Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/j8yR2SwKtsWVLSNz7q_UM4Rt1zM.roa
File:                     j8yR2SwKtsWVLSNz7q_UM4Rt1zM.roa (raw, json)
Hash identifier:          SRAkp7Ly8eQqtuMXaM0/J+PtXueSbryqz6yBP5HCAks=
Subject key identifier:   8F:CC:91:D9:2C:0A:B6:C5:95:2D:23:73:EE:AF:D4:33:84:6D:D7:33
Certificate issuer:       /CN=2a03fcc0403cc140ac17cc94abf64ba71954e7fc
Certificate serial:       0199F3D5306591688B7C3B73C4468CDFE8E4
Authority key identifier: 2A:03:FC:C0:40:3C:C1:40:AC:17:CC:94:AB:F6:4B:A7:19:54:E7:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/j8yR2SwKtsWVLSNz7q_UM4Rt1zM.roa
Signing time:             Fri 17 Oct 2025 20:20:58 +0000
ROA not before:           Fri 17 Oct 2025 20:20:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212482
IP address blocks:        185.193.241.0/24 maxlen: 24
                          2a06:7ec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f3:d5:30:65:91:68:8b:7c:3b:73:c4:46:8c:df:e8:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a03fcc0403cc140ac17cc94abf64ba71954e7fc
        Validity
            Not Before: Oct 17 20:20:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fcc91d92c0ab6c5952d2373eeafd433846dd733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ca:e4:b1:0c:98:3a:c9:7c:2b:2f:47:b3:17:
                    4f:f5:44:5c:af:44:11:3c:39:0e:9b:aa:f4:ba:9f:
                    6b:9c:89:08:21:93:74:05:52:6b:2c:98:8d:e7:63:
                    4e:dd:8c:70:0e:6f:7f:80:cd:dd:86:38:72:6e:67:
                    f4:3c:fe:26:3f:e0:e4:0d:63:3d:7c:5f:df:03:42:
                    d9:34:b6:ef:18:a0:f5:11:75:5d:b5:8d:d9:09:f0:
                    75:5c:3b:99:cd:c3:e6:dd:66:d1:19:16:d1:38:89:
                    e5:78:47:8f:70:ae:6f:5f:68:4f:2b:6c:59:76:48:
                    98:72:b2:c8:42:bf:9b:26:b2:64:7b:82:7b:1c:39:
                    fe:58:5e:e9:29:c8:79:10:b0:3c:b2:01:87:0c:00:
                    a9:99:20:e8:75:34:15:ca:5a:b2:0e:3c:65:57:dc:
                    35:b6:a2:57:60:e9:03:4d:c4:5c:24:66:93:1b:a9:
                    48:49:f1:90:db:61:69:54:a4:10:38:8b:b8:dc:2e:
                    7f:8c:f2:f9:ee:44:a2:56:54:54:d7:12:34:f3:84:
                    ad:04:ac:df:11:6a:65:f1:e8:b6:ff:40:7d:bb:80:
                    7e:d0:15:56:1a:0c:d2:cf:99:0e:9e:6b:5c:9b:23:
                    8f:c9:8c:99:d1:b4:29:23:19:bd:a0:da:7f:61:b9:
                    53:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:CC:91:D9:2C:0A:B6:C5:95:2D:23:73:EE:AF:D4:33:84:6D:D7:33
            X509v3 Authority Key Identifier:
                keyid:2A:03:FC:C0:40:3C:C1:40:AC:17:CC:94:AB:F6:4B:A7:19:54:E7:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/j8yR2SwKtsWVLSNz7q_UM4Rt1zM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.241.0/24
