Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/b7393b-6818-48d3-b081-5c68f6b0b2c7/1/oZEDClQI5mUeR-tun2SMB8BFO6g.roa
File:                     oZEDClQI5mUeR-tun2SMB8BFO6g.roa (raw, json)
Hash identifier:          aVZk36h9DNYmGpwbSUsBXNwd3910rjsUnxEvjedXyHo=
Subject key identifier:   A1:91:03:0A:54:08:E6:65:1E:47:EB:6E:9F:64:8C:07:C0:45:3B:A8
Certificate issuer:       /CN=ba77301e14d65b3a3d686daac16dfc49ac48c7cd
Certificate serial:       019A3678452FF09FF29CFFDADD11FE74BAA8
Authority key identifier: BA:77:30:1E:14:D6:5B:3A:3D:68:6D:AA:C1:6D:FC:49:AC:48:C7:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uncwHhTWWzo9aG2qwW38SaxIx80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/b7393b-6818-48d3-b081-5c68f6b0b2c7/1/oZEDClQI5mUeR-tun2SMB8BFO6g.roa
Signing time:             Thu 30 Oct 2025 18:54:03 +0000
ROA not before:           Thu 30 Oct 2025 18:54:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211896
IP address blocks:        194.180.20.0/24 maxlen: 24
                          194.180.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/b7393b-6818-48d3-b081-5c68f6b0b2c7/1/uncwHhTWWzo9aG2qwW38SaxIx80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/b7393b-6818-48d3-b081-5c68f6b0b2c7/1/uncwHhTWWzo9aG2qwW38SaxIx80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uncwHhTWWzo9aG2qwW38SaxIx80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:36:78:45:2f:f0:9f:f2:9c:ff:da:dd:11:fe:74:ba:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba77301e14d65b3a3d686daac16dfc49ac48c7cd
        Validity
            Not Before: Oct 30 18:54:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a191030a5408e6651e47eb6e9f648c07c0453ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:06:05:f8:3d:81:57:24:ea:57:e3:24:d6:25:
                    ef:fc:7d:9b:7d:de:d9:82:66:34:72:66:b0:f9:c7:
                    60:a6:95:60:51:11:f3:d2:0e:4f:cc:00:0e:cd:c4:
                    25:f2:55:3f:74:ac:91:23:8c:42:61:26:8d:4f:0e:
                    05:09:45:57:50:ff:19:02:64:93:09:46:43:86:92:
                    fb:aa:d8:8e:ee:d7:37:55:fc:18:cc:80:68:9f:51:
                    52:49:d9:55:05:f3:c7:48:ff:75:77:e6:1a:ec:41:
                    c3:b4:f2:67:b2:e0:29:c0:26:65:49:ff:e7:64:a0:
                    1e:bb:67:f1:95:80:1b:5e:8f:22:69:1a:8d:a1:87:
                    7b:97:6b:b2:0a:86:89:18:d6:82:41:46:04:02:ab:
                    1f:52:6c:89:13:c1:04:00:58:c8:9b:7e:29:c2:38:
                    af:bf:fa:a0:e7:47:00:7c:e0:b4:5f:47:8d:f3:8a:
                    37:99:80:6f:65:72:67:35:6b:ed:45:dc:8d:b6:18:
                    33:8c:5a:c8:7a:93:7d:af:49:72:35:32:1f:78:51:
                    df:75:b7:a6:57:9d:60:98:fd:c7:ab:b4:18:37:a5:
                    b8:4e:18:63:07:6b:5c:18:66:67:02:a6:3e:40:fa:
                    5f:e3:e8:12:b1:85:69:e0:d4:79:bc:37:0e:91:6d:
                    05:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:91:03:0A:54:08:E6:65:1E:47:EB:6E:9F:64:8C:07:C0:45:3B:A8
            X509v3 Authority Key Identifier:
