Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/enCYou3Lgslt7KYd_8YoMvxJSfM.roa
File:                     enCYou3Lgslt7KYd_8YoMvxJSfM.roa (raw, json)
Hash identifier:          dwoCU6EXuYG3N406vlo44zskpOVN8Ue3bL3Fche1WCc=
Subject key identifier:   7A:70:98:A2:ED:CB:82:C9:6D:EC:A6:1D:FF:C6:28:32:FC:49:49:F3
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       0199249A6C348481EFC548A94CCFFAAEB76D
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/enCYou3Lgslt7KYd_8YoMvxJSfM.roa
Signing time:             Sun 07 Sep 2025 14:35:23 +0000
ROA not before:           Sun 07 Sep 2025 14:35:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.35.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 08:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:24:9a:6c:34:84:81:ef:c5:48:a9:4c:cf:fa:ae:b7:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Sep  7 14:35:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a7098a2edcb82c96deca61dffc62832fc4949f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:29:07:48:c9:b1:5c:f8:50:0e:8f:cd:e3:45:
                    01:5a:fc:7b:53:fc:2b:fa:e5:87:01:00:95:bf:83:
                    c5:a7:0f:26:4d:e7:5c:c9:1d:00:13:02:89:3e:7a:
                    74:4c:63:44:3f:be:2e:b8:de:69:e4:ed:b8:71:af:
                    76:c1:35:2a:35:69:50:e9:14:ae:d0:48:5d:44:12:
                    82:89:d2:f7:ae:63:03:88:96:4d:4a:02:16:6b:c9:
                    79:13:57:2a:da:f3:67:9b:c4:d9:85:96:de:89:41:
                    83:a7:72:64:9e:3e:38:74:f3:ec:c7:91:88:90:71:
                    24:3a:bf:7f:38:9f:80:b2:e5:cd:2d:7a:19:6f:69:
                    9a:f9:da:e7:3f:0b:07:04:2d:4f:e0:94:5a:8c:a1:
                    f7:0e:9f:bf:d4:0c:bf:59:ed:d6:59:45:7b:49:66:
                    7d:83:30:75:76:dc:73:8a:35:b9:50:fb:66:d3:92:
                    6a:02:76:f5:a3:4a:07:2f:34:e3:f8:46:1f:f3:56:
                    4c:41:51:74:c5:da:78:7f:db:a8:94:66:2d:36:a8:
                    64:d9:b6:23:a8:5b:cd:8f:e2:1c:af:c6:4c:9d:4e:
                    d9:56:77:83:0b:4f:a4:74:77:17:1c:79:a4:76:b8:
                    50:dd:82:f2:15:fa:32:57:c8:63:d1:93:e3:d3:44:
                    1d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:70:98:A2:ED:CB:82:C9:6D:EC:A6:1D:FF:C6:28:32:FC:49:49:F3
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/enCYou3Lgslt7KYd_8YoMvxJSfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:86:7b:e2:2e:c0:ea:fb:49:ba:ae:f2:af:20:87:7a:1d:45:
         6d:7f:bb:f3:46:43:56:59:8d:2c:f8:e1:a4:b8:fb:8a:ca:30:
         5a:b7:fe:de:96:f2:dd:ed:76:5b:82:d3:9c:08:4f:50:3d:58:
         47:dd:eb:d5:85:81:41:56:34:2e:a6:c1:24:66:82:bf:04:89:
         32:50:bd:d5:e0:95:d3:e4:5d:df:74:5f:4a:75:ba:37:2a:5e:
         d1:21:cb:2a:1e:01:e8:d8:50:9f:bc:76:21:8f:1c:c7:8b:17:
         0f:37:8d:3a:71:9e:3d:65:6d:31:b2:66:d0:a5:20:2d:1e:b7:
         1b:6a:d0:bd:13:77:af:c0:7b:59:7d:b4:8d:be:b1:49:cf:58:
         f2:9a:7e:aa:6a:61:b1:1d:d7:9e:3a:a1:b1:e3:e6:a5:16:44:
         da:6d:99:2d:c2:90:a9:76:70:cf:fc:e7:d5:11:a3:03:b4:a2:
         74:d6:d5:88:92:87:7c:0f:65:56:6b:a7:66:fe:2e:62:f0:e6:
         a0:29:5d:13:a6:33:b7:5d:19:8d:41:5c:3c:37:27:3c:60:e4:
         73:5b:f1:db:1c:2d:40:fc:b0:26:fd:15:69:5f:6a:0c:0c:25:
         10:49:f2:f3:9a:80:6d:e0:4c:50:4f:66:37:9f:79:0a:56:e7:
         b7:5c:58:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkkmmw0hIHvxUipTM/6rrdtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjUwOTA3MTQzNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTcwOThhMmVkY2I4MmM5NmRlY2E2MWRmZmM2MjgzMmZjNDk0OWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCkHSMmxXPhQDo/N40UBWvx7U/wr
+uWHAQCVv4PFpw8mTedcyR0AEwKJPnp0TGNEP74uuN5p5O24ca92wTUqNWlQ6RSu
0EhdRBKCidL3rmMDiJZNSgIWa8l5E1cq2vNnm8TZhZbeiUGDp3Jknj44dPPsx5GI
kHEkOr9/OJ+AsuXNLXoZb2ma+drnPwsHBC1P4JRajKH3Dp+/1Ay/We3WWUV7SWZ9
gzB1dtxzijW5UPtm05JqAnb1o0oHLzTj+EYf81ZMQVF0xdp4f9uolGYtNqhk2bYj
qFvNj+Icr8ZMnU7ZVneDC0+kdHcXHHmkdrhQ3YLyFfoyV8hj0ZPj00QdSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpwmKLty4LJbeymHf/GKDL8SUnzMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvZW5DWW91M0xnc2x0N0tZZF84WW9NdnhKU2ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSPmMA0G
CSqGSIb3DQEBCwUAA4IBAQCDhnviLsDq+0m6rvKvIId6HUVtf7vzRkNWWY0s+OGk
uPuKyjBat/7elvLd7XZbgtOcCE9QPVhH3evVhYFBVjQupsEkZoK/BIkyUL3V4JXT
5F3fdF9Kdbo3Kl7RIcsqHgHo2FCfvHYhjxzHixcPN406cZ49ZW0xsmbQpSAtHrcb
atC9E3evwHtZfbSNvrFJz1jymn6qamGxHdeeOqGx4+alFkTabZktwpCpdnDP/OfV
EaMDtKJ01tWIkod8D2VWa6dm/i5i8OagKV0TpjO3XRmNQVw8Nyc8YORzW/HbHC1A
/LAm/RVpX2oMDCUQSfLzmoBt4ExQT2Y3n3kKVue3XFj4
-----END CERTIFICATE-----