Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/56fcaf-c2d0-41fa-9e33-f10ad82c8557/1/R3nIJXfkLuuHtzC01LNQ4csbV9c.roa
File:                     R3nIJXfkLuuHtzC01LNQ4csbV9c.roa (raw, json)
Hash identifier:          2UAzqJkEQaJ/zes9bFjleD0zd5Rzn35uxEBaqQdnoYo=
Subject key identifier:   47:79:C8:25:77:E4:2E:EB:87:B7:30:B4:D4:B3:50:E1:CB:1B:57:D7
Certificate issuer:       /CN=6330b14ce74f60a8ea4abb6eaa60ee4470f43a7f
Certificate serial:       0199809CB91F7A9A1B267EFB8054C536F6C2
Authority key identifier: 63:30:B1:4C:E7:4F:60:A8:EA:4A:BB:6E:AA:60:EE:44:70:F4:3A:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzCxTOdPYKjqSrtuqmDuRHD0On8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/56fcaf-c2d0-41fa-9e33-f10ad82c8557/1/R3nIJXfkLuuHtzC01LNQ4csbV9c.roa
Signing time:             Thu 25 Sep 2025 11:22:58 +0000
ROA not before:           Thu 25 Sep 2025 11:22:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41354
IP address blocks:        185.208.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/56fcaf-c2d0-41fa-9e33-f10ad82c8557/1/YzCxTOdPYKjqSrtuqmDuRHD0On8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/56fcaf-c2d0-41fa-9e33-f10ad82c8557/1/YzCxTOdPYKjqSrtuqmDuRHD0On8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzCxTOdPYKjqSrtuqmDuRHD0On8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:80:9c:b9:1f:7a:9a:1b:26:7e:fb:80:54:c5:36:f6:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6330b14ce74f60a8ea4abb6eaa60ee4470f43a7f
        Validity
            Not Before: Sep 25 11:22:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4779c82577e42eeb87b730b4d4b350e1cb1b57d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:58:76:1a:b8:fc:0b:74:d4:ff:84:27:1c:3a:
                    d9:f7:c4:65:f2:89:3d:cd:72:cb:ac:4a:2b:75:99:
                    9d:b4:b3:31:3f:5b:fb:d7:5e:ab:51:6f:4b:57:23:
                    f8:da:59:a4:bd:b4:00:b6:38:1f:57:5e:e1:b4:6e:
                    43:31:13:07:96:9e:40:aa:86:f9:a6:08:af:16:1c:
                    04:33:d9:49:fa:5b:54:28:f8:17:26:db:a9:71:4c:
                    3b:31:47:56:f5:93:20:c4:ce:c0:ab:c6:15:e8:7c:
                    6f:51:56:7b:80:0e:6c:70:7d:fe:fc:31:be:ee:f5:
                    b7:be:7d:15:54:4a:47:07:c8:a4:4a:e9:66:4c:d4:
                    b7:72:54:55:66:64:8c:b6:88:19:05:a1:37:99:bb:
                    0f:9e:1d:49:90:02:dc:f7:ff:69:37:d0:bd:25:a5:
                    7f:91:d2:6e:b9:8a:b2:5d:c4:1f:c4:61:7d:79:4f:
                    06:59:e2:ea:54:a5:16:27:a2:22:18:b2:9a:9b:b3:
                    07:cd:fd:57:f7:e1:a5:ee:4e:7f:d1:4f:cc:b4:e4:
                    cf:da:27:77:fc:ce:37:cf:eb:ec:eb:09:4e:55:ad:
                    06:2f:37:41:57:6e:24:3b:11:23:20:a9:71:76:d9:
                    d0:98:a8:52:f9:f2:32:e8:a2:a5:83:bd:96:ba:9c:
                    28:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:79:C8:25:77:E4:2E:EB:87:B7:30:B4:D4:B3:50:E1:CB:1B:57:D7
            X509v3 Authority Key Identifier:
