Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/xvh7O2KbHNYskD_s8o3z61k17vU.roa
File:                     xvh7O2KbHNYskD_s8o3z61k17vU.roa (raw, json)
Hash identifier:          UDblMjVM5xFjaNZK6MvT0dDlKD6za0Uxz0PulsGse+k=
Subject key identifier:   C6:F8:7B:3B:62:9B:1C:D6:2C:90:3F:EC:F2:8D:F3:EB:59:35:EE:F5
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01988409509DB2A9610AB3FD0216F2E3A6FB
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/xvh7O2KbHNYskD_s8o3z61k17vU.roa
Signing time:             Thu 07 Aug 2025 10:17:39 +0000
ROA not before:           Thu 07 Aug 2025 10:17:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        188.255.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:84:09:50:9d:b2:a9:61:0a:b3:fd:02:16:f2:e3:a6:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Aug  7 10:17:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6f87b3b629b1cd62c903fecf28df3eb5935eef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:36:d0:71:3a:7c:9d:6d:de:c4:69:f5:12:fb:
                    b1:ed:b6:cc:2d:b4:83:41:62:2f:d8:7a:c5:2b:fd:
                    87:10:e2:a0:c4:8e:6d:93:b0:8b:cf:a3:ab:86:99:
                    36:0d:3e:62:a9:09:fe:54:de:08:59:fe:52:03:8d:
                    7d:08:2b:5a:8e:4d:e4:44:67:81:0e:35:cb:36:6e:
                    4e:55:28:a0:2e:2f:79:2a:1c:b3:72:82:b1:df:ec:
                    bc:c5:69:38:4f:54:c1:90:80:bf:b1:e9:a7:d8:84:
                    2b:3a:57:92:c8:a6:09:32:8f:02:96:18:da:d0:84:
                    22:73:14:1a:37:dc:57:5b:1a:1f:83:45:7d:2e:d2:
                    2b:b5:ca:68:9b:f5:08:20:01:33:55:08:95:03:7f:
                    45:1d:d7:dc:e3:44:06:f4:53:c1:ae:30:38:e5:be:
                    70:fb:eb:c8:69:fe:55:01:5f:c9:22:cc:46:73:e5:
                    88:0c:78:a2:5f:82:ef:60:bc:19:6a:46:94:6a:89:
                    d9:15:22:5a:02:1d:d9:bf:57:38:64:bf:f2:71:5d:
                    d4:d0:5f:86:ca:1d:2f:8e:08:c3:1d:cd:21:57:3d:
                    65:fe:b3:d2:67:24:26:3c:cc:01:c4:83:cc:33:67:
                    da:dc:df:14:c7:1a:14:2a:7e:53:8d:7d:85:f2:7c:
                    3d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:F8:7B:3B:62:9B:1C:D6:2C:90:3F:EC:F2:8D:F3:EB:59:35:EE:F5
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/xvh7O2KbHNYskD_s8o3z61k17vU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:79:5f:13:f4:0b:c9:df:bc:fb:31:3c:37:b0:c9:1c:75:90:
         d2:34:02:36:97:39:14:e0:a8:70:61:70:5e:c9:3c:c8:5c:da:
         73:7a:dc:07:3c:60:08:f6:f0:1d:0b:b2:ad:0c:35:b3:66:d9:
         06:5e:8f:e4:c3:86:a6:aa:96:70:4a:45:4f:94:8e:78:6f:5b:
         6b:8c:73:cf:24:c7:73:2f:2f:5e:81:2d:93:83:a2:8d:57:f1:
         83:89:85:72:80:65:73:66:dd:d7:49:d3:21:92:57:d7:77:3a:
         b2:9e:c3:81:b7:3b:57:85:09:55:b9:fc:57:e4:38:66:f8:1a:
         f4:ec:65:57:93:09:01:2e:4e:e0:ff:30:18:34:47:da:be:54:
         2f:6e:d4:00:62:a2:f9:b4:7c:f9:02:9e:8b:ef:5f:87:ee:b3:
         b0:71:8c:ff:53:21:e5:13:d5:06:40:36:21:ec:31:5c:47:ea:
         82:ea:41:3a:b4:f5:e5:fa:76:92:68:36:68:24:3f:7b:ec:f8:
         41:8d:c9:aa:80:f5:84:2a:f7:7f:e2:36:22:e3:f8:5f:9b:d2:
         f3:24:5e:08:7c:6d:73:5c:5a:e1:23:56:e2:b5:d2:7a:94:25:
         c7:14:34:c2:e2:a0:4a:91:bc:7a:c4:e5:4f:3b:27:a9:4e:b8:
         56:c6:89:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiECVCdsqlhCrP9Ahby46b7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwODA3MTAxNzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmY4N2IzYjYyOWIxY2Q2MmM5MDNmZWNmMjhkZjNlYjU5MzVlZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozbQcTp8nW3exGn1Evux7bbMLbSD
QWIv2HrFK/2HEOKgxI5tk7CLz6Orhpk2DT5iqQn+VN4IWf5SA419CCtajk3kRGeB
DjXLNm5OVSigLi95KhyzcoKx3+y8xWk4T1TBkIC/semn2IQrOleSyKYJMo8Clhja
0IQicxQaN9xXWxofg0V9LtIrtcpom/UIIAEzVQiVA39FHdfc40QG9FPBrjA45b5w
++vIaf5VAV/JIsxGc+WIDHiiX4LvYLwZakaUaonZFSJaAh3Zv1c4ZL/ycV3U0F+G
yh0vjgjDHc0hVz1l/rPSZyQmPMwBxIPMM2fa3N8UxxoUKn5TjX2F8nw9DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMb4eztimxzWLJA/7PKN8+tZNe71MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEveHZoN08yS2JITllza0RfczhvM3o2MWsxN3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/BMA0G
CSqGSIb3DQEBCwUAA4IBAQBCeV8T9AvJ37z7MTw3sMkcdZDSNAI2lzkU4KhwYXBe
yTzIXNpzetwHPGAI9vAdC7KtDDWzZtkGXo/kw4amqpZwSkVPlI54b1trjHPPJMdz
Ly9egS2Tg6KNV/GDiYVygGVzZt3XSdMhklfXdzqynsOBtztXhQlVufxX5Dhm+Br0
7GVXkwkBLk7g/zAYNEfavlQvbtQAYqL5tHz5Ap6L71+H7rOwcYz/UyHlE9UGQDYh
7DFcR+qC6kE6tPXl+naSaDZoJD977PhBjcmqgPWEKvd/4jYi4/hfm9LzJF4IfG1z
XFrhI1bitdJ6lCXHFDTC4qBKkbx6xOVPOyepTrhWxomd
-----END CERTIFICATE-----