Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/eb1JGLGjHk8dUCm22Z9YVbWJfI4.roa
File:                     eb1JGLGjHk8dUCm22Z9YVbWJfI4.roa (raw, json)
Hash identifier:          4dk6LdqYI6h3lwSIwoSI/6KhGYHQ7oiRewrKPkKoR8Q=
Subject key identifier:   79:BD:49:18:B1:A3:1E:4F:1D:50:29:B6:D9:9F:58:55:B5:89:7C:8E
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0199FB3F144D9260AC163FEDB4310185B733
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/eb1JGLGjHk8dUCm22Z9YVbWJfI4.roa
Signing time:             Sun 19 Oct 2025 06:53:59 +0000
ROA not before:           Sun 19 Oct 2025 06:53:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9002
IP address blocks:        82.163.52.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fb:3f:14:4d:92:60:ac:16:3f:ed:b4:31:01:85:b7:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Oct 19 06:53:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79bd4918b1a31e4f1d5029b6d99f5855b5897c8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e9:17:65:11:e2:42:f3:80:2c:c7:85:ea:8c:
                    93:18:32:6c:72:27:d4:74:5f:fa:2f:64:c2:0d:5a:
                    9c:77:9b:74:96:62:5d:da:45:ce:e0:a7:52:9a:98:
                    40:9a:a4:5b:71:d7:72:93:b5:db:b2:36:98:58:df:
                    bc:4b:ce:e2:3b:17:0e:2b:97:b9:0c:0c:ba:a3:f1:
                    b7:18:6a:6e:b6:44:a3:ec:cc:c6:3a:5c:e9:f4:03:
                    79:3d:20:36:27:22:1e:0e:91:e6:08:15:d6:a1:81:
                    84:6d:ee:f7:9d:9f:84:c7:c7:28:61:fe:56:c1:a4:
                    df:cc:84:50:90:ec:c1:73:f7:a5:b2:f1:41:93:3f:
                    35:fd:1f:79:7a:7d:9b:56:a4:f4:b7:01:d3:79:2b:
                    ed:f6:5a:3b:3c:67:44:b9:38:c9:74:e0:17:5e:6a:
                    63:7e:61:9c:e1:db:a2:e2:9b:32:fc:f4:85:6a:c6:
                    81:ef:db:ff:cf:c1:f0:32:41:da:3c:38:c4:7a:ec:
                    3f:e7:5b:cf:b8:86:28:04:ba:fb:b6:50:3f:99:28:
                    26:22:6b:b8:9a:3d:ae:72:b5:63:cb:cd:a5:d7:70:
                    c6:33:8a:a8:a7:7c:8e:5c:10:54:a0:59:52:4c:e3:
                    20:98:63:8c:e3:8d:c1:bf:49:3f:93:21:7c:e0:70:
                    3f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:BD:49:18:B1:A3:1E:4F:1D:50:29:B6:D9:9F:58:55:B5:89:7C:8E
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/eb1JGLGjHk8dUCm22Z9YVbWJfI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:ed:82:40:80:2d:ea:a0:41:2e:d6:3b:2d:b1:57:21:d5:33:
         2a:7b:ef:31:66:bb:7f:04:e2:96:2f:c2:be:31:a6:1d:3c:55:
         33:b4:d8:b4:da:c6:9b:43:4c:d6:22:5c:02:72:c6:68:ba:f0:
         a1:2f:53:b3:72:fe:c3:57:79:fb:8d:11:1b:9b:f8:4d:d7:8f:
         a5:84:0b:87:43:b3:c6:aa:49:e7:7c:16:3f:a3:3b:db:02:27:
         e9:5a:67:6a:0d:df:c1:61:07:db:a5:50:3d:e2:5e:ce:28:da:
         31:9b:ce:af:da:04:f1:53:53:13:f8:a9:d2:ea:07:2d:d4:27:
         2d:89:d3:1d:b5:c4:76:d0:cb:6b:e2:ea:78:58:2f:4a:bf:e9:
         9e:1d:7d:15:ea:0c:e6:41:a6:4d:aa:34:4e:81:1a:bd:75:fb:
         e0:3a:f5:78:39:28:93:1a:38:b1:bc:e9:7f:cd:85:cd:ea:21:
         7f:35:02:20:06:98:f9:ca:6a:53:6e:9e:61:08:9f:1c:d7:d6:
         b3:34:0a:b4:1e:52:79:04:9d:87:07:34:59:a2:0d:6f:9e:32:
         9a:e1:25:00:70:d3:e8:e9:69:4b:e2:51:18:9f:51:1c:54:f6:
         cb:03:b5:1a:99:8c:ac:b6:e0:80:67:72:dd:c0:0b:a9:0e:5a:
         b3:7b:a0:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn7PxRNkmCsFj/ttDEBhbczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUxMDE5MDY1MzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWJkNDkxOGIxYTMxZTRmMWQ1MDI5YjZkOTlmNTg1NWI1ODk3YzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOkXZRHiQvOALMeF6oyTGDJscifU
dF/6L2TCDVqcd5t0lmJd2kXO4KdSmphAmqRbcddyk7XbsjaYWN+8S87iOxcOK5e5
DAy6o/G3GGputkSj7MzGOlzp9AN5PSA2JyIeDpHmCBXWoYGEbe73nZ+Ex8coYf5W
waTfzIRQkOzBc/elsvFBkz81/R95en2bVqT0twHTeSvt9lo7PGdEuTjJdOAXXmpj
fmGc4dui4psy/PSFasaB79v/z8HwMkHaPDjEeuw/51vPuIYoBLr7tlA/mSgmImu4
mj2ucrVjy82l13DGM4qop3yOXBBUoFlSTOMgmGOM443Bv0k/kyF84HA/cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHm9SRixox5PHVApttmfWFW1iXyOMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvZWIxSkdMR2pIazhkVUNtMjJaOVlWYldKZkk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUqM0MA0G
CSqGSIb3DQEBCwUAA4IBAQAH7YJAgC3qoEEu1jstsVch1TMqe+8xZrt/BOKWL8K+
MaYdPFUztNi02sabQ0zWIlwCcsZouvChL1Ozcv7DV3n7jREbm/hN14+lhAuHQ7PG
qknnfBY/ozvbAifpWmdqDd/BYQfbpVA94l7OKNoxm86v2gTxU1MT+KnS6gct1Cct
idMdtcR20Mtr4up4WC9Kv+meHX0V6gzmQaZNqjROgRq9dfvgOvV4OSiTGjixvOl/
zYXN6iF/NQIgBpj5ympTbp5hCJ8c19azNAq0HlJ5BJ2HBzRZog1vnjKa4SUAcNPo
6WlL4lEYn1EcVPbLA7UamYystuCAZ3LdwAupDlqze6Ck
-----END CERTIFICATE-----