Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/5b4426-a266-43ce-a9e6-b0e6058d4dd7/1/r8VcOkeggmMRyiGEk0aUS6Ie5Z8.roa
File:                     r8VcOkeggmMRyiGEk0aUS6Ie5Z8.roa (raw, json)
Hash identifier:          ajFyLHUwhvdifaKddAb9Tcm5mXQRQ+OBh6JdPXJygzM=
Subject key identifier:   AF:C5:5C:3A:47:A0:82:63:11:CA:21:84:93:46:94:4B:A2:1E:E5:9F
Certificate issuer:       /CN=96d66966ffda0a5d0e131d134a79d93205c8c550
Certificate serial:       0199E498B8A4272A6329AAFFFB1E366D0946
Authority key identifier: 96:D6:69:66:FF:DA:0A:5D:0E:13:1D:13:4A:79:D9:32:05:C8:C5:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ltZpZv_aCl0OEx0TSnnZMgXIxVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/5b4426-a266-43ce-a9e6-b0e6058d4dd7/1/r8VcOkeggmMRyiGEk0aUS6Ie5Z8.roa
Signing time:             Tue 14 Oct 2025 21:20:38 +0000
ROA not before:           Tue 14 Oct 2025 21:20:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7118
IP address blocks:        176.102.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/5b4426-a266-43ce-a9e6-b0e6058d4dd7/1/ltZpZv_aCl0OEx0TSnnZMgXIxVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/5b4426-a266-43ce-a9e6-b0e6058d4dd7/1/ltZpZv_aCl0OEx0TSnnZMgXIxVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ltZpZv_aCl0OEx0TSnnZMgXIxVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e4:98:b8:a4:27:2a:63:29:aa:ff:fb:1e:36:6d:09:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96d66966ffda0a5d0e131d134a79d93205c8c550
        Validity
            Not Before: Oct 14 21:20:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afc55c3a47a0826311ca21849346944ba21ee59f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2b:75:19:99:2a:2d:d0:c2:b3:06:7a:1b:94:
                    ab:dd:bc:18:87:ca:1b:82:c0:51:70:bf:bb:05:d1:
                    4b:b5:31:3a:58:e8:9d:d6:d6:37:9a:0e:3d:a9:5f:
                    34:c3:a1:e4:eb:47:f6:04:ba:5e:d4:24:a7:c0:8f:
                    a1:e9:24:8c:c7:5a:f4:7a:17:4d:ae:34:e9:1c:0b:
                    30:20:90:f8:29:da:65:fe:4e:aa:88:b6:14:4d:28:
                    dc:6c:22:ce:98:5e:b1:49:9f:c3:48:c6:4c:17:55:
                    c5:65:7a:1f:49:3c:5c:81:75:dc:89:d5:7f:4b:cb:
                    cb:9d:55:81:4d:10:ff:e1:1a:22:af:c9:ff:ed:9a:
                    77:59:31:06:db:da:08:07:c4:14:39:23:91:3c:6b:
                    42:b3:b7:35:3b:d2:71:1a:33:35:ac:ab:b4:9d:5f:
                    77:82:59:a8:05:8a:2d:de:3e:22:5a:bf:77:20:a8:
                    73:b0:c0:c5:8c:b7:09:36:e8:18:34:42:94:98:6b:
                    db:a2:2c:16:0f:09:e2:c9:88:dc:95:3b:52:30:29:
                    5c:06:c4:fb:28:11:03:74:1c:3d:0b:70:2b:14:08:
                    60:aa:e8:2b:13:66:30:8f:45:bd:24:45:9d:f0:24:
                    e2:d1:2c:d1:47:e7:fe:2c:de:85:e1:78:d8:99:72:
                    11:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:C5:5C:3A:47:A0:82:63:11:CA:21:84:93:46:94:4B:A2:1E:E5:9F
            X509v3 Authority Key Identifier:
