Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/eYCHRLuZHohv9_elQZkZEDwTIFE.roa
File:                     eYCHRLuZHohv9_elQZkZEDwTIFE.roa (raw, json)
Hash identifier:          Xu2j6PwYPuvRMnBVmkW9EJGXUdgFDzkW8W0KTcLIrpM=
Subject key identifier:   79:80:87:44:BB:99:1E:88:6F:F7:F7:A5:41:99:19:10:3C:13:20:51
Certificate issuer:       /CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
Certificate serial:       019A5E0EC63D2A30C7A261946FA460FCC8BF
Authority key identifier: C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/eYCHRLuZHohv9_elQZkZEDwTIFE.roa
Signing time:             Fri 07 Nov 2025 11:23:37 +0000
ROA not before:           Fri 07 Nov 2025 11:23:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38974
IP address blocks:        194.113.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 05:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5e:0e:c6:3d:2a:30:c7:a2:61:94:6f:a4:60:fc:c8:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
        Validity
            Not Before: Nov  7 11:23:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79808744bb991e886ff7f7a5419919103c132051
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:af:14:7b:0f:71:b2:f6:01:3c:c7:a2:86:07:
                    02:f0:db:b2:93:ea:c7:b9:7f:7d:ab:25:9c:28:16:
                    e5:0a:3a:61:aa:12:7e:5b:ab:25:ff:22:93:01:e1:
                    6c:fb:86:7a:5f:4e:46:ce:2d:33:30:61:71:02:a2:
                    ad:bc:44:67:ea:b4:76:2a:de:6e:d4:de:e5:77:f2:
                    57:f8:f4:d5:fa:42:4a:ab:b2:bc:82:b7:5d:0b:2c:
                    61:cb:f4:49:72:e4:c3:2e:5a:ec:73:47:9f:77:48:
                    36:97:e3:ba:73:6f:50:29:9b:cb:b7:4c:ad:7a:fd:
                    7d:42:33:82:1c:eb:a7:63:db:7d:d9:52:aa:14:e0:
                    8a:45:0a:90:ec:6e:0f:0d:1c:69:31:cb:ae:fb:30:
                    9a:c6:da:5f:18:93:ed:06:f7:3d:d9:b5:c8:cc:67:
                    e9:d3:89:7c:81:53:4f:a5:7b:e8:9f:31:f8:55:7f:
                    26:5c:7d:de:df:2c:c4:16:4d:2f:2b:f5:78:67:49:
                    fa:f8:81:52:ad:2c:05:cb:b2:97:47:82:7d:8e:01:
                    5e:49:fc:90:03:4e:24:1c:d5:68:20:e4:b3:2a:80:
                    d8:86:36:a7:e9:82:a6:23:7c:57:f0:ec:69:06:30:
                    54:1f:c4:d6:61:07:6f:20:1b:95:3c:24:e9:d8:c2:
                    de:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:80:87:44:BB:99:1E:88:6F:F7:F7:A5:41:99:19:10:3C:13:20:51
            X509v3 Authority Key Identifier:
                keyid:C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/eYCHRLuZHohv9_elQZkZEDwTIFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:87:93:13:0d:68:a7:e6:14:02:5b:88:20:7c:e5:1a:79:a8:
         e6:84:2a:8d:7b:17:81:25:56:06:5c:a8:7c:7c:ae:8d:f2:4f:
         9d:a4:69:be:a2:d0:45:e8:ff:b8:81:1b:06:f8:16:f9:af:98:
         33:74:20:0a:c5:cc:ea:20:64:ea:3e:34:5d:a0:a4:2a:53:c1:
         cc:e8:a8:3d:9f:76:a0:f1:d1:4c:80:82:16:87:74:89:30:72:
         4b:f4:ac:8b:79:44:ed:43:3e:c9:9e:44:b0:37:45:32:60:3f:
         a4:7a:48:c9:b1:28:10:e5:b1:4f:e4:36:30:61:76:2d:e2:4f:
         be:a7:9c:fc:29:90:59:74:ec:3f:e9:59:c6:fb:82:76:c6:63:
         21:b6:f8:18:af:a9:ce:19:3b:5f:94:cb:fd:54:16:60:64:0a:
         aa:6b:10:4e:88:8b:66:5a:6c:b2:e5:7c:7e:6e:6a:d6:3b:57:
         9d:c5:ef:b9:7c:d3:67:67:d5:d5:25:19:ce:94:80:3d:f6:a7:
         03:62:db:d7:8f:ce:fa:a5:74:22:c5:19:3d:ee:74:5c:56:ab:
         c6:7e:16:e5:9a:58:47:ad:ee:25:37:b8:f4:a6:bf:4b:34:ce:
         fa:6c:cc:ec:d0:b5:26:96:ec:7b:3c:f7:1e:9d:18:9a:5f:f1:
         d4:1a:fe:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpeDsY9KjDHomGUb6Rg/Mi/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NWExZGExY2IxYzkyMGFlMmY5Yjc0ODI3MGZkZWQ4NzM3
YTkxODQwHhcNMjUxMTA3MTEyMzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTgwODc0NGJiOTkxZTg4NmZmN2Y3YTU0MTk5MTkxMDNjMTMyMDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwK8Uew9xsvYBPMeihgcC8Nuyk+rH
uX99qyWcKBblCjphqhJ+W6sl/yKTAeFs+4Z6X05Gzi0zMGFxAqKtvERn6rR2Kt5u
1N7ld/JX+PTV+kJKq7K8grddCyxhy/RJcuTDLlrsc0efd0g2l+O6c29QKZvLt0yt
ev19QjOCHOunY9t92VKqFOCKRQqQ7G4PDRxpMcuu+zCaxtpfGJPtBvc92bXIzGfp
04l8gVNPpXvonzH4VX8mXH3e3yzEFk0vK/V4Z0n6+IFSrSwFy7KXR4J9jgFeSfyQ
A04kHNVoIOSzKoDYhjan6YKmI3xX8OxpBjBUH8TWYQdvIBuVPCTp2MLe5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmAh0S7mR6Ib/f3pUGZGRA8EyBRMB8GA1UdIwQY
MBaAFMZaHaHLHJIK4vm3SCcP3thzepGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAt
MzZiYWM4ZDkxZTJlLzEvZVlDSFJMdVpIb2h2OV9lbFFaa1pFRHdUSUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAtMzZiYWM4ZDkxZTJl
LzEveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnGWMA0G
CSqGSIb3DQEBCwUAA4IBAQAnh5MTDWin5hQCW4ggfOUaeajmhCqNexeBJVYGXKh8
fK6N8k+dpGm+otBF6P+4gRsG+Bb5r5gzdCAKxczqIGTqPjRdoKQqU8HM6Kg9n3ag
8dFMgIIWh3SJMHJL9KyLeUTtQz7JnkSwN0UyYD+kekjJsSgQ5bFP5DYwYXYt4k++
p5z8KZBZdOw/6VnG+4J2xmMhtvgYr6nOGTtflMv9VBZgZAqqaxBOiItmWmyy5Xx+
bmrWO1edxe+5fNNnZ9XVJRnOlIA99qcDYtvXj876pXQixRk97nRcVqvGfhblmlhH
re4lN7j0pr9LNM76bMzs0LUmlux7PPcenRiaX/HUGv59
-----END CERTIFICATE-----