Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/AgtwmtvxF4N5hFZv6c0Kn9WuSjc.roa
File:                     AgtwmtvxF4N5hFZv6c0Kn9WuSjc.roa (raw, json)
Hash identifier:          FzH8Kt5CwD+ySzmFXho8yF26DYIdDiiJUHfuxiebVjA=
Subject key identifier:   02:0B:70:9A:DB:F1:17:83:79:84:56:6F:E9:CD:0A:9F:D5:AE:4A:37
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       0199C89E8F6DBD75B58119EA3D383A853861
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/AgtwmtvxF4N5hFZv6c0Kn9WuSjc.roa
Signing time:             Thu 09 Oct 2025 10:57:38 +0000
ROA not before:           Thu 09 Oct 2025 10:57:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        93.191.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c8:9e:8f:6d:bd:75:b5:81:19:ea:3d:38:3a:85:38:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Oct  9 10:57:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=020b709adbf117837984566fe9cd0a9fd5ae4a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:44:7e:11:63:a9:2a:41:21:0a:90:0a:84:9a:
                    ed:9a:d0:33:5e:e7:15:3e:39:ae:76:f6:eb:d8:65:
                    06:f2:db:0a:85:da:2a:d2:20:01:e0:15:86:7c:df:
                    af:fb:ec:ce:ed:47:c4:54:77:78:bf:60:fc:fb:e3:
                    66:eb:4c:8e:07:0b:47:b9:87:ac:54:2f:69:15:f1:
                    94:4b:31:cc:fd:a7:97:96:4b:01:27:df:d7:23:10:
                    3e:52:24:e0:86:34:79:aa:7e:4d:41:c0:b2:84:0b:
                    ab:6d:09:ec:14:cf:9b:79:f1:a6:df:c4:8d:ac:d5:
                    13:16:b7:62:ab:4b:13:3f:81:d8:e7:65:bc:f7:80:
                    b0:74:df:c5:64:14:ce:13:2c:a3:36:cc:b6:d0:df:
                    cd:17:9c:48:4f:6c:f1:66:79:d5:e0:9c:b2:e8:5e:
                    56:18:4b:bc:bf:dd:7b:d2:08:7d:21:ca:34:df:1b:
                    39:d8:c9:54:71:5b:ea:19:d8:a5:eb:62:a2:e0:90:
                    5d:14:d4:61:e4:fd:2d:bf:e9:e7:2b:49:5e:5f:d7:
                    fb:54:8c:c6:2b:74:88:b5:6d:b5:c8:c3:8e:36:80:
                    d2:38:6f:5a:f0:a3:be:c5:0a:44:f0:ac:3e:10:7e:
                    84:c4:8b:63:69:87:4c:56:ae:d1:9d:6c:db:85:fa:
                    8e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:0B:70:9A:DB:F1:17:83:79:84:56:6F:E9:CD:0A:9F:D5:AE:4A:37
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/AgtwmtvxF4N5hFZv6c0Kn9WuSjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:7d:d8:e1:74:a8:f9:e1:32:2f:08:8b:10:89:a9:76:6b:92:
         44:71:9e:ad:1b:09:eb:73:60:25:ed:f6:1b:0b:8f:6b:a3:98:
         8c:19:6e:66:7b:00:69:0c:d3:33:a1:d2:35:02:3c:fc:56:a9:
         72:4b:88:25:4d:83:08:d3:20:7c:58:25:66:90:ce:b2:38:89:
         6f:f6:9d:2c:11:a7:8d:36:dc:f3:e9:22:81:a6:83:0e:3e:8d:
         c5:33:6d:5f:96:57:a8:68:6d:cf:83:83:dc:71:05:42:ce:f5:
         8e:da:d3:27:26:f0:8b:d8:ad:94:be:fd:95:ee:26:c4:97:fe:
         8c:b9:d9:8e:df:27:cb:6b:a7:7b:88:b3:5b:9e:bb:fb:c4:b0:
         66:ec:b6:03:18:68:ca:a6:e3:ba:ab:de:55:68:49:56:62:85:
         96:97:47:7e:1f:57:13:7e:a3:a1:5c:ee:0a:77:fa:4d:cd:bf:
         57:7f:80:4e:cf:85:75:52:72:15:1e:f6:68:dc:fb:57:f6:79:
         03:a6:3c:19:cb:a7:c3:78:10:50:38:6f:07:45:a6:10:2a:f1:
         c2:56:26:be:ca:1c:43:4f:7e:92:e4:5f:0a:3a:eb:a2:10:ec:
         c2:be:17:88:ad:5d:d5:7e:ea:bc:86:4a:b1:9c:ec:34:df:44:
         c8:13:70:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnIno9tvXW1gRnqPTg6hThhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUxMDA5MTA1NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjBiNzA5YWRiZjExNzgzNzk4NDU2NmZlOWNkMGE5ZmQ1YWU0YTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0R+EWOpKkEhCpAKhJrtmtAzXucV
Pjmudvbr2GUG8tsKhdoq0iAB4BWGfN+v++zO7UfEVHd4v2D8++Nm60yOBwtHuYes
VC9pFfGUSzHM/aeXlksBJ9/XIxA+UiTghjR5qn5NQcCyhAurbQnsFM+befGm38SN
rNUTFrdiq0sTP4HY52W894CwdN/FZBTOEyyjNsy20N/NF5xIT2zxZnnV4Jyy6F5W
GEu8v9170gh9Ico03xs52MlUcVvqGdil62Ki4JBdFNRh5P0tv+nnK0leX9f7VIzG
K3SItW21yMOONoDSOG9a8KO+xQpE8Kw+EH6ExItjaYdMVq7RnWzbhfqOeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAILcJrb8ReDeYRWb+nNCp/Vrko3MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvQWd0d210dnhGNE41aEZadjZjMEtuOVd1U2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb+qMA0G
CSqGSIb3DQEBCwUAA4IBAQA1fdjhdKj54TIvCIsQial2a5JEcZ6tGwnrc2Al7fYb
C49ro5iMGW5mewBpDNMzodI1Ajz8VqlyS4glTYMI0yB8WCVmkM6yOIlv9p0sEaeN
Ntzz6SKBpoMOPo3FM21flleoaG3Pg4PccQVCzvWO2tMnJvCL2K2Uvv2V7ibEl/6M
udmO3yfLa6d7iLNbnrv7xLBm7LYDGGjKpuO6q95VaElWYoWWl0d+H1cTfqOhXO4K
d/pNzb9Xf4BOz4V1UnIVHvZo3PtX9nkDpjwZy6fDeBBQOG8HRaYQKvHCVia+yhxD
T36S5F8KOuuiEOzCvheIrV3Vfuq8hkqxnOw030TIE3CM
-----END CERTIFICATE-----