Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/9ESkLgmI35QN5TpIx_GPZS8Vxio.roa
File:                     9ESkLgmI35QN5TpIx_GPZS8Vxio.roa (raw, json)
Hash identifier:          hdpw919IzbN2ZFHFKuU/1SNfD9sbyLis5zeOuTdE5D4=
Subject key identifier:   F4:44:A4:2E:09:88:DF:94:0D:E5:3A:48:C7:F1:8F:65:2F:15:C6:2A
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       0198EAAE3D6EDA29CA390FF12E41173A9920
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/9ESkLgmI35QN5TpIx_GPZS8Vxio.roa
Signing time:             Wed 27 Aug 2025 08:39:04 +0000
ROA not before:           Wed 27 Aug 2025 08:39:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48108
IP address blocks:        94.247.137.0/24 maxlen: 24
                          193.43.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:ae:3d:6e:da:29:ca:39:0f:f1:2e:41:17:3a:99:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Aug 27 08:39:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f444a42e0988df940de53a48c7f18f652f15c62a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:43:d1:00:0b:a7:3f:1f:cf:7b:08:91:96:0c:
                    20:d4:13:13:41:67:36:1d:5c:a0:03:6b:fe:db:16:
                    75:99:54:86:fa:7e:30:2f:dd:e1:9e:71:3b:15:3f:
                    f4:1b:30:85:8d:94:c1:0a:cf:ba:43:ff:ce:7c:00:
                    03:aa:50:f6:c2:06:84:d4:63:44:ac:ef:a5:7f:e4:
                    57:23:82:6c:42:a3:a8:b3:bb:d1:bb:5d:90:cc:79:
                    ec:1e:3f:35:f8:65:39:62:6e:3e:3b:9d:97:87:8e:
                    88:aa:ea:08:64:a9:03:73:e1:08:db:1e:7c:33:04:
                    e0:bc:2b:de:d6:54:f3:de:40:05:79:2a:70:80:35:
                    ad:d7:6d:5a:d0:32:8b:6e:6a:0e:81:7b:7d:42:b7:
                    e0:a4:65:1f:e6:0d:59:ca:a9:ba:88:46:20:73:1c:
                    ab:bc:cd:4e:f4:47:f7:4a:7e:46:12:c2:8b:c8:81:
                    65:31:c5:e2:42:a9:b7:68:87:ee:d9:e0:67:70:84:
                    34:84:65:4d:2b:73:a3:a4:f6:13:85:e2:cf:b7:01:
                    9c:61:77:d9:98:26:89:d5:6f:2b:ef:47:a8:82:dd:
                    e4:fa:d9:00:04:40:39:a4:36:35:45:33:ff:69:f7:
                    1f:64:53:b8:bb:68:0c:56:a8:d4:27:fc:45:a7:66:
                    b3:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:44:A4:2E:09:88:DF:94:0D:E5:3A:48:C7:F1:8F:65:2F:15:C6:2A
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/9ESkLgmI35QN5TpIx_GPZS8Vxio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.137.0/24
                  193.43.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:72:0a:7d:4f:4a:3e:fd:74:ca:1c:0e:77:0f:63:30:2d:2f:
         26:88:45:4d:61:00:86:62:0b:df:33:a8:1d:b9:2f:a4:40:8d:
         fa:68:67:76:25:5c:2d:cd:78:b7:cf:9b:8e:e1:77:46:cb:97:
         af:55:60:10:97:49:c1:3a:41:3f:1d:a0:2c:e2:03:5e:91:80:
         fc:4e:3c:60:b6:48:02:90:64:ec:cd:04:ef:e2:fb:df:ec:b3:
         f0:c1:ec:c8:bd:f6:f1:3f:9a:20:30:a7:7c:8c:3c:6c:9c:bf:
         14:d7:94:e6:58:88:34:52:0a:3e:6f:f0:98:cb:ec:f5:80:2d:
         99:b7:0e:a0:ea:85:2e:bc:57:b7:63:77:5c:48:96:2d:d1:63:
         3c:2b:f1:33:04:7b:56:fe:4d:fa:93:51:50:bf:64:b3:af:3e:
         86:8d:75:e3:ae:eb:bf:fb:e7:ea:51:b7:7a:1b:00:c1:27:6b:
         4e:5c:69:c9:df:6a:5d:fc:d0:35:fb:0d:3a:f7:b3:e9:5d:51:
         01:a3:63:d4:34:25:46:e6:0d:fb:5c:55:c4:8e:b9:d1:8a:da:
         8a:44:30:b6:c9:ae:83:5d:03:43:de:15:f3:79:97:36:ce:3a:
         8d:ae:e3:35:5e:1d:6b:9d:58:91:d4:88:86:49:09:97:aa:33:
         0e:44:56:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjqrj1u2inKOQ/xLkEXOpkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwODI3MDgzOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDQ0YTQyZTA5ODhkZjk0MGRlNTNhNDhjN2YxOGY2NTJmMTVjNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEPRAAunPx/PewiRlgwg1BMTQWc2
HVygA2v+2xZ1mVSG+n4wL93hnnE7FT/0GzCFjZTBCs+6Q//OfAADqlD2wgaE1GNE
rO+lf+RXI4JsQqOos7vRu12QzHnsHj81+GU5Ym4+O52Xh46IquoIZKkDc+EI2x58
MwTgvCve1lTz3kAFeSpwgDWt121a0DKLbmoOgXt9QrfgpGUf5g1Zyqm6iEYgcxyr
vM1O9Ef3Sn5GEsKLyIFlMcXiQqm3aIfu2eBncIQ0hGVNK3OjpPYTheLPtwGcYXfZ
mCaJ1W8r70eogt3k+tkABEA5pDY1RTP/afcfZFO4u2gMVqjUJ/xFp2az+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPREpC4JiN+UDeU6SMfxj2UvFcYqMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvOUVTa0xnbUkzNVFONVRwSXhfR1BaUzhWeGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXveJAwQA
wSuSMA0GCSqGSIb3DQEBCwUAA4IBAQCgcgp9T0o+/XTKHA53D2MwLS8miEVNYQCG
YgvfM6gduS+kQI36aGd2JVwtzXi3z5uO4XdGy5evVWAQl0nBOkE/HaAs4gNekYD8
TjxgtkgCkGTszQTv4vvf7LPwwezIvfbxP5ogMKd8jDxsnL8U15TmWIg0Ugo+b/CY
y+z1gC2Ztw6g6oUuvFe3Y3dcSJYt0WM8K/EzBHtW/k36k1FQv2Szrz6GjXXjruu/
++fqUbd6GwDBJ2tOXGnJ32pd/NA1+w0697PpXVEBo2PUNCVG5g37XFXEjrnRitqK
RDC2ya6DXQND3hXzeZc2zjqNruM1Xh1rnViR1IiGSQmXqjMORFa1
-----END CERTIFICATE-----