Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/6fJjIO572rRtTzs1Q7jirr0rogU.roa
File:                     6fJjIO572rRtTzs1Q7jirr0rogU.roa (raw, json)
Hash identifier:          lnfishpwQLE66hzcfQQ47M/+3n4mO6BxT9e3So84HXc=
Subject key identifier:   E9:F2:63:20:EE:7B:DA:B4:6D:4F:3B:35:43:B8:E2:AE:BD:2B:A2:05
Certificate issuer:       /CN=1501c845f13dd4ad6e9dae470d5ff69c5cca3771
Certificate serial:       0199A532A0D01B09498D26E4EE42E84771A5
Authority key identifier: 15:01:C8:45:F1:3D:D4:AD:6E:9D:AE:47:0D:5F:F6:9C:5C:CA:37:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/6fJjIO572rRtTzs1Q7jirr0rogU.roa
Signing time:             Thu 02 Oct 2025 13:53:02 +0000
ROA not before:           Thu 02 Oct 2025 13:53:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213847
IP address blocks:        89.184.118.0/24 maxlen: 24
                          185.182.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/FQHIRfE91K1una5HDV_2nFzKN3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/FQHIRfE91K1una5HDV_2nFzKN3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a5:32:a0:d0:1b:09:49:8d:26:e4:ee:42:e8:47:71:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1501c845f13dd4ad6e9dae470d5ff69c5cca3771
        Validity
            Not Before: Oct  2 13:53:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9f26320ee7bdab46d4f3b3543b8e2aebd2ba205
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:f6:1b:cb:6d:73:5d:09:b3:ac:6c:80:82:78:
                    04:2d:f3:4b:cf:0f:fc:ed:e0:3e:34:c7:8f:22:bf:
                    43:0d:fc:05:23:20:93:13:43:e1:cb:42:3f:36:f3:
                    22:d2:15:61:e1:00:1b:73:61:30:22:4d:c6:0e:60:
                    02:ce:39:19:7c:09:79:5c:56:1c:5b:ec:d6:e1:ca:
                    d7:61:10:c0:3f:d0:bb:c6:31:37:14:e8:4c:ce:9e:
                    ad:b5:31:68:c5:bb:c3:00:bc:45:8b:ec:ab:d4:83:
                    64:5e:87:78:d1:80:bb:93:63:e7:8e:e8:6d:0f:fe:
                    b8:fd:55:b4:98:e3:18:ac:50:0f:78:ea:20:f2:a1:
                    95:cf:e9:53:d8:50:cc:3e:65:2a:c1:32:e1:34:2c:
                    f8:43:b4:53:96:f9:05:f5:a9:bd:4d:36:19:ac:4b:
                    df:16:a4:ad:c8:6b:b9:13:e1:e3:60:b8:3f:2e:9f:
                    b3:26:01:61:53:49:b0:5a:ca:e8:40:84:56:22:d1:
                    30:a4:b9:f3:83:70:20:0f:4e:b9:91:d0:e0:a8:e5:
                    a2:2f:a4:98:a4:4c:a8:b3:55:9b:26:bd:53:47:3e:
                    40:00:ad:1b:9d:3d:31:da:b0:54:84:e4:6f:1b:bf:
                    ec:f7:e6:bf:27:11:a6:7d:fd:b3:72:3f:6b:1e:d3:
                    e8:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:F2:63:20:EE:7B:DA:B4:6D:4F:3B:35:43:B8:E2:AE:BD:2B:A2:05
            X509v3 Authority Key Identifier:
