Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/rBORiVnjaTLo34wXgk56Wdk6L40.roa
File:                     rBORiVnjaTLo34wXgk56Wdk6L40.roa (raw, json)
Hash identifier:          ilIiHrBuCknqXlqYLmYdfV8RuudQEzNokXG+7gARkUc=
Subject key identifier:   AC:13:91:89:59:E3:69:32:E8:DF:8C:17:82:4E:7A:59:D9:3A:2F:8D
Certificate issuer:       /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial:       0199E259C624F770501F0FF33140012803CF
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/rBORiVnjaTLo34wXgk56Wdk6L40.roa
Signing time:             Tue 14 Oct 2025 10:52:38 +0000
ROA not before:           Tue 14 Oct 2025 10:52:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215304
IP address blocks:        86.109.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 10:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e2:59:c6:24:f7:70:50:1f:0f:f3:31:40:01:28:03:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
        Validity
            Not Before: Oct 14 10:52:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac13918959e36932e8df8c17824e7a59d93a2f8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ff:06:93:5a:17:5d:2f:1a:3b:ee:64:d5:41:dd:
                    cc:c3:51:b2:92:02:e6:6a:d4:a2:0c:ca:11:b3:a4:
                    6a:07:9c:4a:32:0f:8d:a2:17:7c:8f:e7:9a:9f:27:
                    3f:c4:72:b4:db:0d:ae:5a:9a:c1:98:60:76:a1:1f:
                    27:8f:76:c7:24:13:00:92:19:0b:66:03:42:5e:59:
                    23:a0:37:41:08:f6:0f:11:fe:ed:62:32:75:8f:fb:
                    85:77:cf:1e:19:b4:0f:ca:4c:34:fa:ff:4c:87:c6:
                    d2:e3:a9:3e:2f:f2:9a:88:43:46:c0:95:a0:01:28:
                    4f:b8:63:84:e6:a6:fa:42:b0:79:98:41:f7:d5:50:
                    eb:a5:d2:4b:03:dc:0d:2a:b7:87:44:19:ef:03:97:
                    85:53:1f:86:44:8d:a5:57:ad:bd:bb:e0:17:ad:1a:
                    3f:1b:16:c5:d2:ae:92:5e:40:09:c8:3c:0c:d0:43:
                    a2:dc:e0:01:01:f9:21:d5:42:96:12:c1:7e:24:09:
                    cd:45:39:28:16:fa:c4:bc:08:18:d5:1a:22:74:55:
                    32:26:ed:2f:05:94:56:38:a4:25:ae:b3:a0:4f:db:
                    3b:20:25:63:38:ec:08:86:59:2a:00:fa:56:67:4f:
                    50:c2:78:70:75:1e:b3:7d:04:a2:ac:ec:ff:e3:e9:
                    43:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:13:91:89:59:E3:69:32:E8:DF:8C:17:82:4E:7A:59:D9:3A:2F:8D
            X509v3 Authority Key Identifier:
                keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/rBORiVnjaTLo34wXgk56Wdk6L40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:2a:42:05:e3:d3:39:03:16:ea:5f:b4:13:67:61:8a:79:7f:
         4c:29:84:61:8b:4c:91:e8:dd:d4:2c:14:64:38:ee:dd:c2:06:
         ce:77:ee:b6:4e:e9:66:7f:e8:56:d6:df:ac:5c:05:c5:bd:31:
         29:55:d0:3a:d0:59:f5:46:b0:32:cd:d8:a4:b6:af:2e:43:0e:
         93:21:09:47:65:8a:84:73:80:14:8a:b7:ae:56:6a:e0:b2:64:
         4c:ee:1b:69:60:2f:6b:21:9c:97:a2:49:54:ff:43:5e:cb:b7:
         01:32:91:bc:2f:e2:bd:41:7f:b9:16:3e:72:f4:09:6e:47:70:
         56:e1:35:dc:2f:92:53:3c:4e:1d:d4:92:fd:0f:93:0d:7f:c2:
         1f:e2:0d:a3:e7:81:ab:5d:82:ba:1e:3c:16:b9:41:21:28:b0:
         af:5e:fe:86:b7:8e:13:0d:f1:91:d1:75:ca:16:68:24:62:55:
         15:fb:7a:9d:c9:81:d7:51:17:d0:ec:d4:04:84:95:f7:6e:10:
         70:14:9f:06:ed:8e:c0:03:c7:1a:ff:77:83:70:d3:41:38:c8:
         ba:39:b9:e6:8f:62:c4:c3:82:c4:63:e7:02:38:10:4b:f4:14:
         65:50:a7:4a:e3:7b:fb:bd:5c:7c:ba:2b:ff:31:76:b1:a8:65:
         9f:63:c0:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZniWcYk93BQHw/zMUABKAPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUxMDE0MTA1MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzEzOTE4OTU5ZTM2OTMyZThkZjhjMTc4MjRlN2E1OWQ5M2EyZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/waTWhddLxo77mTVQd3Mw1GykgLm
atSiDMoRs6RqB5xKMg+Nohd8j+eanyc/xHK02w2uWprBmGB2oR8nj3bHJBMAkhkL
ZgNCXlkjoDdBCPYPEf7tYjJ1j/uFd88eGbQPykw0+v9Mh8bS46k+L/KaiENGwJWg
AShPuGOE5qb6QrB5mEH31VDrpdJLA9wNKreHRBnvA5eFUx+GRI2lV629u+AXrRo/
GxbF0q6SXkAJyDwM0EOi3OABAfkh1UKWEsF+JAnNRTkoFvrEvAgY1RoidFUyJu0v
BZRWOKQlrrOgT9s7ICVjOOwIhlkqAPpWZ09QwnhwdR6zfQSirOz/4+lDJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwTkYlZ42ky6N+MF4JOelnZOi+NMB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvckJPUmlWbmphVExvMzR3WGdrNTZXZGs2TDQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm1KMA0G
CSqGSIb3DQEBCwUAA4IBAQA8KkIF49M5AxbqX7QTZ2GKeX9MKYRhi0yR6N3ULBRk
OO7dwgbOd+62Tulmf+hW1t+sXAXFvTEpVdA60Fn1RrAyzdiktq8uQw6TIQlHZYqE
c4AUireuVmrgsmRM7htpYC9rIZyXoklU/0Ney7cBMpG8L+K9QX+5Fj5y9AluR3BW
4TXcL5JTPE4d1JL9D5MNf8If4g2j54GrXYK6HjwWuUEhKLCvXv6Gt44TDfGR0XXK
FmgkYlUV+3qdyYHXURfQ7NQEhJX3bhBwFJ8G7Y7AA8ca/3eDcNNBOMi6Obnmj2LE
w4LEY+cCOBBL9BRlUKdK43v7vVx8uiv/MXaxqGWfY8AI
-----END CERTIFICATE-----