Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/a82b65-8565-4f86-bbe8-b370084a27f7/1/Cn6tsbojoXV2BW1l6UM2MQ_UsAU.roa
File:                     Cn6tsbojoXV2BW1l6UM2MQ_UsAU.roa (raw, json)
Hash identifier:          EoHXyDjKAGRNBxff2RnAuxXKuvRoyOY/m2/oz9BIZOY=
Subject key identifier:   0A:7E:AD:B1:BA:23:A1:75:76:05:6D:65:E9:43:36:31:0F:D4:B0:05
Certificate issuer:       /CN=e8cfabb2b5d78ff9fbbdc1e37dd37b6fc34f11d9
Certificate serial:       019968DB422D3B5B14218F31D0EED99297E1
Authority key identifier: E8:CF:AB:B2:B5:D7:8F:F9:FB:BD:C1:E3:7D:D3:7B:6F:C3:4F:11:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6M-rsrXXj_n7vcHjfdN7b8NPEdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/a82b65-8565-4f86-bbe8-b370084a27f7/1/Cn6tsbojoXV2BW1l6UM2MQ_UsAU.roa
Signing time:             Sat 20 Sep 2025 20:40:23 +0000
ROA not before:           Sat 20 Sep 2025 20:40:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205186
IP address blocks:        194.164.179.0/24 maxlen: 24
                          2a01:f680:30::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/a82b65-8565-4f86-bbe8-b370084a27f7/1/6M-rsrXXj_n7vcHjfdN7b8NPEdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/a82b65-8565-4f86-bbe8-b370084a27f7/1/6M-rsrXXj_n7vcHjfdN7b8NPEdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6M-rsrXXj_n7vcHjfdN7b8NPEdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:68:db:42:2d:3b:5b:14:21:8f:31:d0:ee:d9:92:97:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8cfabb2b5d78ff9fbbdc1e37dd37b6fc34f11d9
        Validity
            Not Before: Sep 20 20:40:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a7eadb1ba23a17576056d65e94336310fd4b005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:80:9c:bb:a6:b6:1e:cd:ef:d7:18:a9:0b:cc:
                    a2:94:dd:f0:b3:d2:fa:8a:57:06:e8:a0:d2:5d:28:
                    e5:1d:8d:f9:f8:92:31:0d:38:e3:1e:ad:a8:51:28:
                    9f:4d:81:27:53:b4:4d:74:da:31:b7:3e:3f:da:4e:
                    8a:5f:c3:7c:89:bf:49:44:aa:49:27:ae:35:65:8e:
                    fe:44:77:64:72:2e:2e:aa:61:e9:3e:ec:f1:91:46:
                    b6:64:40:c1:55:8c:85:9d:01:14:3d:4d:f8:a7:01:
                    38:23:7d:ac:f8:ac:c1:8d:6f:12:49:a1:d9:89:14:
                    09:42:74:49:f5:e6:b2:3d:4b:fd:56:25:71:ee:e9:
                    be:b5:a7:95:5d:02:b3:c4:13:1b:8d:77:4c:c0:04:
                    20:19:b4:e2:55:af:cb:c5:bc:49:03:c3:c2:d6:66:
                    b9:7e:bd:20:b6:31:41:dd:81:98:6c:b7:4c:ba:1e:
                    1f:4f:b4:d7:22:47:94:03:ad:d3:f0:a0:0a:f0:c5:
                    e2:fa:dc:0e:81:cd:06:07:e0:09:57:a1:44:2d:89:
                    9b:65:ee:35:b8:e1:9a:36:d0:25:b0:8a:4b:04:2e:
                    41:4e:18:38:ed:7c:bc:77:65:20:a9:0d:c6:37:8e:
                    21:89:82:89:71:db:69:c7:db:75:1e:40:7e:80:1e:
                    eb:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:7E:AD:B1:BA:23:A1:75:76:05:6D:65:E9:43:36:31:0F:D4:B0:05
            X509v3 Authority Key Identifier:
                keyid:E8:CF:AB:B2:B5:D7:8F:F9:FB:BD:C1:E3:7D:D3:7B:6F:C3:4F:11:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6M-rsrXXj_n7vcHjfdN7b8NPEdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/a82b65-8565-4f86-bbe8-b370084a27f7/1/Cn6tsbojoXV2BW1l6UM2MQ_UsAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/a82b65-8565-4f86-bbe8-b370084a27f7/1/6M-rsrXXj_n7vcHjfdN7b8NPEdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.164.179.0/24
                IPv6:
                  2a01:f680:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:10:d9:12:15:0c:7a:58:3e:8d:5b:04:e1:43:07:cb:3e:24:
         a2:1b:1d:8d:60:f7:b0:5b:aa:87:86:71:82:a3:84:c7:61:b4:
         49:a3:10:a2:9a:34:bd:4a:2a:36:87:96:df:c3:e6:fd:76:a4:
         32:e2:6a:9c:21:64:8b:bf:c8:2c:0e:3f:93:ce:07:44:ab:ff:
         c2:a9:36:01:c0:b7:17:bc:9a:d6:1a:88:a7:c1:90:4f:40:79:
         43:0f:27:78:14:a8:4d:e4:e3:96:6c:27:5c:df:43:9d:6f:69:
         cf:26:96:53:a9:bb:a6:f1:cc:e1:c0:71:76:60:55:3b:64:e7:
         5d:02:24:3d:a7:62:d2:b0:84:6e:9c:88:2b:f3:98:7d:9c:66:
         1e:28:f5:de:c9:10:19:5b:39:8d:0d:37:eb:61:bc:26:58:43:
         0d:23:0a:9f:a8:af:fc:36:20:42:29:68:39:fa:4b:3a:cc:4a:
         5d:64:eb:3e:5c:ba:93:77:f0:f7:60:43:5e:3e:e7:e5:e3:fc:
         1b:9c:0b:b9:1a:ec:86:7d:7b:8a:f6:55:7e:74:6b:f5:9a:4e:
         13:5f:c8:10:59:81:0d:ba:42:ef:06:f2:c2:9d:d7:fe:db:30:
         61:c9:0c:fd:3a:17:e3:01:cc:ca:6c:22:95:f5:a7:4b:1a:44:
         cd:4c:fd:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZlo20ItO1sUIY8x0O7ZkpfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4Y2ZhYmIyYjVkNzhmZjlmYmJkYzFlMzdkZDM3YjZmYzM0
ZjExZDkwHhcNMjUwOTIwMjA0MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTdlYWRiMWJhMjNhMTc1NzYwNTZkNjVlOTQzMzYzMTBmZDRiMDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnICcu6a2Hs3v1xipC8yilN3ws9L6
ilcG6KDSXSjlHY35+JIxDTjjHq2oUSifTYEnU7RNdNoxtz4/2k6KX8N8ib9JRKpJ
J641ZY7+RHdkci4uqmHpPuzxkUa2ZEDBVYyFnQEUPU34pwE4I32s+KzBjW8SSaHZ
iRQJQnRJ9eayPUv9ViVx7um+taeVXQKzxBMbjXdMwAQgGbTiVa/LxbxJA8PC1ma5
fr0gtjFB3YGYbLdMuh4fT7TXIkeUA63T8KAK8MXi+twOgc0GB+AJV6FELYmbZe41
uOGaNtAlsIpLBC5BThg47Xy8d2UgqQ3GN44hiYKJcdtpx9t1HkB+gB7rwwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAp+rbG6I6F1dgVtZelDNjEP1LAFMB8GA1UdIwQY
MBaAFOjPq7K114/5+73B433Te2/DTxHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk0tcnNyWFhqX243dmNIamZkTjdiOE5QRWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9hODJiNjUtODU2NS00Zjg2LWJiZTgt
YjM3MDA4NGEyN2Y3LzEvQ242dHNib2pvWFYyQlcxbDZVTTJNUV9Vc0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9hODJiNjUtODU2NS00Zjg2LWJiZTgtYjM3MDA4NGEyN2Y3
LzEvNk0tcnNyWFhqX243dmNIamZkTjdiOE5QRWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwqSzMA8E
AgACMAkDBwAqAfaAADAwDQYJKoZIhvcNAQELBQADggEBAJcQ2RIVDHpYPo1bBOFD
B8s+JKIbHY1g97BbqoeGcYKjhMdhtEmjEKKaNL1KKjaHlt/D5v12pDLiapwhZIu/
yCwOP5POB0Sr/8KpNgHAtxe8mtYaiKfBkE9AeUMPJ3gUqE3k45ZsJ1zfQ51vac8m
llOpu6bxzOHAcXZgVTtk510CJD2nYtKwhG6ciCvzmH2cZh4o9d7JEBlbOY0NN+th
vCZYQw0jCp+or/w2IEIpaDn6SzrMSl1k6z5cupN38PdgQ14+5+Xj/BucC7ka7IZ9
e4r2VX50a/WaThNfyBBZgQ26Qu8G8sKd1/7bMGHJDP06F+MBzMpsIpX1p0saRM1M
/QI=
-----END CERTIFICATE-----