Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9dOp0mNVGUXnajNSi40Bz8JosBA.roa
File:                     9dOp0mNVGUXnajNSi40Bz8JosBA.roa (raw, json)
Hash identifier:          Gfvq99TD2M7BltgHLCPCMCHjhry4JKZnIXJXs58F5h4=
Subject key identifier:   F5:D3:A9:D2:63:55:19:45:E7:6A:33:52:8B:8D:01:CF:C2:68:B0:10
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019961EA3A372A278ED9317C42C39484BC5B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9dOp0mNVGUXnajNSi40Bz8JosBA.roa
Signing time:             Fri 19 Sep 2025 12:19:24 +0000
ROA not before:           Fri 19 Sep 2025 12:19:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        94.156.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:61:ea:3a:37:2a:27:8e:d9:31:7c:42:c3:94:84:bc:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 19 12:19:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5d3a9d263551945e76a33528b8d01cfc268b010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:92:c1:36:9f:1c:3c:24:de:c4:9f:ea:4e:3e:
                    29:ae:70:0a:a6:32:34:03:46:34:43:00:f0:d6:da:
                    ac:7a:5c:3f:e2:d0:73:83:da:39:a0:21:f1:6e:09:
                    df:47:ec:73:ab:04:bb:21:01:0f:f8:ab:07:38:19:
                    3e:97:c7:99:bc:2a:7c:bb:7c:1f:2c:84:4c:5d:30:
                    bc:39:69:ba:b0:17:f5:50:82:1c:67:f9:1d:06:b0:
                    ba:03:3e:d5:ca:b2:f8:fb:be:93:7b:81:11:4c:cb:
                    92:01:09:46:c4:91:3c:b5:1b:1d:ae:c6:76:b2:a0:
                    c6:43:65:a4:23:6e:70:63:26:a5:78:57:62:5c:c7:
                    7f:8a:ba:b7:dd:f6:23:4b:dc:44:34:ec:b4:34:2e:
                    fc:41:af:3b:5f:36:b7:26:1b:b7:b4:2c:64:fe:8e:
                    e0:ba:87:48:b8:c9:aa:93:2c:5d:de:b3:4e:f7:cf:
                    71:22:ff:d0:f7:ba:55:f8:27:af:62:cb:08:a9:ea:
                    60:88:77:fb:52:9b:7d:c7:c9:6d:f5:b0:5d:b9:6c:
                    c9:88:d6:3c:ca:d3:71:49:73:81:91:4f:40:67:9d:
                    02:f2:3c:ec:d3:35:88:6e:8a:08:90:05:df:e7:0f:
                    9c:fe:e1:36:72:6c:d4:68:bd:ab:e3:d6:8d:5c:30:
                    4c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:D3:A9:D2:63:55:19:45:E7:6A:33:52:8B:8D:01:CF:C2:68:B0:10
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9dOp0mNVGUXnajNSi40Bz8JosBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:d8:b2:a5:53:8f:ad:1d:97:7a:32:63:63:f5:55:6a:d0:8c:
         cc:e7:6b:ea:d4:5b:de:45:19:54:5d:8c:cb:11:5a:0b:e2:85:
         8b:32:99:61:96:8c:c5:1f:89:ea:a4:f2:66:6f:13:06:0a:b9:
         00:1d:5c:50:ee:d9:15:77:cb:87:c3:eb:07:cc:11:98:ee:8f:
         3c:52:9d:7c:3e:48:7f:24:f7:0e:62:5a:50:4c:6f:8f:d6:9d:
         fd:7a:4c:8a:82:fb:86:2b:85:37:b7:c0:26:5b:8a:0b:53:88:
         e7:70:7f:62:51:9a:5e:f6:76:b1:54:a5:6a:4d:9f:16:82:54:
         1d:32:bd:41:0e:50:ee:97:f1:9d:5c:f6:b5:14:87:6b:87:3f:
         4d:38:f0:f1:d6:cf:fa:ca:ed:85:b5:d3:1e:28:6d:2b:0d:31:
         e8:6f:6a:cf:de:69:2f:48:d6:95:b0:74:90:10:d7:de:2d:08:
         7c:a2:7f:8b:d3:1b:de:ee:43:29:25:9f:7a:a7:bf:6d:08:56:
         02:89:95:c7:08:14:90:8f:94:6c:52:8c:a7:0c:6c:88:01:f4:
         8f:53:a2:40:04:48:ed:86:d4:a8:35:7b:be:fd:03:7a:a3:f8:
         fe:f1:2c:b3:e4:68:dc:ad:6c:a6:3d:58:2f:12:30:ee:61:27:
         17:14:9e:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlh6jo3KieO2TF8QsOUhLxbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwOTE5MTIxOTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWQzYTlkMjYzNTUxOTQ1ZTc2YTMzNTI4YjhkMDFjZmMyNjhiMDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ZLBNp8cPCTexJ/qTj4prnAKpjI0
A0Y0QwDw1tqselw/4tBzg9o5oCHxbgnfR+xzqwS7IQEP+KsHOBk+l8eZvCp8u3wf
LIRMXTC8OWm6sBf1UIIcZ/kdBrC6Az7VyrL4+76Te4ERTMuSAQlGxJE8tRsdrsZ2
sqDGQ2WkI25wYyaleFdiXMd/irq33fYjS9xENOy0NC78Qa87Xza3Jhu3tCxk/o7g
uodIuMmqkyxd3rNO989xIv/Q97pV+CevYssIqepgiHf7Upt9x8lt9bBduWzJiNY8
ytNxSXOBkU9AZ50C8jzs0zWIbooIkAXf5w+c/uE2cmzUaL2r49aNXDBMWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXTqdJjVRlF52ozUouNAc/CaLAQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOWRPcDBtTlZHVVhuYWpOU2k0MEJ6OEpvc0JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpwOMA0G
CSqGSIb3DQEBCwUAA4IBAQCT2LKlU4+tHZd6MmNj9VVq0IzM52vq1FveRRlUXYzL
EVoL4oWLMplhlozFH4nqpPJmbxMGCrkAHVxQ7tkVd8uHw+sHzBGY7o88Up18Pkh/
JPcOYlpQTG+P1p39ekyKgvuGK4U3t8AmW4oLU4jncH9iUZpe9naxVKVqTZ8WglQd
Mr1BDlDul/GdXPa1FIdrhz9NOPDx1s/6yu2FtdMeKG0rDTHob2rP3mkvSNaVsHSQ
ENfeLQh8on+L0xve7kMpJZ96p79tCFYCiZXHCBSQj5RsUoynDGyIAfSPU6JABEjt
htSoNXu+/QN6o/j+8Syz5GjcrWymPVgvEjDuYScXFJ61
-----END CERTIFICATE-----