                keyid:15:01:C8:45:F1:3D:D4:AD:6E:9D:AE:47:0D:5F:F6:9C:5C:CA:37:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/6fJjIO572rRtTzs1Q7jirr0rogU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/FQHIRfE91K1una5HDV_2nFzKN3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.184.118.0/24
                  185.182.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:23:24:55:84:e4:24:a7:b3:c8:da:18:80:2a:dd:23:fd:a4:
         ea:3a:06:b8:73:fc:c4:08:0a:4c:17:49:e9:81:78:58:5f:fe:
         e9:b3:5e:37:ab:1f:0b:b6:74:3c:d4:1e:03:5a:f8:d0:25:80:
         64:64:b8:5a:37:83:31:6e:b6:88:79:8e:fa:94:31:e8:1b:f3:
         a9:f2:5a:44:64:78:6a:e2:c7:d9:be:8e:8c:70:f3:f2:6e:d8:
         a8:a1:bd:55:fe:80:4e:5b:83:6f:35:82:d0:d8:cc:4a:53:95:
         84:44:a9:70:c2:ad:6d:e0:d6:c9:91:b0:23:b6:7e:a7:0a:e9:
         be:d0:62:00:53:e8:a5:25:41:42:c5:53:05:d3:d0:8e:0f:46:
         b1:0c:3f:a0:c3:39:a9:cf:cf:27:fd:61:c5:5e:4b:0e:85:f5:
         fe:fd:66:02:61:8b:c1:76:06:8f:07:b5:fa:e3:08:e1:17:f9:
         50:17:29:88:cf:45:bc:8c:64:a7:d1:5c:91:a6:9e:66:05:b7:
         19:7b:8d:83:ee:27:a9:a3:79:10:08:e7:b6:7e:70:c9:80:f3:
         a5:9d:98:dd:3d:cc:fa:d8:c1:ec:58:3e:4c:af:7c:a7:0c:e4:
         15:11:20:1c:69:c0:42:16:b3:02:4d:98:d7:84:f2:eb:59:57:
         21:4c:6c:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmlMqDQGwlJjSbk7kLoR3GlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MDFjODQ1ZjEzZGQ0YWQ2ZTlkYWU0NzBkNWZmNjljNWNj
YTM3NzEwHhcNMjUxMDAyMTM1MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWYyNjMyMGVlN2JkYWI0NmQ0ZjNiMzU0M2I4ZTJhZWJkMmJhMjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/Yby21zXQmzrGyAgngELfNLzw/8
7eA+NMePIr9DDfwFIyCTE0Phy0I/NvMi0hVh4QAbc2EwIk3GDmACzjkZfAl5XFYc
W+zW4crXYRDAP9C7xjE3FOhMzp6ttTFoxbvDALxFi+yr1INkXod40YC7k2Pnjuht
D/64/VW0mOMYrFAPeOog8qGVz+lT2FDMPmUqwTLhNCz4Q7RTlvkF9am9TTYZrEvf
FqStyGu5E+HjYLg/Lp+zJgFhU0mwWsroQIRWItEwpLnzg3AgD065kdDgqOWiL6SY
pEyos1WbJr1TRz5AAK0bnT0x2rBUhORvG7/s9+a/JxGmff2zcj9rHtPoFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOnyYyDue9q0bU87NUO44q69K6IFMB8GA1UdIwQY
MBaAFBUByEXxPdStbp2uRw1f9pxcyjdxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFISVJmRTkxSzF1bmE1SERWXzJuRnpLTjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8wMzc2YTEtNDlkNi00YTRkLThjMmEt
ZWQ3OTE1NDM2YjI3LzEvNmZKaklPNTcyclJ0VHpzMVE3amlycjByb2dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8wMzc2YTEtNDlkNi00YTRkLThjMmEtZWQ3OTE1NDM2YjI3
LzEvRlFISVJmRTkxSzF1bmE1SERWXzJuRnpLTjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWbh2AwQC
ubZ0MA0GCSqGSIb3DQEBCwUAA4IBAQCsIyRVhOQkp7PI2hiAKt0j/aTqOga4c/zE
CApMF0npgXhYX/7ps143qx8LtnQ81B4DWvjQJYBkZLhaN4MxbraIeY76lDHoG/Op
8lpEZHhq4sfZvo6McPPybtioob1V/oBOW4NvNYLQ2MxKU5WERKlwwq1t4NbJkbAj
tn6nCum+0GIAU+ilJUFCxVMF09COD0axDD+gwzmpz88n/WHFXksOhfX+/WYCYYvB
dgaPB7X64wjhF/lQFymIz0W8jGSn0VyRpp5mBbcZe42D7iepo3kQCOe2fnDJgPOl
nZjdPcz62MHsWD5Mr3ynDOQVESAcacBCFrMCTZjXhPLrWVchTGxo
-----END CERTIFICATE-----