Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/6e0b7a-af73-4d9b-bd74-adc7551f667d/1/PefmmKkeHckF1TFIBsiHu-KGY9A.roa
File:                     PefmmKkeHckF1TFIBsiHu-KGY9A.roa (raw, json)
Hash identifier:          tPgDzgEVBJrCaqPTjl+G8vf08ZvCLU8Bf3lj6k6XGBY=
Subject key identifier:   3D:E7:E6:98:A9:1E:1D:C9:05:D5:31:48:06:C8:87:BB:E2:86:63:D0
Certificate issuer:       /CN=eefe4b75298c007201e71c806a5c8c09e7b77411
Certificate serial:       0199E6D7AC4B8FB5FB4157146351369D1B32
Authority key identifier: EE:FE:4B:75:29:8C:00:72:01:E7:1C:80:6A:5C:8C:09:E7:B7:74:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7v5LdSmMAHIB5xyAalyMCee3dBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/6e0b7a-af73-4d9b-bd74-adc7551f667d/1/PefmmKkeHckF1TFIBsiHu-KGY9A.roa
Signing time:             Wed 15 Oct 2025 07:48:38 +0000
ROA not before:           Wed 15 Oct 2025 07:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41384
IP address blocks:        193.228.94.0/23 maxlen: 23
                          193.228.96.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/6e0b7a-af73-4d9b-bd74-adc7551f667d/1/7v5LdSmMAHIB5xyAalyMCee3dBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/6e0b7a-af73-4d9b-bd74-adc7551f667d/1/7v5LdSmMAHIB5xyAalyMCee3dBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7v5LdSmMAHIB5xyAalyMCee3dBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e6:d7:ac:4b:8f:b5:fb:41:57:14:63:51:36:9d:1b:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eefe4b75298c007201e71c806a5c8c09e7b77411
        Validity
            Not Before: Oct 15 07:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3de7e698a91e1dc905d5314806c887bbe28663d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:77:06:1a:dc:88:db:a5:3b:89:7f:14:37:60:
                    60:b5:fc:f0:28:74:98:e0:a1:90:7e:6c:c3:aa:d0:
                    1c:82:97:82:be:9a:a2:2f:59:6b:db:60:cc:7a:c2:
                    43:f2:f1:0e:0e:4b:d7:24:1e:a3:3c:73:26:98:a4:
                    03:28:b5:04:f8:fc:6d:05:57:e6:25:ff:fb:e5:ba:
                    02:c4:8f:be:7c:79:91:71:5c:c6:57:77:eb:c8:93:
                    1a:3d:3b:e5:81:54:77:6c:e7:81:48:da:c0:d2:60:
                    5c:cd:5b:5d:ab:f8:46:cc:de:a3:f9:85:e9:db:31:
                    52:ca:a0:83:14:6f:51:8c:d6:b9:69:07:32:ee:36:
                    97:66:76:c0:c3:7a:45:61:6b:cd:be:fb:27:0e:0b:
                    7b:e7:0f:35:91:f5:54:90:eb:73:af:9d:ab:ba:b9:
                    b6:9b:06:7d:e5:72:4d:2b:e2:bc:bb:b4:29:38:f9:
                    d3:94:1e:87:fc:22:58:3a:ea:91:30:19:4a:13:86:
                    ce:78:ac:f0:76:b4:20:9c:89:13:7d:e4:c0:d2:39:
                    31:f6:7b:3a:26:da:6e:11:0b:94:5a:cc:be:59:1e:
                    c5:f5:a3:a3:87:fe:e4:79:28:7c:b0:06:d8:10:39:
                    e7:a8:91:00:f8:32:c6:2d:bd:8c:b2:aa:80:32:e0:
                    ff:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E7:E6:98:A9:1E:1D:C9:05:D5:31:48:06:C8:87:BB:E2:86:63:D0
            X509v3 Authority Key Identifier:
