Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/E9dRsKnEWKw-14p9ATuvWMjWpMo.roa
File:                     E9dRsKnEWKw-14p9ATuvWMjWpMo.roa (raw, json)
Hash identifier:          F3tXjSzpKm3xokQtRzj7KSNvNVlitGKWwjzsBBwZNk8=
Subject key identifier:   13:D7:51:B0:A9:C4:58:AC:3E:D7:8A:7D:01:3B:AF:58:C8:D6:A4:CA
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       019A0E42FF86019F2CE0F9EAF5016D40036F
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/E9dRsKnEWKw-14p9ATuvWMjWpMo.roa
Signing time:             Wed 22 Oct 2025 23:31:03 +0000
ROA not before:           Wed 22 Oct 2025 23:31:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212232
IP address blocks:        109.205.193.0/24 maxlen: 24
                          2a01:fb01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 14:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0e:42:ff:86:01:9f:2c:e0:f9:ea:f5:01:6d:40:03:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Oct 22 23:31:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13d751b0a9c458ac3ed78a7d013baf58c8d6a4ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:22:92:02:c9:85:d2:bd:ad:1c:99:03:af:b5:
                    16:f0:30:40:76:e3:d9:d6:89:2d:39:3e:ea:b5:7a:
                    31:bc:bc:40:8f:71:77:56:de:46:b5:4d:0a:07:d3:
                    56:f3:73:c9:70:b6:b6:a6:5b:91:da:a8:49:a6:bd:
                    af:e6:22:93:13:fb:b0:7f:f7:46:af:26:94:98:06:
                    9c:d5:af:14:03:5d:e8:91:5f:02:b2:a9:d7:5b:71:
                    ef:46:f1:c3:de:07:d0:c7:ab:fe:9b:49:9d:7f:64:
                    7a:03:5f:8f:59:44:a3:65:17:4e:60:23:46:b1:2a:
                    d3:13:d3:e9:2e:c4:e9:62:62:04:a4:84:67:cd:cf:
                    ae:a4:e5:1d:01:da:22:5f:fd:40:cc:64:3e:49:2a:
                    92:a7:db:a0:94:48:fa:46:78:eb:bf:52:4e:a3:bf:
                    54:43:6e:2b:a5:e3:e8:46:73:1b:e4:65:a4:fa:ab:
                    19:bd:97:ca:72:bd:e0:a3:f8:b7:b3:05:79:4a:dc:
                    a4:a5:c7:f3:63:99:ff:e4:dd:f0:b9:a9:71:c0:a1:
                    8f:54:a1:23:ec:14:ea:16:bf:04:60:67:0b:6e:2a:
                    31:b1:4f:ed:dd:e4:7f:56:31:c9:51:03:7a:6f:56:
                    11:ac:bf:83:52:67:bc:f3:b4:4d:6b:d6:7e:89:63:
                    e6:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:D7:51:B0:A9:C4:58:AC:3E:D7:8A:7D:01:3B:AF:58:C8:D6:A4:CA
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/E9dRsKnEWKw-14p9ATuvWMjWpMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.193.0/24
                IPv6:
                  2a01:fb01::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:b8:e0:20:6f:93:6c:1e:dc:43:d0:ec:82:8b:82:40:73:60:
         d0:68:30:5e:10:fb:44:a1:58:5f:cd:8e:f0:53:3e:11:58:f3:
         f8:ae:5d:19:86:2c:21:0b:b3:44:00:3c:f5:90:49:1b:e9:37:
         11:80:b0:2e:f9:0d:85:f1:37:cd:d9:b8:6c:b3:86:ff:c3:47:
         2a:90:19:21:c9:b0:89:84:f1:20:a5:6f:96:c4:6e:2b:1b:ad:
         f0:39:37:2f:21:ef:79:de:9e:d8:3d:b9:90:85:79:b0:25:0d:
         09:b8:de:2e:c1:4f:de:36:66:f3:c0:83:a6:7e:ac:09:b2:ab:
         ab:47:ec:c2:d8:6e:48:93:e4:be:8d:c3:e8:f5:ff:75:af:a6:
         f9:b7:09:2c:26:e0:90:5b:96:55:69:8b:a0:8d:7e:84:7b:90:
         af:83:99:5b:85:35:6d:ce:06:c8:ba:50:70:fc:9a:be:91:e2:
         e4:2d:70:9d:97:c4:5f:7a:69:97:ea:6f:d1:97:7a:c8:81:d8:
         1f:22:0f:55:d0:e7:3e:d7:83:2a:61:91:f9:0e:36:e9:c9:76:
         82:1f:a1:87:e3:0b:be:e2:99:ce:a3:fb:f5:0d:1c:1c:31:3e:
         c0:e9:30:b2:ee:f7:28:42:1c:bf:6d:19:62:3f:36:f5:ff:b1:
         57:a1:bd:99
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoOQv+GAZ8s4Pnq9QFtQANvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMDIyMjMzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2Q3NTFiMGE5YzQ1OGFjM2VkNzhhN2QwMTNiYWY1OGM4ZDZhNGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyKSAsmF0r2tHJkDr7UW8DBAduPZ
1oktOT7qtXoxvLxAj3F3Vt5GtU0KB9NW83PJcLa2pluR2qhJpr2v5iKTE/uwf/dG
ryaUmAac1a8UA13okV8CsqnXW3HvRvHD3gfQx6v+m0mdf2R6A1+PWUSjZRdOYCNG
sSrTE9PpLsTpYmIEpIRnzc+upOUdAdoiX/1AzGQ+SSqSp9uglEj6Rnjrv1JOo79U
Q24rpePoRnMb5GWk+qsZvZfKcr3go/i3swV5StykpcfzY5n/5N3wualxwKGPVKEj
7BTqFr8EYGcLbioxsU/t3eR/VjHJUQN6b1YRrL+DUme887RNa9Z+iWPmJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBPXUbCpxFisPteKfQE7r1jI1qTKMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvRTlkUnNLbkVXS3ctMTRwOUFUdXZXTWpXcE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAbc3BMA0E
AgACMAcDBQAqAfsBMA0GCSqGSIb3DQEBCwUAA4IBAQB7uOAgb5NsHtxD0OyCi4JA
c2DQaDBeEPtEoVhfzY7wUz4RWPP4rl0ZhiwhC7NEADz1kEkb6TcRgLAu+Q2F8TfN
2bhss4b/w0cqkBkhybCJhPEgpW+WxG4rG63wOTcvIe953p7YPbmQhXmwJQ0JuN4u
wU/eNmbzwIOmfqwJsqurR+zC2G5Ik+S+jcPo9f91r6b5twksJuCQW5ZVaYugjX6E
e5Cvg5lbhTVtzgbIulBw/Jq+keLkLXCdl8RfemmX6m/Rl3rIgdgfIg9V0Oc+14Mq
YZH5DjbpyXaCH6GH4wu+4pnOo/v1DRwcMT7A6TCy7vcoQhy/bRliPzb1/7FXob2Z
-----END CERTIFICATE-----