Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/L3qEBBzeJh8D6UqzEEk-9tnLcMA.roa
File:                     L3qEBBzeJh8D6UqzEEk-9tnLcMA.roa (raw, json)
Hash identifier:          shN2h6IdPkthKGJ1t7rh4Tc86Qf0XZxCIaY0/EgLJfA=
Subject key identifier:   2F:7A:84:04:1C:DE:26:1F:03:E9:4A:B3:10:49:3E:F6:D9:CB:70:C0
Certificate issuer:       /CN=632e3d037bf0507571b2a068cb90308374ce53ed
Certificate serial:       0199A3F7B0CD379B7C8156E44877D0208856
Authority key identifier: 63:2E:3D:03:7B:F0:50:75:71:B2:A0:68:CB:90:30:83:74:CE:53:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/L3qEBBzeJh8D6UqzEEk-9tnLcMA.roa
Signing time:             Thu 02 Oct 2025 08:09:02 +0000
ROA not before:           Thu 02 Oct 2025 08:09:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        185.171.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 08:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a3:f7:b0:cd:37:9b:7c:81:56:e4:48:77:d0:20:88:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632e3d037bf0507571b2a068cb90308374ce53ed
        Validity
            Not Before: Oct  2 08:09:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f7a84041cde261f03e94ab310493ef6d9cb70c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:9b:ef:db:64:94:e3:83:62:be:25:31:52:f1:
                    19:cb:aa:ee:6a:50:98:20:5e:84:5c:8c:61:71:f3:
                    0b:d2:e4:6b:67:9c:8d:f2:00:1c:dd:e1:a3:21:8c:
                    71:39:be:cb:d9:e2:9d:da:10:36:fc:a1:11:b1:fb:
                    c7:1e:42:d5:38:f9:1c:1b:8e:99:d9:2b:0a:56:ef:
                    40:00:8a:1d:5d:be:6d:01:12:45:31:75:e7:6f:ec:
                    b4:a9:03:60:e8:82:1e:03:93:1d:b9:2c:18:fe:db:
                    b3:c9:e9:1a:8d:35:c2:5c:7d:d4:0e:f9:fe:58:e0:
                    6b:b3:1c:a4:06:55:41:af:3d:67:3f:a8:8d:96:f4:
                    17:a0:5d:4c:ee:9c:89:50:aa:c6:74:57:75:61:97:
                    11:77:8a:58:94:07:1b:91:e2:fa:1e:7b:b8:f1:9f:
                    e1:34:c1:4f:2f:12:1a:39:0c:d0:4a:53:8f:ea:dd:
                    bf:71:ed:d9:53:33:27:b1:53:da:f7:34:32:f3:48:
                    9b:46:24:bf:4c:47:dc:6c:dd:d9:08:89:36:0c:00:
                    03:5d:ac:6f:07:3e:32:cc:3c:03:ce:ac:e0:9d:da:
                    f3:77:65:64:e9:f9:35:62:0d:e9:dc:b4:c2:32:20:
                    88:29:7c:b1:19:e2:53:9d:4c:4f:3e:d2:d5:6f:f4:
                    ba:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:7A:84:04:1C:DE:26:1F:03:E9:4A:B3:10:49:3E:F6:D9:CB:70:C0
            X509v3 Authority Key Identifier:
                keyid:63:2E:3D:03:7B:F0:50:75:71:B2:A0:68:CB:90:30:83:74:CE:53:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/L3qEBBzeJh8D6UqzEEk-9tnLcMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:4e:d2:94:9f:80:8e:1f:10:e5:82:20:b0:b2:94:24:23:5b:
         e8:3e:02:88:79:e7:d2:d8:78:39:f5:46:d8:73:41:14:f0:dc:
         56:47:bc:33:3c:c2:28:b7:03:33:59:46:dd:59:60:20:74:f0:
         f8:98:8f:4c:67:c7:aa:0a:38:22:e4:16:8a:55:b5:b9:f7:2d:
         c3:64:b7:f8:53:3c:ee:55:d5:e5:57:9d:34:5c:e8:c6:90:f3:
         d1:4b:95:0a:b9:f1:3d:ff:87:8f:4e:fc:cd:a8:cb:a2:83:b1:
         96:9a:a3:6a:a9:2e:38:bf:da:99:4a:e1:55:69:b6:44:a2:7b:
         07:60:96:ef:2f:83:ad:52:46:df:1d:82:30:09:a2:09:55:a7:
         a2:f0:c9:f9:93:e6:16:dc:5a:3b:b9:30:e8:81:d1:30:64:10:
         da:72:f3:34:c3:72:25:8b:d3:a5:1e:55:d7:63:93:01:fe:3a:
         5f:bf:8d:c5:85:59:2f:0e:19:9a:04:a6:67:40:eb:90:3b:5f:
         7a:96:4d:85:e3:9d:87:f0:2c:dd:78:f4:0b:d9:d7:82:2b:cd:
         75:11:de:00:82:cc:cc:b0:0c:a1:74:b0:0a:23:ad:7e:ad:e4:
         1d:1e:96:ef:fd:10:32:f1:d5:5e:4c:05:38:1f:c1:2e:67:07:
         66:e2:2f:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmj97DNN5t8gVbkSHfQIIhWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmUzZDAzN2JmMDUwNzU3MWIyYTA2OGNiOTAzMDgzNzRj
ZTUzZWQwHhcNMjUxMDAyMDgwOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjdhODQwNDFjZGUyNjFmMDNlOTRhYjMxMDQ5M2VmNmQ5Y2I3MGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5vv22SU44NiviUxUvEZy6rualCY
IF6EXIxhcfML0uRrZ5yN8gAc3eGjIYxxOb7L2eKd2hA2/KERsfvHHkLVOPkcG46Z
2SsKVu9AAIodXb5tARJFMXXnb+y0qQNg6IIeA5MduSwY/tuzyekajTXCXH3UDvn+
WOBrsxykBlVBrz1nP6iNlvQXoF1M7pyJUKrGdFd1YZcRd4pYlAcbkeL6Hnu48Z/h
NMFPLxIaOQzQSlOP6t2/ce3ZUzMnsVPa9zQy80ibRiS/TEfcbN3ZCIk2DAADXaxv
Bz4yzDwDzqzgndrzd2Vk6fk1Yg3p3LTCMiCIKXyxGeJTnUxPPtLVb/S6vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC96hAQc3iYfA+lKsxBJPvbZy3DAMB8GA1UdIwQY
MBaAFGMuPQN78FB1cbKgaMuQMIN0zlPtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXk0OUEzdndVSFZ4c3FCb3k1QXdnM1RPVS0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9mOWY0YTktYTBjZC00MTA3LWFhNDEt
ZDUyYTE4OTg1OTk5LzEvTDNxRUJCemVKaDhENlVxekVFay05dG5MY01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9mOWY0YTktYTBjZC00MTA3LWFhNDEtZDUyYTE4OTg1OTk5
LzEvWXk0OUEzdndVSFZ4c3FCb3k1QXdnM1RPVS0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaugMA0G
CSqGSIb3DQEBCwUAA4IBAQCZTtKUn4COHxDlgiCwspQkI1voPgKIeefS2Hg59UbY
c0EU8NxWR7wzPMIotwMzWUbdWWAgdPD4mI9MZ8eqCjgi5BaKVbW59y3DZLf4Uzzu
VdXlV500XOjGkPPRS5UKufE9/4ePTvzNqMuig7GWmqNqqS44v9qZSuFVabZEonsH
YJbvL4OtUkbfHYIwCaIJVaei8Mn5k+YW3Fo7uTDogdEwZBDacvM0w3Ili9OlHlXX
Y5MB/jpfv43FhVkvDhmaBKZnQOuQO196lk2F452H8CzdePQL2deCK811Ed4AgszM
sAyhdLAKI61+reQdHpbv/RAy8dVeTAU4H8EuZwdm4i9V
-----END CERTIFICATE-----