Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/tFDC-esjZQF1gVUzpxCJzqUKjBc.roa
File:                     tFDC-esjZQF1gVUzpxCJzqUKjBc.roa (raw, json)
Hash identifier:          Ej+nrigURGFTSH1/xOMeMDCx9J8fp0/w5nD/nXMHa8A=
Subject key identifier:   B4:50:C2:F9:EB:23:65:01:75:81:55:33:A7:10:89:CE:A5:0A:8C:17
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       01993DB636557B75DED9FA8F712C4A72FE79
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/tFDC-esjZQF1gVUzpxCJzqUKjBc.roa
Signing time:             Fri 12 Sep 2025 11:36:15 +0000
ROA not before:           Fri 12 Sep 2025 11:36:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        178.254.181.0/24 maxlen: 24
                          185.157.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Sep 2025 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:b6:36:55:7b:75:de:d9:fa:8f:71:2c:4a:72:fe:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Sep 12 11:36:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b450c2f9eb23650175815533a71089cea50a8c17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2f:79:aa:7b:75:8b:0e:2f:40:8c:d5:ac:28:
                    36:24:bf:95:e0:5d:79:24:30:1e:ef:b9:1f:a8:43:
                    cb:81:2e:93:a8:56:5d:7f:78:06:4e:17:17:73:c5:
                    d7:a8:d3:c0:ac:e1:ce:cf:8c:a6:76:5b:22:f0:a7:
                    b7:e6:9c:1a:28:1f:9b:8f:44:d8:94:33:2c:ba:55:
                    b5:55:89:14:95:c8:2c:81:87:8e:81:ae:e9:c7:b1:
                    9e:78:8e:15:b2:b1:f7:c5:a8:bc:a5:8c:81:52:82:
                    a0:6b:99:23:0c:99:22:7a:d3:af:22:67:d9:41:fb:
                    c0:b4:87:d4:3d:e1:0a:b3:40:b0:b6:35:94:27:69:
                    97:53:59:bd:17:6a:10:62:b3:48:c4:f5:76:68:75:
                    20:a9:96:0f:ed:f7:d0:b0:d6:19:c6:e4:48:4c:74:
                    eb:b1:c0:17:db:df:86:3e:cb:ec:33:e8:93:4e:ef:
                    73:73:a9:cc:51:ac:f3:62:aa:7f:65:f8:bc:82:ca:
                    9a:47:f9:de:ae:40:71:1e:e0:cd:a8:6a:c5:55:b9:
                    f7:82:df:e3:40:78:d5:95:9f:46:24:55:e2:9d:09:
                    e5:e8:8d:23:4e:8e:12:ff:59:6b:a2:b4:bb:ef:7b:
                    79:d1:cd:19:4c:93:73:38:53:5b:82:64:fb:dd:8c:
                    db:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:50:C2:F9:EB:23:65:01:75:81:55:33:A7:10:89:CE:A5:0A:8C:17
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/tFDC-esjZQF1gVUzpxCJzqUKjBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.181.0/24
                  185.157.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:85:e6:97:f3:95:f1:e7:bc:01:2c:5d:0a:0b:89:6b:76:c6:
         a4:1c:ea:d1:30:f4:27:c6:ce:4b:1a:2a:43:19:73:28:f1:54:
         88:c2:88:cb:52:a5:26:c8:6b:8a:84:f4:e9:02:59:aa:f6:fa:
         87:08:19:e9:9c:e8:9a:fc:69:d4:90:12:bf:24:d9:a1:d7:d4:
         33:fc:de:1d:9c:cb:06:ee:bf:e2:9b:80:26:2b:8d:3f:14:77:
         bc:7a:e0:09:e1:ac:80:f9:57:cb:ae:99:48:84:f6:34:77:02:
         5a:09:71:85:05:9f:4a:2a:7e:cc:f9:0e:81:bb:d0:0d:2b:37:
         7f:75:b1:6c:99:52:73:40:ba:d8:05:6e:09:45:be:27:8d:75:
         48:96:75:5e:47:d1:5b:ca:80:1f:af:b3:94:68:0f:f5:52:1c:
         ca:60:70:e3:10:6f:f4:37:6a:ca:2e:76:51:ef:2b:7f:4f:d9:
         fb:ed:39:92:45:df:d2:22:9a:42:88:db:7e:e7:b1:28:75:04:
         d1:c8:74:7d:f7:54:68:a7:03:50:c5:e3:b3:ba:fd:ab:4e:3f:
         73:73:6f:4d:c0:cb:a8:cb:f0:cf:bd:01:21:ff:68:10:d8:c0:
         23:38:e1:44:01:c0:36:64:f5:4c:57:00:d0:66:61:ce:23:be:
         49:9f:68:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZk9tjZVe3Xe2fqPcSxKcv55MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwOTEyMTEzNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDUwYzJmOWViMjM2NTAxNzU4MTU1MzNhNzEwODljZWE1MGE4YzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArC95qnt1iw4vQIzVrCg2JL+V4F15
JDAe77kfqEPLgS6TqFZdf3gGThcXc8XXqNPArOHOz4ymdlsi8Ke35pwaKB+bj0TY
lDMsulW1VYkUlcgsgYeOga7px7GeeI4VsrH3xai8pYyBUoKga5kjDJkietOvImfZ
QfvAtIfUPeEKs0CwtjWUJ2mXU1m9F2oQYrNIxPV2aHUgqZYP7ffQsNYZxuRITHTr
scAX29+GPsvsM+iTTu9zc6nMUazzYqp/Zfi8gsqaR/nerkBxHuDNqGrFVbn3gt/j
QHjVlZ9GJFXinQnl6I0jTo4S/1lrorS773t50c0ZTJNzOFNbgmT73YzbXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLRQwvnrI2UBdYFVM6cQic6lCowXMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvdEZEQy1lc2paUUYxZ1ZVenB4Q0p6cVVLakJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsv61AwQA
uZ0uMA0GCSqGSIb3DQEBCwUAA4IBAQBHheaX85Xx57wBLF0KC4lrdsakHOrRMPQn
xs5LGipDGXMo8VSIwojLUqUmyGuKhPTpAlmq9vqHCBnpnOia/GnUkBK/JNmh19Qz
/N4dnMsG7r/im4AmK40/FHe8euAJ4ayA+VfLrplIhPY0dwJaCXGFBZ9KKn7M+Q6B
u9ANKzd/dbFsmVJzQLrYBW4JRb4njXVIlnVeR9FbyoAfr7OUaA/1UhzKYHDjEG/0
N2rKLnZR7yt/T9n77TmSRd/SIppCiNt+57EodQTRyHR991RopwNQxeOzuv2rTj9z
c29NwMuoy/DPvQEh/2gQ2MAjOOFEAcA2ZPVMVwDQZmHOI75Jn2gK
-----END CERTIFICATE-----