Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/C93S1dgJ4_A0KrqfhcJ2wbpt_r8.roa
File:                     C93S1dgJ4_A0KrqfhcJ2wbpt_r8.roa (raw, json)
Hash identifier:          msQwNZJRyoBH47m4enHwmGpM3uJN0VQWiUcpw8JNFl4=
Subject key identifier:   0B:DD:D2:D5:D8:09:E3:F0:34:2A:BA:9F:85:C2:76:C1:BA:6D:FE:BF
Certificate issuer:       /CN=1455ca30592313388925ee1441009ad31d4bb41f
Certificate serial:       019A16AB6790026446E732ADE6D4456016F7
Authority key identifier: 14:55:CA:30:59:23:13:38:89:25:EE:14:41:00:9A:D3:1D:4B:B4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FFXKMFkjEziJJe4UQQCa0x1LtB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/C93S1dgJ4_A0KrqfhcJ2wbpt_r8.roa
Signing time:             Fri 24 Oct 2025 14:42:03 +0000
ROA not before:           Fri 24 Oct 2025 14:42:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198964
IP address blocks:        46.21.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/FFXKMFkjEziJJe4UQQCa0x1LtB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/FFXKMFkjEziJJe4UQQCa0x1LtB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FFXKMFkjEziJJe4UQQCa0x1LtB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Oct 2025 15:57:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:16:ab:67:90:02:64:46:e7:32:ad:e6:d4:45:60:16:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1455ca30592313388925ee1441009ad31d4bb41f
        Validity
            Not Before: Oct 24 14:42:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bddd2d5d809e3f0342aba9f85c276c1ba6dfebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6b:88:e8:e3:25:29:af:1b:fe:b8:59:ea:8b:
                    33:c4:1d:99:5f:e5:71:9f:3a:76:68:74:c0:98:38:
                    3b:76:1f:b8:3b:1d:d8:7e:97:89:23:2f:ee:c1:48:
                    60:de:fb:69:af:83:d4:7c:b4:e5:59:fc:59:a6:81:
                    52:20:96:8f:13:2b:f0:e3:5a:f0:a8:8b:16:d1:88:
                    86:2e:52:95:b0:2e:9a:0c:92:80:35:61:6f:bb:54:
                    5f:b1:8b:28:88:29:3d:23:10:17:ff:f8:40:cd:5d:
                    b9:6f:cd:8c:82:1b:c1:cc:f4:dd:6b:e7:be:84:2c:
                    a7:c4:13:73:38:b3:25:ba:ac:be:51:6b:a5:0b:e2:
                    ab:81:0d:3a:6f:2a:55:f1:a2:e9:44:3e:3a:21:25:
                    5f:bf:5d:10:19:14:16:6d:dc:6f:e8:c9:09:12:e6:
                    4b:46:71:ff:14:11:1f:ff:fa:32:9a:ed:33:f3:d6:
                    63:e6:d3:e9:5e:fc:c7:2b:8b:fd:59:e5:41:08:cc:
                    0f:0e:82:13:de:83:ca:3d:a4:21:0f:f2:e0:f8:57:
                    3b:ec:1a:84:ab:1f:a8:94:eb:bc:67:d3:0f:ab:38:
                    42:8c:b3:e2:93:b5:c4:7e:48:6e:2c:84:34:4f:6d:
                    9f:05:87:59:d8:5d:3d:42:a1:6d:21:87:f1:b9:cf:
                    62:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:DD:D2:D5:D8:09:E3:F0:34:2A:BA:9F:85:C2:76:C1:BA:6D:FE:BF
            X509v3 Authority Key Identifier:
                keyid:14:55:CA:30:59:23:13:38:89:25:EE:14:41:00:9A:D3:1D:4B:B4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FFXKMFkjEziJJe4UQQCa0x1LtB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/C93S1dgJ4_A0KrqfhcJ2wbpt_r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f0832e-675b-4ec2-a802-9b26cab79451/1/FFXKMFkjEziJJe4UQQCa0x1LtB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.21.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:5e:e6:96:ef:15:a1:2b:20:1f:0d:3b:de:f2:8b:65:c8:ed:
         25:c0:7e:e1:54:6f:4d:14:08:07:c9:53:1a:22:4b:ff:2f:97:
         9b:c7:00:fe:6b:3c:9c:0d:f8:07:0c:69:02:b5:80:84:5a:4c:
         fe:2f:28:c0:39:48:bc:a7:ba:42:6a:cd:82:b5:8e:ed:b7:83:
         0d:a7:44:1b:f2:f9:62:50:e9:23:00:74:ee:6f:02:57:8d:aa:
         4e:94:15:46:00:0f:95:ba:71:e7:25:85:46:54:ac:b8:81:c2:
         a2:98:1e:6f:2b:16:b1:a6:d5:36:87:25:73:ec:d2:3d:b3:db:
         13:1b:f7:c6:02:e4:57:99:a6:a8:6e:50:07:f2:a8:a4:ce:fd:
         4c:75:8b:2e:1e:44:15:2f:97:94:de:bb:80:e2:7a:b3:56:f3:
         5f:93:5f:c7:46:81:90:8e:2f:b0:13:ee:53:a1:30:a0:9b:fe:
         e6:ce:b0:60:ad:fd:ea:c1:1f:01:a6:d5:3f:4a:b3:f5:94:3d:
         29:68:d9:57:38:6b:e8:8e:7c:95:ce:5d:78:e6:19:a3:b7:1d:
         61:bc:8d:5c:cd:81:2e:e4:5a:87:40:54:9d:63:ad:42:80:70:
         2a:c3:8f:cb:9e:ee:bf:24:ef:d8:ab:9d:e3:12:8b:4d:9f:ad:
         b5:f9:8e:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoWq2eQAmRG5zKt5tRFYBb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NTVjYTMwNTkyMzEzMzg4OTI1ZWUxNDQxMDA5YWQzMWQ0
YmI0MWYwHhcNMjUxMDI0MTQ0MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmRkZDJkNWQ4MDllM2YwMzQyYWJhOWY4NWMyNzZjMWJhNmRmZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2uI6OMlKa8b/rhZ6oszxB2ZX+Vx
nzp2aHTAmDg7dh+4Ox3YfpeJIy/uwUhg3vtpr4PUfLTlWfxZpoFSIJaPEyvw41rw
qIsW0YiGLlKVsC6aDJKANWFvu1RfsYsoiCk9IxAX//hAzV25b82MghvBzPTda+e+
hCynxBNzOLMluqy+UWulC+KrgQ06bypV8aLpRD46ISVfv10QGRQWbdxv6MkJEuZL
RnH/FBEf//oymu0z89Zj5tPpXvzHK4v9WeVBCMwPDoIT3oPKPaQhD/Lg+Fc77BqE
qx+olOu8Z9MPqzhCjLPik7XEfkhuLIQ0T22fBYdZ2F09QqFtIYfxuc9iyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvd0tXYCePwNCq6n4XCdsG6bf6/MB8GA1UdIwQY
MBaAFBRVyjBZIxM4iSXuFEEAmtMdS7QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkZYS01Ga2pFemlKSmU0VVFRQ2EweDFMdEI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9mMDgzMmUtNjc1Yi00ZWMyLWE4MDIt
OWIyNmNhYjc5NDUxLzEvQzkzUzFkZ0o0X0EwS3JxZmhjSjJ3YnB0X3I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9mMDgzMmUtNjc1Yi00ZWMyLWE4MDItOWIyNmNhYjc5NDUx
LzEvRkZYS01Ga2pFemlKSmU0VVFRQ2EweDFMdEI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhUfMA0G
CSqGSIb3DQEBCwUAA4IBAQBqXuaW7xWhKyAfDTve8otlyO0lwH7hVG9NFAgHyVMa
Ikv/L5ebxwD+azycDfgHDGkCtYCEWkz+LyjAOUi8p7pCas2CtY7tt4MNp0Qb8vli
UOkjAHTubwJXjapOlBVGAA+VunHnJYVGVKy4gcKimB5vKxaxptU2hyVz7NI9s9sT
G/fGAuRXmaaoblAH8qikzv1MdYsuHkQVL5eU3ruA4nqzVvNfk1/HRoGQji+wE+5T
oTCgm/7mzrBgrf3qwR8BptU/SrP1lD0paNlXOGvojnyVzl145hmjtx1hvI1czYEu
5FqHQFSdY61CgHAqw4/Lnu6/JO/Yq53jEotNn621+Y4p
-----END CERTIFICATE-----