Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/4VbWJVNiMGPo_kQuPLRCvD3mIqs.roa
File:                     4VbWJVNiMGPo_kQuPLRCvD3mIqs.roa (raw, json)
Hash identifier:          Q1EDGWxO124hc6aCjobmLg6QYopu1SoqLikDIBWxFXQ=
Subject key identifier:   E1:56:D6:25:53:62:30:63:E8:FE:44:2E:3C:B4:42:BC:3D:E6:22:AB
Certificate issuer:       /CN=ec65f246bfc1ea8fc386c86dd49fbaa8d88c4881
Certificate serial:       0197AFEF43390E17876435BEC5D585F132AC
Authority key identifier: EC:65:F2:46:BF:C1:EA:8F:C3:86:C8:6D:D4:9F:BA:A8:D8:8C:48:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/4VbWJVNiMGPo_kQuPLRCvD3mIqs.roa
Signing time:             Fri 27 Jun 2025 05:49:42 +0000
ROA not before:           Fri 27 Jun 2025 05:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60223
IP address blocks:        193.9.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:af:ef:43:39:0e:17:87:64:35:be:c5:d5:85:f1:32:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec65f246bfc1ea8fc386c86dd49fbaa8d88c4881
        Validity
            Not Before: Jun 27 05:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e156d62553623063e8fe442e3cb442bc3de622ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:29:31:c4:8a:21:e5:ab:44:c8:20:7f:43:bd:
                    33:f5:36:2d:a5:7d:d5:3d:c9:64:e2:bd:1c:d4:09:
                    6a:52:cd:d8:50:7d:9f:e8:dc:1e:ba:a4:c6:81:e8:
                    de:31:54:4c:c9:0c:fe:fc:39:f1:52:30:6e:84:56:
                    e4:e5:94:f5:2f:de:5b:66:3c:69:8c:db:68:8c:8f:
                    aa:a9:db:28:11:cc:73:6a:5a:b3:8c:b6:2d:26:d9:
                    a1:e3:62:cc:cb:fd:6c:88:33:0c:ce:6c:85:bd:90:
                    53:4d:65:85:4c:fd:75:80:a0:58:f1:97:a3:dc:4d:
                    3b:34:c0:34:b1:6c:c8:75:0c:c8:f4:c8:c8:13:41:
                    a3:ba:89:4b:ef:36:87:5f:ee:7c:66:97:ca:bc:95:
                    68:97:4c:4b:21:69:65:b4:8b:67:10:63:30:d3:07:
                    63:1c:fc:99:6a:63:cd:39:1a:2f:31:b4:1b:1d:ae:
                    1f:ef:4b:00:52:b9:96:1e:23:cb:89:0f:a2:9a:59:
                    62:93:ce:af:94:27:93:d4:b1:5f:d4:0f:7c:2c:eb:
                    c2:0e:0c:6b:f5:2a:68:9b:28:5d:fa:e0:d9:1f:04:
                    d2:ba:ca:49:e7:70:8e:9a:a7:6a:df:5a:f4:3c:7b:
                    69:3e:7c:c7:48:bf:02:87:aa:40:91:cd:4a:5f:cf:
                    05:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:56:D6:25:53:62:30:63:E8:FE:44:2E:3C:B4:42:BC:3D:E6:22:AB
            X509v3 Authority Key Identifier:
                keyid:EC:65:F2:46:BF:C1:EA:8F:C3:86:C8:6D:D4:9F:BA:A8:D8:8C:48:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GXyRr_B6o_Dhsht1J-6qNiMSIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/4VbWJVNiMGPo_kQuPLRCvD3mIqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/6f03fd-5217-4e52-a159-781280fd2412/1/7GXyRr_B6o_Dhsht1J-6qNiMSIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:bd:84:fa:d8:d6:d7:92:cc:ff:14:83:72:d3:63:5d:50:a9:
         57:f9:47:95:30:35:04:25:f9:00:eb:92:71:fe:d2:cb:80:c0:
         15:c4:4c:b5:ed:10:c1:43:df:4a:67:e9:b0:84:70:59:9b:21:
         de:b0:74:15:73:24:2a:9b:a8:f1:cc:6b:11:c4:b6:cf:46:5c:
         35:ca:ec:87:a1:7f:6a:5d:8d:f7:4a:ab:02:99:12:48:0c:fe:
         c0:8f:7c:14:d3:fc:6d:2b:37:8b:b5:a1:47:02:a0:98:fa:dd:
         f9:18:cd:b9:01:f1:10:76:5f:35:c8:fe:64:34:9e:ed:ec:7a:
         56:ed:51:55:78:cf:50:a3:ca:5c:9a:38:67:7b:e7:ce:8c:40:
         2c:00:b2:0c:0a:9e:51:34:fd:1d:e6:74:2b:17:2b:cc:8b:ec:
         b4:c8:08:b8:cd:a2:b5:64:4d:84:dc:ed:af:d7:9e:00:63:d0:
         1f:5a:66:a8:28:e0:dc:cb:98:7a:b2:10:8f:d6:86:02:25:0b:
         40:a5:98:07:9f:fd:fb:8e:1c:c8:20:1f:19:ab:1c:84:30:b1:
         37:57:f2:1a:57:05:bf:9d:2f:d9:cf:71:14:cb:a0:d3:0e:62:
         27:4a:0c:e7:02:af:34:78:18:e0:1f:38:f0:c3:ab:9b:c7:08:
         67:1e:9e:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZev70M5DheHZDW+xdWF8TKsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNjVmMjQ2YmZjMWVhOGZjMzg2Yzg2ZGQ0OWZiYWE4ZDg4
YzQ4ODEwHhcNMjUwNjI3MDU0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTU2ZDYyNTUzNjIzMDYzZThmZTQ0MmUzY2I0NDJiYzNkZTYyMmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSkxxIoh5atEyCB/Q70z9TYtpX3V
Pclk4r0c1AlqUs3YUH2f6NweuqTGgejeMVRMyQz+/DnxUjBuhFbk5ZT1L95bZjxp
jNtojI+qqdsoEcxzalqzjLYtJtmh42LMy/1siDMMzmyFvZBTTWWFTP11gKBY8Zej
3E07NMA0sWzIdQzI9MjIE0GjuolL7zaHX+58ZpfKvJVol0xLIWlltItnEGMw0wdj
HPyZamPNORovMbQbHa4f70sAUrmWHiPLiQ+imllik86vlCeT1LFf1A98LOvCDgxr
9Spomyhd+uDZHwTSuspJ53COmqdq31r0PHtpPnzHSL8Ch6pAkc1KX88FEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFW1iVTYjBj6P5ELjy0Qrw95iKrMB8GA1UdIwQY
MBaAFOxl8ka/weqPw4bIbdSfuqjYjEiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0dYeVJyX0I2b19EaHNodDFKLTZxTmlNU0lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82ZjAzZmQtNTIxNy00ZTUyLWExNTkt
NzgxMjgwZmQyNDEyLzEvNFZiV0pWTmlNR1BvX2tRdVBMUkN2RDNtSXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82ZjAzZmQtNTIxNy00ZTUyLWExNTktNzgxMjgwZmQyNDEy
LzEvN0dYeVJyX0I2b19EaHNodDFKLTZxTmlNU0lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQkQMA0G
CSqGSIb3DQEBCwUAA4IBAQBtvYT62NbXksz/FINy02NdUKlX+UeVMDUEJfkA65Jx
/tLLgMAVxEy17RDBQ99KZ+mwhHBZmyHesHQVcyQqm6jxzGsRxLbPRlw1yuyHoX9q
XY33SqsCmRJIDP7Aj3wU0/xtKzeLtaFHAqCY+t35GM25AfEQdl81yP5kNJ7t7HpW
7VFVeM9Qo8pcmjhne+fOjEAsALIMCp5RNP0d5nQrFyvMi+y0yAi4zaK1ZE2E3O2v
154AY9AfWmaoKODcy5h6shCP1oYCJQtApZgHn/37jhzIIB8ZqxyEMLE3V/IaVwW/
nS/Zz3EUy6DTDmInSgznAq80eBjgHzjww6ubxwhnHp4l
-----END CERTIFICATE-----