Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/sHtwktd2HByqYNIJkhUynJiU6WA.roa
File:                     sHtwktd2HByqYNIJkhUynJiU6WA.roa (raw, json)
Hash identifier:          mGmMBmuS6jlHVBjBpQajzrtPq9rhRMzxAMj32pWnVh0=
Subject key identifier:   B0:7B:70:92:D7:76:1C:1C:AA:60:D2:09:92:15:32:9C:98:94:E9:60
Certificate issuer:       /CN=ec65f246bfc1ea8fc386c86dd49fbaa8d88c4881
Certificate serial:       019A0BEB5425DB1FD5A1FE5B1FCBAEA08902
Authority key identifier: EC:65:F2:46:BF:C1:EA:8F:C3:86:C8:6D:D4:9F:BA:A8:D8:8C:48:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/sHtwktd2HByqYNIJkhUynJiU6WA.roa
Signing time:             Wed 22 Oct 2025 12:36:02 +0000
ROA not before:           Wed 22 Oct 2025 12:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.9.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Oct 2025 08:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:eb:54:25:db:1f:d5:a1:fe:5b:1f:cb:ae:a0:89:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec65f246bfc1ea8fc386c86dd49fbaa8d88c4881
        Validity
            Not Before: Oct 22 12:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b07b7092d7761c1caa60d2099215329c9894e960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:6f:76:3a:a1:e3:71:f1:7b:fd:b4:67:f5:06:
                    39:6c:7f:72:41:15:83:0c:14:36:d7:1d:1a:f7:61:
                    a2:e1:f1:75:a3:79:29:d5:d2:f4:49:fe:66:06:e4:
                    2a:99:10:9c:9e:ad:7d:79:f9:24:90:37:14:fe:28:
                    bb:6b:e9:2c:7b:43:a4:2b:fb:e6:2e:55:70:04:21:
                    64:8a:ef:1c:96:e5:1b:d7:58:96:30:e3:ff:1e:62:
                    bd:f8:2c:f6:0f:f0:55:6f:c2:3c:bb:43:83:15:ed:
                    45:ba:4f:d0:50:62:c9:24:53:dd:4e:52:6f:b7:13:
                    56:35:e4:05:28:bc:4b:d6:4a:02:cf:77:91:58:ec:
                    c0:2f:31:6c:45:aa:d5:29:38:30:2c:cb:b6:5b:13:
                    79:78:e5:52:f0:5e:71:89:02:84:4e:81:0e:d7:aa:
                    7e:42:ee:7f:ce:ad:7d:0f:6b:73:bf:e0:4f:b5:ec:
                    7e:33:27:d3:b0:38:84:3e:7f:fd:83:67:d9:be:c6:
                    8f:f6:30:7d:a0:1a:c1:e7:3a:2a:33:02:e4:56:30:
                    12:3c:1e:c6:3c:90:4d:fb:3f:61:cd:57:22:9d:26:
                    6b:18:fd:fc:8e:e7:88:a1:84:f6:3c:72:a5:ca:7e:
                    e5:11:39:1d:5b:e3:0a:53:cc:37:5d:fc:2b:af:ba:
                    e9:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:7B:70:92:D7:76:1C:1C:AA:60:D2:09:92:15:32:9C:98:94:E9:60
            X509v3 Authority Key Identifier:
