Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/86-gu_DQKN4jmCwYUA5EnYQ8b64.roa
File:                     86-gu_DQKN4jmCwYUA5EnYQ8b64.roa (raw, json)
Hash identifier:          psrucrYvRLTWfoBjKXiWKfJ+rJotir0CHGXZu1id4wY=
Subject key identifier:   F3:AF:A0:BB:F0:D0:28:DE:23:98:2C:18:50:0E:44:9D:84:3C:6F:AE
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0199814E682D459E49B73831186F0E8D2783
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/86-gu_DQKN4jmCwYUA5EnYQ8b64.roa
Signing time:             Thu 25 Sep 2025 14:37:03 +0000
ROA not before:           Thu 25 Sep 2025 14:37:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213702
IP address blocks:        93.123.39.0/24 maxlen: 24
                          141.98.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:81:4e:68:2d:45:9e:49:b7:38:31:18:6f:0e:8d:27:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 25 14:37:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3afa0bbf0d028de23982c18500e449d843c6fae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7e:a1:80:ee:23:a3:0e:17:05:35:2d:dc:25:
                    f8:3d:19:1b:dd:1b:5d:ad:aa:8c:43:40:11:24:8f:
                    5f:6c:ab:16:f4:fa:fe:25:e0:f4:51:5b:05:42:33:
                    0d:1c:52:1b:92:92:57:87:21:8e:d9:5e:2c:46:63:
                    d1:0d:11:01:40:92:05:b0:d9:9f:3d:81:ab:44:a8:
                    d3:d7:95:a4:b5:ae:75:b0:c5:de:88:69:2e:ee:10:
                    8b:26:65:b3:e7:fc:19:40:20:8e:15:1e:96:8c:2d:
                    f2:65:1e:46:f8:c9:2c:0a:2d:6f:05:1b:10:15:26:
                    f5:55:42:a2:70:72:ba:d3:cb:5b:29:00:2f:ff:90:
                    97:c2:d2:31:7e:f9:9a:7c:d6:f1:c9:0c:54:71:31:
                    57:e5:6e:74:87:76:c4:76:a3:86:47:40:06:97:e2:
                    bb:56:6c:b4:dd:62:06:4e:45:9d:6f:74:7d:7a:1e:
                    b2:43:42:ee:12:72:2f:b7:35:59:ee:16:bb:28:d9:
                    76:3d:f2:d8:97:cf:33:29:11:26:db:ea:d5:fb:91:
                    ea:3e:8c:58:f1:23:9d:25:d7:52:a4:6e:a5:5c:d4:
                    78:af:c0:88:08:51:61:98:54:d2:0b:ee:28:aa:0e:
                    b0:7e:f9:34:a3:62:a2:73:f1:aa:ea:84:97:ec:00:
                    f2:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:AF:A0:BB:F0:D0:28:DE:23:98:2C:18:50:0E:44:9D:84:3C:6F:AE
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/86-gu_DQKN4jmCwYUA5EnYQ8b64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.123.39.0/24
                  141.98.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:f1:af:90:c1:5e:ca:21:61:fb:43:ea:72:e9:6e:07:16:64:
         ce:5a:88:2c:ce:d3:7c:7f:b3:aa:ea:a8:98:36:b7:21:0a:31:
         79:a7:f5:0b:57:eb:65:05:2e:95:87:ce:95:41:af:f3:a0:2a:
         a3:ee:17:6e:a4:b6:f2:e2:f6:8c:f3:6f:d5:af:ee:74:98:ef:
         75:55:ba:5b:d6:dd:61:02:37:43:3f:b4:c6:1a:67:0f:84:65:
         87:46:d0:06:52:9b:8e:6c:3a:30:12:32:c7:7c:b9:72:c3:5e:
         95:c2:99:68:48:78:27:e9:d0:6f:bd:df:b7:9d:c9:03:ac:b0:
         cf:12:4c:3d:9b:30:bd:f6:3a:cc:66:ea:2e:98:2d:16:70:b6:
         3a:a8:9a:02:6c:bf:8a:db:53:aa:25:96:31:fd:76:e7:e6:9d:
         69:7c:17:18:90:ec:29:81:c5:15:46:77:7d:17:04:d4:2f:e4:
         fb:ed:09:b8:9a:33:95:df:a5:f6:70:ff:b0:45:05:ec:8d:e9:
         3b:4c:cc:2b:cf:3a:03:99:68:15:7f:25:70:03:3d:37:2d:a3:
         56:81:24:17:f1:d5:25:06:e3:25:79:d1:43:10:82:89:3c:dc:
         fb:05:73:f7:62:2d:ac:66:a4:8f:93:cf:f5:2b:62:49:09:df:
         86:63:95:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmBTmgtRZ5JtzgxGG8OjSeDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwOTI1MTQzNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2FmYTBiYmYwZDAyOGRlMjM5ODJjMTg1MDBlNDQ5ZDg0M2M2ZmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyX6hgO4jow4XBTUt3CX4PRkb3Rtd
raqMQ0ARJI9fbKsW9Pr+JeD0UVsFQjMNHFIbkpJXhyGO2V4sRmPRDREBQJIFsNmf
PYGrRKjT15Wkta51sMXeiGku7hCLJmWz5/wZQCCOFR6WjC3yZR5G+MksCi1vBRsQ
FSb1VUKicHK608tbKQAv/5CXwtIxfvmafNbxyQxUcTFX5W50h3bEdqOGR0AGl+K7
Vmy03WIGTkWdb3R9eh6yQ0LuEnIvtzVZ7ha7KNl2PfLYl88zKREm2+rV+5HqPoxY
8SOdJddSpG6lXNR4r8CICFFhmFTSC+4oqg6wfvk0o2Kic/Gq6oSX7ADyUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPOvoLvw0CjeI5gsGFAORJ2EPG+uMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvODYtZ3VfRFFLTjRqbUN3WVVBNUVuWVE4YjY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXXsnAwQA
jWIGMA0GCSqGSIb3DQEBCwUAA4IBAQBE8a+QwV7KIWH7Q+py6W4HFmTOWogsztN8
f7Oq6qiYNrchCjF5p/ULV+tlBS6Vh86VQa/zoCqj7hdupLby4vaM82/Vr+50mO91
Vbpb1t1hAjdDP7TGGmcPhGWHRtAGUpuObDowEjLHfLlyw16VwploSHgn6dBvvd+3
nckDrLDPEkw9mzC99jrMZuoumC0WcLY6qJoCbL+K21OqJZYx/Xbn5p1pfBcYkOwp
gcUVRnd9FwTUL+T77Qm4mjOV36X2cP+wRQXsjek7TMwrzzoDmWgVfyVwAz03LaNW
gSQX8dUlBuMledFDEIKJPNz7BXP3Yi2sZqSPk8/1K2JJCd+GY5W1
-----END CERTIFICATE-----