Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/aO_whLt90j7emxpJJj2cDf7ZJOg.roa
File:                     aO_whLt90j7emxpJJj2cDf7ZJOg.roa (raw, json)
Hash identifier:          p39kDWxY5GmkiU51YIoY0fQ+QLGvMq74UJt/qetIBDg=
Subject key identifier:   68:EF:F0:84:BB:7D:D2:3E:DE:9B:1A:49:26:3D:9C:0D:FE:D9:24:E8
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       01993DCEEEDEBEDFFD620C39D25E558642B1
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/aO_whLt90j7emxpJJj2cDf7ZJOg.roa
Signing time:             Fri 12 Sep 2025 12:03:15 +0000
ROA not before:           Fri 12 Sep 2025 12:03:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201135
IP address blocks:        216.163.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:ce:ee:de:be:df:fd:62:0c:39:d2:5e:55:86:42:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Sep 12 12:03:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68eff084bb7dd23ede9b1a49263d9c0dfed924e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:92:f2:f3:dd:89:4b:57:81:6a:0f:ae:2a:3b:
                    dc:97:5f:28:71:a9:49:31:df:04:d7:38:ce:a8:4a:
                    f7:e0:32:bb:2c:56:f1:2b:a2:75:02:6e:ff:c2:47:
                    ba:33:95:b6:41:a9:73:c0:24:ae:00:56:92:a3:b7:
                    67:ea:bd:d1:b4:6d:fb:8a:e8:9d:1f:ac:35:af:13:
                    08:db:bb:f5:5f:0b:ad:3c:a1:ca:c4:c3:93:65:43:
                    d1:44:ca:7c:b2:8f:a9:47:17:e8:22:4a:9f:8b:f5:
                    e1:a7:d4:6a:ea:ea:fe:d6:e2:8c:09:8c:4a:72:c0:
                    52:21:fc:09:4b:5e:af:0f:2d:12:64:b4:54:86:d8:
                    05:af:f2:54:bf:59:7d:5f:7c:65:2c:f5:c2:3f:a2:
                    f2:ef:a3:a7:d9:86:f4:8a:35:6c:a8:7e:2d:6b:43:
                    e4:78:b2:2f:a9:d7:8d:42:4c:bf:c3:75:e6:4c:47:
                    16:27:c7:ef:40:60:02:7a:11:88:90:cb:8a:c6:8f:
                    7a:70:f7:c7:aa:83:7d:25:b0:66:3d:68:9b:e2:a0:
                    f7:c3:8b:49:03:d2:97:09:45:4e:1d:98:f3:a0:24:
                    ca:8c:11:7b:1b:4e:bc:0c:5a:fa:8c:58:57:31:08:
                    f1:6a:e3:3b:eb:a9:9e:ae:c5:73:c8:58:1d:04:21:
                    e2:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:EF:F0:84:BB:7D:D2:3E:DE:9B:1A:49:26:3D:9C:0D:FE:D9:24:E8
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/aO_whLt90j7emxpJJj2cDf7ZJOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.163.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:bb:04:88:0d:2b:30:11:9a:05:78:8e:88:74:b4:eb:bf:ea:
         69:ad:08:b6:af:ce:55:de:b1:db:ce:54:11:99:49:e7:78:79:
         74:2c:60:b0:7b:c9:47:48:26:6e:51:1e:29:65:6b:13:57:af:
         03:f6:d4:c6:f8:ec:23:d3:e4:84:05:db:85:1d:82:b8:93:d6:
         1c:ad:93:6c:84:7e:6d:bf:28:48:55:8c:55:58:dd:06:fc:bc:
         e0:e4:c8:f6:63:5f:17:a3:3b:e6:9c:44:b3:53:21:9c:66:ee:
         a4:a2:a8:d3:56:de:99:a1:51:41:a5:06:aa:05:25:e1:9b:b6:
         38:f0:01:a9:80:4e:49:f1:b2:64:8c:78:cb:d9:b9:8b:75:81:
         b4:c3:f1:a4:d4:8d:fe:54:ce:1f:d5:4d:ed:3a:a5:4f:f6:16:
         35:8e:66:fe:af:ee:69:6d:ec:39:fe:92:a8:64:5a:a5:b9:78:
         8f:60:0f:e5:8a:a0:dc:77:59:7f:30:91:8b:5f:3e:36:aa:1b:
         73:e2:27:1e:c4:33:a3:81:7c:aa:93:49:a2:98:af:0c:06:5e:
         1f:0b:46:50:8e:ad:b8:cc:76:8d:89:45:f5:4f:3d:c0:1c:96:
         5c:e3:cb:e3:5c:22:c6:8d:34:21:a7:e0:f9:6a:28:cd:c2:78:
         dc:dc:20:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk9zu7evt/9Ygw50l5VhkKxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjUwOTEyMTIwMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGVmZjA4NGJiN2RkMjNlZGU5YjFhNDkyNjNkOWMwZGZlZDkyNGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ZLy892JS1eBag+uKjvcl18ocalJ
Md8E1zjOqEr34DK7LFbxK6J1Am7/wke6M5W2QalzwCSuAFaSo7dn6r3RtG37iuid
H6w1rxMI27v1XwutPKHKxMOTZUPRRMp8so+pRxfoIkqfi/Xhp9Rq6ur+1uKMCYxK
csBSIfwJS16vDy0SZLRUhtgFr/JUv1l9X3xlLPXCP6Ly76On2Yb0ijVsqH4ta0Pk
eLIvqdeNQky/w3XmTEcWJ8fvQGACehGIkMuKxo96cPfHqoN9JbBmPWib4qD3w4tJ
A9KXCUVOHZjzoCTKjBF7G068DFr6jFhXMQjxauM766mersVzyFgdBCHiswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjv8IS7fdI+3psaSSY9nA3+2SToMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvYU9fd2hMdDkwajdlbXhwSkpqMmNEZjdaSk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2KOxMA0G
CSqGSIb3DQEBCwUAA4IBAQCHuwSIDSswEZoFeI6IdLTrv+pprQi2r85V3rHbzlQR
mUnneHl0LGCwe8lHSCZuUR4pZWsTV68D9tTG+Owj0+SEBduFHYK4k9YcrZNshH5t
vyhIVYxVWN0G/Lzg5Mj2Y18XozvmnESzUyGcZu6koqjTVt6ZoVFBpQaqBSXhm7Y4
8AGpgE5J8bJkjHjL2bmLdYG0w/Gk1I3+VM4f1U3tOqVP9hY1jmb+r+5pbew5/pKo
ZFqluXiPYA/liqDcd1l/MJGLXz42qhtz4icexDOjgXyqk0mimK8MBl4fC0ZQjq24
zHaNiUX1Tz3AHJZc48vjXCLGjTQhp+D5aijNwnjc3CC+
-----END CERTIFICATE-----