                keyid:EC:65:F2:46:BF:C1:EA:8F:C3:86:C8:6D:D4:9F:BA:A8:D8:8C:48:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/sHtwktd2HByqYNIJkhUynJiU6WA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:d6:82:53:fd:99:d3:b4:45:60:e1:97:c0:b0:27:08:ec:06:
         f0:c6:73:5d:47:93:62:39:c5:67:38:4c:10:4a:5a:5c:22:46:
         e5:da:a9:32:65:30:23:1b:52:b6:5d:c4:af:e1:aa:3f:21:4c:
         18:f3:2f:55:4f:93:10:e0:c3:88:92:31:b7:49:93:a3:ab:62:
         06:fe:f5:33:2e:7d:6c:8f:6f:ff:cd:61:f3:a9:dc:4f:41:e7:
         d6:7c:93:06:b0:a5:b2:0f:39:f8:fd:15:37:3a:b8:d1:c1:9a:
         45:47:69:50:70:f7:5a:b0:74:1a:cd:55:71:81:9d:5b:e8:90:
         8f:ef:84:45:d9:81:ff:c2:5c:66:d6:ff:8b:20:ea:3f:7a:38:
         e3:07:c2:87:83:d3:c4:29:0f:77:5e:9f:01:9f:73:f8:a6:c0:
         7c:5d:2f:68:bc:dd:dc:26:05:f8:93:6e:79:a8:15:dd:c0:63:
         01:1f:98:7e:e9:da:f2:bd:c0:84:c8:7e:25:ae:af:56:03:e2:
         0e:05:e7:c2:fc:69:b9:e4:d5:41:10:5d:fc:86:f0:9b:be:54:
         ee:ad:82:d2:d8:c6:96:69:3a:fc:61:7e:c5:88:5b:7d:9d:0c:
         53:96:9e:91:f5:4f:fc:d4:2e:91:c5:05:d4:90:ad:98:be:c5:
         a4:3f:5a:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoL61Ql2x/Vof5bH8uuoIkCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNjVmMjQ2YmZjMWVhOGZjMzg2Yzg2ZGQ0OWZiYWE4ZDg4
YzQ4ODEwHhcNMjUxMDIyMTIzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDdiNzA5MmQ3NzYxYzFjYWE2MGQyMDk5MjE1MzI5Yzk4OTRlOTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmm92OqHjcfF7/bRn9QY5bH9yQRWD
DBQ21x0a92Gi4fF1o3kp1dL0Sf5mBuQqmRCcnq19efkkkDcU/ii7a+kse0OkK/vm
LlVwBCFkiu8cluUb11iWMOP/HmK9+Cz2D/BVb8I8u0ODFe1Fuk/QUGLJJFPdTlJv
txNWNeQFKLxL1koCz3eRWOzALzFsRarVKTgwLMu2WxN5eOVS8F5xiQKEToEO16p+
Qu5/zq19D2tzv+BPtex+MyfTsDiEPn/9g2fZvsaP9jB9oBrB5zoqMwLkVjASPB7G
PJBN+z9hzVcinSZrGP38jueIoYT2PHKlyn7lETkdW+MKU8w3Xfwrr7rpXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLB7cJLXdhwcqmDSCZIVMpyYlOlgMB8GA1UdIwQY
MBaAFOxl8ka/weqPw4bIbdSfuqjYjEiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0dYeVJyX0I2b19EaHNodDFKLTZxTmlNU0lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82ZjAzZmQtNTIxNy00ZTUyLWExNTkt
NzgxMjgwZmQyNDEyLzEvc0h0d2t0ZDJIQnlxWU5JSmtoVXluSmlVNldBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82ZjAzZmQtNTIxNy00ZTUyLWExNTktNzgxMjgwZmQyNDEy
LzEvN0dYeVJyX0I2b19EaHNodDFKLTZxTmlNU0lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQkQMA0G
CSqGSIb3DQEBCwUAA4IBAQB01oJT/ZnTtEVg4ZfAsCcI7AbwxnNdR5NiOcVnOEwQ
SlpcIkbl2qkyZTAjG1K2XcSv4ao/IUwY8y9VT5MQ4MOIkjG3SZOjq2IG/vUzLn1s
j2//zWHzqdxPQefWfJMGsKWyDzn4/RU3OrjRwZpFR2lQcPdasHQazVVxgZ1b6JCP
74RF2YH/wlxm1v+LIOo/ejjjB8KHg9PEKQ93Xp8Bn3P4psB8XS9ovN3cJgX4k255
qBXdwGMBH5h+6dryvcCEyH4lrq9WA+IOBefC/Gm55NVBEF38hvCbvlTurYLS2MaW
aTr8YX7FiFt9nQxTlp6R9U/81C6RxQXUkK2YvsWkP1p1
-----END CERTIFICATE-----