Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/c6df87-dd55-466c-8b6c-cd598e8b2d45/1/8ACVm-ce43MmeBVev4dyWlkx0NY.roa
File:                     8ACVm-ce43MmeBVev4dyWlkx0NY.roa (raw, json)
Hash identifier:          +7/RIUg9QZFa+udK/mANETDLIR4ZdvLXsBeIxkf5Veg=
Subject key identifier:   F0:00:95:9B:E7:1E:E3:73:26:78:15:5E:BF:87:72:5A:59:31:D0:D6
Certificate issuer:       /CN=543d02179741372e182811e1852d584efdcf7ba2
Certificate serial:       019984EA2ADD2572A004B12ACE6954A8FC1B
Authority key identifier: 54:3D:02:17:97:41:37:2E:18:28:11:E1:85:2D:58:4E:FD:CF:7B:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VD0CF5dBNy4YKBHhhS1YTv3Pe6I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/c6df87-dd55-466c-8b6c-cd598e8b2d45/1/8ACVm-ce43MmeBVev4dyWlkx0NY.roa
Signing time:             Fri 26 Sep 2025 07:26:02 +0000
ROA not before:           Fri 26 Sep 2025 07:26:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206126
IP address blocks:        194.61.4.0/23 maxlen: 23
                          2a09:a000::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/c6df87-dd55-466c-8b6c-cd598e8b2d45/1/VD0CF5dBNy4YKBHhhS1YTv3Pe6I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/c6df87-dd55-466c-8b6c-cd598e8b2d45/1/VD0CF5dBNy4YKBHhhS1YTv3Pe6I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VD0CF5dBNy4YKBHhhS1YTv3Pe6I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:84:ea:2a:dd:25:72:a0:04:b1:2a:ce:69:54:a8:fc:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543d02179741372e182811e1852d584efdcf7ba2
        Validity
            Not Before: Sep 26 07:26:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f000959be71ee3732678155ebf87725a5931d0d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:50:b6:93:80:85:ae:a8:17:5d:94:fc:ea:72:
                    bb:a1:64:45:53:e6:c5:13:2c:a9:7e:de:35:1d:f8:
                    07:8f:b0:74:fc:4b:80:dc:2b:16:fd:17:6c:f0:95:
                    0e:d4:b5:5e:51:af:7c:a7:02:37:ff:5c:a8:93:ea:
                    96:99:ec:14:9b:ac:94:21:a0:9a:b6:fb:8e:7b:89:
                    13:86:79:d1:80:2a:8c:84:ae:5c:1a:ff:d8:c3:e1:
                    e2:e9:57:e2:ae:1a:1f:74:94:f7:38:af:26:82:5c:
                    95:85:55:03:36:4b:0d:b9:c9:4f:af:f1:44:4b:f0:
                    a0:71:ec:31:26:79:2d:4e:b8:55:19:5d:ca:0c:a2:
                    a3:e4:64:a0:0c:2c:28:34:58:c2:be:9d:b2:ad:74:
                    89:88:67:14:10:d4:51:85:e2:06:94:b6:44:24:b6:
                    f1:d6:25:67:aa:3e:78:25:50:2c:45:60:2a:bd:83:
                    f0:2e:73:b5:c2:40:91:d6:a3:22:55:6c:fe:01:44:
                    13:3d:13:57:78:c5:4e:b8:63:2d:39:fa:39:6b:e9:
                    4f:0f:ed:ba:cc:e2:0c:ee:2e:f0:6a:73:8d:3b:f4:
                    a1:55:48:3a:89:3d:f7:14:95:02:cf:34:78:af:4d:
                    c9:e4:6d:8b:2c:28:96:f7:e1:0f:54:36:43:9c:c9:
                    14:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:00:95:9B:E7:1E:E3:73:26:78:15:5E:BF:87:72:5A:59:31:D0:D6
            X509v3 Authority Key Identifier:
                keyid:54:3D:02:17:97:41:37:2E:18:28:11:E1:85:2D:58:4E:FD:CF:7B:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VD0CF5dBNy4YKBHhhS1YTv3Pe6I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c6df87-dd55-466c-8b6c-cd598e8b2d45/1/8ACVm-ce43MmeBVev4dyWlkx0NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c6df87-dd55-466c-8b6c-cd598e8b2d45/1/VD0CF5dBNy4YKBHhhS1YTv3Pe6I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.4.0/23
                IPv6:
                  2a09:a000::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:b6:b8:e0:6b:2c:48:5c:90:60:2b:57:95:40:43:09:ee:b6:
         e3:50:d5:38:23:c3:44:14:16:ad:21:58:70:b0:a0:d4:d5:37:
         62:1a:a1:3e:b3:22:82:72:13:64:97:16:26:7d:69:d6:93:66:
         6c:05:86:14:89:03:cb:fb:cb:03:da:49:7c:b2:94:59:16:89:
         ca:38:72:1b:44:f1:ff:3d:36:a5:8e:b5:96:7c:f7:f6:d3:8f:
         b4:e1:fb:04:27:15:00:e7:28:0d:23:e3:f0:ad:4b:40:ff:60:
         01:a3:e2:0d:96:f2:fc:92:d4:89:5b:50:02:71:69:8a:81:23:
         2d:4a:2b:38:02:b6:ca:02:1c:33:85:1f:f9:e9:65:2c:57:8b:
         d5:34:e3:7c:0a:89:f3:9f:b1:c9:cf:db:20:6e:14:5e:b1:05:
         5a:ed:59:a8:3e:48:af:c9:1a:c5:25:85:01:90:c2:42:21:62:
         4a:95:36:1f:61:fb:61:4f:31:80:17:f0:60:6d:42:ba:ac:ab:
         4b:59:14:12:9a:ae:0d:6b:5f:74:fa:56:34:8a:0b:00:7a:be:
         84:40:8b:3a:2e:d6:97:c5:b5:8a:ef:90:f8:cc:b6:93:7a:6d:
         cf:36:06:67:aa:a9:8b:cb:dc:69:29:f0:11:5e:0c:b4:47:fc:
         11:57:87:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZmE6irdJXKgBLEqzmlUqPwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0M2QwMjE3OTc0MTM3MmUxODI4MTFlMTg1MmQ1ODRlZmRj
ZjdiYTIwHhcNMjUwOTI2MDcyNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDAwOTU5YmU3MWVlMzczMjY3ODE1NWViZjg3NzI1YTU5MzFkMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFC2k4CFrqgXXZT86nK7oWRFU+bF
Eyypft41HfgHj7B0/EuA3CsW/Rds8JUO1LVeUa98pwI3/1yok+qWmewUm6yUIaCa
tvuOe4kThnnRgCqMhK5cGv/Yw+Hi6VfirhofdJT3OK8mglyVhVUDNksNuclPr/FE
S/CgcewxJnktTrhVGV3KDKKj5GSgDCwoNFjCvp2yrXSJiGcUENRRheIGlLZEJLbx
1iVnqj54JVAsRWAqvYPwLnO1wkCR1qMiVWz+AUQTPRNXeMVOuGMtOfo5a+lPD+26
zOIM7i7wanONO/ShVUg6iT33FJUCzzR4r03J5G2LLCiW9+EPVDZDnMkU1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPAAlZvnHuNzJngVXr+HclpZMdDWMB8GA1UdIwQY
MBaAFFQ9AheXQTcuGCgR4YUtWE79z3uiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkQwQ0Y1ZEJOeTRZS0JIaGhTMVlUdjNQZTZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jNmRmODctZGQ1NS00NjZjLThiNmMt
Y2Q1OThlOGIyZDQ1LzEvOEFDVm0tY2U0M01tZUJWZXY0ZHlXbGt4ME5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jNmRmODctZGQ1NS00NjZjLThiNmMtY2Q1OThlOGIyZDQ1
LzEvVkQwQ0Y1ZEJOeTRZS0JIaGhTMVlUdjNQZTZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwj0EMA0E
AgACMAcDBQMqCaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAAtrjgayxIXJBgK1eVQEMJ
7rbjUNU4I8NEFBatIVhwsKDU1TdiGqE+syKCchNklxYmfWnWk2ZsBYYUiQPL+8sD
2kl8spRZFonKOHIbRPH/PTaljrWWfPf204+04fsEJxUA5ygNI+PwrUtA/2ABo+IN
lvL8ktSJW1ACcWmKgSMtSis4ArbKAhwzhR/56WUsV4vVNON8Conzn7HJz9sgbhRe
sQVa7VmoPkivyRrFJYUBkMJCIWJKlTYfYfthTzGAF/BgbUK6rKtLWRQSmq4Na190
+lY0igsAer6EQIs6LtaXxbWK75D4zLaTem3PNgZnqqmLy9xpKfARXgy0R/wRV4c5
-----END CERTIFICATE-----