Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/amIQzNAiyqoos0YzXrrP-GPr_tc.roa
File:                     amIQzNAiyqoos0YzXrrP-GPr_tc.roa (raw, json)
Hash identifier:          sz+icHojpt6wyrlEFl0wQlbst+eL4nFHTN1MBJR94Eg=
Subject key identifier:   6A:62:10:CC:D0:22:CA:AA:28:B3:46:33:5E:BA:CF:F8:63:EB:FE:D7
Certificate issuer:       /CN=bf239c7790fc3d577626d5bbf1861e59c9b470ae
Certificate serial:       0199942565429315CD0AA48AC8556885F7D0
Authority key identifier: BF:23:9C:77:90:FC:3D:57:76:26:D5:BB:F1:86:1E:59:C9:B4:70:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vyOcd5D8PVd2JtW78YYeWcm0cK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/amIQzNAiyqoos0YzXrrP-GPr_tc.roa
Signing time:             Mon 29 Sep 2025 06:25:02 +0000
ROA not before:           Mon 29 Sep 2025 06:25:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        93.174.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/vyOcd5D8PVd2JtW78YYeWcm0cK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/vyOcd5D8PVd2JtW78YYeWcm0cK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vyOcd5D8PVd2JtW78YYeWcm0cK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:25:65:42:93:15:cd:0a:a4:8a:c8:55:68:85:f7:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf239c7790fc3d577626d5bbf1861e59c9b470ae
        Validity
            Not Before: Sep 29 06:25:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a6210ccd022caaa28b346335ebacff863ebfed7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b6:a1:88:16:2d:69:97:fb:9a:d3:75:ed:65:
                    fa:89:3c:80:2f:9d:0a:fb:1f:d4:f0:1c:23:2e:1c:
                    6c:00:c6:78:91:35:44:89:94:9b:94:26:77:ef:78:
                    dd:8f:1c:3b:91:39:7b:af:8a:e7:68:4a:10:2a:dd:
                    09:bf:32:b4:c5:60:51:cf:f9:6d:78:41:47:cc:7c:
                    30:37:2b:f8:d3:d5:eb:d0:36:d9:45:5e:5c:3c:41:
                    1a:19:d2:f6:9e:2e:14:f0:21:eb:b1:b3:61:7a:45:
                    96:a0:4c:7c:ba:a0:23:47:0b:3a:e0:af:e8:b6:7e:
                    fb:f7:1e:f1:1f:24:54:08:26:3f:d1:f4:4b:e0:f8:
                    49:2e:c3:ea:36:b2:a2:6d:dd:a2:26:f2:eb:1e:ea:
                    83:c6:5b:93:97:f5:a6:78:45:e1:d5:46:52:73:65:
                    ce:83:68:2a:be:8a:a5:ba:81:f4:82:84:42:34:24:
                    9d:10:fa:d1:b6:f6:23:1b:6f:e9:ae:8d:5b:03:c3:
                    38:29:d8:8c:84:b6:fc:24:b6:bd:93:d2:4c:91:6c:
                    73:55:f4:8d:26:90:69:78:7b:e3:00:06:8a:03:7f:
                    b5:f0:fd:db:80:6a:3f:68:29:b2:f6:b6:84:dc:9e:
                    c5:21:2b:31:6b:a9:db:f2:e2:a3:35:6d:54:e0:f3:
                    52:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:62:10:CC:D0:22:CA:AA:28:B3:46:33:5E:BA:CF:F8:63:EB:FE:D7
            X509v3 Authority Key Identifier:
                keyid:BF:23:9C:77:90:FC:3D:57:76:26:D5:BB:F1:86:1E:59:C9:B4:70:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vyOcd5D8PVd2JtW78YYeWcm0cK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/amIQzNAiyqoos0YzXrrP-GPr_tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/vyOcd5D8PVd2JtW78YYeWcm0cK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:bd:31:56:f1:ff:dd:80:ef:3d:c8:f9:cd:00:8c:9c:46:f4:
         9e:f2:28:0d:1d:7c:ec:76:46:d9:81:0e:06:2c:d8:b1:7d:ed:
         55:6f:1c:3d:58:76:40:09:94:35:e9:f1:e9:23:92:96:43:51:
         3e:0c:a0:ae:f2:a3:b3:35:05:35:e8:e0:ad:07:39:4d:25:ae:
         58:6a:ec:d1:38:40:23:9c:f0:8b:2e:a6:d3:0e:18:eb:b4:ba:
         28:a5:70:e8:7f:5e:de:68:c1:8b:45:18:67:3d:01:69:49:53:
         9b:be:21:e2:58:e3:32:34:c4:98:9f:fe:01:fd:f3:f5:2a:69:
         be:99:dc:38:c5:1e:34:dc:8d:e7:0c:29:10:39:3b:d1:4f:dc:
         74:90:65:e5:05:d5:ca:4a:4b:25:78:55:1d:b7:21:07:ce:c9:
         b3:8d:b6:e9:8a:58:58:9c:7f:cf:40:84:5c:83:79:ca:6e:21:
         12:e5:95:b4:1b:41:42:a5:2b:f3:e1:0c:fd:bf:71:7f:5f:3c:
         e7:36:ac:f0:65:65:3c:18:41:bb:08:76:02:80:c3:34:14:c2:
         35:e3:43:47:e2:27:78:12:dc:4c:f0:4f:c9:e2:56:e0:2a:a6:
         fe:e9:f3:f9:1a:d7:a2:3d:db:4e:59:ce:92:86:f3:57:ea:52:
         ac:3c:6e:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmUJWVCkxXNCqSKyFVohffQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMjM5Yzc3OTBmYzNkNTc3NjI2ZDViYmYxODYxZTU5Yzli
NDcwYWUwHhcNMjUwOTI5MDYyNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTYyMTBjY2QwMjJjYWFhMjhiMzQ2MzM1ZWJhY2ZmODYzZWJmZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbahiBYtaZf7mtN17WX6iTyAL50K
+x/U8BwjLhxsAMZ4kTVEiZSblCZ373jdjxw7kTl7r4rnaEoQKt0JvzK0xWBRz/lt
eEFHzHwwNyv409Xr0DbZRV5cPEEaGdL2ni4U8CHrsbNhekWWoEx8uqAjRws64K/o
tn779x7xHyRUCCY/0fRL4PhJLsPqNrKibd2iJvLrHuqDxluTl/WmeEXh1UZSc2XO
g2gqvoqluoH0goRCNCSdEPrRtvYjG2/pro1bA8M4KdiMhLb8JLa9k9JMkWxzVfSN
JpBpeHvjAAaKA3+18P3bgGo/aCmy9raE3J7FISsxa6nb8uKjNW1U4PNS2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGpiEMzQIsqqKLNGM166z/hj6/7XMB8GA1UdIwQY
MBaAFL8jnHeQ/D1XdibVu/GGHlnJtHCuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnlPY2Q1RDhQVmQySnRXNzhZWWVXY20wY0s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMGRlZWMtNzIzMy00MmYzLTg3Njct
YjU1MDNhMzJlZGZlLzEvYW1JUXpOQWl5cW9vczBZelhyclAtR1ByX3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMGRlZWMtNzIzMy00MmYzLTg3NjctYjU1MDNhMzJlZGZl
LzEvdnlPY2Q1RDhQVmQySnRXNzhZWWVXY20wY0s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXa7QMA0G
CSqGSIb3DQEBCwUAA4IBAQC6vTFW8f/dgO89yPnNAIycRvSe8igNHXzsdkbZgQ4G
LNixfe1Vbxw9WHZACZQ16fHpI5KWQ1E+DKCu8qOzNQU16OCtBzlNJa5YauzROEAj
nPCLLqbTDhjrtLoopXDof17eaMGLRRhnPQFpSVObviHiWOMyNMSYn/4B/fP1Kmm+
mdw4xR403I3nDCkQOTvRT9x0kGXlBdXKSksleFUdtyEHzsmzjbbpilhYnH/PQIRc
g3nKbiES5ZW0G0FCpSvz4Qz9v3F/XzznNqzwZWU8GEG7CHYCgMM0FMI140NH4id4
EtxM8E/J4lbgKqb+6fP5GteiPdtOWc6ShvNX6lKsPG4Q
-----END CERTIFICATE-----