Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/Obd0TP3GM2qFhxCeUl776x_wh1g.roa
File:                     Obd0TP3GM2qFhxCeUl776x_wh1g.roa (raw, json)
Hash identifier:          OVSI64PyDEHSWLVlOyHTkwd2XBJdT2kOn3yTEvpf6KI=
Subject key identifier:   39:B7:74:4C:FD:C6:33:6A:85:87:10:9E:52:5E:FB:EB:1F:F0:87:58
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       0199C8AFF28FAEC6EFF4E3DA458DFE423869
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/Obd0TP3GM2qFhxCeUl776x_wh1g.roa
Signing time:             Thu 09 Oct 2025 11:16:38 +0000
ROA not before:           Thu 09 Oct 2025 11:16:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201201
IP address blocks:        89.117.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c8:af:f2:8f:ae:c6:ef:f4:e3:da:45:8d:fe:42:38:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Oct  9 11:16:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39b7744cfdc6336a8587109e525efbeb1ff08758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:50:7c:ff:6f:a7:b7:02:a9:23:14:03:a8:15:
                    e3:80:35:d8:9d:e9:66:59:ad:fe:62:9b:45:46:6a:
                    d4:83:57:03:ba:e3:17:be:16:06:03:89:b2:19:c0:
                    bb:a0:b1:c4:07:16:31:84:3b:b3:a5:d9:d2:48:ab:
                    8a:1c:83:b0:0a:22:e9:ee:c2:a1:b1:9b:72:66:45:
                    f9:2f:1b:c8:c1:57:d3:26:8c:d1:88:9a:f0:43:c0:
                    a9:14:ea:87:e7:b6:13:70:10:89:b1:7c:b9:e4:a0:
                    8d:27:f3:2c:4d:48:bf:2e:06:22:91:e5:dc:60:11:
                    fb:d0:b7:36:7d:ed:db:24:cd:85:ee:27:dc:d4:c4:
                    81:38:a2:f4:55:7d:56:22:bc:a7:4d:5c:54:5e:e6:
                    5b:05:2d:e2:45:99:d5:a6:0a:bf:69:c8:d0:86:3b:
                    d1:61:b5:30:14:c9:11:32:bd:40:53:27:86:f2:0f:
                    11:f4:25:14:81:db:81:1c:89:9c:1d:38:06:1b:f5:
                    97:cd:c7:f3:a3:16:39:34:cf:b9:9d:22:96:94:61:
                    f5:7f:95:03:29:22:9f:9f:03:11:83:96:b1:d7:e8:
                    b9:a8:7e:90:ec:5b:5a:54:bb:68:d1:80:56:52:6c:
                    b9:09:44:98:fb:d3:60:f7:3d:12:be:98:0f:f8:d7:
                    95:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B7:74:4C:FD:C6:33:6A:85:87:10:9E:52:5E:FB:EB:1F:F0:87:58
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/Obd0TP3GM2qFhxCeUl776x_wh1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.117.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:ec:c8:a9:a2:93:a8:b9:30:a0:6d:25:56:1d:2b:3e:1b:c6:
         3f:34:7c:1d:f8:83:58:47:4c:2e:ef:ab:ae:d6:7e:48:98:be:
         fa:0f:d6:bf:fe:07:3a:84:3e:b5:57:3c:6b:2b:11:87:34:5f:
         b8:41:13:25:a7:a1:5c:49:da:2c:56:b4:40:e0:39:8f:de:b7:
         8a:e0:cb:a8:1c:90:84:db:d6:bf:d1:26:62:4c:32:3a:a0:1f:
         9e:89:ba:3e:a9:86:42:b3:c9:49:3b:36:1d:c8:e4:c4:9b:09:
         54:c3:54:96:34:11:3f:9b:0c:f9:2f:31:c1:11:aa:7d:cc:18:
         79:a5:fd:62:8d:62:a4:89:51:5a:80:16:c2:1c:1c:d5:23:5c:
         bd:f3:04:a9:83:f7:2a:57:3e:b2:d3:c0:c9:fe:7b:89:a2:40:
         2c:52:74:5d:35:d0:37:f3:ee:9c:9c:b1:90:7e:c6:6c:05:58:
         88:9b:5e:e6:76:54:90:63:29:79:56:57:05:fe:09:38:38:61:
         e3:8d:2d:6e:81:f0:fb:8b:c3:bf:c8:31:30:28:62:a5:7d:fd:
         86:56:29:72:09:ed:0b:b1:89:64:20:6f:13:b2:ec:c3:dd:de:
         d2:10:cc:3b:fa:e9:26:20:86:8c:4f:27:b7:a5:65:0c:e3:bc:
         e0:73:a5:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnIr/KPrsbv9OPaRY3+QjhpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjUxMDA5MTExNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWI3NzQ0Y2ZkYzYzMzZhODU4NzEwOWU1MjVlZmJlYjFmZjA4NzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1B8/2+ntwKpIxQDqBXjgDXYnelm
Wa3+YptFRmrUg1cDuuMXvhYGA4myGcC7oLHEBxYxhDuzpdnSSKuKHIOwCiLp7sKh
sZtyZkX5LxvIwVfTJozRiJrwQ8CpFOqH57YTcBCJsXy55KCNJ/MsTUi/LgYikeXc
YBH70Lc2fe3bJM2F7ifc1MSBOKL0VX1WIrynTVxUXuZbBS3iRZnVpgq/acjQhjvR
YbUwFMkRMr1AUyeG8g8R9CUUgduBHImcHTgGG/WXzcfzoxY5NM+5nSKWlGH1f5UD
KSKfnwMRg5ax1+i5qH6Q7FtaVLto0YBWUmy5CUSY+9Ng9z0SvpgP+NeV/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDm3dEz9xjNqhYcQnlJe++sf8IdYMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvT2JkMFRQM0dNMnFGaHhDZVVsNzc2eF93aDFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWXXQMA0G
CSqGSIb3DQEBCwUAA4IBAQCR7MipopOouTCgbSVWHSs+G8Y/NHwd+INYR0wu76uu
1n5ImL76D9a//gc6hD61VzxrKxGHNF+4QRMlp6FcSdosVrRA4DmP3reK4MuoHJCE
29a/0SZiTDI6oB+eibo+qYZCs8lJOzYdyOTEmwlUw1SWNBE/mwz5LzHBEap9zBh5
pf1ijWKkiVFagBbCHBzVI1y98wSpg/cqVz6y08DJ/nuJokAsUnRdNdA38+6cnLGQ
fsZsBViIm17mdlSQYyl5VlcF/gk4OGHjjS1ugfD7i8O/yDEwKGKlff2GVilyCe0L
sYlkIG8TsuzD3d7SEMw7+ukmIIaMTye3pWUM47zgc6Wz
-----END CERTIFICATE-----