Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/DTFwzq2g65Dq-1Vdc_lPETGChPI.roa
File:                     DTFwzq2g65Dq-1Vdc_lPETGChPI.roa (raw, json)
Hash identifier:          vSxLCXuhhkqZVNd7lpT8hCgMyR9Cz5KGCKvVphrxEVI=
Subject key identifier:   0D:31:70:CE:AD:A0:EB:90:EA:FB:55:5D:73:F9:4F:11:31:82:84:F2
Certificate issuer:       /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial:       0199CB5919B0D524B3BF96E24E05DCB11B9D
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/DTFwzq2g65Dq-1Vdc_lPETGChPI.roa
Signing time:             Thu 09 Oct 2025 23:40:38 +0000
ROA not before:           Thu 09 Oct 2025 23:40:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        194.169.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cb:59:19:b0:d5:24:b3:bf:96:e2:4e:05:dc:b1:1b:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
        Validity
            Not Before: Oct  9 23:40:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d3170ceada0eb90eafb555d73f94f11318284f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:21:df:fc:c8:1a:c4:92:e6:f4:b3:73:c9:a6:
                    ec:34:32:ff:dd:ce:09:f2:5f:51:1e:df:f4:6c:4f:
                    3f:0d:5c:c2:ed:38:a3:c6:7f:cc:8f:68:75:28:f8:
                    b6:70:a3:5e:51:69:f8:6a:1a:47:29:1f:1e:33:d6:
                    6a:9f:4c:84:63:80:5d:b3:45:14:c3:2a:ac:2d:3d:
                    47:41:dc:09:fb:db:f0:d2:e2:c9:02:6c:bd:8f:6c:
                    52:cc:01:88:b8:98:76:4a:53:32:60:3d:b9:14:bf:
                    e3:76:0c:93:b9:a5:81:3e:83:1d:e0:29:9c:84:42:
                    52:f9:6e:a4:a0:8f:5c:fe:62:63:0b:ff:eb:19:f1:
                    47:26:ae:f4:4f:e2:b6:1a:51:b5:d8:69:a6:05:51:
                    b2:d1:ca:62:f1:fc:f5:8c:c7:84:6a:db:91:fa:71:
                    78:e7:ef:30:e9:33:1e:5b:23:8e:f6:48:98:c3:0a:
                    d7:0e:cf:05:c6:d6:15:2d:ad:7d:e9:22:89:83:cf:
                    a8:34:9f:8d:d1:24:08:7f:a7:b1:7b:18:aa:9f:8e:
                    ad:5d:ca:b5:9c:3e:89:79:d9:e3:3d:d7:c9:5b:d1:
                    ad:ca:2f:07:f9:bf:38:1f:12:df:92:1d:43:da:d2:
                    9f:da:0a:6e:8d:68:bb:83:fb:0e:4d:bd:de:7d:71:
                    ca:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:31:70:CE:AD:A0:EB:90:EA:FB:55:5D:73:F9:4F:11:31:82:84:F2
            X509v3 Authority Key Identifier:
                keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/DTFwzq2g65Dq-1Vdc_lPETGChPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:d5:4a:67:09:95:1b:b6:e9:70:d0:76:4e:fe:41:27:a8:7e:
         12:0e:07:73:bd:79:b2:ff:ba:ea:df:70:dd:61:fb:75:28:45:
         71:db:01:83:15:bf:95:35:40:be:2f:9a:dc:39:9e:1b:a2:93:
         64:c0:84:37:86:41:e6:39:02:36:63:a8:e4:8f:c6:1c:40:4a:
         a3:d0:5f:ce:30:35:27:00:a5:45:07:3a:74:f8:b8:11:77:0e:
         b9:4c:9f:db:5d:b8:9d:d2:56:ae:68:91:64:51:63:ac:2b:eb:
         f8:03:ce:89:d8:ae:46:16:a6:17:6b:a2:dc:17:a1:0a:43:01:
         de:0c:54:52:44:70:4c:ee:95:bd:e9:16:36:66:18:44:55:8c:
         a6:19:6e:b8:87:fe:cf:bd:e7:87:e8:d9:2c:88:87:ec:f9:3f:
         21:06:43:dd:58:73:42:21:3f:ce:1c:ab:96:6a:46:49:11:26:
         6d:16:44:14:b6:45:9a:7e:be:70:48:3b:72:1e:e4:dc:bc:d2:
         7d:93:06:9c:c9:96:6d:ee:b1:d2:12:bc:25:82:58:b5:5f:7d:
         a6:05:12:e2:b9:2e:33:32:45:90:2f:bd:c8:6a:ad:2d:92:72:
         ee:0b:53:52:d4:9c:b4:da:e6:ec:18:73:3f:9e:83:db:83:5e:
         29:ce:3f:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnLWRmw1SSzv5biTgXcsRudMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI0N2QzZjgxNDcyZGJiYTA2ZGJlYTliZDE5Yzc4NWQx
OGJhYmUwHhcNMjUxMDA5MjM0MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDMxNzBjZWFkYTBlYjkwZWFmYjU1NWQ3M2Y5NGYxMTMxODI4NGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyHf/MgaxJLm9LNzyabsNDL/3c4J
8l9RHt/0bE8/DVzC7Tijxn/Mj2h1KPi2cKNeUWn4ahpHKR8eM9Zqn0yEY4Bds0UU
wyqsLT1HQdwJ+9vw0uLJAmy9j2xSzAGIuJh2SlMyYD25FL/jdgyTuaWBPoMd4Cmc
hEJS+W6koI9c/mJjC//rGfFHJq70T+K2GlG12GmmBVGy0cpi8fz1jMeEatuR+nF4
5+8w6TMeWyOO9kiYwwrXDs8FxtYVLa196SKJg8+oNJ+N0SQIf6exexiqn46tXcq1
nD6JednjPdfJW9Gtyi8H+b84HxLfkh1D2tKf2gpujWi7g/sOTb3efXHKFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0xcM6toOuQ6vtVXXP5TxExgoTyMB8GA1UdIwQY
MBaAFNmCR9P4FHLbugbb6pvRnHhdGLq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgt
YTMwMzI2MTU2NjBjLzEvRFRGd3pxMmc2NURxLTFWZGNfbFBFVEdDaFBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgtYTMwMzI2MTU2NjBj
LzEvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqkwMA0G
CSqGSIb3DQEBCwUAA4IBAQAI1UpnCZUbtulw0HZO/kEnqH4SDgdzvXmy/7rq33Dd
Yft1KEVx2wGDFb+VNUC+L5rcOZ4bopNkwIQ3hkHmOQI2Y6jkj8YcQEqj0F/OMDUn
AKVFBzp0+LgRdw65TJ/bXbid0lauaJFkUWOsK+v4A86J2K5GFqYXa6LcF6EKQwHe
DFRSRHBM7pW96RY2ZhhEVYymGW64h/7PveeH6NksiIfs+T8hBkPdWHNCIT/OHKuW
akZJESZtFkQUtkWafr5wSDtyHuTcvNJ9kwacyZZt7rHSErwlgli1X32mBRLiuS4z
MkWQL73Iaq0tknLuC1NS1Jy02ubsGHM/noPbg14pzj9U
-----END CERTIFICATE-----