4hQCIDEqfxEL4wPCNcWktJNrzKT
8Y9iVZ4krUBI2hrBq3Cj7JnQkaFFTjKgB4Q+1bd+HOMbfeecaLRDW6ssWQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPqdeyvZgmNcoj0jpivV/HhQmyIXMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvMS1wMTdLOW1DWTF5aVBTT21LOVg4ZUZDYkloYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzYvZGRmOGIzLTFjMDgtNDk1Yy04ZGRmLWZhZTVkYmVkM2Ix
Yi8xL2I0VGtjNHB3NmpuQWpPOGhCREt1T1o3SDZSVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE+vczAN
BgkqhkiG9w0BAQsFAAOCAQEAX+ZRnfnHg2lHX8wMw6IgfiDGRH827+c9CyiO7hTQ
f4tyLeZS5VGFwq+MrE11lAWFt/Wu5Ft52Ofo9PpT5Cvqp3oBO5FNpevBRoEZjJUp
sgAQ4CRtfeGoY+UUb5vB5hdUF/2c7ZvpV5ZWDl/CmDzpfmO9TgUfT0IrY/m07YOv
mnc4SXLnpnurSxI2cr0oFx8nu6G76jKu/Qcyp7rCzeXmE3gOSXWHtzikAj6t7TdU
XQ2YP2Sfz9pSGqIMU75iSJ46yCIJqzBhZVywN/K2CHWUTGjoY6zn7eDPXYmqpHdE
MFgwUzLMQPLR/R0UigINp9yklN7JJAbDnWG9NUBG5D1aDg==
-----END CERTIFICATE-----