                keyid:96:D6:69:66:FF:DA:0A:5D:0E:13:1D:13:4A:79:D9:32:05:C8:C5:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ltZpZv_aCl0OEx0TSnnZMgXIxVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/5b4426-a266-43ce-a9e6-b0e6058d4dd7/1/r8VcOkeggmMRyiGEk0aUS6Ie5Z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/5b4426-a266-43ce-a9e6-b0e6058d4dd7/1/ltZpZv_aCl0OEx0TSnnZMgXIxVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.102.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:db:59:5c:f8:1c:81:07:ae:ec:ae:26:a7:34:42:55:62:e5:
         90:f4:13:4a:ff:15:c1:8c:62:27:92:1f:62:99:1a:e4:2e:67:
         d2:85:cf:de:4c:8f:65:6c:3a:03:6f:f1:8e:e1:3a:ef:fe:55:
         60:93:a3:41:79:09:e6:43:75:85:02:78:57:ad:1e:d5:09:41:
         ba:84:5a:bc:99:78:3d:e0:31:e3:c0:28:33:a0:f6:6d:a4:1f:
         4b:00:2d:1d:f2:dd:33:8a:29:02:f8:41:4a:96:73:00:94:d4:
         3b:ea:90:4c:35:da:29:42:6b:56:04:4f:57:b4:7a:55:10:77:
         fd:4c:3a:cc:52:6f:1e:c5:75:41:f0:09:b5:44:c6:69:0c:c4:
         2d:98:8e:18:b1:92:21:66:5f:ac:b0:4d:1e:24:86:8b:9f:a9:
         cc:df:b1:2c:1d:eb:99:43:12:d5:9d:70:bb:45:15:3c:78:63:
         32:4f:0c:01:96:e2:c9:a9:3d:1d:a6:00:90:2d:e3:9a:54:96:
         9b:43:cf:92:51:be:ab:11:99:20:6f:16:c9:5d:c8:e4:37:33:
         9c:bc:c8:7e:03:f1:56:a8:4a:85:73:28:f8:6e:ee:fd:9c:82:
         d6:6e:79:5a:3d:e6:20:6c:a3:e3:6c:10:58:8b:e1:5b:95:c6:
         c2:68:1f:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnkmLikJypjKar/+x42bQlGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZDY2OTY2ZmZkYTBhNWQwZTEzMWQxMzRhNzlkOTMyMDVj
OGM1NTAwHhcNMjUxMDE0MjEyMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmM1NWMzYTQ3YTA4MjYzMTFjYTIxODQ5MzQ2OTQ0YmEyMWVlNTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwit1GZkqLdDCswZ6G5Sr3bwYh8ob
gsBRcL+7BdFLtTE6WOid1tY3mg49qV80w6Hk60f2BLpe1CSnwI+h6SSMx1r0ehdN
rjTpHAswIJD4Kdpl/k6qiLYUTSjcbCLOmF6xSZ/DSMZMF1XFZXofSTxcgXXcidV/
S8vLnVWBTRD/4Roir8n/7Zp3WTEG29oIB8QUOSORPGtCs7c1O9JxGjM1rKu0nV93
glmoBYot3j4iWr93IKhzsMDFjLcJNugYNEKUmGvboiwWDwniyYjclTtSMClcBsT7
KBEDdBw9C3ArFAhgqugrE2Ywj0W9JEWd8CTi0SzRR+f+LN6F4XjYmXIRVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/FXDpHoIJjEcohhJNGlEuiHuWfMB8GA1UdIwQY
MBaAFJbWaWb/2gpdDhMdE0p52TIFyMVQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHRacFp2X2FDbDBPRXgwVFNublpNZ1hJeFZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi81YjQ0MjYtYTI2Ni00M2NlLWE5ZTYt
YjBlNjA1OGQ0ZGQ3LzEvcjhWY09rZWdnbU1SeWlHRWswYVVTNkllNVo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi81YjQ0MjYtYTI2Ni00M2NlLWE5ZTYtYjBlNjA1OGQ0ZGQ3
LzEvbHRacFp2X2FDbDBPRXgwVFNublpNZ1hJeFZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGaqMA0G
CSqGSIb3DQEBCwUAA4IBAQCh21lc+ByBB67srianNEJVYuWQ9BNK/xXBjGInkh9i
mRrkLmfShc/eTI9lbDoDb/GO4Trv/lVgk6NBeQnmQ3WFAnhXrR7VCUG6hFq8mXg9
4DHjwCgzoPZtpB9LAC0d8t0ziikC+EFKlnMAlNQ76pBMNdopQmtWBE9XtHpVEHf9
TDrMUm8exXVB8Am1RMZpDMQtmI4YsZIhZl+ssE0eJIaLn6nM37EsHeuZQxLVnXC7
RRU8eGMyTwwBluLJqT0dpgCQLeOaVJabQ8+SUb6rEZkgbxbJXcjkNzOcvMh+A/FW
qEqFcyj4bu79nILWbnlaPeYgbKPjbBBYi+FblcbCaB/O
-----END CERTIFICATE-----