Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/Ok6NAKJyDsxny6Pu8sgaLOPK-4Q.roa
File:                     Ok6NAKJyDsxny6Pu8sgaLOPK-4Q.roa (raw, json)
Hash identifier:          AjljfyyHOKD+CNGB+VnvlFrpChVnBPt40RoW2b77ukE=
Subject key identifier:   3A:4E:8D:00:A2:72:0E:CC:67:CB:A3:EE:F2:C8:1A:2C:E3:CA:FB:84
Certificate issuer:       /CN=1e74df4ad48ff211a0635b37f037977819cd4276
Certificate serial:       0199CDB72D1795904E153A295AD3551DB631
Authority key identifier: 1E:74:DF:4A:D4:8F:F2:11:A0:63:5B:37:F0:37:97:78:19:CD:42:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HnTfStSP8hGgY1s38DeXeBnNQnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/Ok6NAKJyDsxny6Pu8sgaLOPK-4Q.roa
Signing time:             Fri 10 Oct 2025 10:42:37 +0000
ROA not before:           Fri 10 Oct 2025 10:42:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        85.119.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/HnTfStSP8hGgY1s38DeXeBnNQnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/HnTfStSP8hGgY1s38DeXeBnNQnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HnTfStSP8hGgY1s38DeXeBnNQnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:b7:2d:17:95:90:4e:15:3a:29:5a:d3:55:1d:b6:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e74df4ad48ff211a0635b37f037977819cd4276
        Validity
            Not Before: Oct 10 10:42:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a4e8d00a2720ecc67cba3eef2c81a2ce3cafb84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f9:b5:f9:c7:76:eb:64:04:5c:7b:75:f4:7a:
                    62:7e:de:79:59:2c:13:f7:63:25:80:ac:64:67:64:
                    45:63:d0:15:78:58:47:be:35:94:94:c5:a8:2a:01:
                    06:53:c1:a7:7d:2e:db:f1:87:f9:97:ab:40:b5:d1:
                    c6:cf:0d:34:29:b9:f8:11:e9:5d:47:56:1a:99:06:
                    85:ee:e3:2e:d6:e7:94:a1:dd:65:98:7f:5c:59:42:
                    3f:d2:ca:8a:61:16:6f:b7:5f:f0:22:a9:35:2b:29:
                    c6:26:e6:eb:79:db:aa:c1:f6:59:24:c9:d9:78:7b:
                    6e:03:89:21:bc:80:82:94:fc:38:e0:7a:13:7b:19:
                    13:53:61:fd:dd:e0:0f:30:76:8f:6f:d9:d9:5a:e1:
                    8e:84:15:fa:36:b6:bb:bd:52:54:cb:3d:09:2e:63:
                    0b:05:2d:58:1a:20:40:00:92:de:63:55:38:64:72:
                    7f:4e:ad:61:f2:7d:6d:1b:b9:08:09:bd:db:a3:b1:
                    a9:57:59:dc:da:1d:1d:3a:44:e1:64:95:08:21:f9:
                    fa:82:a4:23:21:c5:a9:91:03:37:0a:b8:b8:ac:d4:
                    20:b7:38:5e:e4:13:0a:f8:8f:f8:2b:ba:5f:5f:68:
                    51:69:b7:29:8d:ac:83:b1:5e:1d:10:0d:ba:ce:2a:
                    87:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:4E:8D:00:A2:72:0E:CC:67:CB:A3:EE:F2:C8:1A:2C:E3:CA:FB:84
            X509v3 Authority Key Identifier:
                keyid:1E:74:DF:4A:D4:8F:F2:11:A0:63:5B:37:F0:37:97:78:19:CD:42:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HnTfStSP8hGgY1s38DeXeBnNQnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/Ok6NAKJyDsxny6Pu8sgaLOPK-4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/HnTfStSP8hGgY1s38DeXeBnNQnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.119.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:02:23:af:46:a6:9e:18:ad:27:1a:97:af:b7:52:52:92:34:
         75:94:5f:cd:4c:b7:f0:f8:b5:58:22:41:6c:b4:57:64:ab:db:
         00:98:92:73:31:91:31:17:bd:d4:95:66:fa:9a:05:1b:a7:31:
         17:dd:4e:34:95:46:9b:26:6c:0f:6d:d2:5a:a7:be:e3:06:bb:
         b2:bc:ca:6a:5d:79:b5:e5:7a:f3:63:b5:c3:83:ab:f5:73:9c:
         78:10:0d:ca:21:0b:15:58:ff:8b:e2:67:a4:96:f3:8e:8d:a2:
         4b:0c:6b:4b:2c:16:ab:82:64:1e:d7:4a:af:7e:23:65:7b:1b:
         98:21:31:eb:8f:c1:22:e8:5f:b0:a0:ec:dd:26:10:10:d6:ed:
         81:23:3f:84:6c:7f:5c:6c:1b:45:9f:35:d3:ed:d5:78:38:93:
         35:37:1e:9e:ba:94:f6:f0:4c:a9:c3:ba:c1:e8:50:75:42:d0:
         23:ac:2e:d7:0f:65:d4:c9:bc:49:cb:f9:28:72:71:7c:9f:a4:
         b6:78:5f:71:08:50:1a:19:3f:f9:a3:ae:1d:ae:03:b6:7d:5a:
         02:45:b9:8e:d9:44:12:19:e6:21:88:51:11:f1:be:ed:1e:3e:
         f1:e7:2b:bf:0e:7d:06:de:37:48:4d:3e:25:fc:45:ed:f0:54:
         9a:bc:ca:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnNty0XlZBOFTopWtNVHbYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNzRkZjRhZDQ4ZmYyMTFhMDYzNWIzN2YwMzc5Nzc4MTlj
ZDQyNzYwHhcNMjUxMDEwMTA0MjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTRlOGQwMGEyNzIwZWNjNjdjYmEzZWVmMmM4MWEyY2UzY2FmYjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vm1+cd262QEXHt19Hpift55WSwT
92MlgKxkZ2RFY9AVeFhHvjWUlMWoKgEGU8GnfS7b8Yf5l6tAtdHGzw00Kbn4Eeld
R1YamQaF7uMu1ueUod1lmH9cWUI/0sqKYRZvt1/wIqk1KynGJubreduqwfZZJMnZ
eHtuA4khvICClPw44HoTexkTU2H93eAPMHaPb9nZWuGOhBX6Nra7vVJUyz0JLmML
BS1YGiBAAJLeY1U4ZHJ/Tq1h8n1tG7kICb3bo7GpV1nc2h0dOkThZJUIIfn6gqQj
IcWpkQM3Cri4rNQgtzhe5BMK+I/4K7pfX2hRabcpjayDsV4dEA26ziqHUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpOjQCicg7MZ8uj7vLIGizjyvuEMB8GA1UdIwQY
MBaAFB5030rUj/IRoGNbN/A3l3gZzUJ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG5UZlN0U1A4aEdnWTFzMzhEZVhlQm5OUW5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8wMTBlOTUtNDliNy00ZWRkLThkMGQt
Mzk1ZDRlZWM4MzFlLzEvT2s2TkFLSnlEc3hueTZQdThzZ2FMT1BLLTRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8wMTBlOTUtNDliNy00ZWRkLThkMGQtMzk1ZDRlZWM4MzFl
LzEvSG5UZlN0U1A4aEdnWTFzMzhEZVhlQm5OUW5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXcvMA0G
CSqGSIb3DQEBCwUAA4IBAQDHAiOvRqaeGK0nGpevt1JSkjR1lF/NTLfw+LVYIkFs
tFdkq9sAmJJzMZExF73UlWb6mgUbpzEX3U40lUabJmwPbdJap77jBruyvMpqXXm1
5XrzY7XDg6v1c5x4EA3KIQsVWP+L4meklvOOjaJLDGtLLBargmQe10qvfiNlexuY
ITHrj8Ei6F+woOzdJhAQ1u2BIz+EbH9cbBtFnzXT7dV4OJM1Nx6eupT28Eypw7rB
6FB1QtAjrC7XD2XUybxJy/kocnF8n6S2eF9xCFAaGT/5o64drgO2fVoCRbmO2UQS
GeYhiFER8b7tHj7x5yu/Dn0G3jdITT4l/EXt8FSavMqE
-----END CERTIFICATE-----