Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/2tVvT-OzgGdNXgQsNlAxpRssgyE.roa
File:                     2tVvT-OzgGdNXgQsNlAxpRssgyE.roa (raw, json)
Hash identifier:          EhNAeP4JfxTsW+0bH7nE7m5v2RlCWybXdkQhCZXgLiY=
Subject key identifier:   DA:D5:6F:4F:E3:B3:80:67:4D:5E:04:2C:36:50:31:A5:1B:2C:83:21
Certificate issuer:       /CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
Certificate serial:       0198F07F76173341BF4B965880BD0F07F90B
Authority key identifier: 90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/2tVvT-OzgGdNXgQsNlAxpRssgyE.roa
Signing time:             Thu 28 Aug 2025 11:45:41 +0000
ROA not before:           Thu 28 Aug 2025 11:45:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44559
IP address blocks:        194.242.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f0:7f:76:17:33:41:bf:4b:96:58:80:bd:0f:07:f9:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
        Validity
            Not Before: Aug 28 11:45:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dad56f4fe3b380674d5e042c365031a51b2c8321
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:47:0f:8e:b6:d8:02:c8:61:42:1e:7c:eb:f5:
                    f6:cb:6e:6b:20:65:0e:bd:0b:7e:61:90:8b:24:ee:
                    f1:c9:79:8c:c5:ec:60:e2:a3:4b:7d:6c:96:93:5d:
                    df:0e:0c:c6:27:90:82:10:09:35:cf:c9:2f:35:f2:
                    74:9d:a6:d8:33:67:50:eb:0c:2e:87:d8:da:1f:59:
                    76:28:6d:1f:3a:d9:ab:38:30:d0:c0:f2:c2:f1:51:
                    d8:ec:ec:68:86:c0:59:03:ce:8e:ce:26:aa:22:a7:
                    76:88:54:38:01:65:9c:01:15:c7:b8:00:9a:20:e6:
                    4e:a4:55:ad:9e:57:a8:c9:de:89:d1:13:94:41:6a:
                    cb:b8:8e:ac:08:83:09:ad:6d:e3:b2:38:5d:18:bf:
                    11:4c:47:da:26:7e:6b:a6:41:de:23:81:7c:75:87:
                    99:5b:9c:62:9f:5c:05:3f:1e:24:9b:d6:88:e7:11:
                    97:c9:39:73:2e:02:36:cb:da:40:09:6c:11:8c:83:
                    97:f8:44:0b:57:8d:dd:5c:91:a8:bf:c7:ea:03:a4:
                    d5:51:f8:88:16:3f:7b:9e:56:fe:46:37:ac:68:d0:
                    44:91:bb:4e:cb:f4:ec:e5:12:50:7d:e4:21:53:f0:
                    99:8b:a0:77:d8:b3:47:d4:01:0f:71:2f:aa:0a:c9:
                    9c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D5:6F:4F:E3:B3:80:67:4D:5E:04:2C:36:50:31:A5:1B:2C:83:21
            X509v3 Authority Key Identifier:
                keyid:90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/2tVvT-OzgGdNXgQsNlAxpRssgyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:83:5c:1f:92:85:b1:6e:42:17:d9:b7:ec:62:32:65:48:d4:
         03:12:3b:84:09:9c:f7:b6:67:0c:96:05:2d:ba:fe:4f:98:92:
         c6:46:14:4d:c8:2e:9b:90:4c:17:3b:b9:71:86:21:12:95:70:
         b4:29:6e:5e:f3:03:77:f8:8b:b1:df:b6:16:c4:b1:6b:db:3f:
         82:2e:33:5a:c1:f8:92:4b:a0:20:74:6a:77:3a:23:d2:80:1b:
         3b:a4:8f:8c:a8:ba:d7:22:ad:f6:f6:2b:df:3c:42:5b:94:32:
         a9:ea:7a:d9:3a:6e:87:96:f7:c8:87:1c:0a:a3:8a:55:09:8f:
         da:fc:45:42:88:a1:a8:37:ad:8c:e1:7f:ed:db:49:96:45:7e:
         83:80:0e:14:27:bf:0d:73:4e:16:de:f2:7c:ed:90:96:9d:7e:
         98:1d:2b:d6:6f:cb:c9:08:90:21:18:ee:12:c8:39:0a:a7:80:
         7f:77:61:73:77:8d:c5:da:9d:94:0f:45:84:ba:9b:06:04:a8:
         d3:a1:eb:93:db:dc:0a:bb:7d:26:0e:f4:4f:2c:df:1f:a0:36:
         a2:79:0c:8a:f2:54:46:a7:1b:77:bf:00:5a:7a:e7:70:bb:9c:
         e2:76:7f:b9:48:37:f6:3d:73:f7:18:83:36:7f:68:09:24:09:
         3d:81:d2:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjwf3YXM0G/S5ZYgL0PB/kLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwODE0ZGQzOWRkMzkyNWNmZjg4YmYzNGQ0MzA3ZmQ2YzYy
MTY1ZWIwHhcNMjUwODI4MTE0NTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWQ1NmY0ZmUzYjM4MDY3NGQ1ZTA0MmMzNjUwMzFhNTFiMmM4MzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEcPjrbYAshhQh586/X2y25rIGUO
vQt+YZCLJO7xyXmMxexg4qNLfWyWk13fDgzGJ5CCEAk1z8kvNfJ0nabYM2dQ6wwu
h9jaH1l2KG0fOtmrODDQwPLC8VHY7OxohsBZA86OziaqIqd2iFQ4AWWcARXHuACa
IOZOpFWtnleoyd6J0ROUQWrLuI6sCIMJrW3jsjhdGL8RTEfaJn5rpkHeI4F8dYeZ
W5xin1wFPx4km9aI5xGXyTlzLgI2y9pACWwRjIOX+EQLV43dXJGov8fqA6TVUfiI
Fj97nlb+RjesaNBEkbtOy/Ts5RJQfeQhU/CZi6B32LNH1AEPcS+qCsmcuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrVb0/js4BnTV4ELDZQMaUbLIMhMB8GA1UdIwQY
MBaAFJCBTdOd05Jc/4i/NNQwf9bGIWXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjkt
OTQwYWU0NTRjYjg1LzEvMnRWdlQtT3pnR2ROWGdRc05sQXhwUnNzZ3lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjktOTQwYWU0NTRjYjg1
LzEva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvJ/MA0G
CSqGSIb3DQEBCwUAA4IBAQDYg1wfkoWxbkIX2bfsYjJlSNQDEjuECZz3tmcMlgUt
uv5PmJLGRhRNyC6bkEwXO7lxhiESlXC0KW5e8wN3+Iux37YWxLFr2z+CLjNawfiS
S6AgdGp3OiPSgBs7pI+MqLrXIq329ivfPEJblDKp6nrZOm6HlvfIhxwKo4pVCY/a
/EVCiKGoN62M4X/t20mWRX6DgA4UJ78Nc04W3vJ87ZCWnX6YHSvWb8vJCJAhGO4S
yDkKp4B/d2Fzd43F2p2UD0WEupsGBKjToeuT29wKu30mDvRPLN8foDaieQyK8lRG
pxt3vwBaeudwu5zidn+5SDf2PXP3GIM2f2gJJAk9gdI1
-----END CERTIFICATE-----