Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/ffaMH-0hGgHTMNCXX78L-h1LWAo.roa
File:                     ffaMH-0hGgHTMNCXX78L-h1LWAo.roa (raw, json)
Hash identifier:          GyPeNrQVWNT93bYYebXS2jRf00/jNRqVqCrgj4gVPMY=
Subject key identifier:   7D:F6:8C:1F:ED:21:1A:01:D3:30:D0:97:5F:BF:0B:FA:1D:4B:58:0A
Certificate issuer:       /CN=5fbe65ae23f207fa695255f55a907ac1608be094
Certificate serial:       0199BD592C42E76F33C1F3E9954885B1D20A
Authority key identifier: 5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/ffaMH-0hGgHTMNCXX78L-h1LWAo.roa
Signing time:             Tue 07 Oct 2025 06:26:01 +0000
ROA not before:           Tue 07 Oct 2025 06:26:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207333
IP address blocks:        93.188.206.0/24 maxlen: 24
                          193.47.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bd:59:2c:42:e7:6f:33:c1:f3:e9:95:48:85:b1:d2:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fbe65ae23f207fa695255f55a907ac1608be094
        Validity
            Not Before: Oct  7 06:26:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7df68c1fed211a01d330d0975fbf0bfa1d4b580a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:3e:f8:99:6f:09:1a:bb:9b:b0:0c:75:cd:3d:
                    03:48:94:65:f2:16:cf:93:93:74:b3:24:29:b1:d3:
                    04:9b:99:05:bc:4d:11:7a:ec:06:69:09:aa:9c:3d:
                    29:95:2c:43:b0:7c:77:f5:5c:66:70:43:a4:f5:d8:
                    d8:e1:0a:3d:c6:61:d1:9f:0f:50:c9:51:2d:0d:f6:
                    52:09:3f:7c:86:1b:1b:24:77:bd:c0:41:57:fd:71:
                    b7:57:e3:3c:4e:d5:bf:45:20:82:71:58:be:d7:49:
                    dc:6d:da:5f:d0:51:53:2a:e6:2d:bb:f8:1f:77:f5:
                    1b:15:69:03:72:ba:1c:b7:fd:ad:da:30:c9:42:29:
                    09:b4:7d:f7:28:ed:97:56:82:bc:75:db:c1:86:79:
                    5b:3f:3c:8c:09:b7:24:f3:10:6d:89:bb:63:be:dd:
                    b2:e3:30:c3:e8:fc:c3:bb:cc:36:f9:e6:ad:23:e5:
                    7d:d4:db:b8:b0:56:c1:be:4c:11:bf:87:f0:f5:00:
                    9e:6b:62:7f:44:a3:9d:d2:a6:b8:90:e5:dc:5b:cd:
                    27:fc:40:97:74:8f:a0:22:d5:17:a4:23:b1:eb:25:
                    9d:60:e7:43:a9:c2:3e:3d:fb:4b:81:7c:19:82:50:
                    be:93:90:8a:20:7d:a2:93:3f:3a:00:52:b8:19:ac:
                    d3:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F6:8C:1F:ED:21:1A:01:D3:30:D0:97:5F:BF:0B:FA:1D:4B:58:0A
            X509v3 Authority Key Identifier:
                keyid:5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/ffaMH-0hGgHTMNCXX78L-h1LWAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.188.206.0/24
                  193.47.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:51:48:f8:c7:55:e9:5a:8c:da:74:af:66:0a:15:87:4c:ff:
         44:2b:a8:ba:07:3e:7e:30:1b:d4:fa:22:f3:11:49:55:93:5a:
         2c:07:8c:c4:50:9c:a6:14:00:72:7c:0c:14:80:0e:27:84:78:
         06:13:57:87:51:17:d4:7b:79:00:e1:e7:d5:a1:fe:27:fb:a0:
         a1:f5:75:ed:19:3c:cb:38:9a:7b:16:e2:e8:fe:ce:ae:91:33:
         4f:4c:21:e3:e9:82:c4:e0:8d:19:bc:42:e0:09:1f:54:c4:e1:
         d1:5b:31:85:d7:f4:ed:84:47:73:77:be:97:c5:b4:de:4f:83:
         cc:a7:08:16:35:06:0a:56:9f:44:55:6a:c4:10:75:45:27:29:
         ad:70:19:a8:db:75:d4:41:3f:93:fe:60:f2:de:68:f0:72:fe:
         8d:59:0a:7d:8f:1a:98:bd:10:b6:77:45:38:ff:15:02:a8:a9:
         df:17:d7:31:ff:01:58:a2:62:94:38:2f:7d:c3:b1:60:5d:87:
         c4:fa:52:2d:be:68:f1:a8:4e:42:d1:df:d7:ec:ed:6d:96:74:
         cb:f3:76:3b:f1:cc:ea:ee:70:d1:4d:b9:d1:0c:35:2b:4e:59:
         03:70:23:b6:9a:eb:85:e5:78:ab:c9:a7:9e:02:85:aa:75:ed:
         09:01:4f:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm9WSxC528zwfPplUiFsdIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmU2NWFlMjNmMjA3ZmE2OTUyNTVmNTVhOTA3YWMxNjA4
YmUwOTQwHhcNMjUxMDA3MDYyNjAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGY2OGMxZmVkMjExYTAxZDMzMGQwOTc1ZmJmMGJmYTFkNGI1ODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7D74mW8JGrubsAx1zT0DSJRl8hbP
k5N0syQpsdMEm5kFvE0ReuwGaQmqnD0plSxDsHx39VxmcEOk9djY4Qo9xmHRnw9Q
yVEtDfZSCT98hhsbJHe9wEFX/XG3V+M8TtW/RSCCcVi+10ncbdpf0FFTKuYtu/gf
d/UbFWkDcroct/2t2jDJQikJtH33KO2XVoK8ddvBhnlbPzyMCbck8xBtibtjvt2y
4zDD6PzDu8w2+eatI+V91Nu4sFbBvkwRv4fw9QCea2J/RKOd0qa4kOXcW80n/ECX
dI+gItUXpCOx6yWdYOdDqcI+PftLgXwZglC+k5CKIH2ikz86AFK4GazTLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH32jB/tIRoB0zDQl1+/C/odS1gKMB8GA1UdIwQY
MBaAFF++Za4j8gf6aVJV9VqQesFgi+CUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUt
NDkyYWIzNzI2ODlkLzEvZmZhTUgtMGhHZ0hUTU5DWFg3OEwtaDFMV0FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUtNDkyYWIzNzI2ODlk
LzEvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXbzOAwQA
wS8rMA0GCSqGSIb3DQEBCwUAA4IBAQCKUUj4x1XpWozadK9mChWHTP9EK6i6Bz5+
MBvU+iLzEUlVk1osB4zEUJymFAByfAwUgA4nhHgGE1eHURfUe3kA4efVof4n+6Ch
9XXtGTzLOJp7FuLo/s6ukTNPTCHj6YLE4I0ZvELgCR9UxOHRWzGF1/TthEdzd76X
xbTeT4PMpwgWNQYKVp9EVWrEEHVFJymtcBmo23XUQT+T/mDy3mjwcv6NWQp9jxqY
vRC2d0U4/xUCqKnfF9cx/wFYomKUOC99w7FgXYfE+lItvmjxqE5C0d/X7O1tlnTL
83Y78czq7nDRTbnRDDUrTlkDcCO2muuF5XiryaeeAoWqde0JAU8p
-----END CERTIFICATE-----