Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/rpwes63u5l-fzh9QtF8dj62e05Y.roa
File:                     rpwes63u5l-fzh9QtF8dj62e05Y.roa (raw, json)
Hash identifier:          vKBSmYXSCIselOzDajcpQZs25AiBZGmbgun9F0ytzDA=
Subject key identifier:   AE:9C:1E:B3:AD:EE:E6:5F:9F:CE:1F:50:B4:5F:1D:8F:AD:9E:D3:96
Certificate issuer:       /CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
Certificate serial:       0198A893A24981EF196E8B8FDD4DD17B25E5
Authority key identifier: E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/rpwes63u5l-fzh9QtF8dj62e05Y.roa
Signing time:             Thu 14 Aug 2025 12:35:04 +0000
ROA not before:           Thu 14 Aug 2025 12:35:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        93.113.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:93:a2:49:81:ef:19:6e:8b:8f:dd:4d:d1:7b:25:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
        Validity
            Not Before: Aug 14 12:35:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae9c1eb3adeee65f9fce1f50b45f1d8fad9ed396
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:92:35:fb:93:db:95:3f:70:ca:c3:3d:30:79:
                    88:6f:7c:23:8c:71:30:8c:ca:5d:ab:30:31:cb:e4:
                    99:27:28:86:60:50:6b:29:4f:6a:5f:b6:20:38:82:
                    55:0d:9c:4a:b1:1c:ec:cf:08:b9:79:f5:85:10:20:
                    05:51:53:24:34:c3:d3:7d:12:4d:59:07:4a:c2:19:
                    42:49:83:68:cd:0f:0a:55:33:f1:36:80:db:10:19:
                    55:48:96:d1:52:b9:41:25:83:a6:03:25:d7:84:3b:
                    e7:cb:8d:19:da:f3:ae:51:17:d5:f8:1c:30:f6:e7:
                    b5:5e:dc:5a:6b:1e:ad:ed:d7:94:83:87:c7:97:c9:
                    bd:68:c3:15:47:28:65:a5:63:77:93:0e:fa:c3:12:
                    43:42:9b:18:fa:39:c5:54:64:59:78:a6:b4:94:03:
                    25:d0:71:8a:c1:36:98:94:6e:b7:d8:78:87:0a:56:
                    87:36:89:6a:ed:89:ad:99:76:d2:92:26:87:e0:59:
                    7e:9c:32:4c:84:6c:e1:fa:81:88:8a:fa:4e:de:1f:
                    8a:d0:9b:49:03:dd:d9:93:e4:49:e5:ff:94:2e:17:
                    85:49:33:9f:19:43:2b:d7:5e:65:de:4c:d4:cf:b7:
                    b5:f3:4f:1d:f2:c9:64:6c:a9:82:de:20:75:e9:de:
                    b6:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:9C:1E:B3:AD:EE:E6:5F:9F:CE:1F:50:B4:5F:1D:8F:AD:9E:D3:96
            X509v3 Authority Key Identifier:
                keyid:E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/rpwes63u5l-fzh9QtF8dj62e05Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.113.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:28:14:59:34:34:59:78:4d:49:ef:6b:e8:db:c6:32:5a:20:
         e5:aa:bb:04:a2:44:4d:62:ab:a4:2b:8a:45:ed:32:05:6b:0e:
         b7:60:8c:49:24:49:c0:41:e0:48:53:ef:ea:fc:57:d7:0f:0b:
         a4:97:59:e6:cd:75:94:90:e9:68:d9:84:c3:00:a5:4f:f3:87:
         15:4a:6d:03:8f:86:31:67:93:b0:97:65:c4:85:e1:ce:e2:74:
         6e:c3:67:d6:f4:a1:03:7e:32:20:60:68:fd:a5:00:04:33:07:
         18:e0:6d:ff:ec:74:78:2d:0c:6e:81:c8:bd:62:43:fe:ae:e8:
         a9:08:40:dc:e7:e5:8a:ba:8d:8f:fb:83:b7:c7:0d:2a:b6:56:
         78:2f:80:3d:84:fb:b9:97:30:86:d0:c3:4c:4f:22:3e:03:a1:
         70:d3:11:64:31:96:54:20:fb:aa:c2:61:70:6e:b3:80:9b:c1:
         3a:4f:bc:ab:65:03:b3:92:e3:77:18:7a:9d:82:d8:1a:9f:76:
         c4:6d:0c:35:41:2a:bf:91:4c:78:d3:46:ca:44:4b:d3:5a:b1:
         35:3e:4b:22:cb:d5:bc:e5:44:63:16:25:7a:2a:d6:08:da:36:
         f0:c6:7b:32:37:cc:35:95:ce:41:d3:28:34:bb:9f:fd:3f:d8:
         bb:17:9d:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiok6JJge8ZbouP3U3ReyXlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YjEzMjBmYmMyNGQ2ZjQzNjZjYjY0ZmNmNWVkMmQ3YjFi
NmJkZjcwHhcNMjUwODE0MTIzNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTljMWViM2FkZWVlNjVmOWZjZTFmNTBiNDVmMWQ4ZmFkOWVkMzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5I1+5PblT9wysM9MHmIb3wjjHEw
jMpdqzAxy+SZJyiGYFBrKU9qX7YgOIJVDZxKsRzszwi5efWFECAFUVMkNMPTfRJN
WQdKwhlCSYNozQ8KVTPxNoDbEBlVSJbRUrlBJYOmAyXXhDvny40Z2vOuURfV+Bww
9ue1Xtxaax6t7deUg4fHl8m9aMMVRyhlpWN3kw76wxJDQpsY+jnFVGRZeKa0lAMl
0HGKwTaYlG632HiHClaHNolq7YmtmXbSkiaH4Fl+nDJMhGzh+oGIivpO3h+K0JtJ
A93Zk+RJ5f+ULheFSTOfGUMr115l3kzUz7e1808d8slkbKmC3iB16d62rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6cHrOt7uZfn84fULRfHY+tntOWMB8GA1UdIwQY
MBaAFOmxMg+8JNb0Nmy2T89e0textr33MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUt
ZDNlMjgwMGJkNjQwLzEvcnB3ZXM2M3U1bC1memg5UXRGOGRqNjJlMDVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUtZDNlMjgwMGJkNjQw
LzEvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXH6MA0G
CSqGSIb3DQEBCwUAA4IBAQALKBRZNDRZeE1J72vo28YyWiDlqrsEokRNYqukK4pF
7TIFaw63YIxJJEnAQeBIU+/q/FfXDwukl1nmzXWUkOlo2YTDAKVP84cVSm0Dj4Yx
Z5Owl2XEheHO4nRuw2fW9KEDfjIgYGj9pQAEMwcY4G3/7HR4LQxugci9YkP+ruip
CEDc5+WKuo2P+4O3xw0qtlZ4L4A9hPu5lzCG0MNMTyI+A6Fw0xFkMZZUIPuqwmFw
brOAm8E6T7yrZQOzkuN3GHqdgtgan3bEbQw1QSq/kUx400bKREvTWrE1Pksiy9W8
5URjFiV6KtYI2jbwxnsyN8w1lc5B0yg0u5/9P9i7F52B
-----END CERTIFICATE-----