Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/t0yBm1hFtLLJBLZuRWFSy1DPMfs.roa
File:                     t0yBm1hFtLLJBLZuRWFSy1DPMfs.roa (raw, json)
Hash identifier:          j8/P6OOBiK4e2CmSebJ2V2wOYlJSy/jx7/iDkS26Tbo=
Subject key identifier:   B7:4C:81:9B:58:45:B4:B2:C9:04:B6:6E:45:61:52:CB:50:CF:31:FB
Certificate issuer:       /CN=d80b565d7736753dbe7f6624bdf1d2bc1896f7c0
Certificate serial:       0199CCF082AE33D1773D421129E7D6FE4B01
Authority key identifier: D8:0B:56:5D:77:36:75:3D:BE:7F:66:24:BD:F1:D2:BC:18:96:F7:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2AtWXXc2dT2-f2YkvfHSvBiW98A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/t0yBm1hFtLLJBLZuRWFSy1DPMfs.roa
Signing time:             Fri 10 Oct 2025 07:05:37 +0000
ROA not before:           Fri 10 Oct 2025 07:05:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        31.210.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/2AtWXXc2dT2-f2YkvfHSvBiW98A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/2AtWXXc2dT2-f2YkvfHSvBiW98A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2AtWXXc2dT2-f2YkvfHSvBiW98A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cc:f0:82:ae:33:d1:77:3d:42:11:29:e7:d6:fe:4b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d80b565d7736753dbe7f6624bdf1d2bc1896f7c0
        Validity
            Not Before: Oct 10 07:05:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b74c819b5845b4b2c904b66e456152cb50cf31fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6e:23:7f:48:a1:d9:7a:12:4b:4d:b2:1e:c0:
                    67:c0:ca:8e:35:33:59:ba:06:90:83:76:e3:f1:de:
                    11:a4:da:61:c5:43:05:aa:7c:97:2d:b8:4b:e1:a6:
                    f7:cc:eb:c0:78:71:e5:1e:36:9d:66:8d:35:ab:38:
                    c2:08:8d:16:d6:7c:fd:3b:c1:b7:d1:0b:c2:4a:47:
                    b3:d5:12:05:88:1b:4a:9d:6a:6b:e8:42:a9:26:be:
                    cc:c1:aa:cc:46:2b:c5:f2:6a:21:cd:46:1f:ea:3f:
                    2b:76:e9:d3:11:3c:a3:0a:f7:87:e6:f3:1a:d3:0d:
                    e3:73:1e:42:79:ce:69:4c:6d:de:29:c9:af:6e:8f:
                    b6:b6:78:d2:69:c7:b3:78:eb:df:7a:b6:ef:8c:de:
                    ff:dd:d2:a2:33:b2:46:28:90:5c:f1:1e:71:97:2f:
                    e6:2d:df:b1:06:3e:50:53:bf:95:d5:22:02:57:8f:
                    9c:49:f7:8d:8a:07:dd:ba:dc:0f:b7:d5:e1:ae:ad:
                    13:90:1e:bd:07:49:5d:3b:3c:0a:77:2d:ef:7f:51:
                    ad:a9:de:6a:11:ee:f8:6b:13:b8:7f:d3:65:29:6a:
                    fe:7e:df:f2:ad:79:2a:d0:83:7f:1d:c6:a9:e4:35:
                    8c:32:1a:bf:f0:9f:84:e1:97:3e:46:fd:d3:1a:a9:
                    c8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:4C:81:9B:58:45:B4:B2:C9:04:B6:6E:45:61:52:CB:50:CF:31:FB
            X509v3 Authority Key Identifier:
                keyid:D8:0B:56:5D:77:36:75:3D:BE:7F:66:24:BD:F1:D2:BC:18:96:F7:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2AtWXXc2dT2-f2YkvfHSvBiW98A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/t0yBm1hFtLLJBLZuRWFSy1DPMfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f76339-1714-403b-9927-23277822fefa/1/2AtWXXc2dT2-f2YkvfHSvBiW98A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:05:b8:a9:eb:71:bc:c2:c7:5b:13:fa:32:b2:36:ed:f4:39:
         6f:45:89:45:db:5b:5f:02:c2:f1:11:88:ca:6f:8b:c2:36:77:
         c3:15:be:67:35:44:ad:17:f3:97:5d:21:2a:e8:8a:fc:de:85:
         33:83:81:e1:0f:de:f1:75:1c:da:e3:87:30:ec:ee:4f:62:b4:
         94:0a:e7:8b:77:35:e9:a1:34:25:9c:b5:98:3c:74:a5:a1:81:
         56:c6:dd:c4:64:0c:9b:49:1c:64:5b:e0:89:d8:57:63:bd:84:
         d1:1b:4c:46:32:44:21:d2:0f:2d:7b:a1:44:ff:00:41:25:fb:
         59:0e:c2:39:cf:5f:84:99:50:e1:05:fb:79:c2:71:69:4e:8b:
         ed:b1:db:ff:02:18:e2:dd:a0:e9:c3:51:47:46:a1:52:8d:6a:
         58:e6:1c:71:62:a8:d3:16:f0:43:e2:f4:8f:09:0e:df:db:69:
         69:27:02:9b:87:c5:16:dd:ed:e3:fe:0c:7b:b5:0b:78:93:8f:
         2a:f8:14:81:91:b7:d8:38:12:97:b4:80:3e:d9:81:69:39:65:
         c9:32:02:3a:79:71:4b:63:5c:38:79:2c:03:f7:74:41:d5:03:
         b6:e6:a3:e7:51:5e:20:04:02:e6:0e:6b:03:bb:ed:66:e5:67:
         fd:c3:17:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnM8IKuM9F3PUIRKefW/ksBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MGI1NjVkNzczNjc1M2RiZTdmNjYyNGJkZjFkMmJjMTg5
NmY3YzAwHhcNMjUxMDEwMDcwNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzRjODE5YjU4NDViNGIyYzkwNGI2NmU0NTYxNTJjYjUwY2YzMWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyW4jf0ih2XoSS02yHsBnwMqONTNZ
ugaQg3bj8d4RpNphxUMFqnyXLbhL4ab3zOvAeHHlHjadZo01qzjCCI0W1nz9O8G3
0QvCSkez1RIFiBtKnWpr6EKpJr7MwarMRivF8mohzUYf6j8rdunTETyjCveH5vMa
0w3jcx5Cec5pTG3eKcmvbo+2tnjSacezeOvferbvjN7/3dKiM7JGKJBc8R5xly/m
Ld+xBj5QU7+V1SICV4+cSfeNigfdutwPt9Xhrq0TkB69B0ldOzwKdy3vf1Gtqd5q
Ee74axO4f9NlKWr+ft/yrXkq0IN/Hcap5DWMMhq/8J+E4Zc+Rv3TGqnIswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdMgZtYRbSyyQS2bkVhUstQzzH7MB8GA1UdIwQY
MBaAFNgLVl13NnU9vn9mJL3x0rwYlvfAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkF0V1hYYzJkVDItZjJZa3ZmSFN2QmlXOThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mNzYzMzktMTcxNC00MDNiLTk5Mjct
MjMyNzc4MjJmZWZhLzEvdDB5Qm0xaEZ0TExKQkxadVJXRlN5MURQTWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mNzYzMzktMTcxNC00MDNiLTk5MjctMjMyNzc4MjJmZWZh
LzEvMkF0V1hYYzJkVDItZjJZa3ZmSFN2QmlXOThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9IRMA0G
CSqGSIb3DQEBCwUAA4IBAQBcBbip63G8wsdbE/oysjbt9DlvRYlF21tfAsLxEYjK
b4vCNnfDFb5nNUStF/OXXSEq6Ir83oUzg4HhD97xdRza44cw7O5PYrSUCueLdzXp
oTQlnLWYPHSloYFWxt3EZAybSRxkW+CJ2FdjvYTRG0xGMkQh0g8te6FE/wBBJftZ
DsI5z1+EmVDhBft5wnFpTovtsdv/Ahji3aDpw1FHRqFSjWpY5hxxYqjTFvBD4vSP
CQ7f22lpJwKbh8UW3e3j/gx7tQt4k48q+BSBkbfYOBKXtIA+2YFpOWXJMgI6eXFL
Y1w4eSwD93RB1QO25qPnUV4gBALmDmsDu+1m5Wf9wxc+
-----END CERTIFICATE-----