Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/8UP-HnXT6ZiBdaOYlDB66hT_Z2k.roa
File:                     8UP-HnXT6ZiBdaOYlDB66hT_Z2k.roa (raw, json)
Hash identifier:          cDjhHlc7QRM8+yZv2BHSK6rJJPG1sbZBDn/UhAV5syE=
Subject key identifier:   F1:43:FE:1E:75:D3:E9:98:81:75:A3:98:94:30:7A:EA:14:FF:67:69
Certificate issuer:       /CN=cf9f6fbfe00a08592b7bb0edfdc2002bfc72b578
Certificate serial:       019A3693BDA398D77C6BD5CF55F3037FA2AF
Authority key identifier: CF:9F:6F:BF:E0:0A:08:59:2B:7B:B0:ED:FD:C2:00:2B:FC:72:B5:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/8UP-HnXT6ZiBdaOYlDB66hT_Z2k.roa
Signing time:             Thu 30 Oct 2025 19:24:02 +0000
ROA not before:           Thu 30 Oct 2025 19:24:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196618
IP address blocks:        194.104.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:36:93:bd:a3:98:d7:7c:6b:d5:cf:55:f3:03:7f:a2:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9f6fbfe00a08592b7bb0edfdc2002bfc72b578
        Validity
            Not Before: Oct 30 19:24:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f143fe1e75d3e9988175a39894307aea14ff6769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ec:32:ae:86:39:62:8c:9d:26:6c:ea:35:dc:
                    a6:b7:bd:d0:8e:6c:f2:de:a4:e1:40:5e:43:89:b6:
                    64:f3:40:dc:7f:96:5d:94:68:41:08:14:b8:bc:39:
                    02:31:6c:a2:ea:69:b7:85:32:91:3d:1d:b7:e9:79:
                    91:04:e6:80:89:73:7d:85:00:d4:18:8f:c0:28:e8:
                    44:66:ea:73:18:68:d5:cf:f1:da:bc:f4:ea:57:42:
                    d0:8a:7f:a0:33:56:75:6a:02:9f:06:37:41:e4:14:
                    f1:37:3e:c9:23:4a:88:3c:c5:f1:0c:64:73:e3:e4:
                    3d:c2:84:26:e5:08:f8:d7:77:56:19:3a:e3:b2:9a:
                    2b:ff:8c:ba:d5:9f:3f:f3:06:b9:6f:1d:ab:97:a2:
                    f1:d8:83:c0:9e:85:4f:57:73:5e:15:41:78:e1:38:
                    a6:14:fa:bc:fc:d1:a4:c9:b6:22:1c:a5:9e:93:ee:
                    7c:40:bc:b5:e0:2d:04:ff:f3:f4:ba:b3:03:81:88:
                    b5:67:64:39:ce:25:0a:d6:6b:0b:d8:d9:de:03:ee:
                    10:33:18:f7:34:13:5a:00:49:2b:82:1f:af:21:df:
                    e6:d7:7e:c7:f7:9c:c2:fd:2d:3e:12:ce:a5:00:6f:
                    88:c0:e4:12:82:40:a1:ed:e7:21:64:6e:11:4b:0c:
                    fb:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:43:FE:1E:75:D3:E9:98:81:75:A3:98:94:30:7A:EA:14:FF:67:69
            X509v3 Authority Key Identifier:
                keyid:CF:9F:6F:BF:E0:0A:08:59:2B:7B:B0:ED:FD:C2:00:2B:FC:72:B5:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/8UP-HnXT6ZiBdaOYlDB66hT_Z2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:fe:12:a8:ae:58:9e:39:26:d3:5f:18:58:a4:eb:49:2f:92:
