Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/1k1uJi06zFolDKDkLKKvi35k2JM.roa
File:                     1k1uJi06zFolDKDkLKKvi35k2JM.roa (raw, json)
Hash identifier:          FlOoYo71s858Sv6ZMqYB1AYn8xpWhGfgkv8prIUZt1k=
Subject key identifier:   D6:4D:6E:26:2D:3A:CC:5A:25:0C:A0:E4:2C:A2:AF:8B:7E:64:D8:93
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       019985D5742F9667D4D1E61BF35BBBD69D33
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/1k1uJi06zFolDKDkLKKvi35k2JM.roa
Signing time:             Fri 26 Sep 2025 11:43:02 +0000
ROA not before:           Fri 26 Sep 2025 11:43:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        194.15.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:d5:74:2f:96:67:d4:d1:e6:1b:f3:5b:bb:d6:9d:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Sep 26 11:43:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d64d6e262d3acc5a250ca0e42ca2af8b7e64d893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:89:96:30:db:3f:c0:51:9e:0f:d5:da:59:ce:
                    de:15:5b:18:56:a7:c6:b0:ff:bf:13:62:c0:ab:f5:
                    75:f6:09:43:1d:00:54:de:e2:50:1d:6f:7b:e8:d8:
                    c4:db:fe:2d:f0:2b:55:4e:8b:4c:78:0e:c1:8b:4b:
                    ea:ef:46:0a:4a:72:cc:ae:94:cb:53:42:d1:d9:7f:
                    fc:84:5e:8a:a5:8e:17:60:07:23:34:17:77:d8:e5:
                    49:be:85:da:4e:8c:26:71:f5:79:47:ea:77:1f:a1:
                    d0:80:b7:c7:de:33:ac:b2:fd:0d:1f:41:0d:02:e8:
                    7c:c0:f6:4b:ee:42:b4:fc:b9:d1:b7:2d:99:24:5b:
                    24:fe:f6:d2:77:65:b1:35:85:41:07:61:8c:5d:43:
                    93:e5:1f:73:b9:4f:d8:cd:c5:cd:ad:69:3f:7a:1a:
                    2a:d4:fa:e7:ee:6f:b7:ed:43:8b:97:bf:db:e1:cd:
                    55:33:d8:79:c3:a7:4d:b7:ff:f1:f7:4c:ce:cc:3b:
                    79:a2:db:ec:7a:06:dc:d3:9c:db:1e:c0:52:bf:51:
                    c8:9a:c1:70:a4:97:d4:9c:29:c9:fb:7d:4f:2c:07:
                    4a:71:67:b4:d6:52:67:e4:b2:fa:8d:8b:ae:84:ae:
                    38:d4:c1:84:00:f4:42:a6:1e:90:54:13:b6:94:9a:
                    7f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:4D:6E:26:2D:3A:CC:5A:25:0C:A0:E4:2C:A2:AF:8B:7E:64:D8:93
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/1k1uJi06zFolDKDkLKKvi35k2JM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:33:c7:20:df:19:95:05:1a:b4:87:88:ca:f1:d8:4b:9a:e4:
         25:ad:a7:eb:ee:dd:2d:c6:b1:63:bb:21:1c:82:65:90:7d:1f:
         e7:49:21:6c:10:64:54:1a:19:b5:a5:90:92:e3:d7:26:d5:47:
         4f:39:7b:37:60:7e:38:9c:c7:51:27:72:4f:7e:22:95:39:7a:
         f8:5e:69:9c:e8:ca:23:5b:98:d6:c9:03:ee:9f:b6:53:57:34:
         70:40:c2:a6:20:12:16:dc:e1:ae:e8:b5:e2:9a:99:9b:99:e6:
         8d:7c:66:cb:9b:5c:0b:e6:73:54:9c:27:79:98:03:24:2a:70:
         82:f9:bb:28:95:3b:ab:48:61:b3:c2:8b:51:55:dc:09:99:ea:
         93:3c:6e:dc:20:58:0d:78:e1:3d:19:57:16:c4:a6:df:b6:6e:
         16:94:b7:78:06:a5:6d:08:c5:f1:11:fd:2e:fa:c9:2c:62:5d:
         e2:f0:7f:68:b1:bd:8e:57:0f:a7:98:9f:fc:4f:c7:e9:b6:da:
         ec:5b:7a:38:26:97:5d:08:84:f4:79:73:69:95:97:c1:49:55:
         c4:23:aa:f4:51:8d:e1:ad:ba:e0:58:d6:b4:25:b7:1b:46:51:
         f2:db:58:a2:a4:0e:70:47:68:85:63:56:62:6e:ef:ba:5b:78:
         73:ac:80:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmF1XQvlmfU0eYb81u71p0zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUwOTI2MTE0MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjRkNmUyNjJkM2FjYzVhMjUwY2EwZTQyY2EyYWY4YjdlNjRkODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAromWMNs/wFGeD9XaWc7eFVsYVqfG
sP+/E2LAq/V19glDHQBU3uJQHW976NjE2/4t8CtVTotMeA7Bi0vq70YKSnLMrpTL
U0LR2X/8hF6KpY4XYAcjNBd32OVJvoXaTowmcfV5R+p3H6HQgLfH3jOssv0NH0EN
Auh8wPZL7kK0/LnRty2ZJFsk/vbSd2WxNYVBB2GMXUOT5R9zuU/YzcXNrWk/ehoq
1Prn7m+37UOLl7/b4c1VM9h5w6dNt//x90zOzDt5otvsegbc05zbHsBSv1HImsFw
pJfUnCnJ+31PLAdKcWe01lJn5LL6jYuuhK441MGEAPRCph6QVBO2lJp/pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZNbiYtOsxaJQyg5Cyir4t+ZNiTMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvMWsxdUppMDZ6Rm9sREtEa0xLS3ZpMzVrMkpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg8hMA0G
CSqGSIb3DQEBCwUAA4IBAQBtM8cg3xmVBRq0h4jK8dhLmuQlrafr7t0txrFjuyEc
gmWQfR/nSSFsEGRUGhm1pZCS49cm1UdPOXs3YH44nMdRJ3JPfiKVOXr4Xmmc6Moj
W5jWyQPun7ZTVzRwQMKmIBIW3OGu6LXimpmbmeaNfGbLm1wL5nNUnCd5mAMkKnCC
+bsolTurSGGzwotRVdwJmeqTPG7cIFgNeOE9GVcWxKbftm4WlLd4BqVtCMXxEf0u
+sksYl3i8H9osb2OVw+nmJ/8T8fpttrsW3o4JpddCIT0eXNplZfBSVXEI6r0UY3h
rbrgWNa0JbcbRlHy21iipA5wR2iFY1Zibu+6W3hzrIBh
-----END CERTIFICATE-----