Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/cPzAS9PkBfr7uTklH6pMAHjM0jU.roa
File:                     cPzAS9PkBfr7uTklH6pMAHjM0jU.roa (raw, json)
Hash identifier:          iMIz+g7b3yiebbeZ0I0LYy0ZQO9HvWXui1RvWFMl9nc=
Subject key identifier:   70:FC:C0:4B:D3:E4:05:FA:FB:B9:39:25:1F:AA:4C:00:78:CC:D2:35
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019A24DE0C17CD053229BF4ADE31E8C5C8C5
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/cPzAS9PkBfr7uTklH6pMAHjM0jU.roa
Signing time:             Mon 27 Oct 2025 08:52:03 +0000
ROA not before:           Mon 27 Oct 2025 08:52:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206406
IP address blocks:        216.173.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:24:de:0c:17:cd:05:32:29:bf:4a:de:31:e8:c5:c8:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Oct 27 08:52:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70fcc04bd3e405fafbb939251faa4c0078ccd235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:23:91:52:90:1f:0b:b7:80:f8:fc:3f:77:a1:
                    a7:68:40:4b:53:a1:cd:69:32:4b:25:a9:7b:cf:a6:
                    07:ed:1d:c1:4b:09:22:5f:60:eb:db:fa:5d:e3:da:
                    af:29:91:8e:e1:3e:19:36:47:21:eb:97:62:b6:58:
                    d5:d0:8f:84:dc:ae:71:92:d4:27:b9:e6:88:da:71:
                    e3:31:93:43:3b:33:22:97:7e:02:87:e6:d0:7e:22:
                    c3:dd:dc:06:99:53:97:82:b8:35:45:e5:0f:c2:a8:
                    b1:2a:59:ad:a6:2e:00:99:7d:fa:e8:96:45:69:05:
                    86:c7:6d:4b:68:bc:e2:47:ab:56:b9:be:fe:bc:98:
                    84:bf:22:98:3c:7c:d6:12:58:78:44:e2:be:65:c0:
                    49:e3:af:94:9f:1f:88:29:85:9b:66:6c:9b:4e:0e:
                    a7:39:93:f5:5f:4e:22:7e:94:d9:7a:7c:86:46:80:
                    11:3a:ce:58:8f:49:4f:d4:b2:50:3e:ff:f3:30:45:
                    f7:c4:f0:60:f2:0e:a9:e5:de:38:6d:60:2e:51:59:
                    de:f3:c6:51:d9:6b:65:df:a5:0f:c3:62:0e:a0:5e:
                    74:0d:6f:9c:a3:1e:ce:43:28:8b:c9:17:8e:79:7d:
                    8c:0d:17:c3:80:42:c5:0d:41:1c:d8:f2:92:c3:0b:
                    0a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:FC:C0:4B:D3:E4:05:FA:FB:B9:39:25:1F:AA:4C:00:78:CC:D2:35
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/cPzAS9PkBfr7uTklH6pMAHjM0jU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.173.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:3c:0b:be:04:2b:15:e0:8c:5d:c6:29:cb:7a:e7:6a:80:39:
         e1:18:8c:5e:ca:bb:31:bf:57:44:72:af:69:6b:e7:d3:03:93:
         e3:87:d7:95:d8:ec:56:ec:6f:b9:20:e1:e6:6f:cc:50:16:64:
         1c:01:89:98:d8:e2:d8:8c:5b:d7:e0:a7:15:9d:39:cd:fb:52:
         da:22:c6:c2:0d:93:9d:3c:e2:d7:17:42:c0:d6:c1:0f:ab:63:
         af:b5:e5:09:56:6f:12:e1:77:c1:3b:60:c4:64:5d:76:f0:1e:
         8f:1d:04:98:87:1c:38:aa:39:0f:0f:fb:2c:08:69:1b:ef:df:
         34:91:77:64:db:ec:c8:ba:44:97:ea:5c:07:84:5e:e2:9e:09:
         82:2c:3a:f2:43:c8:79:7d:a1:61:ea:57:87:14:17:0d:5e:49:
         8c:05:c1:dc:21:84:e2:ae:6a:ac:d0:4f:43:80:9c:60:e7:df:
         cd:25:36:37:45:c9:72:78:ba:ca:84:03:5a:0f:da:11:4e:61:
         0a:16:fa:13:f5:37:7c:9e:6b:e3:88:39:5b:de:db:47:40:8e:
         c0:e7:02:12:c7:0e:2d:0a:61:e0:bc:88:ba:d9:4b:bc:d0:c4:
         2f:9a:12:7a:a3:6c:12:c0:cd:84:15:27:4a:c8:47:c3:66:af:
         11:37:c8:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZok3gwXzQUyKb9K3jHoxcjFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUxMDI3MDg1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGZjYzA0YmQzZTQwNWZhZmJiOTM5MjUxZmFhNGMwMDc4Y2NkMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5iORUpAfC7eA+Pw/d6GnaEBLU6HN
aTJLJal7z6YH7R3BSwkiX2Dr2/pd49qvKZGO4T4ZNkch65ditljV0I+E3K5xktQn
ueaI2nHjMZNDOzMil34Ch+bQfiLD3dwGmVOXgrg1ReUPwqixKlmtpi4AmX366JZF
aQWGx21LaLziR6tWub7+vJiEvyKYPHzWElh4ROK+ZcBJ46+Unx+IKYWbZmybTg6n
OZP1X04ifpTZenyGRoAROs5Yj0lP1LJQPv/zMEX3xPBg8g6p5d44bWAuUVne88ZR
2Wtl36UPw2IOoF50DW+cox7OQyiLyReOeX2MDRfDgELFDUEc2PKSwwsKswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHD8wEvT5AX6+7k5JR+qTAB4zNI1MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvY1B6QVM5UGtCZnI3dVRrbEg2cE1BSGpNMGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2K1aMA0G
CSqGSIb3DQEBCwUAA4IBAQB7PAu+BCsV4IxdxinLeudqgDnhGIxeyrsxv1dEcq9p
a+fTA5Pjh9eV2OxW7G+5IOHmb8xQFmQcAYmY2OLYjFvX4KcVnTnN+1LaIsbCDZOd
POLXF0LA1sEPq2OvteUJVm8S4XfBO2DEZF128B6PHQSYhxw4qjkPD/ssCGkb7980
kXdk2+zIukSX6lwHhF7ingmCLDryQ8h5faFh6leHFBcNXkmMBcHcIYTirmqs0E9D
gJxg59/NJTY3RclyeLrKhANaD9oRTmEKFvoT9Td8nmvjiDlb3ttHQI7A5wISxw4t
CmHgvIi62Uu80MQvmhJ6o2wSwM2EFSdKyEfDZq8RN8jQ
-----END CERTIFICATE-----