Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/cFwK9_eAsgvSxUt0uqXDLIDB-aI.roa
File:                     cFwK9_eAsgvSxUt0uqXDLIDB-aI.roa (raw, json)
Hash identifier:          D2j14EJOq1awR8t8b/7pMrs81oIDs4M+GiM0KFlcR7E=
Subject key identifier:   70:5C:0A:F7:F7:80:B2:0B:D2:C5:4B:74:BA:A5:C3:2C:80:C1:F9:A2
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019A10B7F88A3874AD61A39DC4F929FAE01E
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/cFwK9_eAsgvSxUt0uqXDLIDB-aI.roa
Signing time:             Thu 23 Oct 2025 10:58:03 +0000
ROA not before:           Thu 23 Oct 2025 10:58:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62305
IP address blocks:        194.103.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 11:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:10:b7:f8:8a:38:74:ad:61:a3:9d:c4:f9:29:fa:e0:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Oct 23 10:58:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=705c0af7f780b20bd2c54b74baa5c32c80c1f9a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b2:83:66:d0:70:96:7e:9f:b1:50:2f:35:29:
                    97:6f:f6:60:6c:33:e4:14:0d:94:fa:c0:3d:eb:85:
                    dc:ff:20:f7:e6:df:f0:79:e9:2d:a0:ab:cd:03:3f:
                    c6:76:6a:45:ac:4c:56:75:9d:88:ce:4e:f6:9c:6f:
                    8d:bc:39:e2:7f:5f:2a:78:14:64:a0:55:58:22:37:
                    2d:6d:d4:2c:21:5e:d0:2c:e4:30:67:e8:06:6b:12:
                    a1:5c:38:a5:d6:92:58:28:29:d8:74:10:fe:c8:68:
                    fa:54:b3:35:49:24:7a:bf:24:1f:57:af:9f:fe:1e:
                    95:46:78:51:f2:d7:46:91:fb:6e:34:48:ed:b7:92:
                    3e:65:15:c4:d2:75:fb:ee:99:39:e5:cf:67:48:37:
                    c8:8c:cf:56:73:4c:61:cd:98:2d:4e:20:a9:ec:43:
                    9e:f0:e9:1f:f5:db:86:a1:26:18:f6:10:91:48:f4:
                    3f:87:6b:09:7e:4a:ae:89:5b:ea:fa:2c:d5:24:9c:
                    b2:6a:0d:e7:69:58:5b:c4:e0:db:09:27:b6:61:1b:
                    27:ba:83:bf:fd:2e:de:7f:19:24:b0:22:b0:25:7b:
                    ce:35:56:bb:f3:9f:73:f8:82:77:20:7e:ba:8d:11:
                    56:6d:c2:6c:e7:e3:6b:c8:c1:d5:de:6f:58:e3:15:
                    12:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:5C:0A:F7:F7:80:B2:0B:D2:C5:4B:74:BA:A5:C3:2C:80:C1:F9:A2
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/cFwK9_eAsgvSxUt0uqXDLIDB-aI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.103.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:ae:1f:11:c5:3e:6b:d4:24:c4:42:a4:43:6a:b8:97:df:d3:
         2f:6b:fa:aa:00:06:f9:6f:3d:6f:27:38:4e:84:b0:aa:3d:c2:
         3d:02:19:d8:8d:64:3c:94:62:98:40:f7:21:1e:17:2d:a4:16:
         10:2a:d7:1f:e6:18:e7:a6:78:3f:5f:dc:73:1f:85:48:37:8d:
         b1:0c:26:09:f3:e1:13:d7:b9:81:ec:ce:69:ad:a3:ee:ba:f8:
         20:d2:8a:a5:80:3e:97:b1:cc:b5:61:2f:e6:f4:82:b8:14:5d:
         49:de:78:cd:54:52:11:23:13:de:93:7e:83:61:ef:88:e5:28:
         58:3a:1d:64:59:2e:f1:4b:aa:97:aa:90:19:09:dc:00:b5:17:
         1d:03:95:3c:27:cb:aa:08:3d:e9:77:e6:9f:fd:ab:b0:99:3d:
         b9:99:20:2a:28:d0:51:fd:05:cb:9f:aa:88:39:05:6b:82:2b:
         59:a9:49:5d:3e:84:3b:0e:cc:66:38:dc:c4:ec:bb:b4:e7:71:
         97:a8:77:ec:74:50:d2:75:c8:f5:02:7c:40:11:69:10:d6:23:
         63:be:aa:36:dd:e9:71:e3:15:02:c0:34:4a:e7:bf:25:f3:6c:
         9f:c9:9b:eb:8c:82:11:4e:ff:71:98:48:fc:8b:9d:88:77:60:
         45:bc:c0:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoQt/iKOHStYaOdxPkp+uAeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUxMDIzMTA1ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDVjMGFmN2Y3ODBiMjBiZDJjNTRiNzRiYWE1YzMyYzgwYzFmOWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbKDZtBwln6fsVAvNSmXb/ZgbDPk
FA2U+sA964Xc/yD35t/weektoKvNAz/GdmpFrExWdZ2Izk72nG+NvDnif18qeBRk
oFVYIjctbdQsIV7QLOQwZ+gGaxKhXDil1pJYKCnYdBD+yGj6VLM1SSR6vyQfV6+f
/h6VRnhR8tdGkftuNEjtt5I+ZRXE0nX77pk55c9nSDfIjM9Wc0xhzZgtTiCp7EOe
8Okf9duGoSYY9hCRSPQ/h2sJfkquiVvq+izVJJyyag3naVhbxODbCSe2YRsnuoO/
/S7efxkksCKwJXvONVa7859z+IJ3IH66jRFWbcJs5+NryMHV3m9Y4xUSUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBcCvf3gLIL0sVLdLqlwyyAwfmiMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvY0Z3SzlfZUFzZ3ZTeFV0MHVxWERMSURCLWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmeEMA0G
CSqGSIb3DQEBCwUAA4IBAQCtrh8RxT5r1CTEQqRDariX39Mva/qqAAb5bz1vJzhO
hLCqPcI9AhnYjWQ8lGKYQPchHhctpBYQKtcf5hjnpng/X9xzH4VIN42xDCYJ8+ET
17mB7M5praPuuvgg0oqlgD6Xscy1YS/m9IK4FF1J3njNVFIRIxPek36DYe+I5ShY
Oh1kWS7xS6qXqpAZCdwAtRcdA5U8J8uqCD3pd+af/auwmT25mSAqKNBR/QXLn6qI
OQVrgitZqUldPoQ7DsxmONzE7Lu053GXqHfsdFDSdcj1AnxAEWkQ1iNjvqo23elx
4xUCwDRK578l82yfyZvrjIIRTv9xmEj8i52Id2BFvMBM
-----END CERTIFICATE-----