Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/9fada1-60f9-4ef7-81d8-1eccbe67c661/1/xB38LbhT2_yrUVZlouCmVlILlt8.roa
File:                     xB38LbhT2_yrUVZlouCmVlILlt8.roa (raw, json)
Hash identifier:          BQQkuBlgEp2npMMTPa8Q0PYRIJBaMcDRmTmQGnO/9ko=
Subject key identifier:   C4:1D:FC:2D:B8:53:DB:FC:AB:51:56:65:A2:E0:A6:56:52:0B:96:DF
Certificate issuer:       /CN=07594568618898a9fb720ae09bed0ed1be4f857e
Certificate serial:       019A8275045E5DB45F0A01782C4BB989A32E
Authority key identifier: 07:59:45:68:61:88:98:A9:FB:72:0A:E0:9B:ED:0E:D1:BE:4F:85:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B1lFaGGImKn7cgrgm-0O0b5PhX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/9fada1-60f9-4ef7-81d8-1eccbe67c661/1/xB38LbhT2_yrUVZlouCmVlILlt8.roa
Signing time:             Fri 14 Nov 2025 13:01:38 +0000
ROA not before:           Fri 14 Nov 2025 13:01:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50673
IP address blocks:        84.246.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/9fada1-60f9-4ef7-81d8-1eccbe67c661/1/B1lFaGGImKn7cgrgm-0O0b5PhX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/9fada1-60f9-4ef7-81d8-1eccbe67c661/1/B1lFaGGImKn7cgrgm-0O0b5PhX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B1lFaGGImKn7cgrgm-0O0b5PhX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Nov 2025 10:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:82:75:04:5e:5d:b4:5f:0a:01:78:2c:4b:b9:89:a3:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07594568618898a9fb720ae09bed0ed1be4f857e
        Validity
            Not Before: Nov 14 13:01:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c41dfc2db853dbfcab515665a2e0a656520b96df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:88:88:f6:9a:5c:43:8e:da:9a:d5:12:4d:43:
                    c4:cb:11:fd:70:39:42:c2:f3:07:1e:9f:b4:4b:41:
                    bb:bf:49:da:27:a1:41:d7:03:87:f7:00:a9:aa:26:
                    76:db:10:d7:80:65:44:b2:6c:50:45:22:bc:56:9c:
                    82:39:9d:bf:30:9d:2e:e7:98:d5:1a:9c:ea:3f:ab:
                    23:84:24:e3:41:73:06:7e:31:51:ee:e3:4c:54:19:
                    c3:cf:1f:ca:8e:4d:60:8f:69:75:70:ad:f7:9f:55:
                    14:99:be:53:f4:0c:e7:a3:e2:84:9b:63:1c:3d:4a:
                    52:70:8f:f3:d3:2e:27:ca:2d:ad:27:13:81:9a:34:
                    54:65:33:47:fc:a8:9a:97:89:be:1c:e4:ed:cb:37:
                    d7:26:49:c5:4a:dd:f6:3e:0f:cd:05:73:51:65:20:
                    9d:33:88:4b:79:37:20:b1:5f:cf:f1:de:cc:d9:8e:
                    1c:4e:13:1d:ab:44:49:93:ab:76:68:e5:2d:cc:da:
                    38:38:78:c7:52:fb:31:c5:ed:21:d6:8f:c6:9f:81:
                    76:95:cf:de:30:8c:78:c6:10:25:8d:e3:90:3c:e7:
                    f8:b7:24:1d:df:f8:18:af:ec:ab:b3:59:28:1d:41:
                    61:76:78:ca:48:c8:9d:ca:04:0b:d1:cf:37:f7:58:
                    c3:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:1D:FC:2D:B8:53:DB:FC:AB:51:56:65:A2:E0:A6:56:52:0B:96:DF
            X509v3 Authority Key Identifier:
