Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/_B8GwBiTFdIK4J8SxVFnKGjeQB4.roa
File:                     _B8GwBiTFdIK4J8SxVFnKGjeQB4.roa (raw, json)
Hash identifier:          Uz7SoPbGR/+GgXVRcIAynbR4wHfGxFEdNa8TRfSCHnE=
Subject key identifier:   FC:1F:06:C0:18:93:15:D2:0A:E0:9F:12:C5:51:67:28:68:DE:40:1E
Certificate issuer:       /CN=9bff15278f53f7761c2f3d33dd9be77a8a4fbd94
Certificate serial:       0199B9A93E52E3B2F04BA4753A05F89D6C23
Authority key identifier: 9B:FF:15:27:8F:53:F7:76:1C:2F:3D:33:DD:9B:E7:7A:8A:4F:BD:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m_8VJ49T93YcLz0z3ZvneopPvZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/_B8GwBiTFdIK4J8SxVFnKGjeQB4.roa
Signing time:             Mon 06 Oct 2025 13:15:00 +0000
ROA not before:           Mon 06 Oct 2025 13:15:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201063
IP address blocks:        46.70.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/m_8VJ49T93YcLz0z3ZvneopPvZQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/m_8VJ49T93YcLz0z3ZvneopPvZQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m_8VJ49T93YcLz0z3ZvneopPvZQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b9:a9:3e:52:e3:b2:f0:4b:a4:75:3a:05:f8:9d:6c:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bff15278f53f7761c2f3d33dd9be77a8a4fbd94
        Validity
            Not Before: Oct  6 13:15:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc1f06c0189315d20ae09f12c551672868de401e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:d4:5f:7c:01:dc:63:0a:9e:cc:fe:d2:39:36:
                    7a:0d:e5:14:0e:f5:69:6c:46:3c:1f:1d:72:e2:cc:
                    c6:8a:b7:20:cf:98:03:fa:ca:8a:2e:57:88:f8:4d:
                    bc:7c:f5:42:f1:e5:8b:0b:ab:fe:a9:94:c7:64:f6:
                    3b:f7:33:ff:cf:26:26:35:0f:93:cb:01:e0:57:ee:
                    ae:e1:ee:7e:e4:e8:78:fc:a5:b7:0d:67:4b:58:c4:
                    3c:8f:9c:4b:6c:a2:c3:c1:18:b4:e4:cc:67:dc:0b:
                    9a:37:29:fc:f2:40:cf:f4:dd:75:f7:af:a8:aa:a0:
                    d0:76:fa:87:38:7e:68:aa:da:fb:07:1b:20:a7:bc:
                    33:5f:a9:38:08:be:fb:88:f2:ce:51:ba:87:b9:08:
                    be:8b:42:50:4a:59:53:69:9c:7c:f0:6a:90:2a:df:
                    38:3e:a3:ba:b5:6b:bf:2d:80:cd:6a:d1:fd:80:02:
                    d8:5a:82:3a:2c:96:68:5b:d6:ad:39:37:f9:8e:87:
                    be:12:25:af:35:4d:f4:5c:4d:4a:af:d2:cd:24:8a:
                    c1:4e:01:30:5f:d3:f3:72:f2:cf:2f:4d:ac:ff:8f:
                    87:7d:c3:5d:2e:1f:4c:9c:44:3f:bf:65:c2:16:ea:
                    01:a2:42:cc:71:b0:28:34:d5:28:8e:3a:3d:fa:f3:
                    bb:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:1F:06:C0:18:93:15:D2:0A:E0:9F:12:C5:51:67:28:68:DE:40:1E
            X509v3 Authority Key Identifier:
                keyid:9B:FF:15:27:8F:53:F7:76:1C:2F:3D:33:DD:9B:E7:7A:8A:4F:BD:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m_8VJ49T93YcLz0z3ZvneopPvZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/_B8GwBiTFdIK4J8SxVFnKGjeQB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/m_8VJ49T93YcLz0z3ZvneopPvZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.70.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:86:5f:26:62:40:7c:06:52:4e:63:b1:ab:f1:0a:2f:37:56:
         23:68:e0:5a:fb:cf:91:8e:82:a3:d6:eb:97:71:91:02:2d:fb:
         7b:1f:7e:b7:40:5d:4a:b2:45:42:9b:21:de:25:18:d7:4d:a1:
         f8:48:e7:54:a6:45:67:bd:24:45:8b:50:75:d0:00:87:87:ac:
         8c:78:c8:77:0f:f4:14:c3:67:96:24:f8:8c:c4:4c:c8:6d:38:
         c7:a9:e2:0e:d9:30:c4:95:fe:5a:62:ec:03:5e:30:8c:04:3f:
         2e:71:65:9f:f6:28:45:12:aa:54:80:ac:66:81:8c:1b:3f:bf:
         2a:8f:51:64:76:07:ff:ee:ce:47:fd:8f:4e:4d:42:09:ab:c7:
         d2:91:13:7d:bd:72:b0:21:e3:95:09:65:6f:3f:9c:c3:ca:88:
         af:c0:fd:ca:8e:3e:ec:51:09:bc:30:9d:a3:3b:13:9c:aa:92:
         eb:a8:52:7e:e7:40:ae:ae:ec:c7:c5:1d:35:4e:43:b5:7a:90:
         b8:93:ae:0e:f8:a6:25:6b:9d:92:7b:05:25:12:2d:3b:35:0e:
         f6:5c:42:dc:98:05:37:03:8d:11:86:41:c4:e4:04:09:d4:d0:
         e3:11:5e:61:8b:8c:2d:7f:eb:91:a0:c9:1d:df:f0:b9:40:97:
         81:6f:56:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm5qT5S47LwS6R1OgX4nWwjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZmYxNTI3OGY1M2Y3NzYxYzJmM2QzM2RkOWJlNzdhOGE0
ZmJkOTQwHhcNMjUxMDA2MTMxNTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzFmMDZjMDE4OTMxNWQyMGFlMDlmMTJjNTUxNjcyODY4ZGU0MDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7NRffAHcYwqezP7SOTZ6DeUUDvVp
bEY8Hx1y4szGircgz5gD+sqKLleI+E28fPVC8eWLC6v+qZTHZPY79zP/zyYmNQ+T
ywHgV+6u4e5+5Oh4/KW3DWdLWMQ8j5xLbKLDwRi05Mxn3AuaNyn88kDP9N1196+o
qqDQdvqHOH5oqtr7Bxsgp7wzX6k4CL77iPLOUbqHuQi+i0JQSllTaZx88GqQKt84
PqO6tWu/LYDNatH9gALYWoI6LJZoW9atOTf5joe+EiWvNU30XE1Kr9LNJIrBTgEw
X9PzcvLPL02s/4+HfcNdLh9MnEQ/v2XCFuoBokLMcbAoNNUojjo9+vO7BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwfBsAYkxXSCuCfEsVRZyho3kAeMB8GA1UdIwQY
MBaAFJv/FSePU/d2HC89M92b53qKT72UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbV84Vko0OVQ5M1ljTHowejNadm5lb3BQdlpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9hYTdiMzMtZGVlYi00YWJkLWI4ZDIt
NTY5NzI0OWY1MTI0LzEvX0I4R3dCaVRGZElLNEo4U3hWRm5LR2plUUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9hYTdiMzMtZGVlYi00YWJkLWI4ZDItNTY5NzI0OWY1MTI0
LzEvbV84Vko0OVQ5M1ljTHowejNadm5lb3BQdlpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALkb/MA0G
CSqGSIb3DQEBCwUAA4IBAQDChl8mYkB8BlJOY7Gr8QovN1YjaOBa+8+RjoKj1uuX
cZECLft7H363QF1KskVCmyHeJRjXTaH4SOdUpkVnvSRFi1B10ACHh6yMeMh3D/QU
w2eWJPiMxEzIbTjHqeIO2TDElf5aYuwDXjCMBD8ucWWf9ihFEqpUgKxmgYwbP78q
j1Fkdgf/7s5H/Y9OTUIJq8fSkRN9vXKwIeOVCWVvP5zDyoivwP3Kjj7sUQm8MJ2j
OxOcqpLrqFJ+50CuruzHxR01TkO1epC4k64O+KYla52SewUlEi07NQ72XELcmAU3
A40RhkHE5AQJ1NDjEV5hi4wtf+uRoMkd3/C5QJeBb1aD
-----END CERTIFICATE-----