Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/zJBCvHs2wbJWJ0A5Rejmy7Aa7ak.roa
File:                     zJBCvHs2wbJWJ0A5Rejmy7Aa7ak.roa (raw, json)
Hash identifier:          KV1JiCfLEP0rU5d+WXfKUjD5DQXv37b4kuNAfak9GSI=
Subject key identifier:   CC:90:42:BC:7B:36:C1:B2:56:27:40:39:45:E8:E6:CB:B0:1A:ED:A9
Certificate issuer:       /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial:       0199241C1520A2F7B38AB94ABDD2BB7F3376
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/zJBCvHs2wbJWJ0A5Rejmy7Aa7ak.roa
Signing time:             Sun 07 Sep 2025 12:17:23 +0000
ROA not before:           Sun 07 Sep 2025 12:17:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213938
IP address blocks:        192.109.147.0/24 maxlen: 24
                          2a07:8143::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 17:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:24:1c:15:20:a2:f7:b3:8a:b9:4a:bd:d2:bb:7f:33:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
        Validity
            Not Before: Sep  7 12:17:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc9042bc7b36c1b25627403945e8e6cbb01aeda9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1f:3c:cd:95:98:d4:68:8f:5e:62:68:23:c6:
                    23:55:22:d8:d2:ad:59:23:11:b2:2a:63:ba:8b:19:
                    bc:95:73:dc:33:70:08:d4:90:71:09:db:1b:55:61:
                    4d:8a:da:24:dc:56:02:db:d0:eb:fe:0b:fc:cc:01:
                    86:72:fc:30:c2:79:22:83:33:19:9d:6d:e7:44:f5:
                    5c:1b:7a:4e:25:1d:ab:cd:fe:51:c5:fc:d4:5e:b7:
                    4f:26:29:a6:4b:21:f4:00:36:91:3c:b1:a4:91:82:
                    28:1d:03:7e:08:28:69:c9:eb:a6:03:53:d6:e4:b7:
                    78:9c:46:19:67:c2:bb:2b:07:8f:6c:6e:39:61:ef:
                    f2:ff:d8:5e:d2:f4:5b:15:2b:b5:3b:d8:26:9a:54:
                    7e:51:b7:14:09:13:4f:93:a2:fc:43:42:77:8d:30:
                    77:59:4a:e4:d3:89:d0:a9:35:15:8d:37:ef:85:87:
                    7f:08:a4:01:7c:20:8f:d9:b0:0f:24:60:cc:81:69:
                    d0:f6:31:8c:e5:74:18:6f:2f:ec:74:30:37:e0:61:
                    17:39:e4:8f:fa:50:c3:03:ae:43:a7:69:d8:6d:e3:
                    46:7f:0b:f3:46:a6:48:0c:4e:6f:74:89:69:86:ce:
                    d4:27:9b:e0:b8:dd:89:0e:4d:34:d4:1b:8d:c3:cc:
                    65:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:90:42:BC:7B:36:C1:B2:56:27:40:39:45:E8:E6:CB:B0:1A:ED:A9
            X509v3 Authority Key Identifier:
                keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/zJBCvHs2wbJWJ0A5Rejmy7Aa7ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.147.0/24
                IPv6:
                  2a07:8143::/36

    Signature Algorithm: sha256WithRSAEncryption
         2f:72:8e:2e:81:3c:f6:d5:f2:d3:9c:62:65:08:3d:04:7d:09:
         2e:c2:b2:f7:a0:b0:ba:cc:6a:f1:e3:c6:73:4d:86:4f:e6:83:
         28:eb:81:90:e5:37:0b:bf:e3:87:8b:3d:9b:f3:f7:b4:81:dc:
         1e:d0:17:0a:46:04:fb:88:2e:3e:44:7c:18:30:bf:98:d2:c9:
         11:47:86:cd:86:46:50:78:1a:07:f1:2a:c0:2b:cf:ad:d6:2e:
         21:2f:51:31:60:1a:53:3e:43:83:2e:be:78:e0:92:c1:b4:19:
         44:51:a8:8e:f0:8f:49:2e:0a:95:2b:1f:1f:97:fe:bd:1e:6d:
         14:34:29:89:fa:31:24:63:9d:2e:f5:4e:3f:1b:80:44:3d:b9:
         54:e9:7a:97:41:88:06:82:37:56:3a:90:7a:e8:04:6d:90:bb:
         18:00:f8:0c:54:89:a9:b6:e9:fb:61:89:41:2f:94:cb:a8:0c:
         8e:a1:21:67:87:3a:f7:5d:b8:c6:60:2a:b1:09:6e:bc:d1:fa:
         68:f2:6f:f2:28:a8:fd:36:22:24:71:4a:69:21:f5:21:ab:49:
         6a:2c:52:cd:fb:ef:b4:64:20:85:cf:8a:d1:2a:b6:4e:74:c9:
         fa:77:e8:13:40:bc:40:1a:8e:79:0b:b1:7f:68:49:af:cc:74:
         77:7f:33:08
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZkkHBUgovezirlKvdK7fzN2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjUwOTA3MTIxNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzkwNDJiYzdiMzZjMWIyNTYyNzQwMzk0NWU4ZTZjYmIwMWFlZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxR88zZWY1GiPXmJoI8YjVSLY0q1Z
IxGyKmO6ixm8lXPcM3AI1JBxCdsbVWFNitok3FYC29Dr/gv8zAGGcvwwwnkigzMZ
nW3nRPVcG3pOJR2rzf5RxfzUXrdPJimmSyH0ADaRPLGkkYIoHQN+CChpyeumA1PW
5Ld4nEYZZ8K7KwePbG45Ye/y/9he0vRbFSu1O9gmmlR+UbcUCRNPk6L8Q0J3jTB3
WUrk04nQqTUVjTfvhYd/CKQBfCCP2bAPJGDMgWnQ9jGM5XQYby/sdDA34GEXOeSP
+lDDA65Dp2nYbeNGfwvzRqZIDE5vdIlphs7UJ5vguN2JDk001BuNw8xlrwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFMyQQrx7NsGyVidAOUXo5suwGu2pMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvekpCQ3ZIczJ3YkpXSjBBNVJlam15N0FhN2FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAwG2TMA4E
AgACMAgDBgQqB4FDADANBgkqhkiG9w0BAQsFAAOCAQEAL3KOLoE89tXy05xiZQg9
BH0JLsKy96Cwusxq8ePGc02GT+aDKOuBkOU3C7/jh4s9m/P3tIHcHtAXCkYE+4gu
PkR8GDC/mNLJEUeGzYZGUHgaB/EqwCvPrdYuIS9RMWAaUz5Dgy6+eOCSwbQZRFGo
jvCPSS4KlSsfH5f+vR5tFDQpifoxJGOdLvVOPxuARD25VOl6l0GIBoI3VjqQeugE
bZC7GAD4DFSJqbbp+2GJQS+Uy6gMjqEhZ4c69124xmAqsQluvNH6aPJv8iio/TYi
JHFKaSH1IatJaixSzfvvtGQghc+K0Sq2TnTJ+nfoE0C8QBqOeQuxf2hJr8x0d38z
CA==
-----END CERTIFICATE-----