Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/C0T9RGwlH59kjnC5VAy3rxYLFck.roa
File:                     C0T9RGwlH59kjnC5VAy3rxYLFck.roa (raw, json)
Hash identifier:          4yuu/RtUYmGG4Lowyk6SdHR4r73obwKncj5QhubWyzk=
Subject key identifier:   0B:44:FD:44:6C:25:1F:9F:64:8E:70:B9:54:0C:B7:AF:16:0B:15:C9
Certificate issuer:       /CN=64fa66fb84a781a0584fd0d1c2df39bda4760519
Certificate serial:       01999478B514B7D7EC7DE209F92C6B9DB1B0
Authority key identifier: 64:FA:66:FB:84:A7:81:A0:58:4F:D0:D1:C2:DF:39:BD:A4:76:05:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZPpm-4SngaBYT9DRwt85vaR2BRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/C0T9RGwlH59kjnC5VAy3rxYLFck.roa
Signing time:             Mon 29 Sep 2025 07:56:02 +0000
ROA not before:           Mon 29 Sep 2025 07:56:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395793
IP address blocks:        94.176.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/ZPpm-4SngaBYT9DRwt85vaR2BRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/ZPpm-4SngaBYT9DRwt85vaR2BRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZPpm-4SngaBYT9DRwt85vaR2BRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:78:b5:14:b7:d7:ec:7d:e2:09:f9:2c:6b:9d:b1:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64fa66fb84a781a0584fd0d1c2df39bda4760519
        Validity
            Not Before: Sep 29 07:56:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b44fd446c251f9f648e70b9540cb7af160b15c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:07:29:72:93:ea:48:e5:5f:01:23:a4:69:44:
                    ca:6a:97:df:27:37:cc:b6:7b:f0:cc:38:fa:ef:cd:
                    21:28:7b:df:52:92:5f:2f:f2:34:a6:5b:f6:c6:0e:
                    9d:02:f9:4c:b8:bb:09:57:1a:b4:e0:31:57:d4:0d:
                    68:19:b0:e3:81:fa:fd:bf:1e:de:23:6a:0f:82:7e:
                    7c:92:80:ce:63:f4:ec:49:97:7f:5f:0a:2c:84:5e:
                    89:ab:a7:53:ee:bd:17:bf:3a:36:ea:fd:bd:24:8f:
                    bc:27:8d:86:6a:63:09:43:5c:60:e5:6a:55:03:c6:
                    97:77:ee:d5:55:6b:42:97:33:19:59:55:a1:ee:6f:
                    8f:c8:33:91:b4:ac:a6:99:0d:a4:b8:f4:e6:02:4c:
                    be:07:67:1f:76:91:28:aa:13:1e:d3:fe:ae:89:c4:
                    d2:18:da:12:61:97:79:66:ee:ca:1a:00:b6:6b:a1:
                    f1:00:9a:aa:ef:a2:1e:cd:26:11:84:46:9d:2b:78:
                    a8:57:17:e6:a6:71:e9:fe:f8:3a:4d:b7:22:5c:6d:
                    e9:a2:ec:dc:cd:45:10:b0:e2:cb:61:98:87:00:a4:
                    44:8c:27:d4:e9:24:05:27:2f:d7:70:29:cc:05:39:
                    0e:e3:8e:6d:92:56:60:a2:b3:3f:23:57:28:82:6b:
                    3a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:44:FD:44:6C:25:1F:9F:64:8E:70:B9:54:0C:B7:AF:16:0B:15:C9
            X509v3 Authority Key Identifier:
                keyid:64:FA:66:FB:84:A7:81:A0:58:4F:D0:D1:C2:DF:39:BD:A4:76:05:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZPpm-4SngaBYT9DRwt85vaR2BRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/C0T9RGwlH59kjnC5VAy3rxYLFck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/663b4d-b80e-4946-84c4-7408eb8bc586/1/ZPpm-4SngaBYT9DRwt85vaR2BRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e2:50:85:15:6a:87:bb:4f:17:23:59:a9:af:dc:2d:6d:14:65:
         4e:1a:18:80:54:c7:49:be:8b:e5:23:43:75:fe:23:9a:3f:40:
         c9:83:3f:42:43:c3:32:7d:9f:44:f8:0c:25:b2:2f:7e:8a:22:
         09:30:e8:b3:38:99:b5:b1:70:59:b9:d0:e3:55:c1:a5:8a:d0:
         7c:4d:f0:26:85:10:87:b8:db:dc:04:8f:35:0c:88:c5:52:a0:
         cf:25:8e:e1:8d:cc:46:9e:63:34:2b:21:c3:d2:7f:3b:87:20:
         ef:41:23:c4:43:cc:ca:0e:1e:67:83:7c:07:a6:f9:5c:3f:2f:
         5e:69:5a:94:86:89:42:0d:7a:b5:6f:37:12:f9:10:4c:b4:57:
         29:67:7c:3a:ca:c4:38:46:2c:f4:a3:32:4c:43:22:a9:86:5a:
         66:b5:61:0f:f5:65:c4:de:d8:f1:70:03:19:5c:74:90:67:29:
         17:2c:73:fe:a8:ef:69:2c:6c:43:9a:bc:38:3f:93:23:8a:14:
         43:f0:f7:c2:2a:3b:b4:56:00:61:f0:7d:d5:13:b4:5d:f3:f4:
         d2:0d:e6:2a:4e:dc:26:41:33:ea:35:da:df:a6:64:68:76:75:
         eb:a5:09:78:f1:8f:b1:e3:64:81:68:0e:42:77:46:4c:48:73:
         01:27:09:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmUeLUUt9fsfeIJ+SxrnbGwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZmE2NmZiODRhNzgxYTA1ODRmZDBkMWMyZGYzOWJkYTQ3
NjA1MTkwHhcNMjUwOTI5MDc1NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjQ0ZmQ0NDZjMjUxZjlmNjQ4ZTcwYjk1NDBjYjdhZjE2MGIxNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAcpcpPqSOVfASOkaUTKapffJzfM
tnvwzDj6780hKHvfUpJfL/I0plv2xg6dAvlMuLsJVxq04DFX1A1oGbDjgfr9vx7e
I2oPgn58koDOY/TsSZd/XwoshF6Jq6dT7r0Xvzo26v29JI+8J42GamMJQ1xg5WpV
A8aXd+7VVWtClzMZWVWh7m+PyDORtKymmQ2kuPTmAky+B2cfdpEoqhMe0/6uicTS
GNoSYZd5Zu7KGgC2a6HxAJqq76IezSYRhEadK3ioVxfmpnHp/vg6TbciXG3pouzc
zUUQsOLLYZiHAKREjCfU6SQFJy/XcCnMBTkO445tklZgorM/I1cogms6JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAtE/URsJR+fZI5wuVQMt68WCxXJMB8GA1UdIwQY
MBaAFGT6ZvuEp4GgWE/Q0cLfOb2kdgUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlBwbS00U25nYUJZVDlEUnd0ODV2YVIyQlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi82NjNiNGQtYjgwZS00OTQ2LTg0YzQt
NzQwOGViOGJjNTg2LzEvQzBUOVJHd2xINTlram5DNVZBeTNyeFlMRmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi82NjNiNGQtYjgwZS00OTQ2LTg0YzQtNzQwOGViOGJjNTg2
LzEvWlBwbS00U25nYUJZVDlEUnd0ODV2YVIyQlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrClMA0G
CSqGSIb3DQEBCwUAA4IBAQDiUIUVaoe7TxcjWamv3C1tFGVOGhiAVMdJvovlI0N1
/iOaP0DJgz9CQ8MyfZ9E+Awlsi9+iiIJMOizOJm1sXBZudDjVcGlitB8TfAmhRCH
uNvcBI81DIjFUqDPJY7hjcxGnmM0KyHD0n87hyDvQSPEQ8zKDh5ng3wHpvlcPy9e
aVqUholCDXq1bzcS+RBMtFcpZ3w6ysQ4Riz0ozJMQyKphlpmtWEP9WXE3tjxcAMZ
XHSQZykXLHP+qO9pLGxDmrw4P5MjihRD8PfCKju0VgBh8H3VE7Rd8/TSDeYqTtwm
QTPqNdrfpmRodnXrpQl48Y+x42SBaA5Cd0ZMSHMBJwnM
-----END CERTIFICATE-----