Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/xqrG1-afUyLJs-76v_kaVff1bzQ.roa
File:                     xqrG1-afUyLJs-76v_kaVff1bzQ.roa (raw, json)
Hash identifier:          qv2oTeJPi+2iZxHlxw+NMd9cTjH6NJtDH3DW5nEIJZc=
Subject key identifier:   C6:AA:C6:D7:E6:9F:53:22:C9:B3:EE:FA:BF:F9:1A:55:F7:F5:6F:34
Certificate issuer:       /CN=ea46963cc479dadbe3c52234ab9fabaa8122d25b
Certificate serial:       0199DDEB6F23772638BC556232356FAF5B72
Authority key identifier: EA:46:96:3C:C4:79:DA:DB:E3:C5:22:34:AB:9F:AB:AA:81:22:D2:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/xqrG1-afUyLJs-76v_kaVff1bzQ.roa
Signing time:             Mon 13 Oct 2025 14:13:38 +0000
ROA not before:           Mon 13 Oct 2025 14:13:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3271
IP address blocks:        193.46.3.0/24 maxlen: 24
                          194.39.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dd:eb:6f:23:77:26:38:bc:55:62:32:35:6f:af:5b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea46963cc479dadbe3c52234ab9fabaa8122d25b
        Validity
            Not Before: Oct 13 14:13:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6aac6d7e69f5322c9b3eefabff91a55f7f56f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3b:62:d6:3f:51:05:1d:62:7f:1b:6c:b5:f1:
                    dd:31:5f:cb:2d:87:3e:14:12:33:5e:5b:30:8c:52:
                    9a:1e:8e:59:cf:90:07:d8:ac:9b:a5:f9:7b:d1:5e:
                    5e:2d:2b:c6:7a:dc:d6:a5:62:7b:fc:1b:0f:c6:71:
                    5f:7c:4e:dd:a0:1f:a8:10:57:0a:53:77:54:ec:4b:
                    99:b9:20:fe:8d:77:00:b9:99:bf:46:75:19:4a:af:
                    cc:3f:b8:26:23:21:62:1a:1a:01:48:1e:75:11:63:
                    eb:24:8a:37:32:67:60:4c:37:71:59:6a:0d:7b:82:
                    33:dc:28:54:5f:d8:d7:ec:5b:1d:4f:68:c3:9d:52:
                    68:4d:e6:e6:45:28:86:f4:20:e4:53:06:42:f0:04:
                    2c:3a:1d:56:66:32:d8:20:91:05:bd:7f:5e:e0:b2:
                    93:83:b4:7e:3b:ed:58:ac:af:71:9f:76:b3:c0:1f:
                    78:65:75:73:37:57:ed:69:a2:15:9a:b0:06:7e:b3:
                    13:62:2e:5a:29:49:f7:fb:17:b8:04:bb:f1:9f:82:
                    c9:4d:b4:f6:b0:98:a2:c0:ac:47:13:db:b5:46:d0:
                    f2:fc:84:9f:f5:e3:b5:d4:c2:a0:b7:8d:17:fc:c3:
                    2b:57:75:36:74:9d:e0:0d:fe:d9:ae:f8:33:f6:df:
                    b2:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:AA:C6:D7:E6:9F:53:22:C9:B3:EE:FA:BF:F9:1A:55:F7:F5:6F:34
            X509v3 Authority Key Identifier:
                keyid:EA:46:96:3C:C4:79:DA:DB:E3:C5:22:34:AB:9F:AB:AA:81:22:D2:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/xqrG1-afUyLJs-76v_kaVff1bzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.3.0/24
