Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/f91a85-e93c-4a49-8215-8497717a4f61/1/SoVuu5cSE-a7b5i8aLokg9V-CPk.roa
File:                     SoVuu5cSE-a7b5i8aLokg9V-CPk.roa (raw, json)
Hash identifier:          fcsl2vUdBu+342WmKzTFEQ1uDfRLz+i6/wCTrStZ6x8=
Subject key identifier:   4A:85:6E:BB:97:12:13:E6:BB:6F:98:BC:68:BA:24:83:D5:7E:08:F9
Certificate issuer:       /CN=e3106ac3ea760b2d0242a9efba2c2116b626f824
Certificate serial:       019A1029240336123309114309850BA663F2
Authority key identifier: E3:10:6A:C3:EA:76:0B:2D:02:42:A9:EF:BA:2C:21:16:B6:26:F8:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xBqw-p2Cy0CQqnvuiwhFrYm-CQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/f91a85-e93c-4a49-8215-8497717a4f61/1/SoVuu5cSE-a7b5i8aLokg9V-CPk.roa
Signing time:             Thu 23 Oct 2025 08:22:02 +0000
ROA not before:           Thu 23 Oct 2025 08:22:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204934
IP address blocks:        188.68.64.0/20 maxlen: 24
                          2a0a:f480::/32 maxlen: 48
                          2a0a:f487::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/f91a85-e93c-4a49-8215-8497717a4f61/1/4xBqw-p2Cy0CQqnvuiwhFrYm-CQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/f91a85-e93c-4a49-8215-8497717a4f61/1/4xBqw-p2Cy0CQqnvuiwhFrYm-CQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xBqw-p2Cy0CQqnvuiwhFrYm-CQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:10:29:24:03:36:12:33:09:11:43:09:85:0b:a6:63:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3106ac3ea760b2d0242a9efba2c2116b626f824
        Validity
            Not Before: Oct 23 08:22:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a856ebb971213e6bb6f98bc68ba2483d57e08f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9c:e2:65:a0:d7:ff:7d:d7:c1:cc:52:61:05:
                    8e:ca:aa:0e:5d:15:19:da:c4:64:b3:b2:68:76:5e:
                    b8:e9:7a:09:9d:bf:8a:d4:12:ea:f6:2c:26:6f:b2:
                    00:4a:05:22:5a:a1:6c:63:ff:ee:6e:ca:44:67:73:
                    f5:b7:7f:d1:e2:6d:3a:f8:8e:84:72:f5:41:45:75:
                    48:c3:e2:e6:e4:59:99:ea:2f:a8:00:68:80:94:8b:
                    ae:da:bd:09:aa:53:17:74:ff:7e:fa:60:b6:11:67:
                    98:00:64:e8:ad:9f:12:eb:f5:4d:27:dc:2d:3c:9c:
                    42:10:a0:26:67:31:e5:17:86:fe:ac:a5:8f:73:76:
                    75:4a:9a:53:d3:7c:5b:a1:2b:9a:2b:01:10:58:b9:
                    22:d1:4a:00:57:27:a0:99:ea:94:36:9f:42:50:de:
                    50:a0:36:08:ef:3c:d2:d6:c2:25:71:bf:34:21:ea:
                    1f:1e:8f:8e:66:92:40:29:44:cd:75:a1:0f:38:78:
                    7a:14:89:f3:08:d6:cb:47:41:96:84:87:e9:82:43:
                    aa:f8:44:08:95:8f:1a:99:72:6a:95:b3:fb:71:8e:
                    03:d1:51:97:67:dd:3b:bb:29:e5:49:b0:69:43:c7:
                    1b:9a:f3:cb:d6:9a:d0:d8:d2:10:ca:14:c2:f3:e8:
                    75:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:85:6E:BB:97:12:13:E6:BB:6F:98:BC:68:BA:24:83:D5:7E:08:F9
            X509v3 Authority Key Identifier:
                keyid:E3:10:6A:C3:EA:76:0B:2D:02:42:A9:EF:BA:2C:21:16:B6:26:F8:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xBqw-p2Cy0CQqnvuiwhFrYm-CQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/f91a85-e93c-4a49-8215-8497717a4f61/1/SoVuu5cSE-a7b5i8aLokg9V-CPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/f91a85-e93c-4a49-8215-8497717a4f61/1/4xBqw-p2Cy0CQqnvuiwhFrYm-CQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.68.64.0/20
                IPv6:
                  2a0a:f480::/32
                  2a0a:f487::/32

    Signature Algorithm: sha256WithRSAEncryption
         39:0e:7a:e6:94:b3:9b:f9:97:9a:bc:77:42:a5:52:37:ab:31:
         df:07:bf:69:4b:b6:dd:ea:47:8f:94:6c:19:09:b8:89:c4:a2:
         ef:ce:b4:e7:05:4a:1a:03:dd:0e:a1:cc:71:b4:ab:c5:1f:db:
         c5:e5:13:61:37:c9:62:eb:42:51:62:a8:30:fd:f8:12:9b:27:
         9f:06:d9:fa:90:a3:8c:13:28:28:ef:e0:bc:4a:af:97:6a:32:
         c5:70:ea:b8:02:da:9b:77:2c:73:59:e5:da:d9:54:bb:ee:14:
         1e:f6:55:4c:6f:e4:fe:1c:87:36:78:e5:68:f1:2f:00:5d:e2:
         f0:0e:23:8d:b1:87:b8:52:60:a5:77:db:67:5b:ad:c0:06:0f:
         46:9e:68:f0:20:be:20:f7:8b:b9:44:40:38:d6:d4:c8:dd:5c:
         3f:81:55:df:36:fb:42:44:4f:39:1a:91:d3:ad:e7:4e:61:f1:
         14:ef:3e:9e:77:08:86:0f:de:bc:66:59:dc:a4:1c:12:52:c3:
         78:ba:0b:6c:a0:57:ff:eb:fc:64:ef:57:11:df:73:d1:7c:1b:
         d4:fc:45:92:8b:c4:08:e4:b7:7c:03:a6:f8:23:b8:14:e9:bd:
         7e:1f:61:2d:56:60:56:38:f0:69:76:34:4c:c2:c4:ba:6e:a8:
         f2:2d:b1:08
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZoQKSQDNhIzCRFDCYULpmPyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTA2YWMzZWE3NjBiMmQwMjQyYTllZmJhMmMyMTE2YjYy
NmY4MjQwHhcNMjUxMDIzMDgyMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTg1NmViYjk3MTIxM2U2YmI2Zjk4YmM2OGJhMjQ4M2Q1N2UwOGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpziZaDX/33XwcxSYQWOyqoOXRUZ
2sRks7Jodl646XoJnb+K1BLq9iwmb7IASgUiWqFsY//ubspEZ3P1t3/R4m06+I6E
cvVBRXVIw+Lm5FmZ6i+oAGiAlIuu2r0JqlMXdP9++mC2EWeYAGTorZ8S6/VNJ9wt
PJxCEKAmZzHlF4b+rKWPc3Z1SppT03xboSuaKwEQWLki0UoAVyegmeqUNp9CUN5Q
oDYI7zzS1sIlcb80IeofHo+OZpJAKUTNdaEPOHh6FInzCNbLR0GWhIfpgkOq+EQI
lY8amXJqlbP7cY4D0VGXZ907uynlSbBpQ8cbmvPL1prQ2NIQyhTC8+h1NQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFEqFbruXEhPmu2+YvGi6JIPVfgj5MB8GA1UdIwQY
MBaAFOMQasPqdgstAkKp77osIRa2JvgkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhCcXctcDJDeTBDUXFudnVpd2hGclltLUNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9mOTFhODUtZTkzYy00YTQ5LTgyMTUt
ODQ5NzcxN2E0ZjYxLzEvU29WdXU1Y1NFLWE3YjVpOGFMb2tnOVYtQ1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9mOTFhODUtZTkzYy00YTQ5LTgyMTUtODQ5NzcxN2E0ZjYx
LzEvNHhCcXctcDJDeTBDUXFudnVpd2hGclltLUNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQEvERAMBQE
AgACMA4DBQAqCvSAAwUAKgr0hzANBgkqhkiG9w0BAQsFAAOCAQEAOQ565pSzm/mX
mrx3QqVSN6sx3we/aUu23epHj5RsGQm4icSi78605wVKGgPdDqHMcbSrxR/bxeUT
YTfJYutCUWKoMP34EpsnnwbZ+pCjjBMoKO/gvEqvl2oyxXDquALam3csc1nl2tlU
u+4UHvZVTG/k/hyHNnjlaPEvAF3i8A4jjbGHuFJgpXfbZ1utwAYPRp5o8CC+IPeL
uURAONbUyN1cP4FV3zb7QkRPORqR063nTmHxFO8+nncIhg/evGZZ3KQcElLDeLoL
bKBX/+v8ZO9XEd9z0Xwb1PxFkovECOS3fAOm+CO4FOm9fh9hLVZgVjjwaXY0TMLE
um6o8i2xCA==
-----END CERTIFICATE-----