Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/c33731-3c52-4c85-9789-bd27afad9c3d/1/AIdhkvHghh0oY4Bo_26XXaHpKGs.roa
File:                     AIdhkvHghh0oY4Bo_26XXaHpKGs.roa (raw, json)
Hash identifier:          1OYUp8CdXRHv9dQxmnoj+je7+ykfhffiZAjyffapZ9I=
Subject key identifier:   00:87:61:92:F1:E0:86:1D:28:63:80:68:FF:6E:97:5D:A1:E9:28:6B
Certificate issuer:       /CN=40e634bdc30c0c4b5f7945f3d041e23505bcd159
Certificate serial:       01997B062370906B587103E58823814BD516
Authority key identifier: 40:E6:34:BD:C3:0C:0C:4B:5F:79:45:F3:D0:41:E2:35:05:BC:D1:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QOY0vcMMDEtfeUXz0EHiNQW80Vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/c33731-3c52-4c85-9789-bd27afad9c3d/1/AIdhkvHghh0oY4Bo_26XXaHpKGs.roa
Signing time:             Wed 24 Sep 2025 09:20:23 +0000
ROA not before:           Wed 24 Sep 2025 09:20:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21420
IP address blocks:        193.109.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/c33731-3c52-4c85-9789-bd27afad9c3d/1/QOY0vcMMDEtfeUXz0EHiNQW80Vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/c33731-3c52-4c85-9789-bd27afad9c3d/1/QOY0vcMMDEtfeUXz0EHiNQW80Vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QOY0vcMMDEtfeUXz0EHiNQW80Vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:06:23:70:90:6b:58:71:03:e5:88:23:81:4b:d5:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40e634bdc30c0c4b5f7945f3d041e23505bcd159
        Validity
            Not Before: Sep 24 09:20:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00876192f1e0861d28638068ff6e975da1e9286b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:11:54:3e:d8:45:60:0d:bf:0c:86:28:68:58:
                    82:4f:92:5c:f3:51:ce:5d:76:3d:57:9b:3b:83:c0:
                    4c:41:e3:f0:8d:c9:bf:b5:19:cb:cd:dc:22:58:e4:
                    25:a4:d3:f2:c4:15:56:4a:78:9d:30:4d:3f:9f:bc:
                    31:c4:e3:e7:95:df:75:eb:fd:fc:6a:58:86:1a:9f:
                    3e:bd:7f:e1:4a:77:1b:4b:03:c9:c4:1a:94:d4:84:
                    b1:db:12:ab:f1:af:0e:04:cd:46:14:9d:93:9c:d5:
                    05:2f:81:fb:ff:e9:bb:0e:2b:8a:81:46:d5:31:19:
                    9a:06:b5:b0:7a:6f:41:2b:50:85:88:90:2a:69:9d:
                    5e:b2:78:bb:a2:9f:71:bc:0a:17:fa:06:58:ce:51:
                    11:f1:29:75:2f:b8:29:f1:94:b9:b5:91:73:a6:76:
                    aa:3c:56:c0:ba:aa:96:d1:79:32:e9:e4:ed:39:31:
                    12:7b:8e:1b:e6:1e:ef:3f:95:87:9a:2f:0d:ce:99:
                    22:07:2e:29:f1:4d:69:f3:4a:06:5e:eb:5a:88:df:
                    25:9d:0a:5a:6e:b6:06:d2:a9:b4:11:62:63:0e:51:
                    ff:59:88:d8:15:5d:2b:23:db:5a:27:a2:01:ec:ed:
                    d4:e2:ad:8d:d4:b5:63:f0:49:01:1f:fd:a2:f2:4f:
                    44:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:87:61:92:F1:E0:86:1D:28:63:80:68:FF:6E:97:5D:A1:E9:28:6B
            X509v3 Authority Key Identifier:
                keyid:40:E6:34:BD:C3:0C:0C:4B:5F:79:45:F3:D0:41:E2:35:05:BC:D1:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QOY0vcMMDEtfeUXz0EHiNQW80Vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/c33731-3c52-4c85-9789-bd27afad9c3d/1/AIdhkvHghh0oY4Bo_26XXaHpKGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/c33731-3c52-4c85-9789-bd27afad9c3d/1/QOY0vcMMDEtfeUXz0EHiNQW80Vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:19:a3:a4:3f:a1:12:3d:f1:34:5f:9c:ae:22:f9:c3:51:5a:
         d3:a1:69:1f:ef:95:53:db:ad:2a:c6:dc:27:c4:05:57:2d:fd:
         03:ee:31:25:0d:32:dd:dc:8a:1e:61:00:6d:93:f2:b6:3f:d7:
         a5:35:9c:d9:1f:c2:e6:a7:9c:ea:ba:ca:59:53:66:3a:01:db:
         34:8b:98:81:be:9a:2d:0e:7c:bf:f4:c4:be:f3:15:08:c1:4b:
         4c:bd:19:5c:03:d4:5f:8c:d3:0e:20:9c:2c:41:44:dd:8b:21:
         ce:3b:ea:3c:b5:12:1e:23:7f:e6:97:fb:4b:a8:bf:7a:1a:46:
         08:bd:2c:9a:6f:af:e1:d3:90:80:54:42:5d:06:ac:87:fc:a4:
         5b:4e:7e:55:39:69:99:98:44:2a:47:dd:8f:05:bd:c4:9a:7e:
         15:88:f9:e5:ec:c4:fb:b8:c3:5b:78:7a:5d:18:90:bf:83:60:
         4f:a4:82:20:b1:3e:9c:e1:52:a7:4d:77:dd:a2:7e:9b:a5:2f:
         9a:7d:e0:97:85:5c:6e:76:e7:bb:3d:df:75:28:4f:50:39:7a:
         a0:86:1a:8f:52:3d:5a:b9:68:6d:6c:4d:2b:6c:9b:32:2a:cf:
         5b:ef:ca:68:b8:54:f8:52:1f:7a:0d:0f:c8:e5:82:d8:e4:c0:
         66:de:21:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl7BiNwkGtYcQPliCOBS9UWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZTYzNGJkYzMwYzBjNGI1Zjc5NDVmM2QwNDFlMjM1MDVi
Y2QxNTkwHhcNMjUwOTI0MDkyMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDg3NjE5MmYxZTA4NjFkMjg2MzgwNjhmZjZlOTc1ZGExZTkyODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRFUPthFYA2/DIYoaFiCT5Jc81HO
XXY9V5s7g8BMQePwjcm/tRnLzdwiWOQlpNPyxBVWSnidME0/n7wxxOPnld916/38
aliGGp8+vX/hSncbSwPJxBqU1ISx2xKr8a8OBM1GFJ2TnNUFL4H7/+m7DiuKgUbV
MRmaBrWwem9BK1CFiJAqaZ1esni7op9xvAoX+gZYzlER8Sl1L7gp8ZS5tZFzpnaq
PFbAuqqW0Xky6eTtOTESe44b5h7vP5WHmi8NzpkiBy4p8U1p80oGXutaiN8lnQpa
brYG0qm0EWJjDlH/WYjYFV0rI9taJ6IB7O3U4q2N1LVj8EkBH/2i8k9EuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFACHYZLx4IYdKGOAaP9ul12h6ShrMB8GA1UdIwQY
MBaAFEDmNL3DDAxLX3lF89BB4jUFvNFZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU9ZMHZjTU1ERXRmZVVYejBFSGlOUVc4MFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9jMzM3MzEtM2M1Mi00Yzg1LTk3ODkt
YmQyN2FmYWQ5YzNkLzEvQUlkaGt2SGdoaDBvWTRCb18yNlhYYUhwS0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9jMzM3MzEtM2M1Mi00Yzg1LTk3ODktYmQyN2FmYWQ5YzNk
LzEvUU9ZMHZjTU1ERXRmZVVYejBFSGlOUVc4MFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW3rMA0G
CSqGSIb3DQEBCwUAA4IBAQBWGaOkP6ESPfE0X5yuIvnDUVrToWkf75VT260qxtwn
xAVXLf0D7jElDTLd3IoeYQBtk/K2P9elNZzZH8Lmp5zquspZU2Y6Ads0i5iBvpot
Dny/9MS+8xUIwUtMvRlcA9RfjNMOIJwsQUTdiyHOO+o8tRIeI3/ml/tLqL96GkYI
vSyab6/h05CAVEJdBqyH/KRbTn5VOWmZmEQqR92PBb3Emn4ViPnl7MT7uMNbeHpd
GJC/g2BPpIIgsT6c4VKnTXfdon6bpS+afeCXhVxudue7Pd91KE9QOXqghhqPUj1a
uWhtbE0rbJsyKs9b78pouFT4Uh96DQ/I5YLY5MBm3iH2
-----END CERTIFICATE-----