Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DucELvM5uTqHfKC1qxEHArhuJrc.roa
File:                     DucELvM5uTqHfKC1qxEHArhuJrc.roa (raw, json)
Hash identifier:          H2ecWX70lX4efJkJOY9ZSpPfQFH+96mYfDxXZV9u+lw=
Subject key identifier:   0E:E7:04:2E:F3:39:B9:3A:87:7C:A0:B5:AB:11:07:02:B8:6E:26:B7
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0198EA9A1B41C4A98D3C40D064BBA9DD69FF
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DucELvM5uTqHfKC1qxEHArhuJrc.roa
Signing time:             Wed 27 Aug 2025 08:17:04 +0000
ROA not before:           Wed 27 Aug 2025 08:17:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140641
IP address blocks:        185.209.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 03:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:9a:1b:41:c4:a9:8d:3c:40:d0:64:bb:a9:dd:69:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Aug 27 08:17:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ee7042ef339b93a877ca0b5ab110702b86e26b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:02:85:b0:9a:0e:58:8f:f6:bc:4a:49:3a:a6:
                    7e:7d:fe:d1:a6:7b:3c:0b:e4:45:02:7c:b3:e1:29:
                    dd:22:c9:ab:d7:d7:3c:0e:50:ed:1d:d7:b5:7b:09:
                    dd:a8:67:9b:ee:0e:1d:05:b8:1c:7f:43:62:76:f5:
                    cf:68:01:99:b0:5f:f2:f8:1e:e2:6a:07:50:f3:31:
                    71:4b:12:6e:7e:91:43:2c:6a:12:18:92:11:3b:d1:
                    11:90:85:b5:29:dc:74:f8:3d:fe:9a:53:60:46:45:
                    36:be:54:7c:9f:52:9e:fb:f7:e3:92:e7:3d:12:f7:
                    e5:e3:fa:03:0c:a5:68:ca:f5:5f:32:af:e0:30:25:
                    d5:e5:d7:de:12:c6:10:41:86:e1:85:62:26:6f:d6:
                    65:1e:85:92:e1:05:05:2b:2a:8e:b0:64:37:27:15:
                    10:1d:e5:71:5f:26:65:ba:38:88:dc:67:ce:e4:ca:
                    0d:ff:ae:46:ed:5c:f1:1b:c4:1e:0f:0a:9c:36:00:
                    72:e2:68:74:dc:c4:34:ed:f5:2d:72:39:4f:0b:c5:
                    72:51:0f:f0:ee:35:a6:6b:35:99:1c:07:7d:a8:3a:
                    86:50:b6:e7:7d:31:11:fc:9d:fa:78:83:6b:91:93:
                    dc:c9:bb:83:e4:a0:83:65:1f:b5:69:d5:ac:43:39:
                    48:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:E7:04:2E:F3:39:B9:3A:87:7C:A0:B5:AB:11:07:02:B8:6E:26:B7
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DucELvM5uTqHfKC1qxEHArhuJrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:cc:5d:7b:c7:ea:dc:2b:2c:52:88:d4:7f:07:d6:ee:a4:1c:
         e4:9c:27:28:82:6d:13:94:c0:98:e3:97:e5:01:b2:fe:48:9a:
         59:d7:39:29:e9:db:ed:5a:6f:80:2c:06:54:ef:3d:d0:3c:5c:
         83:6a:bc:67:06:05:e3:43:82:07:0d:dc:18:65:2a:5d:ff:22:
         5a:40:d3:9a:cb:65:fa:0b:9a:a1:97:e7:f4:09:86:c1:22:c0:
         15:43:c6:6a:2f:b1:7a:55:d6:dc:01:3d:19:03:4a:12:63:9b:
         51:3c:dd:fa:90:1c:80:d9:1f:d5:38:b2:ed:16:05:10:b8:d7:
         95:39:10:80:ff:5c:22:58:0e:f0:b7:46:b4:02:28:ac:1c:dc:
         53:ca:90:87:59:2c:da:22:f6:94:f0:3a:7c:08:cd:43:4e:21:
         fa:be:25:79:c0:74:c9:3c:10:eb:96:e5:e2:54:ec:5f:d3:fe:
         10:b6:04:7b:26:7d:c2:7b:4d:63:77:a6:d7:37:d1:e1:71:b2:
         21:34:df:59:cf:43:28:c1:cc:37:61:d6:30:d0:3c:17:1b:73:
         7e:60:7b:3c:d4:4f:43:e5:33:a5:a7:1c:ab:9c:24:ce:cb:c2:
         82:1b:31:26:7d:45:86:ee:af:8d:85:5d:80:f5:da:74:88:45:
         c0:55:12:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjqmhtBxKmNPEDQZLup3Wn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwODI3MDgxNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWU3MDQyZWYzMzliOTNhODc3Y2EwYjVhYjExMDcwMmI4NmUyNmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQKFsJoOWI/2vEpJOqZ+ff7Rpns8
C+RFAnyz4SndIsmr19c8DlDtHde1ewndqGeb7g4dBbgcf0NidvXPaAGZsF/y+B7i
agdQ8zFxSxJufpFDLGoSGJIRO9ERkIW1Kdx0+D3+mlNgRkU2vlR8n1Ke+/fjkuc9
Evfl4/oDDKVoyvVfMq/gMCXV5dfeEsYQQYbhhWImb9ZlHoWS4QUFKyqOsGQ3JxUQ
HeVxXyZlujiI3GfO5MoN/65G7VzxG8QeDwqcNgBy4mh03MQ07fUtcjlPC8VyUQ/w
7jWmazWZHAd9qDqGULbnfTER/J36eINrkZPcybuD5KCDZR+1adWsQzlIjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7nBC7zObk6h3ygtasRBwK4bia3MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRHVjRUx2TTV1VHFIZktDMXF4RUhBcmh1SnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudFLMA0G
CSqGSIb3DQEBCwUAA4IBAQCpzF17x+rcKyxSiNR/B9bupBzknCcogm0TlMCY45fl
AbL+SJpZ1zkp6dvtWm+ALAZU7z3QPFyDarxnBgXjQ4IHDdwYZSpd/yJaQNOay2X6
C5qhl+f0CYbBIsAVQ8ZqL7F6VdbcAT0ZA0oSY5tRPN36kByA2R/VOLLtFgUQuNeV
ORCA/1wiWA7wt0a0AiisHNxTypCHWSzaIvaU8Dp8CM1DTiH6viV5wHTJPBDrluXi
VOxf0/4QtgR7Jn3Ce01jd6bXN9HhcbIhNN9Zz0Mowcw3YdYw0DwXG3N+YHs81E9D
5TOlpxyrnCTOy8KCGzEmfUWG7q+NhV2A9dp0iEXAVRIY
-----END CERTIFICATE-----