Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/kwLsvJubF1R5RcHPfrHTgEiidVQ.roa
File:                     kwLsvJubF1R5RcHPfrHTgEiidVQ.roa (raw, json)
Hash identifier:          8F/U8WfP4yqCl8XRLCwa8B75MvfEIKGjXp9DIFsIfN0=
Subject key identifier:   93:02:EC:BC:9B:9B:17:54:79:45:C1:CF:7E:B1:D3:80:48:A2:75:54
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0199E77E9E8CBFCB4D535EFD854EBC9E9955
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/kwLsvJubF1R5RcHPfrHTgEiidVQ.roa
Signing time:             Wed 15 Oct 2025 10:50:59 +0000
ROA not before:           Wed 15 Oct 2025 10:50:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        79.175.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e7:7e:9e:8c:bf:cb:4d:53:5e:fd:85:4e:bc:9e:99:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 15 10:50:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9302ecbc9b9b17547945c1cf7eb1d38048a27554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:57:58:9c:60:86:2c:4b:b2:26:24:aa:33:7a:
                    e3:9a:02:b4:3d:42:20:15:c7:fb:59:7b:2e:c0:35:
                    40:f3:0c:6e:19:50:7f:16:31:bf:e2:ad:78:81:70:
                    f2:64:0f:6d:11:78:5a:07:3c:be:bc:d6:8f:76:1f:
                    a6:e9:0a:fe:93:bc:49:1e:e8:b9:6b:47:9b:d8:20:
                    b8:45:82:55:39:8c:aa:41:e1:d4:90:44:bf:1d:fe:
                    26:0b:c9:ef:f5:83:3f:49:d1:88:dc:03:09:3b:4c:
                    73:ae:44:ad:55:b3:62:fe:0f:73:47:0c:22:f9:f2:
                    3b:ab:c6:fe:22:6e:71:ea:4f:4b:18:67:e1:84:e7:
                    37:79:54:94:fb:09:77:0b:7c:da:b2:0b:e7:fa:17:
                    0d:a9:43:3c:b8:5a:ed:bd:7d:5f:e7:ee:e3:76:a2:
                    4f:90:2c:f7:03:52:d5:02:d1:56:15:53:22:45:ec:
                    a5:49:c7:e7:f0:35:da:67:6b:ac:e7:99:e2:e0:94:
                    86:84:2d:90:07:b9:dc:72:fa:f4:d8:68:db:90:0f:
                    0c:99:c8:aa:48:e8:3a:bd:bc:d9:ec:57:1d:21:8d:
                    c9:83:9c:fa:c7:56:58:b4:e5:0b:b1:3f:2b:48:c9:
                    e1:c9:7e:ca:88:52:37:dd:a2:0b:9c:b0:a3:d4:3b:
                    f0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:02:EC:BC:9B:9B:17:54:79:45:C1:CF:7E:B1:D3:80:48:A2:75:54
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/kwLsvJubF1R5RcHPfrHTgEiidVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:d0:f2:a8:ba:53:db:98:1b:12:d1:99:3b:cb:a9:cf:d3:7a:
         6e:42:26:b1:c4:a3:23:51:4e:9f:4d:4b:51:16:5b:60:02:e2:
         e7:aa:b2:b3:3c:ee:c8:bd:d8:c2:dc:c1:9e:6c:3f:7a:7b:32:
         fb:78:2f:fb:07:07:c9:e8:69:ed:a1:52:dd:a1:aa:60:be:9b:
         bd:2c:e5:ca:3f:5e:05:f4:2b:54:ba:fb:8e:cf:87:52:51:be:
         cc:6f:4a:f5:ea:72:da:ff:69:9c:45:d4:fc:25:e6:f0:ce:c0:
         44:6e:a8:f5:78:d7:16:93:fa:5c:17:b3:2e:57:10:a8:34:5f:
         05:2c:b7:86:69:ef:2b:24:81:4a:cf:9a:c8:84:e2:71:cd:ac:
         94:6c:1c:f1:d2:62:fd:fb:e6:22:73:a7:4e:6e:24:e0:bb:2b:
         43:10:04:5c:1f:34:d8:9c:b5:6d:b8:12:fc:84:ba:2e:44:28:
         67:48:5f:97:8d:ad:3d:22:6c:01:c7:6d:4d:b1:ca:28:f0:f5:
         53:98:de:22:7c:0c:9f:70:89:1e:16:4e:82:8b:59:78:db:60:
         7c:9c:0e:38:b9:9b:a7:b6:e1:c1:86:9a:6e:8a:46:dd:25:61:
         da:12:9d:d0:bd:60:45:2c:02:6b:9b:17:9f:da:15:94:5a:3c:
         1b:94:af:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnnfp6Mv8tNU179hU68nplVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDE1MTA1MDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzAyZWNiYzliOWIxNzU0Nzk0NWMxY2Y3ZWIxZDM4MDQ4YTI3NTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuldYnGCGLEuyJiSqM3rjmgK0PUIg
Fcf7WXsuwDVA8wxuGVB/FjG/4q14gXDyZA9tEXhaBzy+vNaPdh+m6Qr+k7xJHui5
a0eb2CC4RYJVOYyqQeHUkES/Hf4mC8nv9YM/SdGI3AMJO0xzrkStVbNi/g9zRwwi
+fI7q8b+Im5x6k9LGGfhhOc3eVSU+wl3C3zasgvn+hcNqUM8uFrtvX1f5+7jdqJP
kCz3A1LVAtFWFVMiReylScfn8DXaZ2us55ni4JSGhC2QB7nccvr02GjbkA8Mmciq
SOg6vbzZ7FcdIY3Jg5z6x1ZYtOULsT8rSMnhyX7KiFI33aILnLCj1DvwhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMC7LybmxdUeUXBz36x04BIonVUMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEva3dMc3ZKdWJGMVI1UmNIUGZySFRnRWlpZFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT692MA0G
CSqGSIb3DQEBCwUAA4IBAQAp0PKoulPbmBsS0Zk7y6nP03puQiaxxKMjUU6fTUtR
FltgAuLnqrKzPO7IvdjC3MGebD96ezL7eC/7BwfJ6GntoVLdoapgvpu9LOXKP14F
9CtUuvuOz4dSUb7Mb0r16nLa/2mcRdT8JebwzsBEbqj1eNcWk/pcF7MuVxCoNF8F
LLeGae8rJIFKz5rIhOJxzayUbBzx0mL9++Yic6dObiTguytDEARcHzTYnLVtuBL8
hLouRChnSF+Xja09ImwBx21Nscoo8PVTmN4ifAyfcIkeFk6Ci1l422B8nA44uZun
tuHBhppuikbdJWHaEp3QvWBFLAJrmxef2hWUWjwblK+L
-----END CERTIFICATE-----