Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/JbzhdefJbSbcMWzYg2HKOZi42yQ.roa
File:                     JbzhdefJbSbcMWzYg2HKOZi42yQ.roa (raw, json)
Hash identifier:          Lr8qqBdkJKxtoR5S2Pga1jAiow0N/LgTqH30jZ9Ys0M=
Subject key identifier:   25:BC:E1:75:E7:C9:6D:26:DC:31:6C:D8:83:61:CA:39:98:B8:DB:24
Certificate issuer:       /CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
Certificate serial:       019909EDB114317A03136DB6962319DD49B0
Authority key identifier: 4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/JbzhdefJbSbcMWzYg2HKOZi42yQ.roa
Signing time:             Tue 02 Sep 2025 10:16:36 +0000
ROA not before:           Tue 02 Sep 2025 10:16:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59703
IP address blocks:        94.139.180.0/24 maxlen: 24
                          94.139.181.0/24 maxlen: 24
                          94.139.182.0/23 maxlen: 23
                          94.139.182.0/24 maxlen: 24
                          94.139.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:09:ed:b1:14:31:7a:03:13:6d:b6:96:23:19:dd:49:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
        Validity
            Not Before: Sep  2 10:16:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25bce175e7c96d26dc316cd88361ca3998b8db24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ce:64:f5:8f:30:3a:f1:a3:08:14:26:dc:75:
                    5c:85:97:01:2c:7e:14:f4:c8:28:23:10:8c:be:e2:
                    16:c7:02:51:95:66:62:60:c2:14:06:9f:09:05:6e:
                    2f:a2:80:b6:80:3f:d9:03:c4:c4:7a:82:ce:62:08:
                    f5:22:9d:4e:4f:29:d8:53:84:73:c8:87:62:a9:c4:
                    c9:41:92:8f:7e:4b:92:aa:a6:7b:57:03:4f:74:73:
                    9b:fe:b6:cc:f4:fa:2e:74:4f:06:b5:24:61:85:9c:
                    49:88:97:34:a6:46:77:7a:eb:8a:73:f7:ae:02:57:
                    f1:82:41:8a:b7:00:9e:90:31:e9:2f:66:44:c1:61:
                    9a:e0:c7:39:cc:74:ff:1d:6d:e4:ea:7f:33:c2:1d:
                    1f:57:15:91:d6:e3:41:2d:bf:34:fa:c7:f4:c3:b4:
                    08:4c:76:2f:11:4b:33:8c:a4:92:c1:65:79:c9:ed:
                    4f:01:9e:f4:b4:6c:fb:65:38:c9:7b:53:e0:8b:09:
                    91:c0:ab:21:89:48:07:9d:5e:92:23:25:cd:22:58:
                    6a:5f:d9:a8:1d:ef:3e:8e:54:43:b3:5d:eb:79:12:
                    99:78:f0:fd:01:85:ba:ad:6a:4f:29:00:79:49:06:
                    4a:8c:35:eb:8a:f5:31:6c:a2:59:4a:58:04:a2:37:
                    7a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:BC:E1:75:E7:C9:6D:26:DC:31:6C:D8:83:61:CA:39:98:B8:DB:24
            X509v3 Authority Key Identifier:
                keyid:4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/JbzhdefJbSbcMWzYg2HKOZi42yQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.139.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:a5:c0:c7:a1:90:42:7d:59:78:56:09:53:a3:ad:8a:f4:92:
         f0:98:2e:12:69:68:e2:97:19:fe:86:44:77:cd:c0:67:99:cf:
         76:9a:aa:96:14:0b:41:38:c0:65:53:bf:78:b9:a5:43:83:1a:
         d9:eb:5b:25:45:4b:a4:86:3b:92:57:1d:6d:a9:1e:f8:82:c2:
         6d:89:ac:1c:ad:36:2b:a0:da:32:ed:5a:b6:f4:87:12:b7:0b:
         03:89:66:f1:e7:81:15:cd:f7:49:a7:a4:85:18:b8:03:e1:63:
         33:43:0c:10:09:56:aa:98:51:69:10:47:c6:b4:fa:af:f8:bd:
         28:b4:4c:05:45:3d:1a:2a:9d:8b:d3:ea:eb:fe:33:e3:cf:66:
         8a:67:2c:b4:7d:b2:82:7b:c1:d4:b8:04:98:22:6e:b6:10:ca:
         90:f7:9e:dd:3e:aa:9c:e6:86:73:03:07:d1:06:db:10:7e:74:
         6a:40:06:cf:9c:66:f2:fa:ab:ec:4d:9f:14:fe:df:94:31:32:
         3f:58:1f:69:49:11:b4:7d:d1:09:44:be:f1:ff:06:31:b4:eb:
         40:df:f7:d7:df:17:6f:86:4d:a0:a2:b6:be:45:31:d6:18:66:
         21:b2:de:11:15:52:f1:6c:ca:fd:d0:72:d1:7d:4d:57:6f:8e:
         f4:39:22:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkJ7bEUMXoDE222liMZ3UmwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDc0ZmJiYmFlNThkZDA4NzZkOTllODBlYzgyYTExYTQ0
NzdmN2UwHhcNMjUwOTAyMTAxNjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWJjZTE3NWU3Yzk2ZDI2ZGMzMTZjZDg4MzYxY2EzOTk4YjhkYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj85k9Y8wOvGjCBQm3HVchZcBLH4U
9MgoIxCMvuIWxwJRlWZiYMIUBp8JBW4vooC2gD/ZA8TEeoLOYgj1Ip1OTynYU4Rz
yIdiqcTJQZKPfkuSqqZ7VwNPdHOb/rbM9PoudE8GtSRhhZxJiJc0pkZ3euuKc/eu
AlfxgkGKtwCekDHpL2ZEwWGa4Mc5zHT/HW3k6n8zwh0fVxWR1uNBLb80+sf0w7QI
THYvEUszjKSSwWV5ye1PAZ70tGz7ZTjJe1PgiwmRwKshiUgHnV6SIyXNIlhqX9mo
He8+jlRDs13reRKZePD9AYW6rWpPKQB5SQZKjDXrivUxbKJZSlgEojd6mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCW84XXnyW0m3DFs2INhyjmYuNskMB8GA1UdIwQY
MBaAFE3XT7u65Y3Qh22Z6A7IKhGkR39+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmIt
OGVhYjdmNGZlNzdlLzEvSmJ6aGRlZkpiU2JjTVd6WWcySEtPWmk0MnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdl
LzEvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXou0MA0G
CSqGSIb3DQEBCwUAA4IBAQClpcDHoZBCfVl4VglTo62K9JLwmC4SaWjilxn+hkR3
zcBnmc92mqqWFAtBOMBlU794uaVDgxrZ61slRUukhjuSVx1tqR74gsJtiawcrTYr
oNoy7Vq29IcStwsDiWbx54EVzfdJp6SFGLgD4WMzQwwQCVaqmFFpEEfGtPqv+L0o
tEwFRT0aKp2L0+rr/jPjz2aKZyy0fbKCe8HUuASYIm62EMqQ957dPqqc5oZzAwfR
BtsQfnRqQAbPnGby+qvsTZ8U/t+UMTI/WB9pSRG0fdEJRL7x/wYxtOtA3/fX3xdv
hk2gora+RTHWGGYhst4RFVLxbMr90HLRfU1Xb470OSLU
-----END CERTIFICATE-----