Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/c72cf7-357b-4fc7-9f61-dff7e6348fff/1/Ifp7fQ7mKS2UADFnL-dEcvfRDTE.roa
File:                     Ifp7fQ7mKS2UADFnL-dEcvfRDTE.roa (raw, json)
Hash identifier:          zAV7cpAaiTXY8jJp2Gcf8CxnC05s7OAa7rmlAr6seaI=
Subject key identifier:   21:FA:7B:7D:0E:E6:29:2D:94:00:31:67:2F:E7:44:72:F7:D1:0D:31
Certificate issuer:       /CN=83fac0351c68a9a1dd640da863d867ad85f78a91
Certificate serial:       0199EBB3470413816A259A30C1613362F122
Authority key identifier: 83:FA:C0:35:1C:68:A9:A1:DD:64:0D:A8:63:D8:67:AD:85:F7:8A:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g_rANRxoqaHdZA2oY9hnrYX3ipE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/c72cf7-357b-4fc7-9f61-dff7e6348fff/1/Ifp7fQ7mKS2UADFnL-dEcvfRDTE.roa
Signing time:             Thu 16 Oct 2025 06:26:58 +0000
ROA not before:           Thu 16 Oct 2025 06:26:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211704
IP address blocks:        130.193.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/c72cf7-357b-4fc7-9f61-dff7e6348fff/1/g_rANRxoqaHdZA2oY9hnrYX3ipE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/c72cf7-357b-4fc7-9f61-dff7e6348fff/1/g_rANRxoqaHdZA2oY9hnrYX3ipE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g_rANRxoqaHdZA2oY9hnrYX3ipE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:eb:b3:47:04:13:81:6a:25:9a:30:c1:61:33:62:f1:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83fac0351c68a9a1dd640da863d867ad85f78a91
        Validity
            Not Before: Oct 16 06:26:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21fa7b7d0ee6292d940031672fe74472f7d10d31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:16:2b:f9:92:fb:b2:1c:a6:84:7a:2b:bf:a1:
                    dc:83:41:67:e5:ed:58:95:d4:2f:e2:e7:46:65:97:
                    eb:85:12:36:69:98:fc:00:cf:17:3d:a1:c6:36:63:
                    a6:75:fe:45:c5:bc:a4:71:60:df:2d:d2:05:5f:d8:
                    9f:a1:2f:a0:5f:cc:77:ea:bc:27:43:cf:76:e5:9c:
                    c4:fd:d4:7a:47:c9:6c:c1:b7:30:a4:41:91:3a:8a:
                    a7:d5:ea:c2:f7:37:09:dd:9c:2f:2b:da:1e:55:5c:
                    9d:03:8c:b7:f5:9e:4c:6d:a9:99:62:67:e1:29:9b:
                    69:de:8b:8c:4b:1d:00:c9:48:17:10:bb:ed:85:45:
                    da:d0:fd:7a:81:d8:24:4d:a1:46:d5:de:11:b4:52:
                    b8:60:a1:80:24:f6:48:e6:79:3f:c7:e8:57:af:d3:
                    13:b1:e4:a2:c8:81:8f:9a:bc:d4:a6:b2:18:fe:ee:
                    de:81:fc:27:06:08:77:94:7c:5e:70:b4:41:31:80:
                    fc:f9:a7:c5:3f:78:22:2d:3b:f5:aa:6f:70:b1:7f:
                    80:50:be:cb:83:55:08:e4:fc:bf:f2:34:50:03:7e:
                    0e:94:19:70:44:a0:6a:5e:0f:3c:eb:2d:48:65:9b:
                    d9:ab:98:b9:73:74:66:35:bf:1b:10:8f:2c:51:70:
                    c2:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:FA:7B:7D:0E:E6:29:2D:94:00:31:67:2F:E7:44:72:F7:D1:0D:31
            X509v3 Authority Key Identifier:
                keyid:83:FA:C0:35:1C:68:A9:A1:DD:64:0D:A8:63:D8:67:AD:85:F7:8A:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g_rANRxoqaHdZA2oY9hnrYX3ipE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/c72cf7-357b-4fc7-9f61-dff7e6348fff/1/Ifp7fQ7mKS2UADFnL-dEcvfRDTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/c72cf7-357b-4fc7-9f61-dff7e6348fff/1/g_rANRxoqaHdZA2oY9hnrYX3ipE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:83:a8:d2:9a:6f:ba:9c:5f:b7:b9:f8:83:33:75:46:c4:fe:
         3b:ad:1b:f8:98:c5:a1:61:d7:28:ba:f1:d4:ec:68:42:6f:cd:
         b9:fe:ea:49:bc:38:5c:2b:1b:31:99:f5:42:65:bf:90:de:ef:
         60:06:8b:1b:16:8b:38:e0:71:f0:e8:2c:91:33:b3:27:4f:79:
         c1:f0:84:3f:75:8f:32:ef:f4:39:17:99:f4:34:c9:b6:03:42:
         c3:35:76:21:b5:2b:56:f6:92:88:b9:f3:14:d2:30:3c:96:67:
         e7:b7:b9:f9:c0:53:7e:30:b6:d2:ba:5c:ef:04:2d:0a:de:78:
         97:57:a1:de:47:95:e7:98:e8:bf:66:9c:54:ec:86:c4:67:82:
         a2:f2:00:03:f6:5b:66:21:3e:e1:0f:75:6b:2b:15:c1:c2:97:
         3c:65:33:fe:b5:f1:32:98:a0:53:f0:46:96:76:97:31:7d:e6:
         0d:c5:fe:6e:24:df:c7:77:02:6e:33:0e:6b:6f:37:01:c9:23:
         20:4a:87:dc:3b:8c:cb:4d:21:c3:95:b2:da:92:c1:8f:65:24:
         1d:6b:b1:34:40:d6:8e:6b:13:ee:6e:af:02:18:94:b4:64:2b:
         a7:ea:b7:ab:49:cf:e0:e0:b5:cd:5a:67:cd:5f:70:d6:65:b0:
         71:7d:84:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnrs0cEE4FqJZowwWEzYvEiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZmFjMDM1MWM2OGE5YTFkZDY0MGRhODYzZDg2N2FkODVm
NzhhOTEwHhcNMjUxMDE2MDYyNjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWZhN2I3ZDBlZTYyOTJkOTQwMDMxNjcyZmU3NDQ3MmY3ZDEwZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxYr+ZL7shymhHorv6Hcg0Fn5e1Y
ldQv4udGZZfrhRI2aZj8AM8XPaHGNmOmdf5FxbykcWDfLdIFX9ifoS+gX8x36rwn
Q8925ZzE/dR6R8lswbcwpEGROoqn1erC9zcJ3ZwvK9oeVVydA4y39Z5MbamZYmfh
KZtp3ouMSx0AyUgXELvthUXa0P16gdgkTaFG1d4RtFK4YKGAJPZI5nk/x+hXr9MT
seSiyIGPmrzUprIY/u7egfwnBgh3lHxecLRBMYD8+afFP3giLTv1qm9wsX+AUL7L
g1UI5Py/8jRQA34OlBlwRKBqXg886y1IZZvZq5i5c3RmNb8bEI8sUXDCFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCH6e30O5iktlAAxZy/nRHL30Q0xMB8GA1UdIwQY
MBaAFIP6wDUcaKmh3WQNqGPYZ62F94qRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ19yQU5SeG9xYUhkWkEyb1k5aG5yWVgzaXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9jNzJjZjctMzU3Yi00ZmM3LTlmNjEt
ZGZmN2U2MzQ4ZmZmLzEvSWZwN2ZRN21LUzJVQURGbkwtZEVjdmZSRFRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9jNzJjZjctMzU3Yi00ZmM3LTlmNjEtZGZmN2U2MzQ4ZmZm
LzEvZ19yQU5SeG9xYUhkWkEyb1k5aG5yWVgzaXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgsEbMA0G
CSqGSIb3DQEBCwUAA4IBAQAQg6jSmm+6nF+3ufiDM3VGxP47rRv4mMWhYdcouvHU
7GhCb825/upJvDhcKxsxmfVCZb+Q3u9gBosbFos44HHw6CyRM7MnT3nB8IQ/dY8y
7/Q5F5n0NMm2A0LDNXYhtStW9pKIufMU0jA8lmfnt7n5wFN+MLbSulzvBC0K3niX
V6HeR5XnmOi/ZpxU7IbEZ4Ki8gAD9ltmIT7hD3VrKxXBwpc8ZTP+tfEymKBT8EaW
dpcxfeYNxf5uJN/HdwJuMw5rbzcBySMgSofcO4zLTSHDlbLaksGPZSQda7E0QNaO
axPubq8CGJS0ZCun6rerSc/g4LXNWmfNX3DWZbBxfYTR
-----END CERTIFICATE-----