Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/9hgStchHD6fvUu7MaI3ReZLaWPo.roa
File:                     9hgStchHD6fvUu7MaI3ReZLaWPo.roa (raw, json)
Hash identifier:          gNkHPXuUrNhImnSBNKFWxQAcOMo7axTMfis85TltsTA=
Subject key identifier:   F6:18:12:B5:C8:47:0F:A7:EF:52:EE:CC:68:8D:D1:79:92:DA:58:FA
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019A3E8176477321C89564BB07AF4B1D3CCE
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/9hgStchHD6fvUu7MaI3ReZLaWPo.roa
Signing time:             Sat 01 Nov 2025 08:21:03 +0000
ROA not before:           Sat 01 Nov 2025 08:21:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        146.19.154.0/24 maxlen: 24
                          147.78.198.0/24 maxlen: 24
                          193.84.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Nov 2025 20:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3e:81:76:47:73:21:c8:95:64:bb:07:af:4b:1d:3c:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Nov  1 08:21:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f61812b5c8470fa7ef52eecc688dd17992da58fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:71:5f:17:aa:0b:91:93:82:f9:39:5a:ed:51:
                    65:87:03:de:4e:ff:d3:b3:2d:6d:f9:d0:9d:7b:44:
                    71:67:c2:f0:d5:5d:b1:20:37:24:1d:10:96:c6:70:
                    3a:2d:76:9a:7b:85:ef:04:c0:f4:ea:75:8e:ea:f0:
                    a8:90:5a:46:ec:0d:ff:4f:7d:60:16:57:fa:74:1b:
                    94:9d:65:1b:da:42:82:d5:0a:02:d9:a6:4d:7f:44:
                    04:63:14:24:ab:4d:19:33:42:d1:88:62:35:6f:b4:
                    4e:21:e2:f9:ee:f1:0c:f0:56:4d:69:48:9a:ae:45:
                    15:70:19:f0:0e:d4:6b:7a:fa:15:c9:fa:be:a2:76:
                    fd:22:52:0d:b7:9b:57:c1:2a:23:b7:29:66:14:eb:
                    8a:0f:cc:bd:e6:9e:91:3d:50:73:f4:6b:7d:d5:37:
                    13:84:e7:af:71:43:ad:32:0c:8c:74:e3:f8:b5:b6:
                    f2:09:5f:35:2e:61:5a:85:a0:31:8e:db:be:48:49:
                    5b:90:9e:b3:62:06:cb:27:4b:d1:44:ad:b9:a3:6a:
                    91:1f:39:f7:dd:77:b1:1d:54:61:9b:df:72:cc:08:
                    1d:0a:61:f4:e7:3a:36:78:98:95:91:3f:9f:5a:2a:
                    43:4c:3a:f1:44:69:30:c3:58:2b:e2:87:92:92:f4:
                    32:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:18:12:B5:C8:47:0F:A7:EF:52:EE:CC:68:8D:D1:79:92:DA:58:FA
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/9hgStchHD6fvUu7MaI3ReZLaWPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.154.0/24
                  147.78.198.0/24
                  193.84.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:bf:bf:de:b9:1a:d8:ce:26:02:77:09:c8:1c:e3:82:dc:a6:
         ff:cc:6b:68:7f:8d:4b:48:8a:0b:b3:77:fa:36:e1:8f:73:d1:
         2e:f4:38:85:a5:8d:bc:48:e5:3f:a6:81:24:39:6f:83:03:b1:
         48:c1:f4:f9:95:36:c7:33:b5:cd:4a:6a:dc:d3:cc:3f:d4:66:
         d2:70:d6:cd:ce:e3:f9:d2:d7:c5:39:82:c5:1e:fb:d7:d8:47:
         d2:94:b3:cf:b8:f4:1d:37:05:81:11:68:c0:34:38:1d:89:38:
         ff:b8:db:27:f2:fc:12:e3:a0:e6:f5:aa:51:55:f7:03:5d:8a:
         bd:6d:9b:91:41:66:70:a2:2b:95:1c:02:ad:73:8d:2f:9e:41:
         d2:d7:8d:4d:29:b8:72:2d:61:b9:2f:85:51:f8:68:a3:4a:51:
         07:8d:43:d4:b0:b3:35:99:45:d2:a7:95:8f:ba:6a:d8:4f:9f:
         7f:e7:4c:82:dd:35:a4:fc:73:6e:c8:fe:5d:31:3f:db:9f:06:
         47:a4:1e:fa:8a:5e:14:ab:f9:06:86:65:91:f3:13:f0:86:f6:
         85:62:32:bd:39:76:ff:fe:1b:15:42:a4:30:c7:9e:58:5f:ff:
         30:75:18:71:94:53:de:63:02:72:b5:17:3b:ae:c7:45:e0:f5:
         8d:98:88:3f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZo+gXZHcyHIlWS7B69LHTzOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUxMTAxMDgyMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjE4MTJiNWM4NDcwZmE3ZWY1MmVlY2M2ODhkZDE3OTkyZGE1OGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3FfF6oLkZOC+Tla7VFlhwPeTv/T
sy1t+dCde0RxZ8Lw1V2xIDckHRCWxnA6LXaae4XvBMD06nWO6vCokFpG7A3/T31g
Flf6dBuUnWUb2kKC1QoC2aZNf0QEYxQkq00ZM0LRiGI1b7ROIeL57vEM8FZNaUia
rkUVcBnwDtRrevoVyfq+onb9IlINt5tXwSojtylmFOuKD8y95p6RPVBz9Gt91TcT
hOevcUOtMgyMdOP4tbbyCV81LmFahaAxjtu+SElbkJ6zYgbLJ0vRRK25o2qRHzn3
3XexHVRhm99yzAgdCmH05zo2eJiVkT+fWipDTDrxRGkww1gr4oeSkvQyQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPYYErXIRw+n71LuzGiN0XmS2lj6MB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvOWhnU3RjaEhENmZ2VXU3TWFJM1JlWkxhV1BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAkhOaAwQA
k07GAwQAwVRtMA0GCSqGSIb3DQEBCwUAA4IBAQAsv7/euRrYziYCdwnIHOOC3Kb/
zGtof41LSIoLs3f6NuGPc9Eu9DiFpY28SOU/poEkOW+DA7FIwfT5lTbHM7XNSmrc
08w/1GbScNbNzuP50tfFOYLFHvvX2EfSlLPPuPQdNwWBEWjANDgdiTj/uNsn8vwS
46Dm9apRVfcDXYq9bZuRQWZwoiuVHAKtc40vnkHS141NKbhyLWG5L4VR+GijSlEH
jUPUsLM1mUXSp5WPumrYT59/50yC3TWk/HNuyP5dMT/bnwZHpB76il4Uq/kGhmWR
8xPwhvaFYjK9OXb//hsVQqQwx55YX/8wdRhxlFPeYwJytRc7rsdF4PWNmIg/
-----END CERTIFICATE-----