Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/6bf5ed-6fe6-4562-b853-9a4ec10607c5/1/sKN4W1XQgBRPMLqN0BmAh5exg2s.roa
File:                     sKN4W1XQgBRPMLqN0BmAh5exg2s.roa (raw, json)
Hash identifier:          IHu6vZ3N6G+PYxes9sQszliF8LVxezHAOlnn1uRbGYM=
Subject key identifier:   B0:A3:78:5B:55:D0:80:14:4F:30:BA:8D:D0:19:80:87:97:B1:83:6B
Certificate issuer:       /CN=d32563ed9964e42681a1c5d295b0c6148606e73d
Certificate serial:       01993422B435D56700FBD153CFF010E0BE3F
Authority key identifier: D3:25:63:ED:99:64:E4:26:81:A1:C5:D2:95:B0:C6:14:86:06:E7:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0yVj7Zlk5CaBocXSlbDGFIYG5z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/6bf5ed-6fe6-4562-b853-9a4ec10607c5/1/sKN4W1XQgBRPMLqN0BmAh5exg2s.roa
Signing time:             Wed 10 Sep 2025 14:58:33 +0000
ROA not before:           Wed 10 Sep 2025 14:58:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209847
IP address blocks:        194.59.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/6bf5ed-6fe6-4562-b853-9a4ec10607c5/1/0yVj7Zlk5CaBocXSlbDGFIYG5z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/6bf5ed-6fe6-4562-b853-9a4ec10607c5/1/0yVj7Zlk5CaBocXSlbDGFIYG5z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0yVj7Zlk5CaBocXSlbDGFIYG5z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 20:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:34:22:b4:35:d5:67:00:fb:d1:53:cf:f0:10:e0:be:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d32563ed9964e42681a1c5d295b0c6148606e73d
        Validity
            Not Before: Sep 10 14:58:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0a3785b55d080144f30ba8dd019808797b1836b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0e:8c:6b:d4:55:9c:e6:cf:b5:ab:f1:00:a9:
                    f0:06:f3:14:e9:93:52:92:99:6f:df:ea:23:3e:45:
                    dd:f0:ce:0a:97:e7:d9:5c:73:06:05:ba:50:8f:29:
                    c7:dd:c0:b7:0e:75:9e:45:11:62:f4:21:95:13:bf:
                    41:b1:f2:05:4f:77:f2:61:8d:b1:e9:c5:b9:56:07:
                    1e:c3:3b:4f:bb:c0:cd:2b:5d:a3:d8:8f:96:ee:9d:
                    97:0d:f7:c7:60:18:31:6c:6f:e1:c4:c1:20:0d:30:
                    91:5c:c9:69:fd:f8:fb:63:64:9e:3a:e4:31:f3:01:
                    bf:03:e1:7f:8c:49:d3:2b:63:b4:f3:56:f0:0c:e5:
                    b9:42:d0:3a:a3:d3:77:f7:c4:85:80:07:cb:db:dd:
                    73:b7:32:8f:21:c1:89:c2:4e:c3:cd:51:c6:52:b7:
                    21:a9:0e:d5:a6:16:0e:21:6f:f4:dc:68:fa:e5:8d:
                    cd:1f:9e:c2:75:63:e3:4e:ec:3e:06:43:16:ef:0f:
                    9c:37:61:cc:87:03:b4:02:6e:b3:a8:1f:bc:c5:06:
                    aa:a1:10:04:45:c1:63:75:41:56:fb:b4:0d:d4:90:
                    e8:08:f7:ae:bc:6f:50:68:ef:f1:c9:a3:ad:bb:8c:
                    6f:a0:18:5f:03:ac:bc:ab:c3:14:a1:2b:0b:9a:3f:
                    af:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:A3:78:5B:55:D0:80:14:4F:30:BA:8D:D0:19:80:87:97:B1:83:6B
            X509v3 Authority Key Identifier:
                keyid:D3:25:63:ED:99:64:E4:26:81:A1:C5:D2:95:B0:C6:14:86:06:E7:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0yVj7Zlk5CaBocXSlbDGFIYG5z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/6bf5ed-6fe6-4562-b853-9a4ec10607c5/1/sKN4W1XQgBRPMLqN0BmAh5exg2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/6bf5ed-6fe6-4562-b853-9a4ec10607c5/1/0yVj7Zlk5CaBocXSlbDGFIYG5z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:8e:29:9e:86:18:92:6a:82:04:4c:4f:5c:3e:69:0e:00:f0:
         fd:90:43:fa:88:43:ad:f4:4f:3c:34:10:8f:8f:a8:cc:05:60:
         87:86:a6:d6:60:fb:dc:30:c0:bd:90:0e:ed:75:99:0a:c7:6e:
         1a:88:c4:68:bd:fd:58:d9:be:4f:26:47:ab:35:7b:b7:8c:96:
         46:93:27:16:38:89:3a:8a:c9:87:a7:25:ab:5f:e5:31:6c:02:
         3b:90:d5:ea:09:2d:ed:81:a2:61:cc:f9:4d:37:d8:f0:2f:6a:
         02:3f:81:f5:6f:c4:92:c2:48:a0:9b:54:e5:8a:c2:68:fb:e0:
         70:89:25:b9:09:89:8a:37:73:06:24:c4:2b:3a:9c:0c:a7:49:
         3c:be:51:f0:f9:ee:fa:ef:eb:f3:cb:79:55:d1:36:5e:c7:ec:
         ec:35:18:9f:db:14:da:06:04:48:0c:9e:5d:e5:22:9e:53:07:
         e3:ce:b9:4c:46:90:db:72:49:59:a8:d1:7b:e0:ff:ad:73:25:
         72:ec:b9:61:84:d2:4b:e3:d0:5c:ac:ed:16:04:31:42:e5:cb:
         32:dd:2b:d9:cd:dc:14:b4:3a:58:0d:54:86:64:08:73:dd:24:
         fc:23:27:2d:14:34:bc:34:48:f8:67:24:2d:ed:8f:e0:1c:8f:
         88:eb:8f:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk0IrQ11WcA+9FTz/AQ4L4/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMjU2M2VkOTk2NGU0MjY4MWExYzVkMjk1YjBjNjE0ODYw
NmU3M2QwHhcNMjUwOTEwMTQ1ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGEzNzg1YjU1ZDA4MDE0NGYzMGJhOGRkMDE5ODA4Nzk3YjE4MzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqw6Ma9RVnObPtavxAKnwBvMU6ZNS
kplv3+ojPkXd8M4Kl+fZXHMGBbpQjynH3cC3DnWeRRFi9CGVE79BsfIFT3fyYY2x
6cW5VgcewztPu8DNK12j2I+W7p2XDffHYBgxbG/hxMEgDTCRXMlp/fj7Y2SeOuQx
8wG/A+F/jEnTK2O081bwDOW5QtA6o9N398SFgAfL291ztzKPIcGJwk7DzVHGUrch
qQ7VphYOIW/03Gj65Y3NH57CdWPjTuw+BkMW7w+cN2HMhwO0Am6zqB+8xQaqoRAE
RcFjdUFW+7QN1JDoCPeuvG9QaO/xyaOtu4xvoBhfA6y8q8MUoSsLmj+v3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCjeFtV0IAUTzC6jdAZgIeXsYNrMB8GA1UdIwQY
MBaAFNMlY+2ZZOQmgaHF0pWwxhSGBuc9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHlWajdabGs1Q2FCb2NYU2xiREdGSVlHNXowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC82YmY1ZWQtNmZlNi00NTYyLWI4NTMt
OWE0ZWMxMDYwN2M1LzEvc0tONFcxWFFnQlJQTUxxTjBCbUFoNWV4ZzJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC82YmY1ZWQtNmZlNi00NTYyLWI4NTMtOWE0ZWMxMDYwN2M1
LzEvMHlWajdabGs1Q2FCb2NYU2xiREdGSVlHNXowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjv3MA0G
CSqGSIb3DQEBCwUAA4IBAQB/jimehhiSaoIETE9cPmkOAPD9kEP6iEOt9E88NBCP
j6jMBWCHhqbWYPvcMMC9kA7tdZkKx24aiMRovf1Y2b5PJkerNXu3jJZGkycWOIk6
ismHpyWrX+UxbAI7kNXqCS3tgaJhzPlNN9jwL2oCP4H1b8SSwkigm1TlisJo++Bw
iSW5CYmKN3MGJMQrOpwMp0k8vlHw+e767+vzy3lV0TZex+zsNRif2xTaBgRIDJ5d
5SKeUwfjzrlMRpDbcklZqNF74P+tcyVy7LlhhNJL49BcrO0WBDFC5csy3SvZzdwU
tDpYDVSGZAhz3ST8IyctFDS8NEj4ZyQt7Y/gHI+I649a
-----END CERTIFICATE-----