                keyid:BA:77:30:1E:14:D6:5B:3A:3D:68:6D:AA:C1:6D:FC:49:AC:48:C7:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uncwHhTWWzo9aG2qwW38SaxIx80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b7393b-6818-48d3-b081-5c68f6b0b2c7/1/oZEDClQI5mUeR-tun2SMB8BFO6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b7393b-6818-48d3-b081-5c68f6b0b2c7/1/uncwHhTWWzo9aG2qwW38SaxIx80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.20.0/24
                  194.180.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:0e:5f:9d:ea:07:e9:b9:ab:8c:84:0b:f1:b0:dd:a3:3b:99:
         08:0b:d9:6e:ae:60:6e:74:cc:1b:fe:a8:9a:81:e6:b4:f9:ea:
         a5:62:e5:8f:42:74:9b:b2:f4:b6:99:5f:38:53:e3:4c:36:6a:
         48:d6:23:1e:42:cd:60:57:75:5a:a7:ac:91:22:55:ab:eb:f1:
         46:e5:b3:04:98:54:cf:b0:c4:c0:b4:ed:04:fa:ec:d2:63:6b:
         86:2d:af:c5:75:ff:23:5f:e9:4a:83:d6:2e:99:52:dc:e2:5b:
         08:a9:52:de:f0:29:23:29:37:51:9f:a8:f2:ae:d8:a6:82:6c:
         21:fd:f5:9c:cf:f5:de:c4:f8:a7:a8:9e:b9:d3:05:f0:50:39:
         d2:6c:16:57:a4:5f:ec:76:94:4e:4a:97:ea:5c:e5:37:b7:de:
         fc:00:dd:7d:d4:92:68:5d:19:e3:87:5f:30:6f:68:f7:98:9f:
         f1:60:d9:8e:96:90:8e:84:fb:99:47:78:0a:91:fb:12:15:d3:
         01:26:6a:1b:83:7c:dd:42:52:3a:38:1f:98:a0:cb:c3:d9:9d:
         7e:00:12:48:ce:ff:3a:cd:2a:65:2c:6e:3f:20:99:b7:f2:22:
         8c:89:6e:81:cf:9d:b2:a6:ad:d0:70:d6:f6:e8:f2:e2:20:c3:
         3a:cb:10:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZo2eEUv8J/ynP/a3RH+dLqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNzczMDFlMTRkNjViM2EzZDY4NmRhYWMxNmRmYzQ5YWM0
OGM3Y2QwHhcNMjUxMDMwMTg1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTkxMDMwYTU0MDhlNjY1MWU0N2ViNmU5ZjY0OGMwN2MwNDUzYmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswYF+D2BVyTqV+Mk1iXv/H2bfd7Z
gmY0cmaw+cdgppVgURHz0g5PzAAOzcQl8lU/dKyRI4xCYSaNTw4FCUVXUP8ZAmST
CUZDhpL7qtiO7tc3VfwYzIBon1FSSdlVBfPHSP91d+Ya7EHDtPJnsuApwCZlSf/n
ZKAeu2fxlYAbXo8iaRqNoYd7l2uyCoaJGNaCQUYEAqsfUmyJE8EEAFjIm34pwjiv
v/qg50cAfOC0X0eN84o3mYBvZXJnNWvtRdyNthgzjFrIepN9r0lyNTIfeFHfdbem
V51gmP3Hq7QYN6W4ThhjB2tcGGZnAqY+QPpf4+gSsYVp4NR5vDcOkW0FQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKGRAwpUCOZlHkfrbp9kjAfARTuoMB8GA1UdIwQY
MBaAFLp3MB4U1ls6PWhtqsFt/EmsSMfNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW5jd0hoVFdXem85YUcycXdXMzhTYXhJeDgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iNzM5M2ItNjgxOC00OGQzLWIwODEt
NWM2OGY2YjBiMmM3LzEvb1pFRENsUUk1bVVlUi10dW4yU01COEJGTzZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iNzM5M2ItNjgxOC00OGQzLWIwODEtNWM2OGY2YjBiMmM3
LzEvdW5jd0hoVFdXem85YUcycXdXMzhTYXhJeDgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwrQUAwQA
wrQZMA0GCSqGSIb3DQEBCwUAA4IBAQBpDl+d6gfpuauMhAvxsN2jO5kIC9lurmBu
dMwb/qiagea0+eqlYuWPQnSbsvS2mV84U+NMNmpI1iMeQs1gV3Vap6yRIlWr6/FG
5bMEmFTPsMTAtO0E+uzSY2uGLa/Fdf8jX+lKg9YumVLc4lsIqVLe8CkjKTdRn6jy
rtimgmwh/fWcz/XexPinqJ650wXwUDnSbBZXpF/sdpROSpfqXOU3t978AN191JJo
XRnjh18wb2j3mJ/xYNmOlpCOhPuZR3gKkfsSFdMBJmobg3zdQlI6OB+YoMvD2Z1+
ABJIzv86zSplLG4/IJm38iKMiW6Bz52ypq3QcNb26PLiIMM6yxDG
-----END CERTIFICATE-----