Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/FYiHyPgalW68Z_EhtzXNrycJYmQ.roa
File:                     FYiHyPgalW68Z_EhtzXNrycJYmQ.roa (raw, json)
Hash identifier:          /kNyoRlzhu//FM+fFB6FGSitspb0oA3HCBVl7Lwi280=
Subject key identifier:   15:88:87:C8:F8:1A:95:6E:BC:67:F1:21:B7:35:CD:AF:27:09:62:64
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       019A113BCCC7528BA8705203260C8E258857
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/FYiHyPgalW68Z_EhtzXNrycJYmQ.roa
Signing time:             Thu 23 Oct 2025 13:22:03 +0000
ROA not before:           Thu 23 Oct 2025 13:22:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202409
IP address blocks:        109.205.193.0/24 maxlen: 24
                          2a01:fb01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 11:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:11:3b:cc:c7:52:8b:a8:70:52:03:26:0c:8e:25:88:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Oct 23 13:22:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=158887c8f81a956ebc67f121b735cdaf27096264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:46:aa:99:9e:13:98:a5:33:98:c8:fa:0b:e3:
                    8e:37:91:ca:c7:ad:b0:07:ac:ca:af:06:05:29:92:
                    85:dc:18:96:e2:c2:4e:57:13:30:4c:26:bc:a6:11:
                    70:f8:16:a4:8e:ff:12:85:cb:2f:f1:f2:57:ed:61:
                    19:18:9f:89:c7:ba:3f:c7:72:8b:c5:b8:21:f7:0f:
                    c3:f0:b9:84:c7:f8:fe:a2:ee:4c:be:57:9f:f0:a7:
                    30:74:d1:72:5e:54:cd:c3:4a:95:5d:85:1a:1c:36:
                    00:48:d8:2f:6a:72:1d:10:8a:e2:a1:05:b6:c8:78:
                    0b:9d:ab:b9:63:02:7f:bf:f2:24:d8:f8:ec:94:3f:
                    01:80:e1:4e:17:4d:fa:45:d7:c4:1f:ab:97:6e:f4:
                    84:1e:b0:9a:88:9e:1e:55:e8:58:e5:39:29:3c:d7:
                    85:64:3d:9e:21:48:aa:c1:6c:2c:c2:a7:f0:ae:59:
                    9a:a1:2c:8c:fa:b8:43:c9:bd:39:fd:7f:54:c2:db:
                    50:63:fa:e6:b5:67:5f:8c:33:d1:09:fa:c3:ca:f4:
                    4d:06:c6:04:81:7d:0c:e3:94:a2:3f:68:2d:7a:22:
                    c7:37:84:ef:e2:b4:02:e7:92:cf:05:a4:a0:da:7d:
                    1f:5f:d2:46:6f:b7:92:6a:67:80:d0:17:d3:dd:8c:
                    a0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:88:87:C8:F8:1A:95:6E:BC:67:F1:21:B7:35:CD:AF:27:09:62:64
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/FYiHyPgalW68Z_EhtzXNrycJYmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.193.0/24
                IPv6:
                  2a01:fb01::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:09:c2:c9:4b:ae:27:c1:a3:ff:d6:30:6d:3d:30:97:17:5c:
         e4:33:1b:bb:26:4a:b7:f9:d0:7a:4f:f4:48:99:44:b6:ab:eb:
         5f:b1:18:1a:e4:10:52:8a:79:7a:7f:b5:e6:0e:04:de:25:4d:
         f1:63:9f:7a:32:5b:5b:cc:91:8d:e7:cf:f3:95:3d:c0:d7:48:
         56:97:d8:fc:91:48:2b:72:b7:1e:8a:17:52:1b:01:4b:47:f9:
         aa:b5:b0:bc:2d:50:c1:8e:8d:c8:0b:e6:12:89:90:fd:11:b1:
         0e:ec:64:b6:74:a9:52:b4:48:70:e6:10:81:88:eb:fe:14:17:
         6f:77:a4:d6:f9:58:ff:80:40:05:23:d8:08:2e:7d:3e:9a:c4:
         1f:f3:0c:86:22:e7:24:ef:0c:9a:2e:85:82:a8:c9:8b:38:54:
         66:b7:52:24:5f:af:f3:dc:41:15:57:9c:72:d1:79:52:3e:aa:
         5a:71:9e:e8:72:28:90:fe:b1:a7:dd:64:93:92:53:14:f6:a0:
         69:f8:a3:ae:f6:b8:cd:75:21:d8:b6:71:b6:bc:67:40:df:11:
         c2:d0:49:5c:a0:d1:e1:03:cc:64:ea:41:e6:73:6b:58:3e:46:
         a6:6c:a2:f1:c7:c6:db:aa:8c:90:67:ee:a5:2d:ac:a1:8e:a3:
         b9:fd:09:f5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoRO8zHUouocFIDJgyOJYhXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMDIzMTMyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTg4ODdjOGY4MWE5NTZlYmM2N2YxMjFiNzM1Y2RhZjI3MDk2MjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEaqmZ4TmKUzmMj6C+OON5HKx62w
B6zKrwYFKZKF3BiW4sJOVxMwTCa8phFw+Bakjv8Shcsv8fJX7WEZGJ+Jx7o/x3KL
xbgh9w/D8LmEx/j+ou5Mvlef8KcwdNFyXlTNw0qVXYUaHDYASNgvanIdEIrioQW2
yHgLnau5YwJ/v/Ik2PjslD8BgOFOF036RdfEH6uXbvSEHrCaiJ4eVehY5TkpPNeF
ZD2eIUiqwWwswqfwrlmaoSyM+rhDyb05/X9UwttQY/rmtWdfjDPRCfrDyvRNBsYE
gX0M45SiP2gteiLHN4Tv4rQC55LPBaSg2n0fX9JGb7eSameA0BfT3YygVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBWIh8j4GpVuvGfxIbc1za8nCWJkMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvRllpSHlQZ2FsVzY4Wl9FaHR6WE5yeWNKWW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAbc3BMA0E
AgACMAcDBQAqAfsBMA0GCSqGSIb3DQEBCwUAA4IBAQBZCcLJS64nwaP/1jBtPTCX
F1zkMxu7Jkq3+dB6T/RImUS2q+tfsRga5BBSinl6f7XmDgTeJU3xY596MltbzJGN
58/zlT3A10hWl9j8kUgrcrceihdSGwFLR/mqtbC8LVDBjo3IC+YSiZD9EbEO7GS2
dKlStEhw5hCBiOv+FBdvd6TW+Vj/gEAFI9gILn0+msQf8wyGIuck7wyaLoWCqMmL
OFRmt1IkX6/z3EEVV5xy0XlSPqpacZ7ociiQ/rGn3WSTklMU9qBp+KOu9rjNdSHY
tnG2vGdA3xHC0ElcoNHhA8xk6kHmc2tYPkambKLxx8bbqoyQZ+6lLayhjqO5/Qn1
-----END CERTIFICATE-----