Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/hEDQykrxXLfCPsLT_Uv4AhZry78.roa
File:                     hEDQykrxXLfCPsLT_Uv4AhZry78.roa (raw, json)
Hash identifier:          mRss66ZgEty+8I11/rtsJiwoCbdAIsEfAH5G7NCk4R0=
Subject key identifier:   84:40:D0:CA:4A:F1:5C:B7:C2:3E:C2:D3:FD:4B:F8:02:16:6B:CB:BF
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       0199CA9D6B3E9B02C75386735FF19E60F182
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/hEDQykrxXLfCPsLT_Uv4AhZry78.roa
Signing time:             Thu 09 Oct 2025 20:15:38 +0000
ROA not before:           Thu 09 Oct 2025 20:15:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215898
IP address blocks:        193.106.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ca:9d:6b:3e:9b:02:c7:53:86:73:5f:f1:9e:60:f1:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Oct  9 20:15:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8440d0ca4af15cb7c23ec2d3fd4bf802166bcbbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:49:36:04:d9:d8:3e:5f:e5:76:9a:b6:76:64:
                    7d:42:c3:a1:3f:09:af:ce:49:cf:30:02:94:0e:6a:
                    bd:74:3d:79:50:15:0b:72:3d:63:42:9e:9b:6a:11:
                    cf:65:f8:8d:7e:28:e8:f8:44:20:ee:ef:04:17:7f:
                    a5:83:e7:62:02:b0:d4:16:96:a1:71:16:eb:9a:9e:
                    b7:f5:cb:34:89:b7:30:96:76:30:30:f7:14:a5:8e:
                    2c:a8:59:69:6b:fe:69:e6:b7:a4:50:00:84:74:28:
                    15:c6:32:09:28:ba:b4:4b:ac:bd:de:06:f8:dc:ea:
                    cc:b8:82:b6:9f:80:86:c2:3c:f6:ec:83:3c:01:c6:
                    22:3e:f6:40:9d:b9:5e:0f:d2:c2:75:55:89:7c:4d:
                    7d:2f:fe:b7:00:c5:38:c6:0f:86:12:6d:b3:eb:9f:
                    e8:13:24:d0:cc:da:d4:d3:54:e6:6a:5f:dd:ab:eb:
                    65:33:66:c6:ea:2e:30:9e:7c:a4:3a:29:f9:7b:36:
                    43:a6:4e:d0:6a:cb:b2:53:73:50:02:9f:2e:00:3f:
                    46:67:6e:68:c7:9a:ca:b1:1f:23:7b:79:bd:9d:0b:
                    fb:6f:2a:de:6b:ab:30:c5:06:0b:33:2c:c0:23:20:
                    d5:72:07:76:bb:d6:c5:e1:d5:61:e7:ca:09:d3:b5:
                    84:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:40:D0:CA:4A:F1:5C:B7:C2:3E:C2:D3:FD:4B:F8:02:16:6B:CB:BF
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/hEDQykrxXLfCPsLT_Uv4AhZry78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d5:46:62:04:2f:38:ed:8a:6e:0a:2e:d6:df:f6:e4:21:a1:
         fa:1b:8d:8b:51:9c:86:f0:d9:a0:01:d4:b5:f7:96:b0:d1:65:
         11:f2:a7:28:ea:d3:8f:f4:15:ff:43:52:77:04:b5:d3:af:9b:
         88:86:2c:77:f9:24:aa:1a:5d:33:64:6f:95:5c:e6:4b:2a:a6:
         e9:2c:9f:eb:f8:19:12:4f:d3:04:2e:0b:bd:ea:2e:90:40:33:
         44:1a:70:04:7b:6e:fe:8b:1b:64:9d:11:3d:7c:ef:65:92:92:
         88:b2:37:83:a8:4d:0a:9e:d2:8b:1f:e5:ea:f4:35:21:d7:1f:
         3c:70:a8:ac:bd:40:6a:ac:4b:7b:5b:96:96:78:0d:90:41:71:
         bc:ff:b8:8a:e2:26:83:fb:90:1d:fb:1f:6f:0c:2c:6e:ff:f5:
         fb:8e:6d:c7:d0:00:b7:b4:d8:06:0e:08:43:d4:14:db:04:a9:
         62:97:fa:3d:b4:5c:5c:51:3a:c2:69:67:ab:c0:45:00:b2:d1:
         6a:25:d8:84:47:87:01:33:73:2b:4e:0d:55:a9:2a:26:a2:0d:
         f1:bf:91:c5:1c:ba:cc:15:05:e9:36:e4:1f:4a:9a:33:c4:6e:
         0a:91:6e:5b:61:77:99:87:23:d1:fa:a9:74:70:fb:48:20:b1:
         c4:12:e0:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnKnWs+mwLHU4ZzX/GeYPGCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUxMDA5MjAxNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDQwZDBjYTRhZjE1Y2I3YzIzZWMyZDNmZDRiZjgwMjE2NmJjYmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Uk2BNnYPl/ldpq2dmR9QsOhPwmv
zknPMAKUDmq9dD15UBULcj1jQp6bahHPZfiNfijo+EQg7u8EF3+lg+diArDUFpah
cRbrmp639cs0ibcwlnYwMPcUpY4sqFlpa/5p5rekUACEdCgVxjIJKLq0S6y93gb4
3OrMuIK2n4CGwjz27IM8AcYiPvZAnbleD9LCdVWJfE19L/63AMU4xg+GEm2z65/o
EyTQzNrU01Tmal/dq+tlM2bG6i4wnnykOin5ezZDpk7QasuyU3NQAp8uAD9GZ25o
x5rKsR8je3m9nQv7byrea6swxQYLMyzAIyDVcgd2u9bF4dVh58oJ07WEAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRA0MpK8Vy3wj7C0/1L+AIWa8u/MB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvaEVEUXlrcnhYTGZDUHNMVF9VdjRBaFpyeTc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWrEMA0G
CSqGSIb3DQEBCwUAA4IBAQB81UZiBC847YpuCi7W3/bkIaH6G42LUZyG8NmgAdS1
95aw0WUR8qco6tOP9BX/Q1J3BLXTr5uIhix3+SSqGl0zZG+VXOZLKqbpLJ/r+BkS
T9MELgu96i6QQDNEGnAEe27+ixtknRE9fO9lkpKIsjeDqE0KntKLH+Xq9DUh1x88
cKisvUBqrEt7W5aWeA2QQXG8/7iK4iaD+5Ad+x9vDCxu//X7jm3H0AC3tNgGDghD
1BTbBKlil/o9tFxcUTrCaWerwEUAstFqJdiER4cBM3MrTg1VqSomog3xv5HFHLrM
FQXpNuQfSpozxG4KkW5bYXeZhyPR+ql0cPtIILHEEuCw
-----END CERTIFICATE-----