Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Fpr8Bk1Hacsvd206OfMbTgyGD0g.roa
File:                     Fpr8Bk1Hacsvd206OfMbTgyGD0g.roa (raw, json)
Hash identifier:          Nb5IHlzd1ha8TZGNHZckJAByvwgx/hENNugY7EJ4vIk=
Subject key identifier:   16:9A:FC:06:4D:47:69:CB:2F:77:6D:3A:39:F3:1B:4E:0C:86:0F:48
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0199EDD14570449314EF71D010609D4E7C80
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Fpr8Bk1Hacsvd206OfMbTgyGD0g.roa
Signing time:             Thu 16 Oct 2025 16:18:59 +0000
ROA not before:           Thu 16 Oct 2025 16:18:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        193.111.4.0/24 maxlen: 24
                          193.111.5.0/24 maxlen: 24
                          193.111.18.0/24 maxlen: 24
                          193.111.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ed:d1:45:70:44:93:14:ef:71:d0:10:60:9d:4e:7c:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct 16 16:18:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=169afc064d4769cb2f776d3a39f31b4e0c860f48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a3:a7:db:83:fa:24:92:6b:0c:49:1a:4a:92:
                    a4:84:f4:65:ed:37:2f:2d:a8:02:fb:3c:ca:96:98:
                    e2:6e:e0:32:53:5a:70:ef:15:2b:90:83:af:38:85:
                    5f:4d:bd:5f:7a:bf:f9:ce:2f:f5:0e:62:9c:d7:cb:
                    c4:e2:c4:dc:d8:86:65:ca:0e:a5:9a:c1:1c:81:c7:
                    bb:2b:f1:3e:e5:9c:22:b2:0e:ca:41:c4:af:b0:4b:
                    06:55:03:8a:eb:ed:b9:a5:c7:01:51:a3:6d:ce:61:
                    e6:7d:d1:72:e9:05:c9:e3:d5:82:5b:cc:f6:2a:42:
                    b9:25:5d:8b:85:63:58:74:09:b4:2b:1f:6f:bf:b5:
                    d1:50:1d:41:86:8f:e2:cb:ef:02:be:f9:de:36:b9:
                    30:75:1f:da:a4:ad:8f:8b:bd:fe:41:b0:98:b0:03:
                    4c:b2:91:2f:2b:28:2e:73:e0:57:08:1b:6b:39:ba:
                    4f:b3:23:65:f6:72:bb:e9:3e:1d:af:34:58:b2:39:
                    9c:2b:78:8a:59:4c:41:94:f6:e4:c4:d3:2c:3f:98:
                    11:ab:68:d6:d4:15:f7:f8:c9:aa:5d:2a:b1:bb:44:
                    c5:0b:18:1b:13:13:7c:34:13:7b:0b:52:8a:46:86:
                    07:a2:8f:c4:5b:24:57:03:fd:c2:40:f4:f7:3e:83:
                    2f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:9A:FC:06:4D:47:69:CB:2F:77:6D:3A:39:F3:1B:4E:0C:86:0F:48
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Fpr8Bk1Hacsvd206OfMbTgyGD0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.4.0/23
                  193.111.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:b9:db:44:71:8a:09:45:03:2d:5c:05:6c:20:23:9b:10:25:
         bf:26:fc:a8:f3:91:57:f1:5b:ef:d1:40:d0:c8:6d:39:64:82:
         b5:8a:c2:84:a3:a2:13:9d:46:4d:49:38:05:6f:e1:a3:a4:51:
         8f:7c:60:3c:2f:8c:c8:05:dd:bc:87:86:ac:c5:a3:de:63:a7:
         78:08:3e:8c:d1:e0:b2:82:cc:f4:fa:1e:1b:1b:7a:dc:fc:47:
         cf:c4:ea:85:54:5b:f7:31:7f:bf:d8:94:c4:4e:93:d5:e5:fc:
         84:c3:84:32:95:7c:82:52:ca:e3:68:b2:a8:97:ee:41:1d:35:
         2b:6c:d9:86:98:e7:61:a1:44:09:0f:a9:7d:3a:cc:b3:ee:06:
         b4:89:7e:7b:25:0a:7e:1f:47:4e:aa:3e:70:f5:d6:19:e9:4b:
         18:de:fd:da:b8:ce:4a:84:d1:5f:ea:7d:ae:e5:71:39:2a:c4:
         5d:8b:b0:f7:24:07:0f:98:20:23:f9:ba:69:c0:37:ef:48:bf:
         8b:93:4c:b6:3c:55:f4:20:59:eb:78:96:03:32:35:a8:29:d1:
         1b:f3:2a:ab:6c:3b:52:37:b4:56:ca:f6:7b:63:1a:8a:32:bf:
         65:85:c6:2e:94:09:77:bd:fd:e4:e4:3b:28:f4:81:7a:05:ab:
         b7:f7:05:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnt0UVwRJMU73HQEGCdTnyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMDE2MTYxODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjlhZmMwNjRkNDc2OWNiMmY3NzZkM2EzOWYzMWI0ZTBjODYwZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6On24P6JJJrDEkaSpKkhPRl7Tcv
LagC+zzKlpjibuAyU1pw7xUrkIOvOIVfTb1fer/5zi/1DmKc18vE4sTc2IZlyg6l
msEcgce7K/E+5Zwisg7KQcSvsEsGVQOK6+25pccBUaNtzmHmfdFy6QXJ49WCW8z2
KkK5JV2LhWNYdAm0Kx9vv7XRUB1Bho/iy+8CvvneNrkwdR/apK2Pi73+QbCYsANM
spEvKyguc+BXCBtrObpPsyNl9nK76T4drzRYsjmcK3iKWUxBlPbkxNMsP5gRq2jW
1BX3+MmqXSqxu0TFCxgbExN8NBN7C1KKRoYHoo/EWyRXA/3CQPT3PoMv/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBaa/AZNR2nLL3dtOjnzG04Mhg9IMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvRnByOEJrMUhhY3N2ZDIwNk9mTWJUZ3lHRDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwW8EAwQB
wW8SMA0GCSqGSIb3DQEBCwUAA4IBAQBVudtEcYoJRQMtXAVsICObECW/Jvyo85FX
8Vvv0UDQyG05ZIK1isKEo6ITnUZNSTgFb+GjpFGPfGA8L4zIBd28h4asxaPeY6d4
CD6M0eCygsz0+h4bG3rc/EfPxOqFVFv3MX+/2JTETpPV5fyEw4QylXyCUsrjaLKo
l+5BHTUrbNmGmOdhoUQJD6l9Osyz7ga0iX57JQp+H0dOqj5w9dYZ6UsY3v3auM5K
hNFf6n2u5XE5KsRdi7D3JAcPmCAj+bppwDfvSL+Lk0y2PFX0IFnreJYDMjWoKdEb
8yqrbDtSN7RWyvZ7YxqKMr9lhcYulAl3vf3k5Dso9IF6Bau39wUh
-----END CERTIFICATE-----