Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/xY27QQkLnZ1CFYPkNRnlg2uzEHs.roa
File:                     xY27QQkLnZ1CFYPkNRnlg2uzEHs.roa (raw, json)
Hash identifier:          PQiNovy5zghm0pctHsesA3K/Z4xfX1dgnUxPsPukk5k=
Subject key identifier:   C5:8D:BB:41:09:0B:9D:9D:42:15:83:E4:35:19:E5:83:6B:B3:10:7B
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       01993D7C88279004859E5BDAD1958CD7D232
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/xY27QQkLnZ1CFYPkNRnlg2uzEHs.roa
Signing time:             Fri 12 Sep 2025 10:33:15 +0000
ROA not before:           Fri 12 Sep 2025 10:33:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210907
IP address blocks:        212.116.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:7c:88:27:90:04:85:9e:5b:da:d1:95:8c:d7:d2:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Sep 12 10:33:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c58dbb41090b9d9d421583e43519e5836bb3107b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bb:48:53:b1:85:ca:b3:e9:68:73:27:2e:ac:
                    72:53:a2:7c:e2:0e:ed:f8:dc:12:96:b3:e0:e9:77:
                    81:3f:b6:fd:87:aa:53:1e:70:a8:92:3a:7a:d0:b9:
                    98:4f:d4:e3:c8:95:4e:67:1d:b9:f4:49:f7:41:35:
                    92:5b:d2:84:a6:b7:c6:d0:f8:6e:31:5c:f4:8e:c2:
                    f9:70:04:c0:59:be:52:d9:0a:d0:bd:8d:b3:07:a3:
                    f7:f7:76:bd:93:64:21:07:56:2d:ae:00:5f:10:04:
                    9a:55:df:82:97:3d:75:7a:33:c7:0f:94:6c:b9:ea:
                    00:e2:c8:e6:2f:e6:4c:4b:b9:12:41:c8:11:97:6d:
                    0a:29:0f:b1:47:e4:83:3f:6e:36:4c:7f:52:cc:1b:
                    3f:dd:c6:9a:4f:53:e1:a9:f9:f5:4d:26:67:1e:a6:
                    a9:73:75:d5:3b:ca:77:6f:09:4a:bf:be:d6:fd:d0:
                    f9:b5:0b:64:ac:d1:fd:fd:a1:2c:46:05:c1:f1:f6:
                    11:0e:c6:a7:91:a7:a5:4b:bc:a5:30:3f:4e:1d:34:
                    a0:74:3c:18:b0:2e:21:6c:5c:5b:28:4d:88:c9:78:
                    4e:d9:64:a9:2c:74:5e:19:01:76:2a:a9:33:e9:76:
                    41:06:75:90:cc:37:19:83:33:64:8d:82:59:44:76:
                    69:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:8D:BB:41:09:0B:9D:9D:42:15:83:E4:35:19:E5:83:6B:B3:10:7B
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/xY27QQkLnZ1CFYPkNRnlg2uzEHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:3c:2f:73:83:34:41:aa:53:08:e9:7a:2f:6a:f4:b5:1e:17:
         a5:57:c8:03:28:20:95:35:0f:d2:63:40:14:41:fa:f5:e4:42:
         17:f7:1a:e5:62:99:54:57:8c:7c:df:e9:71:20:4f:a5:fe:4e:
         ab:fb:0d:8f:2c:0a:13:1a:50:33:49:57:e6:fc:b4:e6:ae:96:
         ca:29:28:8f:42:e8:e0:eb:12:c2:30:49:be:4f:ff:3e:94:c0:
         0a:9d:5a:71:75:47:8b:15:92:ee:93:6d:a5:da:eb:77:12:d3:
         a0:90:27:7b:14:93:0f:a4:87:bf:ec:49:39:b0:1d:66:8b:dc:
         c8:b3:6d:92:5a:1b:c0:55:f0:47:01:15:cb:61:65:ad:a8:43:
         22:28:38:1e:1d:e8:15:55:c5:d5:71:2b:3b:a3:3e:61:4e:5d:
         f6:b7:31:53:f1:b0:d3:bb:77:d2:5a:0d:57:9e:8a:c3:4d:29:
         0d:a7:dc:18:01:75:a2:6d:29:09:0e:35:82:f8:80:98:e0:92:
         29:58:d4:4d:8d:d9:72:ee:83:24:03:4d:90:3b:d2:13:20:d6:
         48:ae:c8:86:47:07:dd:25:1a:82:27:79:02:40:07:ed:44:58:
         38:a5:d2:21:67:c3:ca:df:f0:a9:a8:e6:e8:19:b7:e7:e3:87:
         ca:00:b9:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk9fIgnkASFnlva0ZWM19IyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwOTEyMTAzMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNThkYmI0MTA5MGI5ZDlkNDIxNTgzZTQzNTE5ZTU4MzZiYjMxMDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbtIU7GFyrPpaHMnLqxyU6J84g7t
+NwSlrPg6XeBP7b9h6pTHnCokjp60LmYT9TjyJVOZx259En3QTWSW9KEprfG0Phu
MVz0jsL5cATAWb5S2QrQvY2zB6P393a9k2QhB1YtrgBfEASaVd+Clz11ejPHD5Rs
ueoA4sjmL+ZMS7kSQcgRl20KKQ+xR+SDP242TH9SzBs/3caaT1Phqfn1TSZnHqap
c3XVO8p3bwlKv77W/dD5tQtkrNH9/aEsRgXB8fYRDsankaelS7ylMD9OHTSgdDwY
sC4hbFxbKE2IyXhO2WSpLHReGQF2Kqkz6XZBBnWQzDcZgzNkjYJZRHZpEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWNu0EJC52dQhWD5DUZ5YNrsxB7MB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEveFkyN1FRa0xuWjFDRllQa05SbmxnMnV6RUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HT2MA0G
CSqGSIb3DQEBCwUAA4IBAQCyPC9zgzRBqlMI6XovavS1HhelV8gDKCCVNQ/SY0AU
Qfr15EIX9xrlYplUV4x83+lxIE+l/k6r+w2PLAoTGlAzSVfm/LTmrpbKKSiPQujg
6xLCMEm+T/8+lMAKnVpxdUeLFZLuk22l2ut3EtOgkCd7FJMPpIe/7Ek5sB1mi9zI
s22SWhvAVfBHARXLYWWtqEMiKDgeHegVVcXVcSs7oz5hTl32tzFT8bDTu3fSWg1X
norDTSkNp9wYAXWibSkJDjWC+ICY4JIpWNRNjdly7oMkA02QO9ITINZIrsiGRwfd
JRqCJ3kCQAftRFg4pdIhZ8PK3/CpqOboGbfn44fKALna
-----END CERTIFICATE-----