Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c8bfec-70a9-4f5d-974f-b11ab83fc363/1/3aBWhvl7vzQ060N_r0jzz9Dhf7s.roa
File:                     3aBWhvl7vzQ060N_r0jzz9Dhf7s.roa (raw, json)
Hash identifier:          v8R5BzuEes54UPuq5U1ZIEWHDu7mGMWUNti8JAIi1D4=
Subject key identifier:   DD:A0:56:86:F9:7B:BF:34:34:EB:43:7F:AF:48:F3:CF:D0:E1:7F:BB
Certificate issuer:       /CN=00450a86aa4f7ef77e5a75dd96ecb3c2a68fad1c
Certificate serial:       019A6D6F8962F733C44E2A0AA9040B82C49E
Authority key identifier: 00:45:0A:86:AA:4F:7E:F7:7E:5A:75:DD:96:EC:B3:C2:A6:8F:AD:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AEUKhqpPfvd-WnXdluyzwqaPrRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c8bfec-70a9-4f5d-974f-b11ab83fc363/1/3aBWhvl7vzQ060N_r0jzz9Dhf7s.roa
Signing time:             Mon 10 Nov 2025 11:03:37 +0000
ROA not before:           Mon 10 Nov 2025 11:03:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50034
IP address blocks:        193.104.95.0/24 maxlen: 24
                          2001:67c:4c8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c8bfec-70a9-4f5d-974f-b11ab83fc363/1/AEUKhqpPfvd-WnXdluyzwqaPrRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c8bfec-70a9-4f5d-974f-b11ab83fc363/1/AEUKhqpPfvd-WnXdluyzwqaPrRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AEUKhqpPfvd-WnXdluyzwqaPrRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 05:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6d:6f:89:62:f7:33:c4:4e:2a:0a:a9:04:0b:82:c4:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00450a86aa4f7ef77e5a75dd96ecb3c2a68fad1c
        Validity
            Not Before: Nov 10 11:03:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dda05686f97bbf3434eb437faf48f3cfd0e17fbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cb:a7:d2:2f:5a:53:3f:88:33:1c:18:59:20:
                    95:68:2d:a2:97:6b:e3:5b:7c:80:9c:14:df:f1:55:
                    f9:62:79:4e:a9:29:28:17:19:8e:4a:5f:de:50:34:
                    0f:91:6e:6f:d6:1d:37:0d:76:95:f4:2d:d8:24:f2:
                    ce:3d:33:bf:fd:57:29:1c:d4:5d:40:88:98:20:76:
                    96:cd:06:05:ca:6a:fe:00:6c:27:1c:5f:aa:10:1b:
                    2c:64:28:05:ff:0b:0e:cd:65:23:ea:f5:d4:57:06:
                    32:f8:1b:83:e8:7c:c0:83:c0:ea:e7:1c:9a:79:92:
                    2b:35:35:82:18:09:e8:4c:90:50:30:3e:21:13:c3:
                    1c:c3:f9:3a:c5:8d:f3:0d:13:f9:18:79:bb:03:e4:
                    44:7e:56:0b:7e:f7:0b:a4:a3:00:da:54:90:5c:ef:
                    86:0c:bb:ca:c1:74:99:a3:19:8d:5f:a2:4d:0f:6c:
                    1c:bc:09:c5:6e:69:12:8a:d3:ee:70:8f:1d:56:c0:
                    26:d8:71:fd:f2:50:c6:07:f3:0a:f7:a8:f0:09:7f:
                    0c:0a:78:d1:65:59:34:b4:b2:eb:25:69:b1:2d:15:
                    8d:d4:a1:33:c6:07:9a:4a:43:c6:b8:25:cf:c9:b3:
                    87:49:96:9c:ee:5b:3b:fe:1b:ef:47:bf:89:8f:4e:
                    e1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A0:56:86:F9:7B:BF:34:34:EB:43:7F:AF:48:F3:CF:D0:E1:7F:BB
            X509v3 Authority Key Identifier:
                keyid:00:45:0A:86:AA:4F:7E:F7:7E:5A:75:DD:96:EC:B3:C2:A6:8F:AD:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AEUKhqpPfvd-WnXdluyzwqaPrRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c8bfec-70a9-4f5d-974f-b11ab83fc363/1/3aBWhvl7vzQ060N_r0jzz9Dhf7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c8bfec-70a9-4f5d-974f-b11ab83fc363/1/AEUKhqpPfvd-WnXdluyzwqaPrRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.95.0/24
                IPv6:
                  2001:67c:4c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:65:d2:34:4f:4a:4b:80:3d:1d:85:d3:39:bc:3a:92:38:a7:
         f4:ab:54:ad:96:69:87:b0:e8:09:12:11:30:7c:31:cf:dd:68:
         9c:9e:ec:41:48:06:9c:08:20:51:7c:43:f8:c8:d6:9e:71:dc:
         5b:d9:89:0c:fc:9f:fc:50:3e:a9:d7:f9:de:a1:86:20:21:ec:
         0f:10:0a:27:fd:8d:af:e8:00:a3:05:b5:a1:f8:95:7b:b4:d7:
         20:81:71:5e:20:83:0a:56:a4:9a:43:98:e2:80:d7:06:77:d8:
         a9:51:bf:56:66:29:d3:73:6d:c2:3e:03:e0:f2:c4:2f:34:14:
         a9:0a:64:a1:b2:5d:ef:76:ae:12:e8:30:3d:44:fb:52:e3:ea:
         e2:0d:38:88:14:95:a6:a0:70:72:d0:21:c6:b5:91:c0:d7:d2:
         38:47:24:1b:78:16:05:d9:57:a2:de:21:a0:e0:8f:d4:26:51:
         da:12:98:e2:85:d9:80:25:86:d7:8b:99:0a:4c:cd:43:7f:6c:
         6c:76:4c:7b:92:71:01:99:01:27:dd:bf:fa:a6:79:d0:d4:45:
         8d:bf:fc:c9:e6:4f:b3:8d:ea:ef:38:f6:5e:41:41:9d:6a:b5:
         5e:70:1b:eb:32:b7:56:b1:50:f5:d7:22:bd:06:fe:a8:e3:41:
         76:6c:24:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZptb4li9zPETioKqQQLgsSeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNDUwYTg2YWE0ZjdlZjc3ZTVhNzVkZDk2ZWNiM2MyYTY4
ZmFkMWMwHhcNMjUxMTEwMTEwMzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGEwNTY4NmY5N2JiZjM0MzRlYjQzN2ZhZjQ4ZjNjZmQwZTE3ZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMun0i9aUz+IMxwYWSCVaC2il2vj
W3yAnBTf8VX5YnlOqSkoFxmOSl/eUDQPkW5v1h03DXaV9C3YJPLOPTO//VcpHNRd
QIiYIHaWzQYFymr+AGwnHF+qEBssZCgF/wsOzWUj6vXUVwYy+BuD6HzAg8Dq5xya
eZIrNTWCGAnoTJBQMD4hE8Mcw/k6xY3zDRP5GHm7A+REflYLfvcLpKMA2lSQXO+G
DLvKwXSZoxmNX6JND2wcvAnFbmkSitPucI8dVsAm2HH98lDGB/MK96jwCX8MCnjR
ZVk0tLLrJWmxLRWN1KEzxgeaSkPGuCXPybOHSZac7ls7/hvvR7+Jj07hKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN2gVob5e780NOtDf69I88/Q4X+7MB8GA1UdIwQY
MBaAFABFCoaqT373flp13Zbss8Kmj60cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUVVS2hxcFBmdmQtV25YZGx1eXp3cWFQclJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jOGJmZWMtNzBhOS00ZjVkLTk3NGYt
YjExYWI4M2ZjMzYzLzEvM2FCV2h2bDd2elEwNjBOX3Iwanp6OURoZjdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jOGJmZWMtNzBhOS00ZjVkLTk3NGYtYjExYWI4M2ZjMzYz
LzEvQUVVS2hxcFBmdmQtV25YZGx1eXp3cWFQclJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwWhfMA8E
AgACMAkDBwAgAQZ8BMgwDQYJKoZIhvcNAQELBQADggEBAHxl0jRPSkuAPR2F0zm8
OpI4p/SrVK2WaYew6AkSETB8Mc/daJye7EFIBpwIIFF8Q/jI1p5x3FvZiQz8n/xQ
PqnX+d6hhiAh7A8QCif9ja/oAKMFtaH4lXu01yCBcV4ggwpWpJpDmOKA1wZ32KlR
v1ZmKdNzbcI+A+DyxC80FKkKZKGyXe92rhLoMD1E+1Lj6uINOIgUlaagcHLQIca1
kcDX0jhHJBt4FgXZV6LeIaDgj9QmUdoSmOKF2YAlhteLmQpMzUN/bGx2THuScQGZ
ASfdv/qmedDURY2//MnmT7ON6u849l5BQZ1qtV5wG+syt1axUPXXIr0G/qjjQXZs
JIU=
-----END CERTIFICATE-----