Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/d0bcf3-4b21-4161-b82e-79d1a27cd993/1/cBmPaf2oGu0_AMcsbNoq5Hph_V4.roa
File:                     cBmPaf2oGu0_AMcsbNoq5Hph_V4.roa (raw, json)
Hash identifier:          9oqeFK2Tn1tYym9cWphxU57OSdAjV+OS6dUAD4eSIdI=
Subject key identifier:   70:19:8F:69:FD:A8:1A:ED:3F:00:C7:2C:6C:DA:2A:E4:7A:61:FD:5E
Certificate issuer:       /CN=93501077db80d52b16d49f863a61ea41a124bc59
Certificate serial:       01998F6BFBC86BF3A8377DEF51167577FE03
Authority key identifier: 93:50:10:77:DB:80:D5:2B:16:D4:9F:86:3A:61:EA:41:A1:24:BC:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k1AQd9uA1SsW1J-GOmHqQaEkvFk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/d0bcf3-4b21-4161-b82e-79d1a27cd993/1/cBmPaf2oGu0_AMcsbNoq5Hph_V4.roa
Signing time:             Sun 28 Sep 2025 08:24:02 +0000
ROA not before:           Sun 28 Sep 2025 08:24:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44947
IP address blocks:        193.41.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/d0bcf3-4b21-4161-b82e-79d1a27cd993/1/k1AQd9uA1SsW1J-GOmHqQaEkvFk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/d0bcf3-4b21-4161-b82e-79d1a27cd993/1/k1AQd9uA1SsW1J-GOmHqQaEkvFk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k1AQd9uA1SsW1J-GOmHqQaEkvFk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:8f:6b:fb:c8:6b:f3:a8:37:7d:ef:51:16:75:77:fe:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93501077db80d52b16d49f863a61ea41a124bc59
        Validity
            Not Before: Sep 28 08:24:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70198f69fda81aed3f00c72c6cda2ae47a61fd5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:f9:45:a6:f7:dd:05:69:6b:90:04:ab:92:b6:
                    ef:11:c4:f2:5e:20:95:1f:be:af:eb:52:5b:56:61:
                    56:f3:1b:40:ef:fb:ac:9d:23:a1:ad:d4:e4:d6:8c:
                    a7:c3:1e:d1:90:f8:9b:3f:e9:93:b8:38:45:5e:70:
                    51:d9:8f:e2:ef:80:8b:c7:8e:5e:af:ba:65:4b:48:
                    f0:1b:64:0d:0e:d4:fb:63:ab:18:30:2f:9c:77:18:
                    94:f5:53:3a:a5:bc:16:9c:e0:4e:0e:03:bf:79:22:
                    9d:9e:ba:55:d9:6b:8e:08:44:36:02:76:fe:56:22:
                    66:0d:5c:49:0c:91:7b:5b:84:1f:be:69:43:d0:64:
                    92:cf:05:35:40:85:8b:a0:31:07:80:11:b4:ed:41:
                    64:9a:6a:85:a5:67:9f:00:d9:fa:39:3a:64:db:1e:
                    c3:a9:c9:91:86:12:38:6f:24:36:63:fe:0d:2b:ea:
                    fb:98:4d:f1:09:e8:eb:85:65:0f:9b:a6:32:95:01:
                    d2:cb:29:c4:0d:46:21:a6:8c:2c:c4:9d:ac:a9:34:
                    86:10:7b:07:db:aa:3e:ec:9a:b4:1f:3a:75:ba:ea:
                    d8:58:78:d3:b6:eb:8e:ba:2d:9f:5c:3e:2e:b5:d8:
                    5a:f0:d8:e1:14:cb:d3:4b:21:11:f8:ab:78:09:5e:
                    61:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:19:8F:69:FD:A8:1A:ED:3F:00:C7:2C:6C:DA:2A:E4:7A:61:FD:5E
            X509v3 Authority Key Identifier:
                keyid:93:50:10:77:DB:80:D5:2B:16:D4:9F:86:3A:61:EA:41:A1:24:BC:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k1AQd9uA1SsW1J-GOmHqQaEkvFk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/d0bcf3-4b21-4161-b82e-79d1a27cd993/1/cBmPaf2oGu0_AMcsbNoq5Hph_V4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/d0bcf3-4b21-4161-b82e-79d1a27cd993/1/k1AQd9uA1SsW1J-GOmHqQaEkvFk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:ea:09:74:9a:75:49:8a:08:bc:93:2d:59:b8:4e:f9:82:fa:
         3d:ce:66:6d:af:d8:dd:9d:bf:76:5f:64:3b:55:19:34:03:1b:
         92:b0:b7:d0:4f:8b:34:73:74:07:75:64:32:eb:e3:e3:ac:5c:
         9d:ff:65:53:d2:48:73:4e:1d:bc:b6:01:c2:30:35:7d:c7:65:
         fb:1b:eb:13:01:d4:a1:2a:9f:9e:cb:eb:b8:18:90:6c:9d:34:
         0d:0c:cc:0b:7e:bf:fe:9b:a3:d3:f1:39:22:76:fe:9e:5d:d8:
         b7:36:dd:76:70:9e:d6:64:ac:ce:33:31:f8:92:48:09:94:ec:
         c1:b6:9f:15:1e:73:95:a9:e4:37:bb:06:77:1f:51:fd:cb:7a:
         12:3f:31:73:d0:e8:8c:26:bf:44:c1:12:7d:89:8a:82:78:28:
         8f:0d:27:dd:74:70:64:e8:5e:ea:64:df:c2:34:96:6b:37:9c:
         5b:85:9c:ae:d0:6c:90:db:86:0a:3d:38:7e:e6:ec:60:49:94:
         dc:4e:57:f0:1f:e4:2c:5c:01:42:4d:90:98:88:b5:9d:60:64:
         07:10:61:ba:e4:a8:7e:da:a2:f8:48:f2:6c:cc:b2:e1:ba:5d:
         b8:d9:f5:97:48:3d:06:21:b1:ef:2b:b3:b2:cc:cf:44:51:f0:
         02:3c:38:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmPa/vIa/OoN33vURZ1d/4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNTAxMDc3ZGI4MGQ1MmIxNmQ0OWY4NjNhNjFlYTQxYTEy
NGJjNTkwHhcNMjUwOTI4MDgyNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDE5OGY2OWZkYTgxYWVkM2YwMGM3MmM2Y2RhMmFlNDdhNjFmZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/lFpvfdBWlrkASrkrbvEcTyXiCV
H76v61JbVmFW8xtA7/usnSOhrdTk1oynwx7RkPibP+mTuDhFXnBR2Y/i74CLx45e
r7plS0jwG2QNDtT7Y6sYMC+cdxiU9VM6pbwWnOBODgO/eSKdnrpV2WuOCEQ2Anb+
ViJmDVxJDJF7W4QfvmlD0GSSzwU1QIWLoDEHgBG07UFkmmqFpWefANn6OTpk2x7D
qcmRhhI4byQ2Y/4NK+r7mE3xCejrhWUPm6YylQHSyynEDUYhpowsxJ2sqTSGEHsH
26o+7Jq0Hzp1uurYWHjTtuuOui2fXD4utdha8NjhFMvTSyER+Kt4CV5huQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAZj2n9qBrtPwDHLGzaKuR6Yf1eMB8GA1UdIwQY
MBaAFJNQEHfbgNUrFtSfhjph6kGhJLxZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazFBUWQ5dUExU3NXMUotR09tSHFRYUVrdkZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9kMGJjZjMtNGIyMS00MTYxLWI4MmUt
NzlkMWEyN2NkOTkzLzEvY0JtUGFmMm9HdTBfQU1jc2JOb3E1SHBoX1Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9kMGJjZjMtNGIyMS00MTYxLWI4MmUtNzlkMWEyN2NkOTkz
LzEvazFBUWQ5dUExU3NXMUotR09tSHFRYUVrdkZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSnOMA0G
CSqGSIb3DQEBCwUAA4IBAQBS6gl0mnVJigi8ky1ZuE75gvo9zmZtr9jdnb92X2Q7
VRk0AxuSsLfQT4s0c3QHdWQy6+PjrFyd/2VT0khzTh28tgHCMDV9x2X7G+sTAdSh
Kp+ey+u4GJBsnTQNDMwLfr/+m6PT8Tkidv6eXdi3Nt12cJ7WZKzOMzH4kkgJlOzB
tp8VHnOVqeQ3uwZ3H1H9y3oSPzFz0OiMJr9EwRJ9iYqCeCiPDSfddHBk6F7qZN/C
NJZrN5xbhZyu0GyQ24YKPTh+5uxgSZTcTlfwH+QsXAFCTZCYiLWdYGQHEGG65Kh+
2qL4SPJszLLhul242fWXSD0GIbHvK7OyzM9EUfACPDi1
-----END CERTIFICATE-----