Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/XO9hryEjXx5kgKnr74JXjzCM8w0.roa
File:                     XO9hryEjXx5kgKnr74JXjzCM8w0.roa (raw, json)
Hash identifier:          w6sYmDLnWAclOfvxxkvq1DeKbEW8wcfpI5kQA52E9OY=
Subject key identifier:   5C:EF:61:AF:21:23:5F:1E:64:80:A9:EB:EF:82:57:8F:30:8C:F3:0D
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       0199CD21F2BCC5B5B40DCF127C3D8DE362DA
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/XO9hryEjXx5kgKnr74JXjzCM8w0.roa
Signing time:             Fri 10 Oct 2025 07:59:38 +0000
ROA not before:           Fri 10 Oct 2025 07:59:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        217.147.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:21:f2:bc:c5:b5:b4:0d:cf:12:7c:3d:8d:e3:62:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Oct 10 07:59:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cef61af21235f1e6480a9ebef82578f308cf30d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c6:40:88:04:c7:66:3a:80:37:34:00:0f:75:
                    74:7f:a2:2b:b8:ba:1c:2d:9a:95:e6:1f:13:4c:8e:
                    0b:03:4a:03:7b:0a:81:44:ac:3c:77:04:ce:cd:ef:
                    03:54:0c:8f:ac:b9:f7:c7:11:cf:93:19:a8:38:ab:
                    2c:4c:b7:67:e4:16:a2:dc:0c:53:9c:28:b3:2f:4b:
                    b8:a8:aa:0f:a8:7e:95:06:7b:f4:c7:17:9b:24:b1:
                    77:02:50:f0:24:10:ca:a8:0d:4d:2c:7a:d9:46:c5:
                    3a:9b:8e:54:52:f2:1e:0f:f1:0c:1d:f4:49:55:ab:
                    15:30:d7:0b:67:9f:be:ca:b8:65:90:13:29:af:c1:
                    15:2d:6a:f3:98:01:91:55:31:e3:c6:2f:a2:ce:b8:
                    98:15:18:83:a7:59:52:af:9e:59:b7:fb:94:8e:ed:
                    d1:0d:f3:27:91:44:b9:9c:f2:f2:17:56:7f:5f:2b:
                    87:c4:23:e9:8c:45:5b:b5:f1:e4:fd:a5:eb:58:a6:
                    23:3f:88:c0:4e:70:33:24:fa:d5:9d:a4:7a:60:3d:
                    1b:ef:23:17:47:aa:e2:88:ad:c4:8b:89:fb:e3:ab:
                    d0:42:e7:11:17:14:35:a6:20:64:04:11:18:04:46:
                    6f:eb:b3:e9:26:28:15:ec:44:6f:1d:48:89:e6:aa:
                    4e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:EF:61:AF:21:23:5F:1E:64:80:A9:EB:EF:82:57:8F:30:8C:F3:0D
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/XO9hryEjXx5kgKnr74JXjzCM8w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:aa:df:e9:c4:9f:60:52:62:4e:64:dc:88:ac:0b:d0:b8:7d:
         0a:d7:4a:87:b2:b0:ee:c5:22:b2:eb:23:f6:ba:84:52:b7:23:
         88:63:84:9c:de:e9:3d:01:81:5c:74:99:e8:ee:ea:83:7e:3d:
         79:ba:82:68:46:c1:40:70:7b:c0:ee:f7:5f:98:87:83:9f:fb:
         f2:31:58:5c:0a:0a:96:15:99:23:9a:36:01:4f:ed:77:87:8b:
         f2:24:55:11:4b:1e:5d:45:cc:7e:1f:03:b0:f6:08:8d:25:0e:
         e6:e9:a7:3c:01:7b:c0:c6:77:ff:d6:72:9d:0a:62:5d:7b:c1:
         5b:2b:83:c7:de:3d:50:25:3b:d2:0f:f5:7d:45:3c:04:06:d3:
         cd:4b:11:ab:bc:9f:18:c2:c2:7f:61:76:9a:39:e4:3e:35:75:
         39:4e:78:01:d1:a3:b7:32:da:a6:2d:78:c0:f2:d8:14:7c:84:
         42:71:4d:e1:bc:44:29:aa:a4:81:88:73:45:1b:72:9d:12:26:
         65:51:40:60:8a:b2:28:08:47:bd:3c:dd:b9:28:b4:48:84:df:
         c6:fc:e6:bf:1f:c6:b6:4d:c7:5f:a4:45:05:b2:ee:8e:62:63:
         c5:e9:de:84:fe:0d:a1:29:7c:5e:63:60:0d:22:c2:23:5f:df:
         fd:5d:d7:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnNIfK8xbW0Dc8SfD2N42LaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjUxMDEwMDc1OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2VmNjFhZjIxMjM1ZjFlNjQ4MGE5ZWJlZjgyNTc4ZjMwOGNmMzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocZAiATHZjqANzQAD3V0f6IruLoc
LZqV5h8TTI4LA0oDewqBRKw8dwTOze8DVAyPrLn3xxHPkxmoOKssTLdn5Bai3AxT
nCizL0u4qKoPqH6VBnv0xxebJLF3AlDwJBDKqA1NLHrZRsU6m45UUvIeD/EMHfRJ
VasVMNcLZ5++yrhlkBMpr8EVLWrzmAGRVTHjxi+izriYFRiDp1lSr55Zt/uUju3R
DfMnkUS5nPLyF1Z/XyuHxCPpjEVbtfHk/aXrWKYjP4jATnAzJPrVnaR6YD0b7yMX
R6riiK3Ei4n746vQQucRFxQ1piBkBBEYBEZv67PpJigV7ERvHUiJ5qpOAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzvYa8hI18eZICp6++CV48wjPMNMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvWE85aHJ5RWpYeDVrZ0tucjc0SlhqekNNOHcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOmMA0G
CSqGSIb3DQEBCwUAA4IBAQAFqt/pxJ9gUmJOZNyIrAvQuH0K10qHsrDuxSKy6yP2
uoRStyOIY4Sc3uk9AYFcdJno7uqDfj15uoJoRsFAcHvA7vdfmIeDn/vyMVhcCgqW
FZkjmjYBT+13h4vyJFURSx5dRcx+HwOw9giNJQ7m6ac8AXvAxnf/1nKdCmJde8Fb
K4PH3j1QJTvSD/V9RTwEBtPNSxGrvJ8YwsJ/YXaaOeQ+NXU5TngB0aO3MtqmLXjA
8tgUfIRCcU3hvEQpqqSBiHNFG3KdEiZlUUBgirIoCEe9PN25KLRIhN/G/Oa/H8a2
TcdfpEUFsu6OYmPF6d6E/g2hKXxeY2ANIsIjX9/9XdeB
-----END CERTIFICATE-----