Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/mo525hECNfAEonllRKyyBVCuVuY.roa
File:                     mo525hECNfAEonllRKyyBVCuVuY.roa (raw, json)
Hash identifier:          a5b0LUZ9waSvhihXnwQQ6mCuKjGwIDzPkvhonuJ3oDA=
Subject key identifier:   9A:8E:76:E6:11:02:35:F0:04:A2:79:65:44:AC:B2:05:50:AE:56:E6
Certificate issuer:       /CN=194e10a956fa52516e8fd3b9318e84a55383d62b
Certificate serial:       01970C52FDABDBC4D373EBBAA7373198F8FE
Authority key identifier: 19:4E:10:A9:56:FA:52:51:6E:8F:D3:B9:31:8E:84:A5:53:83:D6:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GU4QqVb6UlFuj9O5MY6EpVOD1is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/mo525hECNfAEonllRKyyBVCuVuY.roa
Signing time:             Mon 26 May 2025 11:20:54 +0000
ROA not before:           Mon 26 May 2025 11:20:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        176.10.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/GU4QqVb6UlFuj9O5MY6EpVOD1is.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/GU4QqVb6UlFuj9O5MY6EpVOD1is.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GU4QqVb6UlFuj9O5MY6EpVOD1is.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0c:52:fd:ab:db:c4:d3:73:eb:ba:a7:37:31:98:f8:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=194e10a956fa52516e8fd3b9318e84a55383d62b
        Validity
            Not Before: May 26 11:20:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a8e76e6110235f004a2796544acb20550ae56e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:35:1b:4e:06:41:07:13:35:81:86:b4:49:65:
                    fb:f8:ab:30:92:c4:2d:d7:1f:f3:e9:8d:10:b0:c0:
                    1d:6c:e3:e1:81:2d:8e:c7:49:46:be:2b:fc:9d:d1:
                    bd:d3:3f:bc:c3:e8:2b:8a:b1:6a:be:81:3b:3d:0a:
                    51:9c:46:73:ca:55:54:8f:63:e0:8c:e7:fb:e2:5c:
                    b1:dd:47:38:51:63:d1:b8:99:1b:df:53:02:75:3a:
                    67:03:64:37:62:3c:b2:b6:65:f0:01:64:19:5c:e5:
                    de:16:93:62:f0:c8:a0:b0:eb:ef:67:f7:48:c4:a3:
                    aa:7f:e2:73:1c:b9:d0:92:91:21:28:88:2c:7a:b7:
                    7b:28:4e:73:24:c9:53:e3:af:c1:f5:33:9d:c5:ec:
                    f8:6f:a5:67:29:47:8c:dc:56:e8:78:9d:2f:d0:68:
                    fc:b2:0e:af:96:6d:15:d1:35:a4:31:58:63:a1:ad:
                    72:97:b2:d6:b3:2c:94:51:86:8f:df:fd:e9:42:20:
                    3a:2f:2d:4c:05:d7:d1:60:aa:51:6b:cc:53:55:45:
                    de:19:0b:e9:a1:36:e3:fa:8c:fb:74:ba:07:a8:4b:
                    f7:e5:d5:60:4c:30:3d:40:6d:50:df:44:2a:b7:f0:
                    b9:b5:c4:e0:f8:9a:26:7b:7e:d7:69:97:33:85:e5:
                    b6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:8E:76:E6:11:02:35:F0:04:A2:79:65:44:AC:B2:05:50:AE:56:E6
            X509v3 Authority Key Identifier:
                keyid:19:4E:10:A9:56:FA:52:51:6E:8F:D3:B9:31:8E:84:A5:53:83:D6:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GU4QqVb6UlFuj9O5MY6EpVOD1is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/mo525hECNfAEonllRKyyBVCuVuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/d2ef5f-2ae9-486a-8bd7-51f077f30d3f/1/GU4QqVb6UlFuj9O5MY6EpVOD1is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.10.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:9f:5b:17:13:9d:f9:58:87:69:56:95:75:40:1a:ea:28:a3:
         bb:b2:57:82:3a:e3:41:ac:b2:80:ed:fe:17:94:06:89:be:09:
         e8:0a:49:ab:71:ba:66:c2:a3:db:3b:59:5c:59:15:5d:99:80:
         76:b3:c9:d0:7d:61:62:bd:a7:d9:78:c3:a0:9a:b4:e7:00:ae:
         b4:d0:fd:3c:ec:db:7a:03:c5:cd:fd:69:65:0a:00:57:d3:bf:
         e8:4e:3b:f8:13:ab:73:0f:59:31:cf:c3:d1:4c:64:87:55:9f:
         08:0b:e4:f0:ba:c1:cd:8c:00:cb:27:0a:b1:7f:11:a1:82:b0:
         6d:81:37:3c:1a:f9:3b:6c:a9:2e:29:49:e7:5f:4b:8a:8d:b3:
         84:fb:07:b8:fa:ab:7e:19:1a:70:8a:85:22:78:54:22:39:4c:
         bc:99:8c:e5:cc:86:6a:a1:09:9c:55:83:45:01:8a:e1:69:0a:
         eb:25:ee:fb:ca:5a:c3:37:1e:ac:5d:da:20:1b:5a:9e:31:c0:
         94:5e:88:16:00:62:e1:8f:2f:e9:41:68:ea:8a:ed:fa:4f:51:
         08:6d:13:9d:68:85:6f:22:7f:cf:89:7d:d7:64:9b:e8:cf:93:
         98:90:c9:17:76:20:e3:7c:31:a1:ac:1f:06:e2:54:f2:02:cc:
         6a:00:37:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcMUv2r28TTc+u6pzcxmPj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NGUxMGE5NTZmYTUyNTE2ZThmZDNiOTMxOGU4NGE1NTM4
M2Q2MmIwHhcNMjUwNTI2MTEyMDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YThlNzZlNjExMDIzNWYwMDRhMjc5NjU0NGFjYjIwNTUwYWU1NmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzUbTgZBBxM1gYa0SWX7+KswksQt
1x/z6Y0QsMAdbOPhgS2Ox0lGviv8ndG90z+8w+grirFqvoE7PQpRnEZzylVUj2Pg
jOf74lyx3Uc4UWPRuJkb31MCdTpnA2Q3YjyytmXwAWQZXOXeFpNi8MigsOvvZ/dI
xKOqf+JzHLnQkpEhKIgserd7KE5zJMlT46/B9TOdxez4b6VnKUeM3FboeJ0v0Gj8
sg6vlm0V0TWkMVhjoa1yl7LWsyyUUYaP3/3pQiA6Ly1MBdfRYKpRa8xTVUXeGQvp
oTbj+oz7dLoHqEv35dVgTDA9QG1Q30Qqt/C5tcTg+Jome37XaZczheW20QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqOduYRAjXwBKJ5ZUSssgVQrlbmMB8GA1UdIwQY
MBaAFBlOEKlW+lJRbo/TuTGOhKVTg9YrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1U0UXFWYjZVbEZ1ajlPNU1ZNkVwVk9EMWlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9kMmVmNWYtMmFlOS00ODZhLThiZDct
NTFmMDc3ZjMwZDNmLzEvbW81MjVoRUNOZkFFb25sbFJLeXlCVkN1VnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9kMmVmNWYtMmFlOS00ODZhLThiZDctNTFmMDc3ZjMwZDNm
LzEvR1U0UXFWYjZVbEZ1ajlPNU1ZNkVwVk9EMWlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsApfMA0G
CSqGSIb3DQEBCwUAA4IBAQCFn1sXE535WIdpVpV1QBrqKKO7sleCOuNBrLKA7f4X
lAaJvgnoCkmrcbpmwqPbO1lcWRVdmYB2s8nQfWFivafZeMOgmrTnAK600P087Nt6
A8XN/WllCgBX07/oTjv4E6tzD1kxz8PRTGSHVZ8IC+TwusHNjADLJwqxfxGhgrBt
gTc8Gvk7bKkuKUnnX0uKjbOE+we4+qt+GRpwioUieFQiOUy8mYzlzIZqoQmcVYNF
AYrhaQrrJe77ylrDNx6sXdogG1qeMcCUXogWAGLhjy/pQWjqiu36T1EIbROdaIVv
In/PiX3XZJvoz5OYkMkXdiDjfDGhrB8G4lTyAsxqADdM
-----END CERTIFICATE-----