         d6:f7:c1:9a:6f:28:92:b2:27:62:91:a9:6c:a7:10:3e:c4:e2:
         70:61:31:b2:0e:c5:37:30:6b:64:66:c7:47:cc:02:5e:26:62:
         53:44:d9:d3:30:05:37:70:73:e0:43:b1:75:07:72:bc:da:7e:
         b9:22:1e:83:e0:11:56:f3:fc:67:4d:57:fd:57:2a:ff:54:3b:
         e7:9e:fe:74:dd:1b:99:24:49:c5:1e:63:16:63:09:56:7d:fe:
         f2:a9:06:91:17:56:46:1f:ac:d7:a6:36:58:b5:b5:a0:85:48:
         57:31:61:84:e8:c4:e1:aa:ce:cb:bb:f9:5c:1b:fa:08:40:cd:
         c4:3a:57:d0:fe:1e:c7:5e:b1:bf:58:7b:10:5a:09:12:bd:a0:
         78:6f:f6:c7:cb:bc:8d:5c:86:0b:42:63:9f:72:cc:d5:03:b4:
         49:67:ea:04:7b:af:fe:d6:5b:ba:fd:12:7f:5d:9d:54:02:03:
         ea:26:a3:0c:5a:9a:da:b6:a7:5a:06:91:7b:55:5c:8a:df:8f:
         10:c3:d8:d2:8d:3f:ad:41:a6:d3:e5:8c:31:5d:92:55:05:70:
         07:ae:20:02:cc:3c:3a:a4:be:a2:7d:e6:ca:b9:ee:52:be:01:
         81:f8:2e:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo2k72jmNd8a9XPVfMDf6KvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOWY2ZmJmZTAwYTA4NTkyYjdiYjBlZGZkYzIwMDJiZmM3
MmI1NzgwHhcNMjUxMDMwMTkyNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTQzZmUxZTc1ZDNlOTk4ODE3NWEzOTg5NDMwN2FlYTE0ZmY2NzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuewyroY5YoydJmzqNdymt73Qjmzy
3qThQF5DibZk80Dcf5ZdlGhBCBS4vDkCMWyi6mm3hTKRPR236XmRBOaAiXN9hQDU
GI/AKOhEZupzGGjVz/HavPTqV0LQin+gM1Z1agKfBjdB5BTxNz7JI0qIPMXxDGRz
4+Q9woQm5Qj413dWGTrjspor/4y61Z8/8wa5bx2rl6Lx2IPAnoVPV3NeFUF44Tim
FPq8/NGkybYiHKWek+58QLy14C0E//P0urMDgYi1Z2Q5ziUK1msL2NneA+4QMxj3
NBNaAEkrgh+vId/m137H95zC/S0+Es6lAG+IwOQSgkCh7echZG4RSwz7vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPFD/h510+mYgXWjmJQweuoU/2dpMB8GA1UdIwQY
MBaAFM+fb7/gCghZK3uw7f3CACv8crV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejU5dnYtQUtDRmtyZTdEdF9jSUFLX3h5dFhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS83MzM5ODktZjEzMS00NWU5LTliNzUt
MzQyYTllZTczZDg1LzEvOFVQLUhuWFQ2WmlCZGFPWWxEQjY2aFRfWjJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS83MzM5ODktZjEzMS00NWU5LTliNzUtMzQyYTllZTczZDg1
LzEvejU5dnYtQUtDRmtyZTdEdF9jSUFLX3h5dFhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiBMA0G
CSqGSIb3DQEBCwUAA4IBAQCD/hKorlieOSbTXxhYpOtJL5LW98GabyiSsidikals
pxA+xOJwYTGyDsU3MGtkZsdHzAJeJmJTRNnTMAU3cHPgQ7F1B3K82n65Ih6D4BFW
8/xnTVf9Vyr/VDvnnv503RuZJEnFHmMWYwlWff7yqQaRF1ZGH6zXpjZYtbWghUhX
MWGE6MThqs7Lu/lcG/oIQM3EOlfQ/h7HXrG/WHsQWgkSvaB4b/bHy7yNXIYLQmOf
cszVA7RJZ+oEe6/+1lu6/RJ/XZ1UAgPqJqMMWpratqdaBpF7VVyK348Qw9jSjT+t
QabT5YwxXZJVBXAHriACzDw6pL6ifebKue5SvgGB+C5A
-----END CERTIFICATE-----