Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/6qpwTp_twSsQCkDCqlXaV6Y_Gvs.roa
File:                     6qpwTp_twSsQCkDCqlXaV6Y_Gvs.roa (raw, json)
Hash identifier:          cxK1vGF/j/jrrI28KWaa9qp0OQ1XyFSlP3Jf5B9ba90=
Subject key identifier:   EA:AA:70:4E:9F:ED:C1:2B:10:0A:40:C2:AA:55:DA:57:A6:3F:1A:FB
Certificate issuer:       /CN=9338840926ac73ead5b6187919e88f10032299ca
Certificate serial:       019A5376246910DFE141A18753A062FBC24C
Authority key identifier: 93:38:84:09:26:AC:73:EA:D5:B6:18:79:19:E8:8F:10:03:22:99:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kziECSasc-rVthh5GeiPEAMimco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/6qpwTp_twSsQCkDCqlXaV6Y_Gvs.roa
Signing time:             Wed 05 Nov 2025 10:00:42 +0000
ROA not before:           Wed 05 Nov 2025 10:00:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34696
IP address blocks:        81.172.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/kziECSasc-rVthh5GeiPEAMimco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/kziECSasc-rVthh5GeiPEAMimco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kziECSasc-rVthh5GeiPEAMimco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:53:76:24:69:10:df:e1:41:a1:87:53:a0:62:fb:c2:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9338840926ac73ead5b6187919e88f10032299ca
        Validity
            Not Before: Nov  5 10:00:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eaaa704e9fedc12b100a40c2aa55da57a63f1afb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:32:c6:dd:94:fe:62:82:5b:67:f9:f8:0e:86:
                    ea:fc:35:a7:ca:08:d7:06:f2:90:34:da:ee:11:bc:
                    d5:d7:77:61:55:0f:74:f4:c9:6b:93:99:a3:33:50:
                    fa:3c:da:cf:62:ce:02:53:a7:dc:b4:05:0b:d1:81:
                    bc:03:ec:e7:d7:cb:5d:ca:f1:7c:48:7e:33:48:0a:
                    28:1f:10:f1:9c:1f:c5:e2:c5:dd:07:f8:ab:31:21:
                    d0:a7:5d:82:a2:d6:ff:9e:77:13:7e:2a:99:61:21:
                    18:f0:59:80:0d:08:6a:49:b5:31:8d:ae:bc:56:0a:
                    cd:66:c1:02:cd:49:fc:67:80:f4:6e:15:8b:08:fd:
                    5c:e9:c4:fd:a5:aa:bf:28:b8:d5:5c:ca:99:45:b3:
                    8f:be:0f:4d:8b:57:f4:27:27:1f:9f:06:62:a2:13:
                    bd:d5:24:42:01:d7:c4:06:89:30:87:e2:72:9d:13:
                    79:ce:0a:22:16:80:ed:65:24:43:74:a0:c7:db:cb:
                    e0:cd:b4:21:d3:a0:dc:f8:02:b8:77:e6:60:2c:c8:
                    63:20:77:0a:fd:c9:3b:9e:ce:75:c5:16:71:1e:83:
                    3e:6b:ba:63:9a:8d:15:1f:13:77:59:62:db:13:16:
                    00:56:bf:3b:81:20:78:a6:e9:ac:3e:b4:90:2d:f0:
                    c2:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:AA:70:4E:9F:ED:C1:2B:10:0A:40:C2:AA:55:DA:57:A6:3F:1A:FB
            X509v3 Authority Key Identifier:
                keyid:93:38:84:09:26:AC:73:EA:D5:B6:18:79:19:E8:8F:10:03:22:99:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kziECSasc-rVthh5GeiPEAMimco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/6qpwTp_twSsQCkDCqlXaV6Y_Gvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/kziECSasc-rVthh5GeiPEAMimco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.172.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:8a:e8:36:92:8f:59:6a:0d:02:5d:03:9e:16:64:e8:ba:72:
         b2:2b:5f:c8:36:74:fb:b6:fb:dd:d7:14:e1:ed:d3:e5:d8:41:
         40:71:31:38:55:94:c3:25:b3:a4:e8:0c:01:80:6a:37:86:09:
         f0:5d:9c:bc:ae:fc:87:66:8d:66:d2:fa:4d:3a:67:f6:0f:2a:
         7b:33:20:b0:7b:e6:29:07:5d:49:5f:79:1a:a1:8a:d9:5b:7c:
         1e:5d:3f:05:da:59:9f:38:8e:50:ff:e3:e8:a0:2b:44:0e:47:
         ca:71:43:db:9b:8d:5d:65:17:75:2c:ec:38:c1:ff:40:64:1f:
         ba:c7:91:30:ea:d4:8c:ce:73:db:c5:52:40:6b:40:ca:1c:cc:
         5c:3e:ff:f6:04:ac:e8:3a:c7:12:98:f5:cb:1b:e9:f8:72:22:
         2a:4a:46:01:4d:a4:55:e0:30:ff:20:cd:66:78:79:2f:31:5c:
         6d:85:1d:f1:32:a5:a2:3e:98:e2:a1:a7:77:37:56:e9:f8:11:
         c1:2e:89:f2:15:3f:f2:eb:c3:dd:7a:1b:36:f1:55:82:d2:6f:
         8f:64:98:6b:3e:a2:9e:63:c4:60:0f:51:77:03:40:55:47:8d:
         e1:c1:3f:83:49:2f:e5:78:67:d7:d4:3f:38:7e:5e:5a:10:4c:
         96:2c:ce:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpTdiRpEN/hQaGHU6Bi+8JMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMzg4NDA5MjZhYzczZWFkNWI2MTg3OTE5ZTg4ZjEwMDMy
Mjk5Y2EwHhcNMjUxMTA1MTAwMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWFhNzA0ZTlmZWRjMTJiMTAwYTQwYzJhYTU1ZGE1N2E2M2YxYWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzLG3ZT+YoJbZ/n4Dobq/DWnygjX
BvKQNNruEbzV13dhVQ909Mlrk5mjM1D6PNrPYs4CU6fctAUL0YG8A+zn18tdyvF8
SH4zSAooHxDxnB/F4sXdB/irMSHQp12Cotb/nncTfiqZYSEY8FmADQhqSbUxja68
VgrNZsECzUn8Z4D0bhWLCP1c6cT9paq/KLjVXMqZRbOPvg9Ni1f0JycfnwZiohO9
1SRCAdfEBokwh+JynRN5zgoiFoDtZSRDdKDH28vgzbQh06Dc+AK4d+ZgLMhjIHcK
/ck7ns51xRZxHoM+a7pjmo0VHxN3WWLbExYAVr87gSB4pumsPrSQLfDCCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOqqcE6f7cErEApAwqpV2lemPxr7MB8GA1UdIwQY
MBaAFJM4hAkmrHPq1bYYeRnojxADIpnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3ppRUNTYXNjLXJWdGhoNUdlaVBFQU1pbWNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8wYmQ0ZDMtZDQ2Yy00ODNmLTk1NmUt
ZWE3YWU3MmJkMzJkLzEvNnFwd1RwX3R3U3NRQ2tEQ3FsWGFWNllfR3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8wYmQ0ZDMtZDQ2Yy00ODNmLTk1NmUtZWE3YWU3MmJkMzJk
LzEva3ppRUNTYXNjLXJWdGhoNUdlaVBFQU1pbWNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUaxlMA0G
CSqGSIb3DQEBCwUAA4IBAQCkiug2ko9Zag0CXQOeFmTounKyK1/INnT7tvvd1xTh
7dPl2EFAcTE4VZTDJbOk6AwBgGo3hgnwXZy8rvyHZo1m0vpNOmf2Dyp7MyCwe+Yp
B11JX3kaoYrZW3weXT8F2lmfOI5Q/+PooCtEDkfKcUPbm41dZRd1LOw4wf9AZB+6
x5Ew6tSMznPbxVJAa0DKHMxcPv/2BKzoOscSmPXLG+n4ciIqSkYBTaRV4DD/IM1m
eHkvMVxthR3xMqWiPpjioad3N1bp+BHBLonyFT/y68Pdehs28VWC0m+PZJhrPqKe
Y8RgD1F3A0BVR43hwT+DSS/leGfX1D84fl5aEEyWLM5u
-----END CERTIFICATE-----