Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/9PkegdPcOVaHYch8whuUGhkGOzc.roa
File:                     9PkegdPcOVaHYch8whuUGhkGOzc.roa (raw, json)
Hash identifier:          nTpt8kDLjSLrMGR0C/m0j9Ftj77WGzhvL7KxFH3u7Z8=
Subject key identifier:   F4:F9:1E:81:D3:DC:39:56:87:61:C8:7C:C2:1B:94:1A:19:06:3B:37
Certificate issuer:       /CN=194e10a956fa52516e8fd3b9318e84a55383d62b
Certificate serial:       01970C521352F1D650A7B54104818ECAE502
Authority key identifier: 19:4E:10:A9:56:FA:52:51:6E:8F:D3:B9:31:8E:84:A5:53:83:D6:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GU4QqVb6UlFuj9O5MY6EpVOD1is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/9PkegdPcOVaHYch8whuUGhkGOzc.roa
Signing time:             Mon 26 May 2025 11:19:54 +0000
ROA not before:           Mon 26 May 2025 11:19:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213486
IP address blocks:        176.10.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/GU4QqVb6UlFuj9O5MY6EpVOD1is.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/GU4QqVb6UlFuj9O5MY6EpVOD1is.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GU4QqVb6UlFuj9O5MY6EpVOD1is.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0c:52:13:52:f1:d6:50:a7:b5:41:04:81:8e:ca:e5:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=194e10a956fa52516e8fd3b9318e84a55383d62b
        Validity
            Not Before: May 26 11:19:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4f91e81d3dc39568761c87cc21b941a19063b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f5:f7:75:d6:2f:4f:b0:b1:a8:03:50:da:6c:
                    3f:14:f7:41:fd:09:54:cb:a9:66:20:9d:bb:48:83:
                    f6:d8:0b:c3:eb:a8:c1:4f:e3:25:0f:d7:b9:e1:a3:
                    da:5f:db:ee:3f:fd:08:01:08:eb:88:be:7b:02:bb:
                    a0:9c:23:e1:10:01:2e:98:41:48:f1:b4:77:b9:2e:
                    d6:6c:46:d7:ad:1f:84:50:38:53:5f:ea:cc:8c:2f:
                    08:72:92:66:93:1b:b5:bf:c0:8b:b1:a3:d4:28:50:
                    9a:0d:87:47:8b:be:34:ce:11:02:0b:91:65:fa:23:
                    af:05:dc:9a:91:2d:22:f2:bc:25:9b:07:ad:fa:86:
                    39:60:95:03:d0:0c:82:79:67:e0:37:8f:30:22:b9:
                    aa:bc:c7:35:1f:51:87:c8:9b:88:15:e3:8f:9e:cd:
                    02:ee:7c:0d:b5:af:f7:9f:3d:51:c9:57:22:57:09:
                    62:cb:04:10:67:25:b7:f9:ad:f4:33:52:ad:e7:0d:
                    0a:f4:85:50:b0:e0:74:16:fa:a2:90:b4:7e:2e:75:
                    4a:88:af:3f:d3:37:32:f9:a3:25:a5:c2:10:51:e5:
                    d7:60:a6:24:0b:34:36:a7:8f:3f:aa:89:69:4c:13:
                    e4:66:5f:c2:8d:4b:1d:ef:8a:aa:1a:0b:12:b4:48:
                    e7:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:F9:1E:81:D3:DC:39:56:87:61:C8:7C:C2:1B:94:1A:19:06:3B:37
            X509v3 Authority Key Identifier:
                keyid:19:4E:10:A9:56:FA:52:51:6E:8F:D3:B9:31:8E:84:A5:53:83:D6:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GU4QqVb6UlFuj9O5MY6EpVOD1is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/9PkegdPcOVaHYch8whuUGhkGOzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/GU4QqVb6UlFuj9O5MY6EpVOD1is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.10.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:c5:a6:3b:99:08:7c:2a:22:88:9a:e6:40:db:3c:12:b5:37:
         1a:cf:0a:9b:a9:39:00:4d:6d:50:a0:32:e4:7f:d1:1d:a5:d4:
         de:23:d3:1f:4e:31:3e:e2:f5:80:71:f8:4f:3e:0a:10:19:26:
         79:5d:cd:46:b7:b3:14:50:35:ec:b3:29:9e:5d:a1:bb:68:d8:
         f1:f9:60:c1:23:ac:99:f7:e3:f4:a7:87:1f:60:49:6f:70:3c:
         d2:92:f2:37:98:88:52:ef:07:1f:7d:56:37:ec:81:8e:df:32:
         96:35:a0:f8:73:75:1a:92:4e:db:bd:9a:e6:76:84:9f:9b:92:
         57:68:05:c3:43:ca:b8:69:a9:4b:1c:2c:66:2b:53:6d:bf:81:
         82:30:5c:d2:0c:ce:9a:3f:ab:54:8f:2f:bf:f3:8e:6c:cb:74:
         2a:2c:b3:44:27:b7:88:a9:e1:f1:77:1f:54:0b:27:66:c1:2e:
         9a:b0:f4:16:9c:d3:07:fb:73:36:05:42:f7:5d:de:a2:37:db:
         b4:82:50:33:df:41:1f:7a:af:42:59:fa:9b:f8:0c:08:cb:fa:
         91:e5:da:e3:5a:06:3c:30:6a:be:56:a7:28:bb:44:43:3c:d5:
         5c:9e:02:f5:fd:ef:4c:c0:8c:62:cd:50:e8:05:db:90:d1:6c:
         d5:5b:e3:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcMUhNS8dZQp7VBBIGOyuUCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NGUxMGE5NTZmYTUyNTE2ZThmZDNiOTMxOGU4NGE1NTM4
M2Q2MmIwHhcNMjUwNTI2MTExOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGY5MWU4MWQzZGMzOTU2ODc2MWM4N2NjMjFiOTQxYTE5MDYzYjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfX3ddYvT7CxqANQ2mw/FPdB/QlU
y6lmIJ27SIP22AvD66jBT+MlD9e54aPaX9vuP/0IAQjriL57ArugnCPhEAEumEFI
8bR3uS7WbEbXrR+EUDhTX+rMjC8IcpJmkxu1v8CLsaPUKFCaDYdHi740zhECC5Fl
+iOvBdyakS0i8rwlmwet+oY5YJUD0AyCeWfgN48wIrmqvMc1H1GHyJuIFeOPns0C
7nwNta/3nz1RyVciVwliywQQZyW3+a30M1Kt5w0K9IVQsOB0FvqikLR+LnVKiK8/
0zcy+aMlpcIQUeXXYKYkCzQ2p48/qolpTBPkZl/CjUsd74qqGgsStEjnrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPT5HoHT3DlWh2HIfMIblBoZBjs3MB8GA1UdIwQY
MBaAFBlOEKlW+lJRbo/TuTGOhKVTg9YrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1U0UXFWYjZVbEZ1ajlPNU1ZNkVwVk9EMWlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9kMmVmNWYtMmFlOS00ODZhLThiZDct
NTFmMDc3ZjMwZDNmLzEvOVBrZWdkUGNPVmFIWWNoOHdodVVHaGtHT3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9kMmVmNWYtMmFlOS00ODZhLThiZDctNTFmMDc3ZjMwZDNm
LzEvR1U0UXFWYjZVbEZ1ajlPNU1ZNkVwVk9EMWlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsApfMA0G
CSqGSIb3DQEBCwUAA4IBAQC3xaY7mQh8KiKImuZA2zwStTcazwqbqTkATW1QoDLk
f9EdpdTeI9MfTjE+4vWAcfhPPgoQGSZ5Xc1Gt7MUUDXssymeXaG7aNjx+WDBI6yZ
9+P0p4cfYElvcDzSkvI3mIhS7wcffVY37IGO3zKWNaD4c3Uakk7bvZrmdoSfm5JX
aAXDQ8q4aalLHCxmK1Ntv4GCMFzSDM6aP6tUjy+/845sy3QqLLNEJ7eIqeHxdx9U
CydmwS6asPQWnNMH+3M2BUL3Xd6iN9u0glAz30Efeq9CWfqb+AwIy/qR5drjWgY8
MGq+Vqcou0RDPNVcngL1/e9MwIxizVDoBduQ0WzVW+Mx
-----END CERTIFICATE-----