Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/blotndsXujJFQcs77tPqI7FJSDM.roa
File:                     blotndsXujJFQcs77tPqI7FJSDM.roa (raw, json)
Hash identifier:          XYRHZLI0onwXuaZIMIZNlDGft7XoUMD1AL2rf5wHfwo=
Subject key identifier:   6E:5A:2D:9D:DB:17:BA:32:45:41:CB:3B:EE:D3:EA:23:B1:49:48:33
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019883D7E1BD64319ACF2EDEBC24F43AA8D1
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/blotndsXujJFQcs77tPqI7FJSDM.roa
Signing time:             Thu 07 Aug 2025 09:23:40 +0000
ROA not before:           Thu 07 Aug 2025 09:23:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152868
IP address blocks:        193.8.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:83:d7:e1:bd:64:31:9a:cf:2e:de:bc:24:f4:3a:a8:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Aug  7 09:23:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e5a2d9ddb17ba324541cb3beed3ea23b1494833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ce:97:e4:03:2f:1e:d5:04:df:17:ca:32:91:
                    38:22:93:90:70:33:fe:52:0a:ed:91:02:fe:5a:da:
                    33:40:1a:e8:6f:58:53:14:a7:3d:05:1c:ce:ec:a5:
                    dc:f5:14:f2:0d:d7:dc:01:74:56:04:4e:0e:19:a8:
                    e0:7b:3b:19:86:64:f6:64:41:85:d1:65:6e:93:9d:
                    02:31:56:b1:be:e4:6b:4f:22:f2:d6:a4:44:c5:fb:
                    0b:76:a7:78:45:a3:81:f0:05:01:a7:16:08:cb:82:
                    1a:41:c8:75:f4:a1:ed:01:c2:da:c3:0a:05:66:bf:
                    f1:96:b1:72:c8:fd:f5:26:87:1c:25:b2:0c:88:f9:
                    e5:2e:9a:49:a9:fb:6e:ae:bc:0f:50:19:72:91:c5:
                    79:3c:59:c7:a8:59:9e:cf:8f:1b:88:e7:96:91:e8:
                    fc:f3:07:1d:f5:8c:53:5b:9d:06:74:47:6f:d0:21:
                    1a:85:08:ff:e1:45:85:54:28:f5:54:a6:86:bc:7b:
                    ac:29:ef:31:d6:c6:83:7b:b6:4e:fb:34:42:30:42:
                    6f:ff:4a:ff:52:bc:11:71:d9:15:ea:c7:9f:52:e3:
                    6b:da:f2:e6:ff:f4:39:41:53:de:59:48:42:29:76:
                    9c:42:31:c8:db:ea:5a:36:43:dc:5b:1f:54:c7:5b:
                    f9:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:5A:2D:9D:DB:17:BA:32:45:41:CB:3B:EE:D3:EA:23:B1:49:48:33
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/blotndsXujJFQcs77tPqI7FJSDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:3f:bd:b5:e1:9a:0b:50:41:03:5a:00:ff:5b:08:49:5f:c7:
         fb:6f:01:b4:38:6d:41:16:3a:8d:20:e4:ea:cc:aa:06:f0:f4:
         65:c8:87:a9:9d:1b:34:35:b5:6c:0f:b4:d6:84:b0:d7:0e:7d:
         0e:a0:3b:43:0a:4b:86:79:97:50:e5:14:03:e6:c1:a8:d8:98:
         62:21:32:7a:2a:96:e9:e8:23:a4:3c:b8:06:e7:30:86:fa:14:
         97:bb:f3:2b:42:82:75:08:f1:13:9b:58:1d:52:ea:10:1d:16:
         7e:45:02:e1:41:e4:ed:8d:76:46:86:86:c0:db:9e:86:a7:f6:
         44:52:c4:2a:6e:d7:65:56:3c:81:59:75:81:1c:69:48:8e:54:
         0d:07:55:30:bc:43:a9:5e:e7:6f:09:20:35:08:6b:c1:43:11:
         87:44:1d:66:88:54:a0:db:44:6f:b2:4b:be:4b:73:14:f8:e7:
         13:c3:09:f6:94:6a:bb:3b:b1:b3:1f:29:a9:a5:29:c4:16:dd:
         fd:10:7e:ca:bf:2d:9b:4c:72:74:54:fb:7f:49:a1:ab:9b:55:
         59:d1:28:78:7a:50:73:2f:2d:88:37:47:7d:79:8c:76:75:41:
         d5:d7:94:e5:84:42:ad:99:1d:b7:09:c7:be:e1:55:d2:26:7f:
         ec:31:49:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiD1+G9ZDGazy7evCT0OqjRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwODA3MDkyMzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTVhMmQ5ZGRiMTdiYTMyNDU0MWNiM2JlZWQzZWEyM2IxNDk0ODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjc6X5AMvHtUE3xfKMpE4IpOQcDP+
UgrtkQL+WtozQBrob1hTFKc9BRzO7KXc9RTyDdfcAXRWBE4OGajgezsZhmT2ZEGF
0WVuk50CMVaxvuRrTyLy1qRExfsLdqd4RaOB8AUBpxYIy4IaQch19KHtAcLawwoF
Zr/xlrFyyP31JoccJbIMiPnlLppJqfturrwPUBlykcV5PFnHqFmez48biOeWkej8
8wcd9YxTW50GdEdv0CEahQj/4UWFVCj1VKaGvHusKe8x1saDe7ZO+zRCMEJv/0r/
UrwRcdkV6sefUuNr2vLm//Q5QVPeWUhCKXacQjHI2+paNkPcWx9Ux1v5UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5aLZ3bF7oyRUHLO+7T6iOxSUgzMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvYmxvdG5kc1h1akpGUWNzNzd0UHFJN0ZKU0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhyMA0G
CSqGSIb3DQEBCwUAA4IBAQBRP7214ZoLUEEDWgD/WwhJX8f7bwG0OG1BFjqNIOTq
zKoG8PRlyIepnRs0NbVsD7TWhLDXDn0OoDtDCkuGeZdQ5RQD5sGo2JhiITJ6Kpbp
6COkPLgG5zCG+hSXu/MrQoJ1CPETm1gdUuoQHRZ+RQLhQeTtjXZGhobA256Gp/ZE
UsQqbtdlVjyBWXWBHGlIjlQNB1UwvEOpXudvCSA1CGvBQxGHRB1miFSg20Rvsku+
S3MU+OcTwwn2lGq7O7GzHymppSnEFt39EH7Kvy2bTHJ0VPt/SaGrm1VZ0Sh4elBz
Ly2IN0d9eYx2dUHV15TlhEKtmR23Cce+4VXSJn/sMUlb
-----END CERTIFICATE-----