Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/fd3RLaFFUHr9bPymSzzZKZLcsB4.roa
File:                     fd3RLaFFUHr9bPymSzzZKZLcsB4.roa (raw, json)
Hash identifier:          3Ik69tfrjCim/XG7P7iIuurAIirGQVM0pHHnR6Ng8tk=
Subject key identifier:   7D:DD:D1:2D:A1:45:50:7A:FD:6C:FC:A6:4B:3C:D9:29:92:DC:B0:1E
Certificate issuer:       /CN=d65d9ac6bf1f2a38e2c172850eef7075aebce888
Certificate serial:       019957C6927D89E691DEDE5762A57C68A34C
Authority key identifier: D6:5D:9A:C6:BF:1F:2A:38:E2:C1:72:85:0E:EF:70:75:AE:BC:E8:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1l2axr8fKjjiwXKFDu9wda686Ig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/fd3RLaFFUHr9bPymSzzZKZLcsB4.roa
Signing time:             Wed 17 Sep 2025 13:04:15 +0000
ROA not before:           Wed 17 Sep 2025 13:04:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212485
IP address blocks:        193.163.12.0/24 maxlen: 24
                          2a0e:2140::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/1l2axr8fKjjiwXKFDu9wda686Ig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/1l2axr8fKjjiwXKFDu9wda686Ig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1l2axr8fKjjiwXKFDu9wda686Ig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Oct 2025 14:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:57:c6:92:7d:89:e6:91:de:de:57:62:a5:7c:68:a3:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d65d9ac6bf1f2a38e2c172850eef7075aebce888
        Validity
            Not Before: Sep 17 13:04:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7dddd12da145507afd6cfca64b3cd92992dcb01e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:af:bb:d1:ec:5a:c5:62:4b:24:2c:a5:3f:05:
                    1b:4a:ef:08:ea:d8:cd:ea:2d:40:45:bb:b1:5b:ca:
                    82:1f:b2:85:7c:01:58:8f:5f:5d:bb:f4:9d:7c:cc:
                    d8:6f:ab:a5:a9:b0:73:94:68:02:58:df:89:a7:c9:
                    57:eb:7c:cf:e1:9e:ee:34:39:be:9f:4f:41:5a:71:
                    5d:83:23:fb:a3:d2:f9:de:21:cc:19:fb:e0:24:82:
                    f6:0d:60:70:45:27:14:eb:e7:8c:1b:b4:06:4b:1c:
                    8d:1f:26:09:8b:f2:66:09:d9:71:5f:3b:af:f5:b1:
                    7b:4b:ee:e1:5d:cc:32:bd:c4:69:eb:0a:c8:40:e0:
                    a3:b9:4f:21:fb:44:6f:28:fd:4a:db:94:0d:52:4b:
                    f2:c3:22:10:3d:16:d4:a7:c3:52:d9:27:20:55:ed:
                    db:5b:4b:49:fe:02:d1:3e:5b:d7:75:cc:9b:8e:87:
                    6a:77:03:89:3e:57:7a:67:17:b9:22:13:d5:f4:a2:
                    98:b4:10:f8:69:30:3e:23:42:86:9c:ec:4e:74:41:
                    fa:da:68:30:66:e7:cc:a5:d2:68:50:fa:39:ef:67:
                    b8:4c:4d:c9:77:04:29:5d:d8:22:d0:2f:39:16:e8:
                    55:52:30:02:27:8b:0d:03:56:5e:aa:1d:0a:9d:d9:
                    84:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DD:D1:2D:A1:45:50:7A:FD:6C:FC:A6:4B:3C:D9:29:92:DC:B0:1E
            X509v3 Authority Key Identifier:
                keyid:D6:5D:9A:C6:BF:1F:2A:38:E2:C1:72:85:0E:EF:70:75:AE:BC:E8:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1l2axr8fKjjiwXKFDu9wda686Ig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/fd3RLaFFUHr9bPymSzzZKZLcsB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/6ffb0d-22c4-400a-8a23-3d113eb927bf/1/1l2axr8fKjjiwXKFDu9wda686Ig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.12.0/24
                IPv6:
                  2a0e:2140::/29

    Signature Algorithm: sha256WithRSAEncryption
         ae:cf:d3:a8:ed:c0:6d:76:a7:8d:89:01:ce:45:fd:6a:f0:98:
         e3:06:91:86:9e:f7:0b:d4:91:60:62:29:6a:4d:a9:6c:3f:81:
         16:4c:03:0f:0c:8a:ea:c0:ed:d9:07:47:86:c4:9a:3d:32:81:
         18:74:c6:0b:7a:a2:90:75:79:d3:b0:7a:4a:63:0d:db:f2:e3:
         a5:69:40:3c:15:3f:0d:96:b8:6a:37:0e:94:a2:71:f4:c6:8f:
         25:be:36:b5:4d:5f:cf:b0:d4:f6:23:e4:a9:3f:6c:c3:3a:21:
         88:f9:d3:5f:a4:c9:25:ce:5d:98:8f:81:82:4a:c4:21:06:9e:
         ef:a2:8b:e7:bf:13:81:c7:1c:3d:50:a9:f7:77:2d:0a:d5:fb:
         68:ad:66:50:86:b8:07:5a:d2:c6:25:33:b0:ac:3e:c9:21:8d:
         31:e2:0a:86:7b:76:24:da:e4:7e:37:d3:26:f9:1e:13:78:a6:
         d1:1c:cf:29:e3:a4:79:98:d4:dd:d7:e0:9e:6b:22:14:cc:8e:
         1b:6a:68:41:be:f2:b6:1f:88:ec:b8:66:72:d5:19:ea:9c:2c:
         40:84:aa:44:69:b9:28:8d:f3:c6:59:fa:10:fe:01:a7:b8:f5:
         a0:60:65:10:93:a4:9b:25:f1:e1:88:5a:10:1b:92:b6:3e:a2:
         0e:0e:75:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZlXxpJ9ieaR3t5XYqV8aKNMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NWQ5YWM2YmYxZjJhMzhlMmMxNzI4NTBlZWY3MDc1YWVi
Y2U4ODgwHhcNMjUwOTE3MTMwNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGRkZDEyZGExNDU1MDdhZmQ2Y2ZjYTY0YjNjZDkyOTkyZGNiMDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAra+70exaxWJLJCylPwUbSu8I6tjN
6i1ARbuxW8qCH7KFfAFYj19du/SdfMzYb6ulqbBzlGgCWN+Jp8lX63zP4Z7uNDm+
n09BWnFdgyP7o9L53iHMGfvgJIL2DWBwRScU6+eMG7QGSxyNHyYJi/JmCdlxXzuv
9bF7S+7hXcwyvcRp6wrIQOCjuU8h+0RvKP1K25QNUkvywyIQPRbUp8NS2ScgVe3b
W0tJ/gLRPlvXdcybjodqdwOJPld6Zxe5IhPV9KKYtBD4aTA+I0KGnOxOdEH62mgw
ZufMpdJoUPo572e4TE3JdwQpXdgi0C85FuhVUjACJ4sNA1Zeqh0KndmE/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH3d0S2hRVB6/Wz8pks82SmS3LAeMB8GA1UdIwQY
MBaAFNZdmsa/Hyo44sFyhQ7vcHWuvOiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWwyYXhyOGZLamppd1hLRkR1OXdkYTY4NklnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS82ZmZiMGQtMjJjNC00MDBhLThhMjMt
M2QxMTNlYjkyN2JmLzEvZmQzUkxhRkZVSHI5YlB5bVN6elpLWkxjc0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS82ZmZiMGQtMjJjNC00MDBhLThhMjMtM2QxMTNlYjkyN2Jm
LzEvMWwyYXhyOGZLamppd1hLRkR1OXdkYTY4NklnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaMMMA0E
AgACMAcDBQMqDiFAMA0GCSqGSIb3DQEBCwUAA4IBAQCuz9Oo7cBtdqeNiQHORf1q
8JjjBpGGnvcL1JFgYilqTalsP4EWTAMPDIrqwO3ZB0eGxJo9MoEYdMYLeqKQdXnT
sHpKYw3b8uOlaUA8FT8NlrhqNw6UonH0xo8lvja1TV/PsNT2I+SpP2zDOiGI+dNf
pMklzl2Yj4GCSsQhBp7voovnvxOBxxw9UKn3dy0K1ftorWZQhrgHWtLGJTOwrD7J
IY0x4gqGe3Yk2uR+N9Mm+R4TeKbRHM8p46R5mNTd1+CeayIUzI4bamhBvvK2H4js
uGZy1RnqnCxAhKpEabkojfPGWfoQ/gGnuPWgYGUQk6SbJfHhiFoQG5K2PqIODnU4
-----END CERTIFICATE-----