Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/PA9a7mmxzeJuoTmmqOPzfa0EJeU.roa
File:                     PA9a7mmxzeJuoTmmqOPzfa0EJeU.roa (raw, json)
Hash identifier:          cxrAyolBCBdgGmcgbRXCGM/uyRcD+ekmyS1D3d9CyCE=
Subject key identifier:   3C:0F:5A:EE:69:B1:CD:E2:6E:A1:39:A6:A8:E3:F3:7D:AD:04:25:E5
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       01992DE0B3D655AEE9C85CCEDF45724577CD
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/PA9a7mmxzeJuoTmmqOPzfa0EJeU.roa
Signing time:             Tue 09 Sep 2025 09:48:44 +0000
ROA not before:           Tue 09 Sep 2025 09:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        80.254.236.0/22 maxlen: 24
                          193.187.168.0/22 maxlen: 24
                          194.39.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2d:e0:b3:d6:55:ae:e9:c8:5c:ce:df:45:72:45:77:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Sep  9 09:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c0f5aee69b1cde26ea139a6a8e3f37dad0425e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bc:88:d4:63:e6:f1:67:5c:18:45:3c:ab:d6:
                    6a:f2:21:e2:94:b2:4c:80:59:03:40:64:14:bf:ba:
                    69:f0:2f:7d:18:9e:2b:0a:2f:75:7f:54:e7:28:28:
                    ec:fc:aa:b2:72:c5:4b:11:a2:c4:8d:02:15:dd:5f:
                    83:88:5e:d4:bd:89:39:fc:8c:83:be:78:e0:14:f5:
                    31:f4:2f:39:b8:7b:c1:26:29:7e:c7:46:b7:90:d0:
                    49:1f:34:67:d1:c4:94:f0:d3:47:71:1b:3d:88:cb:
                    f5:9b:05:d0:f8:d5:2a:8e:aa:47:02:98:2f:6c:c1:
                    24:f4:b5:1d:b8:67:15:5c:c4:7f:3c:70:94:fa:30:
                    be:2b:a9:5b:e7:9f:d3:df:c7:99:d0:fe:9b:bc:69:
                    82:99:03:4e:b2:eb:78:f7:82:ac:32:55:87:29:c3:
                    78:68:53:80:06:02:ab:28:5a:c7:a7:59:46:87:bd:
                    69:8d:a1:d1:6d:e9:45:76:16:cd:e0:b7:5f:55:7d:
                    c4:27:db:81:eb:b7:f5:88:c6:1a:03:e4:01:f0:6a:
                    af:e5:4f:13:1f:d2:19:3f:1b:b5:5d:bf:8d:7f:23:
                    1f:4a:fb:d5:8e:f5:4f:97:07:5e:65:bb:33:1e:12:
                    a2:87:e6:24:46:e1:65:cd:18:fe:8a:6b:0a:bd:97:
                    23:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:0F:5A:EE:69:B1:CD:E2:6E:A1:39:A6:A8:E3:F3:7D:AD:04:25:E5
            X509v3 Authority Key Identifier:
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/PA9a7mmxzeJuoTmmqOPzfa0EJeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.254.236.0/22
                  193.187.168.0/22
                  194.39.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:7b:80:41:c3:1c:61:ce:d3:99:76:d8:eb:a5:80:b6:c0:4f:
         aa:da:4a:d8:4e:fb:71:0e:e5:07:13:4b:30:74:37:df:31:b3:
         70:a1:00:4f:7b:cf:66:58:1c:be:22:e1:df:8c:09:94:38:50:
         57:34:94:74:16:b6:77:9b:b4:3d:35:0c:eb:9b:ad:a5:0c:58:
         8a:8c:14:03:18:38:fa:36:87:86:dd:a9:6b:5a:f6:b9:87:dd:
         a6:97:9d:96:4a:29:eb:f1:c2:11:fa:48:2c:3b:fc:ae:01:78:
         0e:cf:44:4a:84:a5:00:04:a0:22:65:96:d3:ef:f8:7d:0b:ac:
         fb:36:8f:dd:5c:94:42:70:a2:52:2e:47:0d:8b:80:19:da:b0:
         01:cb:03:14:73:3d:6b:b8:25:f1:5f:71:99:b8:0b:3a:ca:4d:
         a7:91:70:8c:6c:e0:84:93:6a:bc:6a:c2:92:76:5c:4b:e7:34:
         32:d5:0b:fc:4a:22:bf:76:d5:8e:da:4b:9d:1a:3a:5a:38:7a:
         12:77:84:65:8f:63:cb:2a:8e:e5:bc:b3:0a:76:c2:d0:de:a2:
         2a:7c:9e:67:78:2e:2b:aa:1c:f9:b7:77:48:71:7c:39:c9:6d:
         2e:5b:09:b7:e1:4a:20:b5:a9:02:e1:f2:d2:84:fe:31:a8:42:
         79:37:ee:a9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkt4LPWVa7pyFzO30VyRXfNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNmM2NjBiMzBmNTY5MmIyYjE2ZTI4OWIyNDkwMWM1MThm
ZGE1MjAwHhcNMjUwOTA5MDk0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzBmNWFlZTY5YjFjZGUyNmVhMTM5YTZhOGUzZjM3ZGFkMDQyNWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLyI1GPm8WdcGEU8q9Zq8iHilLJM
gFkDQGQUv7pp8C99GJ4rCi91f1TnKCjs/KqycsVLEaLEjQIV3V+DiF7UvYk5/IyD
vnjgFPUx9C85uHvBJil+x0a3kNBJHzRn0cSU8NNHcRs9iMv1mwXQ+NUqjqpHApgv
bMEk9LUduGcVXMR/PHCU+jC+K6lb55/T38eZ0P6bvGmCmQNOsut494KsMlWHKcN4
aFOABgKrKFrHp1lGh71pjaHRbelFdhbN4LdfVX3EJ9uB67f1iMYaA+QB8Gqv5U8T
H9IZPxu1Xb+NfyMfSvvVjvVPlwdeZbszHhKih+YkRuFlzRj+imsKvZcj6QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDwPWu5psc3ibqE5pqjj832tBCXlMB8GA1UdIwQY
MBaAFBJsZgsw9WkrKxbiibJJAcUY/aUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjIt
NDM4YWNiNzJmYzViLzEvUEE5YTdtbXh6ZUp1b1RtbXFPUHpmYTBFSmVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjItNDM4YWNiNzJmYzVi
LzEvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCUP7sAwQC
wbuoAwQCwidEMA0GCSqGSIb3DQEBCwUAA4IBAQAze4BBwxxhztOZdtjrpYC2wE+q
2krYTvtxDuUHE0swdDffMbNwoQBPe89mWBy+IuHfjAmUOFBXNJR0FrZ3m7Q9NQzr
m62lDFiKjBQDGDj6NoeG3alrWva5h92ml52WSinr8cIR+kgsO/yuAXgOz0RKhKUA
BKAiZZbT7/h9C6z7No/dXJRCcKJSLkcNi4AZ2rABywMUcz1ruCXxX3GZuAs6yk2n
kXCMbOCEk2q8asKSdlxL5zQy1Qv8SiK/dtWO2kudGjpaOHoSd4Rlj2PLKo7lvLMK
dsLQ3qIqfJ5neC4rqhz5t3dIcXw5yW0uWwm34UogtakC4fLShP4xqEJ5N+6p
-----END CERTIFICATE-----