                keyid:07:59:45:68:61:88:98:A9:FB:72:0A:E0:9B:ED:0E:D1:BE:4F:85:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B1lFaGGImKn7cgrgm-0O0b5PhX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/9fada1-60f9-4ef7-81d8-1eccbe67c661/1/xB38LbhT2_yrUVZlouCmVlILlt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/9fada1-60f9-4ef7-81d8-1eccbe67c661/1/B1lFaGGImKn7cgrgm-0O0b5PhX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.246.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:a6:ce:4b:3b:ea:bb:a2:d5:b9:9d:d9:eb:e9:aa:69:1f:61:
         3b:55:32:ca:09:e1:24:ea:8d:79:06:de:a5:d2:17:cb:0f:0b:
         d0:67:81:6e:4f:93:fc:51:b7:c8:ea:08:5d:a9:c5:7d:98:aa:
         79:c5:96:ee:33:07:5d:a8:e2:8d:d6:42:0b:0b:ce:42:5a:28:
         91:c7:74:49:30:35:1c:eb:d7:52:cb:cf:a2:fe:f2:ea:79:a6:
         8a:59:b7:af:cd:2a:c4:70:d8:94:0b:aa:91:f1:96:0d:8e:34:
         d6:6c:83:20:1b:02:62:26:7a:3c:eb:87:4c:a2:a0:48:de:86:
         e9:e3:02:98:eb:b0:9b:be:6d:e0:62:6a:49:c8:7c:11:1b:36:
         0a:80:65:59:ca:ea:80:27:23:27:41:d1:80:c9:27:ba:0c:40:
         47:27:4f:03:92:56:21:f8:f1:83:98:2d:cd:3f:63:8d:bd:72:
         cc:7e:46:cf:b6:de:95:54:1d:8c:69:62:d0:a3:74:2e:71:c8:
         bb:7c:da:bb:9b:27:07:55:f1:ec:5a:a0:d5:1d:0b:7e:5e:35:
         6e:ae:83:fb:25:f6:f9:d3:f7:69:0a:00:04:e0:a7:8f:30:04:
         50:3f:8e:d6:3c:d3:5f:04:e5:da:a6:e8:c2:8d:f4:d3:ce:cc:
         d5:f5:a1:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqCdQReXbRfCgF4LEu5iaMuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NTk0NTY4NjE4ODk4YTlmYjcyMGFlMDliZWQwZWQxYmU0
Zjg1N2UwHhcNMjUxMTE0MTMwMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDFkZmMyZGI4NTNkYmZjYWI1MTU2NjVhMmUwYTY1NjUyMGI5NmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYiI9ppcQ47amtUSTUPEyxH9cDlC
wvMHHp+0S0G7v0naJ6FB1wOH9wCpqiZ22xDXgGVEsmxQRSK8VpyCOZ2/MJ0u55jV
GpzqP6sjhCTjQXMGfjFR7uNMVBnDzx/Kjk1gj2l1cK33n1UUmb5T9Azno+KEm2Mc
PUpScI/z0y4nyi2tJxOBmjRUZTNH/Kial4m+HOTtyzfXJknFSt32Pg/NBXNRZSCd
M4hLeTcgsV/P8d7M2Y4cThMdq0RJk6t2aOUtzNo4OHjHUvsxxe0h1o/Gn4F2lc/e
MIx4xhAljeOQPOf4tyQd3/gYr+yrs1koHUFhdnjKSMidygQL0c8391jDWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQd/C24U9v8q1FWZaLgplZSC5bfMB8GA1UdIwQY
MBaAFAdZRWhhiJip+3IK4JvtDtG+T4V+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjFsRmFHR0ltS243Y2dyZ20tME8wYjVQaFg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS85ZmFkYTEtNjBmOS00ZWY3LTgxZDgt
MWVjY2JlNjdjNjYxLzEveEIzOExiaFQyX3lyVVZabG91Q21WbElMbHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS85ZmFkYTEtNjBmOS00ZWY3LTgxZDgtMWVjY2JlNjdjNjYx
LzEvQjFsRmFHR0ltS243Y2dyZ20tME8wYjVQaFg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPZQMA0G
CSqGSIb3DQEBCwUAA4IBAQABps5LO+q7otW5ndnr6appH2E7VTLKCeEk6o15Bt6l
0hfLDwvQZ4FuT5P8UbfI6ghdqcV9mKp5xZbuMwddqOKN1kILC85CWiiRx3RJMDUc
69dSy8+i/vLqeaaKWbevzSrEcNiUC6qR8ZYNjjTWbIMgGwJiJno864dMoqBI3obp
4wKY67Cbvm3gYmpJyHwRGzYKgGVZyuqAJyMnQdGAySe6DEBHJ08DklYh+PGDmC3N
P2ONvXLMfkbPtt6VVB2MaWLQo3Qucci7fNq7mycHVfHsWqDVHQt+XjVuroP7Jfb5
0/dpCgAE4KePMARQP47WPNNfBOXapujCjfTTzszV9aE5
-----END CERTIFICATE-----