Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KZjd94eSBQs2EmeJzk92cZA_2Ak.roa
File:                     KZjd94eSBQs2EmeJzk92cZA_2Ak.roa (raw, json)
Hash identifier:          aMJPIgo9zncYycaHmHxbq84xZJVa7I5wc4Ny4zkAiZk=
Subject key identifier:   29:98:DD:F7:87:92:05:0B:36:12:67:89:CE:4F:76:71:90:3F:D8:09
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01993502607ACA00F014FED9D98EA906181F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KZjd94eSBQs2EmeJzk92cZA_2Ak.roa
Signing time:             Wed 10 Sep 2025 19:02:52 +0000
ROA not before:           Wed 10 Sep 2025 19:02:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213990
IP address blocks:        194.50.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 13:49:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:35:02:60:7a:ca:00:f0:14:fe:d9:d9:8e:a9:06:18:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 10 19:02:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2998ddf78792050b36126789ce4f7671903fd809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:69:9c:9c:6e:36:27:ec:78:b4:2a:43:54:95:
                    c1:81:ba:0e:5f:97:05:0a:93:26:a5:fa:e5:72:da:
                    7b:5f:b2:4d:36:48:69:73:6f:75:cd:bd:39:49:c4:
                    e4:80:85:b1:af:de:6d:64:e5:e2:bb:11:99:8b:c3:
                    af:d2:87:05:c9:5e:9e:84:98:3e:c4:4f:63:36:15:
                    79:d5:96:1b:0f:d8:cc:ae:10:49:36:4a:39:a5:49:
                    f7:64:c1:31:c9:83:c5:91:34:d2:1c:52:16:3a:17:
                    c8:65:84:6f:7e:a7:90:6a:c5:78:16:93:c2:df:26:
                    ea:4f:2e:67:92:5a:90:35:00:aa:34:08:c2:11:20:
                    33:ac:71:c0:9e:65:d9:ef:9b:cc:57:fc:94:d5:c3:
                    26:5e:aa:71:1f:f3:7f:2e:d6:2b:a0:29:96:95:4d:
                    00:59:48:23:ea:27:de:16:97:2d:ec:64:38:a7:b3:
                    46:c6:bf:a6:fe:c9:c5:5f:8c:c1:2d:43:12:42:0b:
                    6e:27:15:8d:89:eb:1f:a1:37:c2:f5:1e:68:63:24:
                    c3:2b:7f:80:38:3d:7a:9e:93:c4:ac:b2:7f:c7:8d:
                    71:0f:e2:09:cf:bb:ac:1f:39:39:5e:31:19:b7:e3:
                    b9:65:ec:00:28:b0:cb:67:da:cc:77:c6:e7:3b:f3:
                    17:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:98:DD:F7:87:92:05:0B:36:12:67:89:CE:4F:76:71:90:3F:D8:09
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KZjd94eSBQs2EmeJzk92cZA_2Ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:90:9a:62:05:fb:23:91:bd:7f:5a:91:54:ef:73:cf:81:ee:
         e3:20:bd:59:94:d8:59:23:80:a7:a0:0b:6d:e2:02:3c:c7:da:
         15:f4:82:09:e0:1f:94:c1:67:f9:7e:44:d4:63:ad:6f:56:d4:
         cb:73:a7:4e:18:2b:36:cf:1a:82:cb:54:2c:47:73:e3:60:a4:
         31:79:c3:2a:ba:7c:61:34:83:d6:f2:2d:d1:2a:52:cc:12:a1:
         79:2b:17:43:80:46:c6:16:ef:59:a4:a8:3c:bc:d1:02:b4:33:
         8d:52:1c:cb:1b:b9:1b:d2:be:c3:be:85:37:36:63:83:24:7c:
         d4:b4:f7:3d:11:4c:72:0a:e4:0a:9f:5d:0c:f4:6a:e6:27:40:
         3c:70:bc:59:5f:35:ef:3a:cb:a1:63:04:da:93:eb:a9:02:82:
         ed:5a:59:61:d1:54:99:10:e3:48:7d:33:f2:95:d5:30:b5:5c:
         5e:61:c4:d8:f5:e6:6a:98:9f:9f:ad:a1:b1:26:7d:39:08:c2:
         38:46:71:ee:1e:75:8d:f0:b8:e2:7d:89:b3:50:c7:d9:d4:7c:
         fc:64:09:64:48:1d:6d:da:c9:81:f7:e5:13:32:04:b7:fc:08:
         7b:fc:7a:79:be:4a:c0:02:ab:54:e4:e2:2c:2b:29:2e:9a:ca:
         c5:8f:47:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk1AmB6ygDwFP7Z2Y6pBhgfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwOTEwMTkwMjUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTk4ZGRmNzg3OTIwNTBiMzYxMjY3ODljZTRmNzY3MTkwM2ZkODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22mcnG42J+x4tCpDVJXBgboOX5cF
CpMmpfrlctp7X7JNNkhpc291zb05ScTkgIWxr95tZOXiuxGZi8Ov0ocFyV6ehJg+
xE9jNhV51ZYbD9jMrhBJNko5pUn3ZMExyYPFkTTSHFIWOhfIZYRvfqeQasV4FpPC
3ybqTy5nklqQNQCqNAjCESAzrHHAnmXZ75vMV/yU1cMmXqpxH/N/LtYroCmWlU0A
WUgj6ifeFpct7GQ4p7NGxr+m/snFX4zBLUMSQgtuJxWNiesfoTfC9R5oYyTDK3+A
OD16npPErLJ/x41xD+IJz7usHzk5XjEZt+O5ZewAKLDLZ9rMd8bnO/MX9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmY3feHkgULNhJnic5PdnGQP9gJMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvS1pqZDk0ZVNCUXMyRW1lSnprOTJjWkFfMkFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJeMA0G
CSqGSIb3DQEBCwUAA4IBAQBMkJpiBfsjkb1/WpFU73PPge7jIL1ZlNhZI4CnoAtt
4gI8x9oV9IIJ4B+UwWf5fkTUY61vVtTLc6dOGCs2zxqCy1QsR3PjYKQxecMqunxh
NIPW8i3RKlLMEqF5KxdDgEbGFu9ZpKg8vNECtDONUhzLG7kb0r7DvoU3NmODJHzU
tPc9EUxyCuQKn10M9GrmJ0A8cLxZXzXvOsuhYwTak+upAoLtWllh0VSZEONIfTPy
ldUwtVxeYcTY9eZqmJ+fraGxJn05CMI4RnHuHnWN8LjifYmzUMfZ1Hz8ZAlkSB1t
2smB9+UTMgS3/Ah7/Hp5vkrAAqtU5OIsKykumsrFj0dh
-----END CERTIFICATE-----