Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6ynwCp94ImXe3hUaAv6Ed476hH8.roa
File:                     6ynwCp94ImXe3hUaAv6Ed476hH8.roa (raw, json)
Hash identifier:          +/lJFZ9a98I+0rE1ft7i0/Bqa9YKDfRjTOlrVCRY4Ns=
Subject key identifier:   EB:29:F0:0A:9F:78:22:65:DE:DE:15:1A:02:FE:84:77:8E:FA:84:7F
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0198D2F677ABC78B0D06FB41EC05AA23204C
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6ynwCp94ImXe3hUaAv6Ed476hH8.roa
Signing time:             Fri 22 Aug 2025 18:07:04 +0000
ROA not before:           Fri 22 Aug 2025 18:07:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14576
IP address blocks:        193.233.88.0/24 maxlen: 24
                          193.233.89.0/24 maxlen: 24
                          193.233.90.0/24 maxlen: 24
                          193.233.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 03:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d2:f6:77:ab:c7:8b:0d:06:fb:41:ec:05:aa:23:20:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Aug 22 18:07:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb29f00a9f782265dede151a02fe84778efa847f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:90:57:29:02:44:91:ce:ad:13:1b:7c:70:68:
                    4e:38:ee:a1:19:9b:3b:c2:1b:28:90:a3:6f:fb:68:
                    5d:da:dc:b5:b7:80:6d:4c:87:65:07:ac:47:a3:f4:
                    44:29:a8:c9:af:2c:0a:2b:71:8a:96:5a:c6:37:c6:
                    1f:bf:8e:8a:c8:f6:87:a0:37:51:c9:96:e8:ae:01:
                    ea:47:35:d0:b7:4d:18:ca:77:bb:64:ca:34:a1:1e:
                    84:8d:66:62:5c:2c:be:63:73:3c:29:8b:97:db:05:
                    95:e6:20:85:6a:96:8e:17:49:35:e4:b9:d2:5f:ce:
                    d4:fb:c9:7c:c0:3d:f6:81:85:b8:65:28:28:65:86:
                    8b:52:ac:6d:b9:a2:70:a6:c2:fc:79:85:47:89:55:
                    7f:68:ae:23:1b:d7:a1:c7:cb:2d:ff:1e:d0:97:ba:
                    a7:51:6e:0b:ea:f7:20:18:48:69:a0:5d:85:ac:39:
                    69:17:ef:de:18:34:16:91:7e:eb:dd:8c:b9:02:7e:
                    fe:44:64:55:80:f2:bf:92:f4:45:c5:17:ea:33:2a:
                    60:99:9a:74:55:2c:a3:77:db:da:b9:fa:e5:38:52:
                    c0:da:c0:87:77:e3:64:4a:3f:19:22:82:9c:0b:12:
                    db:97:cf:35:b0:de:df:71:5e:97:f9:f8:6c:ef:94:
                    4a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:29:F0:0A:9F:78:22:65:DE:DE:15:1A:02:FE:84:77:8E:FA:84:7F
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/6ynwCp94ImXe3hUaAv6Ed476hH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:5c:fe:ff:c2:1f:03:37:08:5e:1e:0a:6e:c9:f9:52:30:f8:
         72:4d:ab:b7:e5:fc:e9:1e:d3:93:38:5d:2a:0d:cf:62:0c:c0:
         ab:ab:4d:9b:e0:89:c8:4d:09:a0:bb:51:5d:f9:02:e9:49:02:
         81:51:5c:76:b9:44:e4:30:39:e6:17:02:a1:57:53:ee:0d:7a:
         cd:d9:a4:02:44:67:2e:96:e7:a4:c1:5d:c9:af:0b:b1:74:32:
         f8:26:ca:d6:75:9a:f8:7b:c2:55:de:9e:e5:61:39:5f:ce:f7:
         b9:07:a5:e3:40:09:5c:96:23:f1:c3:2a:67:c4:12:be:aa:b5:
         c3:af:59:2d:ff:aa:19:34:43:d0:5c:14:1b:2f:79:ec:b0:48:
         4d:cb:fb:e2:e5:b7:c1:2c:c4:ce:5a:4f:8c:d2:2f:77:1e:76:
         99:67:4e:8c:7c:10:9e:bb:fa:08:5e:db:18:14:7e:31:09:bf:
         c6:4c:ec:f5:47:41:b1:9d:94:e4:fe:c4:92:1a:12:fc:5a:9c:
         05:bf:fe:bd:01:f5:2a:7f:a5:09:8a:a8:8b:bf:ae:d7:77:2e:
         e5:34:ba:2f:66:9c:19:e2:28:6b:3a:68:f6:c1:ad:67:4b:0f:
         e4:13:59:a5:ce:26:22:0d:61:d4:5d:c8:68:8e:6f:15:4e:0b:
         22:8e:7f:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjS9nerx4sNBvtB7AWqIyBMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwODIyMTgwNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjI5ZjAwYTlmNzgyMjY1ZGVkZTE1MWEwMmZlODQ3NzhlZmE4NDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJBXKQJEkc6tExt8cGhOOO6hGZs7
whsokKNv+2hd2ty1t4BtTIdlB6xHo/REKajJrywKK3GKllrGN8Yfv46KyPaHoDdR
yZborgHqRzXQt00Yyne7ZMo0oR6EjWZiXCy+Y3M8KYuX2wWV5iCFapaOF0k15LnS
X87U+8l8wD32gYW4ZSgoZYaLUqxtuaJwpsL8eYVHiVV/aK4jG9ehx8st/x7Ql7qn
UW4L6vcgGEhpoF2FrDlpF+/eGDQWkX7r3Yy5An7+RGRVgPK/kvRFxRfqMypgmZp0
VSyjd9vaufrlOFLA2sCHd+NkSj8ZIoKcCxLbl881sN7fcV6X+fhs75RK2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsp8AqfeCJl3t4VGgL+hHeO+oR/MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvNnlud0NwOTRJbVhlM2hVYUF2NkVkNDc2aEg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwelYMA0G
CSqGSIb3DQEBCwUAA4IBAQBTXP7/wh8DNwheHgpuyflSMPhyTau35fzpHtOTOF0q
Dc9iDMCrq02b4InITQmgu1Fd+QLpSQKBUVx2uUTkMDnmFwKhV1PuDXrN2aQCRGcu
luekwV3JrwuxdDL4JsrWdZr4e8JV3p7lYTlfzve5B6XjQAlcliPxwypnxBK+qrXD
r1kt/6oZNEPQXBQbL3nssEhNy/vi5bfBLMTOWk+M0i93HnaZZ06MfBCeu/oIXtsY
FH4xCb/GTOz1R0GxnZTk/sSSGhL8WpwFv/69AfUqf6UJiqiLv67Xdy7lNLovZpwZ
4ihrOmj2wa1nSw/kE1mlziYiDWHUXchojm8VTgsijn+T
-----END CERTIFICATE-----