                IPv6:
                  2a06:7ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:99:cd:1f:92:85:b6:1c:5b:31:e6:26:dc:83:df:60:37:77:
         8a:b8:95:3c:3c:d1:1a:34:22:5e:ff:e5:51:74:49:22:45:ee:
         b0:29:e5:ae:c9:d8:6a:49:ac:65:2b:7a:ba:a5:49:f6:54:5c:
         88:eb:a5:a9:8f:bc:28:1e:21:6b:34:ca:25:b5:ea:b5:09:d2:
         8c:a4:df:7c:e4:e4:01:8b:38:50:0c:09:eb:15:57:93:12:3f:
         82:84:c1:a1:a5:be:33:62:4c:da:c2:b3:8f:bb:44:2c:31:c1:
         57:2f:86:91:c4:59:ba:12:75:1e:6a:46:27:ba:39:8e:73:dd:
         12:5f:2f:68:89:de:0d:95:2e:94:fc:f4:76:a6:c4:de:71:ae:
         ec:54:75:36:66:84:17:b5:d1:be:7f:a0:bd:f3:ca:2c:0b:91:
         ad:92:5b:f2:8f:32:1a:de:9b:cf:da:8e:a8:99:85:3f:6d:97:
         67:88:90:20:fa:2b:9a:05:7e:96:3c:3c:ea:bf:83:d7:3e:e3:
         3d:ba:f9:06:cf:6e:5d:78:18:9e:cb:e0:20:6d:24:8f:bd:58:
         f9:df:52:eb:fd:83:5e:14:e3:8c:57:27:a3:8f:c1:ce:72:94:
         6a:9e:df:d7:45:ab:82:0d:dd:2c:8e:24:03:65:cd:13:bf:df:
         1e:eb:36:c4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZnz1TBlkWiLfDtzxEaM3+jkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMDNmY2MwNDAzY2MxNDBhYzE3Y2M5NGFiZjY0YmE3MTk1
NGU3ZmMwHhcNMjUxMDE3MjAyMDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmNjOTFkOTJjMGFiNmM1OTUyZDIzNzNlZWFmZDQzMzg0NmRkNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsrksQyYOsl8Ky9HsxdP9URcr0QR
PDkOm6r0up9rnIkIIZN0BVJrLJiN52NO3YxwDm9/gM3dhjhybmf0PP4mP+DkDWM9
fF/fA0LZNLbvGKD1EXVdtY3ZCfB1XDuZzcPm3WbRGRbROInleEePcK5vX2hPK2xZ
dkiYcrLIQr+bJrJke4J7HDn+WF7pKch5ELA8sgGHDACpmSDodTQVylqyDjxlV9w1
tqJXYOkDTcRcJGaTG6lISfGQ22FpVKQQOIu43C5/jPL57kSiVlRU1xI084StBKzf
EWpl8ei2/0B9u4B+0BVWGgzSz5kOnmtcmyOPyYyZ0bQpIxm9oNp/YblTJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI/MkdksCrbFlS0jc+6v1DOEbdczMB8GA1UdIwQY
MBaAFCoD/MBAPMFArBfMlKv2S6cZVOf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2dQOHdFQTh3VUNzRjh5VXFfWkxweGxVNV93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi80M2Q3ZmItNGM5Yi00MjYzLWJlMTUt
OTg4ZWU3ZmU3MGE5LzEvajh5UjJTd0t0c1dWTFNOejdxX1VNNFJ0MXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi80M2Q3ZmItNGM5Yi00MjYzLWJlMTUtOTg4ZWU3ZmU3MGE5
LzEvS2dQOHdFQTh3VUNzRjh5VXFfWkxweGxVNV93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAucHxMA0E
AgACMAcDBQMqBn7AMA0GCSqGSIb3DQEBCwUAA4IBAQARmc0fkoW2HFsx5ibcg99g
N3eKuJU8PNEaNCJe/+VRdEkiRe6wKeWuydhqSaxlK3q6pUn2VFyI66Wpj7woHiFr
NMolteq1CdKMpN985OQBizhQDAnrFVeTEj+ChMGhpb4zYkzawrOPu0QsMcFXL4aR
xFm6EnUeakYnujmOc90SXy9oid4NlS6U/PR2psTeca7sVHU2ZoQXtdG+f6C988os
C5GtklvyjzIa3pvP2o6omYU/bZdniJAg+iuaBX6WPDzqv4PXPuM9uvkGz25deBie
y+AgbSSPvVj531Lr/YNeFOOMVyejj8HOcpRqnt/XRauCDd0sjiQDZc0Tv98e6zbE
-----END CERTIFICATE-----