                keyid:63:30:B1:4C:E7:4F:60:A8:EA:4A:BB:6E:AA:60:EE:44:70:F4:3A:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzCxTOdPYKjqSrtuqmDuRHD0On8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/56fcaf-c2d0-41fa-9e33-f10ad82c8557/1/R3nIJXfkLuuHtzC01LNQ4csbV9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/56fcaf-c2d0-41fa-9e33-f10ad82c8557/1/YzCxTOdPYKjqSrtuqmDuRHD0On8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:5d:ef:d9:6a:97:bd:ff:34:70:5e:27:b4:e5:41:70:45:c6:
         56:f2:30:7f:93:23:e9:86:49:f8:58:16:aa:d2:9d:b0:32:a3:
         62:9f:5e:d4:6a:5d:0f:2d:42:3d:6a:c1:ed:11:7e:5d:20:fd:
         f5:a8:94:53:52:6f:a2:a7:01:83:f6:99:8d:7b:9b:fd:2f:04:
         9d:e7:2c:9c:86:0a:0a:df:03:62:6a:13:c6:ef:ee:28:0a:9f:
         44:00:9d:9f:d4:1f:06:a7:e1:59:17:1b:c7:79:59:43:3e:93:
         82:c6:9c:4e:20:e2:da:24:6c:c8:dc:5e:4c:4c:91:6d:ad:da:
         af:5a:c7:ff:1c:70:7a:fa:e8:c8:65:74:05:0d:70:c1:2d:46:
         8b:2b:84:09:a9:37:a7:33:ef:22:46:1f:1f:af:8e:02:55:1c:
         a4:24:0a:60:0f:b2:ea:8b:5d:4b:61:ab:9e:24:5e:ad:c3:8e:
         83:c5:30:5c:5a:3a:23:fb:5a:19:f4:38:83:7d:8a:76:25:69:
         8b:0a:85:bb:03:fb:7b:fc:83:90:a3:3f:d4:fe:61:96:7a:e7:
         73:a5:ca:99:0c:04:eb:3c:d4:cf:8a:17:f0:eb:ed:01:07:89:
         27:58:be:f3:23:f0:7e:11:f9:83:7e:72:f3:1f:10:56:31:3e:
         19:95:90:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmAnLkfepobJn77gFTFNvbCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzBiMTRjZTc0ZjYwYThlYTRhYmI2ZWFhNjBlZTQ0NzBm
NDNhN2YwHhcNMjUwOTI1MTEyMjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzc5YzgyNTc3ZTQyZWViODdiNzMwYjRkNGIzNTBlMWNiMWI1N2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlh2Grj8C3TU/4QnHDrZ98Rl8ok9
zXLLrEordZmdtLMxP1v7116rUW9LVyP42lmkvbQAtjgfV17htG5DMRMHlp5Aqob5
pgivFhwEM9lJ+ltUKPgXJtupcUw7MUdW9ZMgxM7Aq8YV6HxvUVZ7gA5scH3+/DG+
7vW3vn0VVEpHB8ikSulmTNS3clRVZmSMtogZBaE3mbsPnh1JkALc9/9pN9C9JaV/
kdJuuYqyXcQfxGF9eU8GWeLqVKUWJ6IiGLKam7MHzf1X9+Gl7k5/0U/MtOTP2id3
/M43z+vs6wlOVa0GLzdBV24kOxEjIKlxdtnQmKhS+fIy6KKlg72WupwoZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEd5yCV35C7rh7cwtNSzUOHLG1fXMB8GA1UdIwQY
MBaAFGMwsUznT2Co6kq7bqpg7kRw9Dp/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXpDeFRPZFBZS2pxU3J0dXFtRHVSSEQwT244LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81NmZjYWYtYzJkMC00MWZhLTllMzMt
ZjEwYWQ4MmM4NTU3LzEvUjNuSUpYZmtMdXVIdHpDMDFMTlE0Y3NiVjljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81NmZjYWYtYzJkMC00MWZhLTllMzMtZjEwYWQ4MmM4NTU3
LzEvWXpDeFRPZFBZS2pxU3J0dXFtRHVSSEQwT244LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudDIMA0G
CSqGSIb3DQEBCwUAA4IBAQBVXe/Zape9/zRwXie05UFwRcZW8jB/kyPphkn4WBaq
0p2wMqNin17Ual0PLUI9asHtEX5dIP31qJRTUm+ipwGD9pmNe5v9LwSd5yychgoK
3wNiahPG7+4oCp9EAJ2f1B8Gp+FZFxvHeVlDPpOCxpxOIOLaJGzI3F5MTJFtrdqv
Wsf/HHB6+ujIZXQFDXDBLUaLK4QJqTenM+8iRh8fr44CVRykJApgD7Lqi11LYaue
JF6tw46DxTBcWjoj+1oZ9DiDfYp2JWmLCoW7A/t7/IOQoz/U/mGWeudzpcqZDATr
PNTPihfw6+0BB4knWL7zI/B+EfmDfnLzHxBWMT4ZlZDN
-----END CERTIFICATE-----