Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/AXYjWyyXGZce96zetTrfjlRu-8c.roa
File:                     AXYjWyyXGZce96zetTrfjlRu-8c.roa (raw, json)
Hash identifier:          PKxO8DYVSyvqL0wCcDH9odHfhwC/qH2Lj6xbVNlNwP4=
Subject key identifier:   01:76:23:5B:2C:97:19:97:1E:F7:AC:DE:B5:3A:DF:8E:54:6E:FB:C7
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019975B5AA2694FC0C4B1826D6E639E5DC5D
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/AXYjWyyXGZce96zetTrfjlRu-8c.roa
Signing time:             Tue 23 Sep 2025 08:34:23 +0000
ROA not before:           Tue 23 Sep 2025 08:34:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        81.181.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:75:b5:aa:26:94:fc:0c:4b:18:26:d6:e6:39:e5:dc:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Sep 23 08:34:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0176235b2c9719971ef7acdeb53adf8e546efbc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:28:54:09:8a:2d:c7:7c:57:74:5e:78:c3:21:
                    17:a6:dd:ba:fd:77:70:b3:5c:69:2b:ad:8a:1c:61:
                    49:d1:7d:62:ef:4c:45:e5:7b:df:3c:c9:2f:a5:46:
                    d2:bd:1f:44:40:da:fb:07:b4:c4:4f:f3:c5:5a:02:
                    ab:d2:a4:87:0f:e7:38:17:fd:5d:f9:8f:1a:de:53:
                    a4:fe:40:60:e0:6b:c6:74:f5:10:6f:14:44:41:c4:
                    d3:7b:03:51:bc:52:ce:b0:80:97:87:fb:81:17:23:
                    5e:14:4f:9e:eb:ab:70:6b:30:37:ef:5d:fa:3a:3a:
                    73:dc:77:f5:c4:ac:e2:09:06:17:c9:83:a4:d0:da:
                    fa:0b:1b:85:82:20:c8:87:ee:ed:cc:33:52:81:e8:
                    e2:61:37:3b:ed:95:57:05:e4:df:88:f9:23:cd:fb:
                    7a:48:b1:23:e1:d5:f1:c9:f6:b7:3a:c1:1f:1e:8e:
                    e6:cc:a1:34:53:95:25:c3:e5:d8:64:79:e2:24:1a:
                    33:72:b5:2c:39:d8:6b:ba:23:e3:8a:d6:ad:17:93:
                    77:69:1a:2c:97:61:1a:e4:22:ec:80:bb:a2:64:92:
                    8d:89:62:26:15:e0:8a:df:0e:f9:a9:29:64:73:da:
                    24:5e:40:fa:4b:dc:dc:23:f4:27:5b:4a:22:1b:cf:
                    6f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:76:23:5B:2C:97:19:97:1E:F7:AC:DE:B5:3A:DF:8E:54:6E:FB:C7
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/AXYjWyyXGZce96zetTrfjlRu-8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:d9:4d:23:84:17:25:3a:17:1d:8d:1a:d7:42:f5:2c:f5:2f:
         8f:80:0b:cb:ec:8e:24:95:60:74:7d:0e:04:3d:8b:71:80:4c:
         f9:20:16:86:25:bc:fd:8c:22:a0:f7:e7:af:98:db:39:94:6b:
         a6:52:2f:19:af:0d:9e:eb:b5:5f:58:dd:db:22:37:29:aa:0c:
         ef:f1:6f:47:22:34:57:c6:5c:b2:6f:9c:66:39:5e:f4:eb:5a:
         bd:db:e9:3c:12:f3:23:6f:19:d7:f6:a4:c5:09:80:2b:4d:3e:
         6f:a0:f2:6d:15:ce:ff:c5:ce:9f:c4:a0:14:c2:e1:0f:e0:c4:
         34:ab:dc:5a:32:79:7e:91:4a:27:06:fa:f7:b6:6f:1d:79:e9:
         8e:69:1a:10:ad:79:44:b0:69:1a:74:9c:61:d6:bc:83:73:f8:
         d8:26:19:f6:0b:17:c2:0f:36:f5:05:78:2e:08:d3:be:78:38:
         3b:f0:30:1e:7d:d0:af:61:9b:15:27:3e:05:8c:ab:99:75:b4:
         9a:6a:04:b5:ac:83:dc:cf:fc:a8:67:b7:b5:d3:5c:af:ca:af:
         5a:64:df:57:6b:ed:12:41:27:5f:b3:1f:ba:ad:c5:9b:70:27:
         d4:9b:56:0f:c6:6c:fc:1e:38:9e:95:65:a7:19:9d:f7:25:ce:
         ea:05:07:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl1taomlPwMSxgm1uY55dxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwOTIzMDgzNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTc2MjM1YjJjOTcxOTk3MWVmN2FjZGViNTNhZGY4ZTU0NmVmYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ChUCYotx3xXdF54wyEXpt26/Xdw
s1xpK62KHGFJ0X1i70xF5XvfPMkvpUbSvR9EQNr7B7TET/PFWgKr0qSHD+c4F/1d
+Y8a3lOk/kBg4GvGdPUQbxREQcTTewNRvFLOsICXh/uBFyNeFE+e66twazA37136
Ojpz3Hf1xKziCQYXyYOk0Nr6CxuFgiDIh+7tzDNSgejiYTc77ZVXBeTfiPkjzft6
SLEj4dXxyfa3OsEfHo7mzKE0U5Ulw+XYZHniJBozcrUsOdhruiPjitatF5N3aRos
l2Ea5CLsgLuiZJKNiWImFeCK3w75qSlkc9okXkD6S9zcI/QnW0oiG89vGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAF2I1sslxmXHves3rU6345UbvvHMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvQVhZald5eVhHWmNlOTZ6ZXRUcmZqbFJ1LThjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUbX0MA0G
CSqGSIb3DQEBCwUAA4IBAQCo2U0jhBclOhcdjRrXQvUs9S+PgAvL7I4klWB0fQ4E
PYtxgEz5IBaGJbz9jCKg9+evmNs5lGumUi8Zrw2e67VfWN3bIjcpqgzv8W9HIjRX
xlyyb5xmOV7061q92+k8EvMjbxnX9qTFCYArTT5voPJtFc7/xc6fxKAUwuEP4MQ0
q9xaMnl+kUonBvr3tm8deemOaRoQrXlEsGkadJxh1ryDc/jYJhn2CxfCDzb1BXgu
CNO+eDg78DAefdCvYZsVJz4FjKuZdbSaagS1rIPcz/yoZ7e101yvyq9aZN9Xa+0S
QSdfsx+6rcWbcCfUm1YPxmz8HjielWWnGZ33Jc7qBQfi
-----END CERTIFICATE-----