Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/F2_wmuIlF_Fr4vPu8BktVcIEbJc.roa
File:                     F2_wmuIlF_Fr4vPu8BktVcIEbJc.roa (raw, json)
Hash identifier:          C0sIjHqlElpVFUnaeluaj4Gkav9vDU7HqpMYLEQ16Xw=
Subject key identifier:   17:6F:F0:9A:E2:25:17:F1:6B:E2:F3:EE:F0:19:2D:55:C2:04:6C:97
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       01977872B60F7D26327C83355C6AA9625B16
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/F2_wmuIlF_Fr4vPu8BktVcIEbJc.roa
Signing time:             Mon 16 Jun 2025 11:14:33 +0000
ROA not before:           Mon 16 Jun 2025 11:14:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48108
IP address blocks:        193.43.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:72:b6:0f:7d:26:32:7c:83:35:5c:6a:a9:62:5b:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jun 16 11:14:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=176ff09ae22517f16be2f3eef0192d55c2046c97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:38:03:e1:63:43:7a:fe:c1:8a:c5:73:63:44:
                    eb:58:26:f1:2a:1b:96:d6:f0:dc:65:dd:86:74:6d:
                    44:fd:4e:b2:11:2e:7d:2c:d8:3b:96:e0:06:06:b6:
                    b8:ab:bb:21:32:74:31:38:0b:01:30:4f:70:be:3d:
                    65:4e:fb:f8:cb:c7:30:96:ba:1e:83:63:a3:19:0d:
                    ac:04:dd:e8:43:03:f5:51:97:d0:05:36:48:e6:7a:
                    a3:fc:5d:75:da:3d:9a:db:43:3e:32:cd:01:f4:e7:
                    13:6b:8d:62:6c:8d:51:86:14:8d:a8:bc:fe:69:b4:
                    85:a9:01:20:77:47:38:2e:dc:96:ce:99:a9:a9:9c:
                    e0:94:b4:8e:b1:d6:44:8f:67:0e:25:55:bf:f2:c7:
                    6f:71:46:5e:77:7c:f4:68:81:47:a6:c4:47:96:5c:
                    91:c2:09:f6:ac:7b:99:ea:ab:bd:5a:fc:9d:85:6b:
                    f2:1a:eb:4c:11:1d:57:4f:f4:cc:95:cd:bf:24:c1:
                    e3:b8:1c:70:1d:df:9f:7b:8a:ea:af:a0:68:e3:e8:
                    e8:31:d0:df:a7:f5:02:1f:f8:80:41:90:a9:2c:76:
                    13:72:5e:ea:28:73:33:04:ee:42:97:0e:26:2a:56:
                    a1:28:83:d9:ed:0e:af:36:81:c7:b3:2d:b4:81:cd:
                    8f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:6F:F0:9A:E2:25:17:F1:6B:E2:F3:EE:F0:19:2D:55:C2:04:6C:97
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/F2_wmuIlF_Fr4vPu8BktVcIEbJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:22:26:b8:e1:c2:5b:f5:ee:a8:05:71:2a:c5:d0:26:a2:2b:
         12:24:5e:65:63:11:f4:bc:f3:ee:57:bb:a7:9b:3f:a5:89:87:
         c3:4a:63:6b:d4:19:27:df:c7:41:31:f5:44:84:40:72:24:bd:
         dc:7a:06:d2:8b:c9:13:c4:0b:52:1d:71:e2:8e:3f:45:62:03:
         5d:24:af:03:47:90:5e:e0:71:45:ed:21:75:f1:c9:76:d7:72:
         aa:33:40:54:4b:8e:50:40:f5:36:47:d2:5c:0d:71:55:2e:a3:
         1a:d1:37:e1:55:e5:ea:ea:0d:52:34:21:32:9e:58:d3:95:1b:
         79:f4:5c:a8:4e:da:0d:bf:70:0d:ef:d2:91:71:a5:e8:23:39:
         2e:e4:6d:ea:c9:9a:6a:ce:e4:68:24:0a:c2:75:32:f7:0e:d0:
         99:45:ea:f3:f5:f0:8e:3c:d9:71:f7:fd:d2:c1:6c:7f:f7:90:
         46:d7:a9:76:00:fe:5d:7d:7f:5b:80:5f:72:10:4a:75:d2:e9:
         4a:59:91:5b:6e:3b:5d:ec:da:e7:22:c7:dd:2c:9a:93:d2:a2:
         83:93:e4:c2:6b:ac:89:78:27:7b:8b:20:fe:b5:86:24:ea:3b:
         d8:f5:1e:d9:ea:bd:85:9c:76:9a:b6:b4:53:23:1c:02:24:41:
         f1:d4:cb:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd4crYPfSYyfIM1XGqpYlsWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwNjE2MTExNDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzZmZjA5YWUyMjUxN2YxNmJlMmYzZWVmMDE5MmQ1NWMyMDQ2Yzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTgD4WNDev7BisVzY0TrWCbxKhuW
1vDcZd2GdG1E/U6yES59LNg7luAGBra4q7shMnQxOAsBME9wvj1lTvv4y8cwlroe
g2OjGQ2sBN3oQwP1UZfQBTZI5nqj/F112j2a20M+Ms0B9OcTa41ibI1RhhSNqLz+
abSFqQEgd0c4LtyWzpmpqZzglLSOsdZEj2cOJVW/8sdvcUZed3z0aIFHpsRHllyR
wgn2rHuZ6qu9WvydhWvyGutMER1XT/TMlc2/JMHjuBxwHd+fe4rqr6Bo4+joMdDf
p/UCH/iAQZCpLHYTcl7qKHMzBO5Clw4mKlahKIPZ7Q6vNoHHsy20gc2PiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdv8JriJRfxa+Lz7vAZLVXCBGyXMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvRjJfd211SWxGX0ZyNHZQdThCa3RWY0lFYkpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSuSMA0G
CSqGSIb3DQEBCwUAA4IBAQAtIia44cJb9e6oBXEqxdAmoisSJF5lYxH0vPPuV7un
mz+liYfDSmNr1Bkn38dBMfVEhEByJL3cegbSi8kTxAtSHXHijj9FYgNdJK8DR5Be
4HFF7SF18cl213KqM0BUS45QQPU2R9JcDXFVLqMa0TfhVeXq6g1SNCEynljTlRt5
9FyoTtoNv3AN79KRcaXoIzku5G3qyZpqzuRoJArCdTL3DtCZRerz9fCOPNlx9/3S
wWx/95BG16l2AP5dfX9bgF9yEEp10ulKWZFbbjtd7NrnIsfdLJqT0qKDk+TCa6yJ
eCd7iyD+tYYk6jvY9R7Z6r2FnHaatrRTIxwCJEHx1MsX
-----END CERTIFICATE-----