Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/83ee6f-ee83-444b-bdc6-ae44979f81de/1/Ito4OsKdOYk_0Vr5IgYqw7oQP_k.roa
File:                     Ito4OsKdOYk_0Vr5IgYqw7oQP_k.roa (raw, json)
Hash identifier:          t2JFfBVsPDvYQ98nc/aNec9j3fYa1vwbxO3EDDVKTUg=
Subject key identifier:   22:DA:38:3A:C2:9D:39:89:3F:D1:5A:F9:22:06:2A:C3:BA:10:3F:F9
Certificate issuer:       /CN=f8ba41b6ad6e63780ec3f12160e7c4ed0f7469ac
Certificate serial:       0199810093F7A4970584ABC8047A6C0D40BF
Authority key identifier: F8:BA:41:B6:AD:6E:63:78:0E:C3:F1:21:60:E7:C4:ED:0F:74:69:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-LpBtq1uY3gOw_EhYOfE7Q90aaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/83ee6f-ee83-444b-bdc6-ae44979f81de/1/Ito4OsKdOYk_0Vr5IgYqw7oQP_k.roa
Signing time:             Thu 25 Sep 2025 13:12:02 +0000
ROA not before:           Thu 25 Sep 2025 13:12:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198990
IP address blocks:        66.51.96.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/83ee6f-ee83-444b-bdc6-ae44979f81de/1/1-LpBtq1uY3gOw_EhYOfE7Q90aaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/83ee6f-ee83-444b-bdc6-ae44979f81de/1/1-LpBtq1uY3gOw_EhYOfE7Q90aaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-LpBtq1uY3gOw_EhYOfE7Q90aaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:81:00:93:f7:a4:97:05:84:ab:c8:04:7a:6c:0d:40:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8ba41b6ad6e63780ec3f12160e7c4ed0f7469ac
        Validity
            Not Before: Sep 25 13:12:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22da383ac29d39893fd15af922062ac3ba103ff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:1c:51:98:10:42:48:51:2a:d3:a1:8b:0e:7c:
                    d4:9c:13:4e:06:59:67:2e:74:df:6d:5c:75:ca:fe:
                    7b:4d:ec:07:61:8d:60:66:3a:53:0d:b0:34:8e:dc:
                    e7:b3:a3:20:a3:ff:44:f7:80:8d:59:22:32:bb:19:
                    83:3f:c4:77:d6:01:b3:3c:2e:48:ea:ff:24:9d:5d:
                    e0:4a:f8:3a:c8:33:4f:c5:e0:6f:2d:7d:38:e0:d1:
                    61:41:f0:0f:91:a4:43:f8:aa:f9:d8:f5:a2:9a:26:
                    92:1f:d1:81:52:6b:cf:ed:89:78:8e:5b:ed:c2:67:
                    e6:c7:3e:9c:39:2e:51:83:dc:5a:86:25:a2:b7:2b:
                    a0:2e:20:21:5e:7e:a2:68:34:b4:4b:31:ff:f0:dc:
                    fe:b6:31:92:6e:45:02:a0:75:66:b2:c6:d8:91:aa:
                    9b:22:29:d1:e9:b8:43:b0:af:f4:2e:20:6b:22:dd:
                    53:17:15:1f:cf:a1:e6:fd:74:d5:13:fe:df:bc:fa:
                    72:f8:a7:13:77:13:f3:cf:0c:4a:ed:f1:45:af:62:
                    f1:84:4c:95:04:eb:90:a0:e7:3b:c6:aa:ed:a8:13:
                    7f:3d:9d:9d:fa:55:4d:8f:f4:30:6b:d3:0e:cc:47:
                    3b:19:f3:e2:cc:49:e3:39:9d:ca:c2:95:b5:50:bb:
                    41:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:DA:38:3A:C2:9D:39:89:3F:D1:5A:F9:22:06:2A:C3:BA:10:3F:F9
            X509v3 Authority Key Identifier:
                keyid:F8:BA:41:B6:AD:6E:63:78:0E:C3:F1:21:60:E7:C4:ED:0F:74:69:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-LpBtq1uY3gOw_EhYOfE7Q90aaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/83ee6f-ee83-444b-bdc6-ae44979f81de/1/Ito4OsKdOYk_0Vr5IgYqw7oQP_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/83ee6f-ee83-444b-bdc6-ae44979f81de/1/1-LpBtq1uY3gOw_EhYOfE7Q90aaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.51.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:a6:79:0b:62:6e:8b:b4:24:af:cc:28:8b:fd:2e:64:f9:51:
         e7:ed:d0:33:45:80:19:aa:1f:8c:07:18:b1:4b:30:e3:a1:2c:
         35:bd:31:7e:64:e0:40:f3:42:ee:37:55:61:1f:62:18:16:40:
         7a:7f:6c:70:28:27:82:bc:4d:2c:be:54:34:09:d1:21:ff:23:
         a4:2a:2c:3b:11:c8:32:cf:3c:cc:6d:00:96:97:65:a7:8b:38:
         cb:20:ac:69:ad:52:55:b8:64:06:1d:e6:69:91:99:02:1f:4f:
         92:38:9a:02:09:60:c8:e3:a6:40:cc:fe:08:26:22:f1:d2:1d:
         3c:5f:db:05:70:49:f7:c8:1a:9b:4e:ff:1b:a4:29:79:be:cd:
         98:43:87:91:50:f1:f8:4c:80:ba:d1:d5:30:91:59:21:2f:a0:
         3e:75:59:ef:98:ca:43:19:97:da:bf:02:97:bb:3e:3a:a6:b9:
         d7:1d:9d:db:9d:bb:ac:1b:0b:9a:9f:b8:ee:fa:8f:f2:0b:1a:
         bb:c7:5d:7c:fb:cd:b8:d5:70:06:6d:00:94:6b:8f:b8:44:10:
         b3:50:45:70:73:6b:c6:23:c5:18:2f:2b:72:0e:4e:db:4f:fa:
         9f:6b:4f:90:d2:82:de:de:61:9a:77:26:7c:09:00:0c:82:37:
         99:e1:a1:22
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmBAJP3pJcFhKvIBHpsDUC/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YmE0MWI2YWQ2ZTYzNzgwZWMzZjEyMTYwZTdjNGVkMGY3
NDY5YWMwHhcNMjUwOTI1MTMxMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmRhMzgzYWMyOWQzOTg5M2ZkMTVhZjkyMjA2MmFjM2JhMTAzZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hxRmBBCSFEq06GLDnzUnBNOBlln
LnTfbVx1yv57TewHYY1gZjpTDbA0jtzns6Mgo/9E94CNWSIyuxmDP8R31gGzPC5I
6v8knV3gSvg6yDNPxeBvLX044NFhQfAPkaRD+Kr52PWimiaSH9GBUmvP7Yl4jlvt
wmfmxz6cOS5Rg9xahiWityugLiAhXn6iaDS0SzH/8Nz+tjGSbkUCoHVmssbYkaqb
IinR6bhDsK/0LiBrIt1TFxUfz6Hm/XTVE/7fvPpy+KcTdxPzzwxK7fFFr2LxhEyV
BOuQoOc7xqrtqBN/PZ2d+lVNj/Qwa9MOzEc7GfPizEnjOZ3KwpW1ULtB/wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCLaODrCnTmJP9Fa+SIGKsO6ED/5MB8GA1UdIwQY
MBaAFPi6QbatbmN4DsPxIWDnxO0PdGmsMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1McEJ0cTF1WTNnT3dfRWhZT2ZFN1E5MGFhdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzQvODNlZTZmLWVlODMtNDQ0Yi1iZGM2
LWFlNDQ5NzlmODFkZS8xL0l0bzRPc0tkT1lrXzBWcjVJZ1lxdzdvUVBfay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzQvODNlZTZmLWVlODMtNDQ0Yi1iZGM2LWFlNDQ5NzlmODFk
ZS8xLzEtTHBCdHExdVkzZ093X0VoWU9mRTdROTBhYXcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJCM2Aw
DQYJKoZIhvcNAQELBQADggEBAKSmeQtibou0JK/MKIv9LmT5Ueft0DNFgBmqH4wH
GLFLMOOhLDW9MX5k4EDzQu43VWEfYhgWQHp/bHAoJ4K8TSy+VDQJ0SH/I6QqLDsR
yDLPPMxtAJaXZaeLOMsgrGmtUlW4ZAYd5mmRmQIfT5I4mgIJYMjjpkDM/ggmIvHS
HTxf2wVwSffIGptO/xukKXm+zZhDh5FQ8fhMgLrR1TCRWSEvoD51We+YykMZl9q/
Ape7Pjqmudcdndudu6wbC5qfuO76j/ILGrvHXXz7zbjVcAZtAJRrj7hEELNQRXBz
a8YjxRgvK3IOTttP+p9rT5DSgt7eYZp3JnwJAAyCN5nhoSI=
-----END CERTIFICATE-----