Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/j47rk2FreX2n7uDYimRQGCiYXVc.roa
File:                     j47rk2FreX2n7uDYimRQGCiYXVc.roa (raw, json)
Hash identifier:          +43gANwrd71rI5sceWrDSoUZYn0vvYE6XR3YdC0p8LU=
Subject key identifier:   8F:8E:EB:93:61:6B:79:7D:A7:EE:E0:D8:8A:64:50:18:28:98:5D:57
Certificate issuer:       /CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
Certificate serial:       019A55EF15871772270D9E875484271DB072
Authority key identifier: B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/j47rk2FreX2n7uDYimRQGCiYXVc.roa
Signing time:             Wed 05 Nov 2025 21:32:03 +0000
ROA not before:           Wed 05 Nov 2025 21:32:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47721
IP address blocks:        185.93.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:55:ef:15:87:17:72:27:0d:9e:87:54:84:27:1d:b0:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
        Validity
            Not Before: Nov  5 21:32:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f8eeb93616b797da7eee0d88a64501828985d57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:0b:5c:2a:f0:35:5e:68:0a:4e:ed:1c:48:39:
                    ea:a1:34:a6:d3:af:b8:b1:98:47:8d:c4:d9:56:3b:
                    cb:65:a4:8c:44:f2:5e:05:1d:47:d7:5c:cb:ad:6c:
                    33:7c:36:3d:93:26:f5:92:94:aa:45:09:bd:e7:61:
                    53:f0:c7:a1:c4:62:27:2a:8c:aa:23:96:39:25:b7:
                    08:9f:e2:18:35:96:f7:05:d6:6d:40:32:7a:f4:91:
                    0f:fc:a2:78:93:8d:ea:08:be:80:19:e5:88:b5:19:
                    0d:9e:f5:a5:d6:86:8e:20:ea:02:65:92:7e:84:b8:
                    a7:03:6f:6f:9e:f0:59:6e:33:44:28:e1:77:aa:78:
                    f2:76:27:e5:34:a3:19:13:72:89:cd:91:d3:29:64:
                    c0:95:f8:a0:67:8e:92:a3:e1:5e:97:c3:2e:d9:4a:
                    5b:44:1a:34:e2:8c:68:bf:08:0a:60:81:d7:df:85:
                    53:79:11:2e:dc:74:ec:c7:50:65:73:0b:8b:2d:80:
                    f0:0a:78:29:a5:9c:a9:5c:68:de:c4:46:4b:9a:df:
                    90:f2:09:5a:91:48:ca:57:68:43:03:f0:f7:27:9a:
                    66:05:7c:1f:71:9d:ee:1a:db:c8:74:d8:7f:3e:2d:
                    73:f8:68:3d:3a:7e:f9:20:f8:c6:e1:6a:13:44:63:
                    6b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:8E:EB:93:61:6B:79:7D:A7:EE:E0:D8:8A:64:50:18:28:98:5D:57
            X509v3 Authority Key Identifier:
                keyid:B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/j47rk2FreX2n7uDYimRQGCiYXVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:dd:bc:3d:36:15:9f:2e:37:7d:9a:e4:ec:72:0a:4f:fd:c7:
         28:93:f0:5b:00:3e:db:ad:c1:46:1a:dd:30:86:d3:b3:8e:54:
         8c:13:6e:a1:d6:25:69:15:c4:cd:5d:fa:1d:7d:ab:ab:f9:f8:
         38:26:ba:6d:2f:56:a3:b6:4d:95:85:48:c3:f4:57:a7:da:99:
         d3:d8:01:4e:9b:93:81:67:1f:bc:e5:ce:7a:fb:c5:0f:cc:b7:
         38:4d:63:02:b8:45:e4:c9:a4:f4:b3:11:ad:73:9d:b5:14:d3:
         b7:25:9c:21:a6:80:cb:1d:a7:ca:a1:b6:71:b2:38:83:11:53:
         3c:c1:a1:31:0b:52:53:33:8e:04:06:a0:f6:35:e6:26:bc:25:
         63:93:8f:ab:be:fb:dd:27:31:0b:d9:d1:43:9d:12:8e:c5:40:
         fb:dc:87:2e:60:ff:3e:60:9b:d9:55:42:55:69:56:ee:d0:d5:
         1a:c4:2c:ec:e1:a5:d8:09:a7:19:fb:0d:5d:98:6a:b3:a4:32:
         8b:66:d9:7b:d8:95:46:b5:92:ff:e8:9a:53:ad:c3:c8:6a:08:
         f3:1c:48:c9:24:3c:7e:b4:0e:f4:9c:f1:cb:2b:27:eb:9f:9c:
         9d:9b:7a:99:e0:cb:58:c3:75:6c:d0:c2:b7:25:2e:a5:82:ed:
         3e:18:19:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpV7xWHF3InDZ6HVIQnHbByMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjVhODBhNzEwNmUwYTRiODU0NWM4MTUwYmI3MmM2OTlm
Y2M5YTAwHhcNMjUxMTA1MjEzMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjhlZWI5MzYxNmI3OTdkYTdlZWUwZDg4YTY0NTAxODI4OTg1ZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wtcKvA1XmgKTu0cSDnqoTSm06+4
sZhHjcTZVjvLZaSMRPJeBR1H11zLrWwzfDY9kyb1kpSqRQm952FT8MehxGInKoyq
I5Y5JbcIn+IYNZb3BdZtQDJ69JEP/KJ4k43qCL6AGeWItRkNnvWl1oaOIOoCZZJ+
hLinA29vnvBZbjNEKOF3qnjydiflNKMZE3KJzZHTKWTAlfigZ46So+Fel8Mu2Upb
RBo04oxovwgKYIHX34VTeREu3HTsx1BlcwuLLYDwCngppZypXGjexEZLmt+Q8gla
kUjKV2hDA/D3J5pmBXwfcZ3uGtvIdNh/Pi1z+Gg9On75IPjG4WoTRGNrCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+O65Nha3l9p+7g2IpkUBgomF1XMB8GA1UdIwQY
MBaAFLC1qApxBuCkuFRcgVC7csaZ/MmgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDIt
NzQ1ZTA4ZmU1OGM2LzEvajQ3cmsyRnJlWDJuN3VEWWltUlFHQ2lZWFZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDItNzQ1ZTA4ZmU1OGM2
LzEvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1HMA0G
CSqGSIb3DQEBCwUAA4IBAQAT3bw9NhWfLjd9muTscgpP/ccok/BbAD7brcFGGt0w
htOzjlSME26h1iVpFcTNXfodfaur+fg4JrptL1ajtk2VhUjD9Fen2pnT2AFOm5OB
Zx+85c56+8UPzLc4TWMCuEXkyaT0sxGtc521FNO3JZwhpoDLHafKobZxsjiDEVM8
waExC1JTM44EBqD2NeYmvCVjk4+rvvvdJzEL2dFDnRKOxUD73IcuYP8+YJvZVUJV
aVbu0NUaxCzs4aXYCacZ+w1dmGqzpDKLZtl72JVGtZL/6JpTrcPIagjzHEjJJDx+
tA70nPHLKyfrn5ydm3qZ4MtYw3Vs0MK3JS6lgu0+GBm9
-----END CERTIFICATE-----