                keyid:EE:FE:4B:75:29:8C:00:72:01:E7:1C:80:6A:5C:8C:09:E7:B7:74:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7v5LdSmMAHIB5xyAalyMCee3dBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/6e0b7a-af73-4d9b-bd74-adc7551f667d/1/PefmmKkeHckF1TFIBsiHu-KGY9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/6e0b7a-af73-4d9b-bd74-adc7551f667d/1/7v5LdSmMAHIB5xyAalyMCee3dBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.94.0-193.228.99.255

    Signature Algorithm: sha256WithRSAEncryption
         21:9e:cb:17:83:93:b2:1a:81:d3:08:99:56:23:2b:2b:01:03:
         5c:40:2e:d9:35:4a:12:8d:44:a7:dd:ed:7b:14:a9:c1:5b:f9:
         d2:ed:ed:0b:d0:80:5a:93:b7:b4:11:91:0b:62:b0:1f:72:e5:
         d2:cf:cf:00:c6:68:5c:6c:f1:28:06:e3:8d:b5:45:e7:04:f4:
         25:e8:6a:f7:a4:85:82:e6:6d:d2:56:73:c2:ca:4d:dd:8b:06:
         d9:cc:69:37:7d:e4:3a:fb:2f:a9:27:6e:02:0d:08:d7:f3:a8:
         55:78:c6:1f:ab:de:69:12:76:76:25:88:a6:b8:b3:72:93:cc:
         fa:2f:6c:17:09:d6:ee:ba:4a:a1:c0:7e:62:8d:6a:79:e4:21:
         08:80:df:99:5f:f6:e6:a8:82:c0:8d:f9:2e:6b:40:1c:d2:70:
         31:c7:82:4b:64:53:ba:ff:e4:16:5b:4c:95:94:c7:d9:12:20:
         1d:0d:24:f8:bd:de:27:0e:c3:4d:e2:1d:29:36:b6:d9:f3:d3:
         aa:60:b5:2f:04:71:40:8a:83:26:d8:91:49:d7:fc:70:fd:c6:
         d1:dd:74:80:82:46:25:e5:4a:66:40:d4:c3:f3:59:9c:c3:fc:
         e8:b2:f1:76:2b:17:07:2a:19:39:c5:51:c5:ac:d7:dc:20:a4:
         40:5d:b2:27
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZnm16xLj7X7QVcUY1E2nRsyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZmU0Yjc1Mjk4YzAwNzIwMWU3MWM4MDZhNWM4YzA5ZTdi
Nzc0MTEwHhcNMjUxMDE1MDc0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGU3ZTY5OGE5MWUxZGM5MDVkNTMxNDgwNmM4ODdiYmUyODY2M2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3cGGtyI26U7iX8UN2BgtfzwKHSY
4KGQfmzDqtAcgpeCvpqiL1lr22DMesJD8vEODkvXJB6jPHMmmKQDKLUE+PxtBVfm
Jf/75boCxI++fHmRcVzGV3fryJMaPTvlgVR3bOeBSNrA0mBczVtdq/hGzN6j+YXp
2zFSyqCDFG9RjNa5aQcy7jaXZnbAw3pFYWvNvvsnDgt75w81kfVUkOtzr52rurm2
mwZ95XJNK+K8u7QpOPnTlB6H/CJYOuqRMBlKE4bOeKzwdrQgnIkTfeTA0jkx9ns6
JtpuEQuUWsy+WR7F9aOjh/7keSh8sAbYEDnnqJEA+DLGLb2MsqqAMuD/pwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD3n5pipHh3JBdUxSAbIh7vihmPQMB8GA1UdIwQY
MBaAFO7+S3UpjAByAeccgGpcjAnnt3QRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3Y1TGRTbU1BSElCNXh5QWFseU1DZWUzZEJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy82ZTBiN2EtYWY3My00ZDliLWJkNzQt
YWRjNzU1MWY2NjdkLzEvUGVmbW1La2VIY2tGMVRGSUJzaUh1LUtHWTlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy82ZTBiN2EtYWY3My00ZDliLWJkNzQtYWRjNzU1MWY2Njdk
LzEvN3Y1TGRTbU1BSElCNXh5QWFseU1DZWUzZEJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHB5F4D
BALB5GAwDQYJKoZIhvcNAQELBQADggEBACGeyxeDk7IagdMImVYjKysBA1xALtk1
ShKNRKfd7XsUqcFb+dLt7QvQgFqTt7QRkQtisB9y5dLPzwDGaFxs8SgG4421RecE
9CXoavekhYLmbdJWc8LKTd2LBtnMaTd95Dr7L6knbgINCNfzqFV4xh+r3mkSdnYl
iKa4s3KTzPovbBcJ1u66SqHAfmKNannkIQiA35lf9uaogsCN+S5rQBzScDHHgktk
U7r/5BZbTJWUx9kSIB0NJPi93icOw03iHSk2ttnz06pgtS8EcUCKgybYkUnX/HD9
xtHddICCRiXlSmZA1MPzWZzD/Oiy8XYrFwcqGTnFUcWs19wgpEBdsic=
-----END CERTIFICATE-----