                  194.39.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:fe:df:61:1d:a8:62:0b:91:66:ee:71:1c:36:b2:70:71:f8:
         22:ab:68:cb:eb:45:4d:08:a3:f5:eb:4c:19:c6:17:1b:01:0d:
         57:50:2e:6a:18:18:d2:eb:9c:ac:ba:27:48:0e:d9:67:fa:c2:
         56:7f:f8:a7:cb:78:45:4c:e2:d0:d7:3d:bd:51:5e:7b:b1:25:
         ff:d8:e3:8e:17:24:cf:a4:cc:e2:7b:29:d2:e7:25:14:8e:2e:
         51:f7:4f:e1:d9:f3:b0:14:6a:68:f2:d1:d4:d4:0a:70:ad:1e:
         af:c5:dd:98:5e:71:2f:f3:7d:29:6e:21:79:f7:62:f9:49:23:
         29:61:d6:78:d9:95:24:34:90:b7:36:8f:8c:fa:64:aa:55:5e:
         6b:da:7c:17:51:71:48:d1:09:94:1a:e5:a3:8b:f5:6b:1c:16:
         67:8a:81:ba:7d:08:71:c0:e3:a1:14:b1:95:fe:3a:73:53:6f:
         d7:3f:c8:19:93:53:9d:44:21:2a:2a:65:5f:a7:6a:0b:1f:f0:
         eb:42:2f:03:1d:a9:bc:31:fb:69:e0:cf:ee:64:7a:1b:15:8a:
         88:39:8b:40:f1:12:b8:4f:c7:5c:14:ce:16:1c:24:50:38:12:
         87:2e:df:d9:42:63:1d:60:d6:e7:d4:8b:dc:e7:90:01:f9:95:
         10:f6:78:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnd628jdyY4vFViMjVvr1tyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNDY5NjNjYzQ3OWRhZGJlM2M1MjIzNGFiOWZhYmFhODEy
MmQyNWIwHhcNMjUxMDEzMTQxMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmFhYzZkN2U2OWY1MzIyYzliM2VlZmFiZmY5MWE1NWY3ZjU2ZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTti1j9RBR1ifxtstfHdMV/LLYc+
FBIzXlswjFKaHo5Zz5AH2Kybpfl70V5eLSvGetzWpWJ7/BsPxnFffE7doB+oEFcK
U3dU7EuZuSD+jXcAuZm/RnUZSq/MP7gmIyFiGhoBSB51EWPrJIo3MmdgTDdxWWoN
e4Iz3ChUX9jX7FsdT2jDnVJoTebmRSiG9CDkUwZC8AQsOh1WZjLYIJEFvX9e4LKT
g7R+O+1YrK9xn3azwB94ZXVzN1ftaaIVmrAGfrMTYi5aKUn3+xe4BLvxn4LJTbT2
sJiiwKxHE9u1RtDy/ISf9eO11MKgt40X/MMrV3U2dJ3gDf7Zrvgz9t+ygQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMaqxtfmn1MiybPu+r/5GlX39W80MB8GA1UdIwQY
MBaAFOpGljzEedrb48UiNKufq6qBItJbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmthV1BNUjUydHZqeFNJMHE1LXJxb0VpMGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9lODYyZGUtYzQ2Yy00ZjIxLWIzOGUt
ZWI1YmM3ZDk3YWEwLzEveHFyRzEtYWZVeUxKcy03NnZfa2FWZmYxYnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9lODYyZGUtYzQ2Yy00ZjIxLWIzOGUtZWI1YmM3ZDk3YWEw
LzEvNmthV1BNUjUydHZqeFNJMHE1LXJxb0VpMGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwS4DAwQA
wieCMA0GCSqGSIb3DQEBCwUAA4IBAQAL/t9hHahiC5Fm7nEcNrJwcfgiq2jL60VN
CKP160wZxhcbAQ1XUC5qGBjS65ysuidIDtln+sJWf/iny3hFTOLQ1z29UV57sSX/
2OOOFyTPpMzieynS5yUUji5R90/h2fOwFGpo8tHU1ApwrR6vxd2YXnEv830pbiF5
92L5SSMpYdZ42ZUkNJC3No+M+mSqVV5r2nwXUXFI0QmUGuWji/VrHBZnioG6fQhx
wOOhFLGV/jpzU2/XP8gZk1OdRCEqKmVfp2oLH/DrQi8DHam8Mftp4M/uZHobFYqI
OYtA8RK4T8dcFM4WHCRQOBKHLt/ZQmMdYNbn1Ivc55AB+ZUQ9niT
-----END CERTIFICATE-----