Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/LzDfCHnh-gQic1q8B97Z8hE9unw.roa
File:                     LzDfCHnh-gQic1q8B97Z8hE9unw.roa (raw, json)
Hash identifier:          EAWHNP1UdFQrQzEQHh3mZm/pis0sCcxZgq07Vmvm4qM=
Subject key identifier:   2F:30:DF:08:79:E1:FA:04:22:73:5A:BC:07:DE:D9:F2:11:3D:BA:7C
Certificate issuer:       /CN=61e6ea83926bc478c785471d805a5c1210a8c993
Certificate serial:       019A5DF522706C301C24791162ACC44469B9
Authority key identifier: 61:E6:EA:83:92:6B:C4:78:C7:85:47:1D:80:5A:5C:12:10:A8:C9:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/LzDfCHnh-gQic1q8B97Z8hE9unw.roa
Signing time:             Fri 07 Nov 2025 10:55:37 +0000
ROA not before:           Fri 07 Nov 2025 10:55:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24697
IP address blocks:        193.110.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 04:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5d:f5:22:70:6c:30:1c:24:79:11:62:ac:c4:44:69:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61e6ea83926bc478c785471d805a5c1210a8c993
        Validity
            Not Before: Nov  7 10:55:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f30df0879e1fa0422735abc07ded9f2113dba7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:33:99:88:89:2c:74:5f:f3:c9:50:a3:a6:eb:
                    83:3c:b0:a0:96:2d:a2:67:66:eb:1d:6a:20:e7:37:
                    dd:57:cc:a9:28:24:60:cc:9d:62:f0:f0:97:7e:94:
                    f7:f5:c2:73:e3:10:3b:14:f3:98:8e:13:28:fb:db:
                    4b:92:37:b6:fa:0f:a7:60:5e:22:c7:55:90:55:fb:
                    fe:df:ee:88:a8:a0:a0:0f:80:bb:24:49:84:eb:ac:
                    24:ea:94:f4:54:15:ec:15:5f:27:c6:49:22:e3:09:
                    ea:76:ce:08:c8:7a:f1:44:e2:36:db:26:da:89:f3:
                    06:c8:f6:fe:ee:e4:cc:3c:35:1b:f1:c7:51:c9:1a:
                    75:65:03:4c:15:8a:74:72:fe:02:f7:ec:72:50:aa:
                    b7:fc:8d:0e:e8:85:d5:9a:f6:46:18:03:13:7d:56:
                    1a:43:f4:85:f3:96:28:f9:b4:ef:71:a5:2e:02:32:
                    34:82:40:02:f9:8b:3e:f6:82:71:38:60:62:eb:40:
                    46:58:a6:fc:bf:76:35:cd:60:7d:ba:65:bd:0c:b5:
                    3c:f4:00:33:c8:5a:8c:d6:b8:c0:1c:e1:d7:9d:7f:
                    cb:54:20:a5:0f:b6:2d:df:1d:0b:56:37:f0:10:3f:
                    d7:8d:e2:8c:3c:6a:7f:b8:f5:08:80:47:22:b2:ce:
                    15:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:30:DF:08:79:E1:FA:04:22:73:5A:BC:07:DE:D9:F2:11:3D:BA:7C
            X509v3 Authority Key Identifier:
                keyid:61:E6:EA:83:92:6B:C4:78:C7:85:47:1D:80:5A:5C:12:10:A8:C9:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/LzDfCHnh-gQic1q8B97Z8hE9unw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:c3:83:1a:0b:8b:d6:14:fd:54:01:3e:8d:8e:d0:a1:05:13:
         2d:64:45:e3:bb:37:5f:7c:d0:b8:2f:10:26:28:62:8c:ec:df:
         74:d9:3c:7f:9e:33:c9:0a:0a:3a:e9:fe:fe:27:c0:76:e8:1b:
         88:2f:8f:a9:26:06:69:69:6f:cb:01:6d:e4:e2:17:8a:af:47:
         3a:5f:cd:51:08:8c:14:d7:09:ae:fc:cb:40:c8:be:05:b1:d6:
         96:89:b9:50:c8:8f:6b:5e:83:4e:87:7e:34:ef:61:96:0e:aa:
         64:35:07:38:a6:33:ef:d9:4c:33:91:f6:75:8e:db:04:c1:56:
         40:c8:9a:b1:e4:c9:50:d3:15:99:ef:11:f3:9d:a7:54:95:f6:
         11:53:50:a4:e6:0b:96:f2:7e:a7:fc:04:fa:02:4b:78:ed:f2:
         56:b4:30:ac:2e:79:15:9a:7b:ec:3f:a6:cb:b2:da:4e:14:92:
         28:bb:4b:2d:48:6c:46:c6:82:bc:92:4e:1a:1c:d4:e7:ea:c9:
         c7:ac:da:13:66:e9:6e:0a:2f:2b:ca:15:73:80:f4:5f:a3:a7:
         05:f7:57:1c:7c:13:18:a5:95:54:50:d9:7a:16:9a:78:a2:4b:
         fe:30:2b:c0:9a:d1:76:53:29:0a:90:95:fb:a8:eb:ec:64:4a:
         8b:bb:44:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpd9SJwbDAcJHkRYqzERGm5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZTZlYTgzOTI2YmM0NzhjNzg1NDcxZDgwNWE1YzEyMTBh
OGM5OTMwHhcNMjUxMTA3MTA1NTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjMwZGYwODc5ZTFmYTA0MjI3MzVhYmMwN2RlZDlmMjExM2RiYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjOZiIksdF/zyVCjpuuDPLCgli2i
Z2brHWog5zfdV8ypKCRgzJ1i8PCXfpT39cJz4xA7FPOYjhMo+9tLkje2+g+nYF4i
x1WQVfv+3+6IqKCgD4C7JEmE66wk6pT0VBXsFV8nxkki4wnqds4IyHrxROI22yba
ifMGyPb+7uTMPDUb8cdRyRp1ZQNMFYp0cv4C9+xyUKq3/I0O6IXVmvZGGAMTfVYa
Q/SF85Yo+bTvcaUuAjI0gkAC+Ys+9oJxOGBi60BGWKb8v3Y1zWB9umW9DLU89AAz
yFqM1rjAHOHXnX/LVCClD7Yt3x0LVjfwED/XjeKMPGp/uPUIgEciss4VbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8w3wh54foEInNavAfe2fIRPbp8MB8GA1UdIwQY
MBaAFGHm6oOSa8R4x4VHHYBaXBIQqMmTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWVicWc1SnJ4SGpIaFVjZGdGcGNFaENveVpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83NGJmNDEtZDZhNy00ZmI1LTgwMWMt
MzNjYzNhZGIxZTc4LzEvTHpEZkNIbmgtZ1FpYzFxOEI5N1o4aEU5dW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83NGJmNDEtZDZhNy00ZmI1LTgwMWMtMzNjYzNhZGIxZTc4
LzEvWWVicWc1SnJ4SGpIaFVjZGdGcGNFaENveVpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW6uMA0G
CSqGSIb3DQEBCwUAA4IBAQBJw4MaC4vWFP1UAT6NjtChBRMtZEXjuzdffNC4LxAm
KGKM7N902Tx/njPJCgo66f7+J8B26BuIL4+pJgZpaW/LAW3k4heKr0c6X81RCIwU
1wmu/MtAyL4FsdaWiblQyI9rXoNOh34072GWDqpkNQc4pjPv2UwzkfZ1jtsEwVZA
yJqx5MlQ0xWZ7xHznadUlfYRU1Ck5guW8n6n/AT6Akt47fJWtDCsLnkVmnvsP6bL
stpOFJIou0stSGxGxoK8kk4aHNTn6snHrNoTZuluCi8ryhVzgPRfo6cF91ccfBMY
pZVUUNl6Fpp4okv+MCvAmtF2UykKkJX7qOvsZEqLu0S2
-----END CERTIFICATE-----